D-Link offers comprehensive end-to-end security solutions across five pillars: IP surveillance, video storage, switching, wireless, and services. The document discusses D-Link's portfolio of products in these areas including cameras, NVRs, SAN storage solutions, smart and enterprise switches, wireless controllers and access points, and advanced paid services.
The document provides information on servers and related products from SUNMEDIA, including:
- Modular servers (UCS M-Series), blade servers (UCS B-Series), and rack servers (UCS C-Series) from Cisco.
- Software for managing UCS servers, such as Cisco UCS Manager, Cisco UCS Central, and Cisco UCS Performance Manager.
- Fabric interconnects and fabric extenders that provide connectivity between UCS servers and other components.
- Server adapters including virtual interface cards, storage accelerators, and GPUs.
- Rack and power infrastructure to support deployment of UCS servers.
Specifications and features are provided for each product family
CoLab session 1 deployment best practices and architectureChristina Inge
The document discusses deployment best practices and architecture for next generation communications solutions. It recommends adopting a software-defined architecture that is interoperable, resilient to failures, and focuses on communications enablement. The session state server provides a modern and scalable presence solution with load sharing and redundancy. Deployment models include single or multi-server clusters to support different customer needs depending on size and locations. AudioCodes gateways help connect TDM networks to SIP applications, and stand-alone survivability provides call continuity in emergencies.
This document summarizes the data center and backup services of Offsite Backups. The data center has tier III certification and redundant power and cooling systems. It provides secure backup and recovery services with AES encryption, SAS70 audits, and support for HIPAA, SOX, and PCI compliance. A quote from a satisfied customer praises their responsive support and reliable backup solutions.
This document summarizes various website hosting packages from a hosting company. The packages range from shared hosting with limited bandwidth to triple dedicated server setups with failover capabilities. All packages include 24/7 monitoring, backups, security features, and technical support. The hosting infrastructure is designed for high availability with redundant power, networking, storage, and offsite backups.
The document introduces the SA-2100A Digital Cinema Server, a fourth generation digital cinema playback server from GDC Technology that fully complies with DCI specifications and security requirements. It retains all the features of the previous highly successful SA-2100 model while offering increased storage capacity and new standard features, such as a FIPS 140-2 certified media block, closed captioning support, and the ability to play back content instantly from removable hard drives or a TMS library. The server is also available in an optional quad link configuration that enables dual 3D playback or independent 2D playback to two projectors simultaneously.
Ncomputing n400-ncomputing-n500[ncomputing.123vietnam.vn]Gia sư Đức Trí
The N-series thin clients are optimized for Citrix HDX and powered by the Numo 3 System-on-Chip. The N400 is ideal for task workers with light multimedia needs, supporting HD video with less than 5 watts of power. The N500 is for knowledge workers, providing full HD 1080p playback and dual monitor support. Both models are centrally managed and offer a lower cost alternative to PCs for extending Citrix deployments.
The SCOPIA 100/400 MCU Series is a unified communications solution that provides high-quality video conferencing from room systems and desktops. It connects HD and SD endpoints and enables easy scheduling and ad-hoc video meetings. The solution includes MCUs, management software, and desktop conferencing to extend video networks and allow collaboration from any device.
The EL-900 is Tranzeo's second generation high-powered 900MHz outdoor wireless access point, featuring a +29dBm radio, 64MB of RAM, and a powerful processor. It was designed for flexibility, performance, and an attractive appearance, and includes features such as multiple ESSIDs, security protocols, QoS, VLAN support, and remote management via web GUI.
The document provides information on servers and related products from SUNMEDIA, including:
- Modular servers (UCS M-Series), blade servers (UCS B-Series), and rack servers (UCS C-Series) from Cisco.
- Software for managing UCS servers, such as Cisco UCS Manager, Cisco UCS Central, and Cisco UCS Performance Manager.
- Fabric interconnects and fabric extenders that provide connectivity between UCS servers and other components.
- Server adapters including virtual interface cards, storage accelerators, and GPUs.
- Rack and power infrastructure to support deployment of UCS servers.
Specifications and features are provided for each product family
CoLab session 1 deployment best practices and architectureChristina Inge
The document discusses deployment best practices and architecture for next generation communications solutions. It recommends adopting a software-defined architecture that is interoperable, resilient to failures, and focuses on communications enablement. The session state server provides a modern and scalable presence solution with load sharing and redundancy. Deployment models include single or multi-server clusters to support different customer needs depending on size and locations. AudioCodes gateways help connect TDM networks to SIP applications, and stand-alone survivability provides call continuity in emergencies.
This document summarizes the data center and backup services of Offsite Backups. The data center has tier III certification and redundant power and cooling systems. It provides secure backup and recovery services with AES encryption, SAS70 audits, and support for HIPAA, SOX, and PCI compliance. A quote from a satisfied customer praises their responsive support and reliable backup solutions.
This document summarizes various website hosting packages from a hosting company. The packages range from shared hosting with limited bandwidth to triple dedicated server setups with failover capabilities. All packages include 24/7 monitoring, backups, security features, and technical support. The hosting infrastructure is designed for high availability with redundant power, networking, storage, and offsite backups.
The document introduces the SA-2100A Digital Cinema Server, a fourth generation digital cinema playback server from GDC Technology that fully complies with DCI specifications and security requirements. It retains all the features of the previous highly successful SA-2100 model while offering increased storage capacity and new standard features, such as a FIPS 140-2 certified media block, closed captioning support, and the ability to play back content instantly from removable hard drives or a TMS library. The server is also available in an optional quad link configuration that enables dual 3D playback or independent 2D playback to two projectors simultaneously.
Ncomputing n400-ncomputing-n500[ncomputing.123vietnam.vn]Gia sư Đức Trí
The N-series thin clients are optimized for Citrix HDX and powered by the Numo 3 System-on-Chip. The N400 is ideal for task workers with light multimedia needs, supporting HD video with less than 5 watts of power. The N500 is for knowledge workers, providing full HD 1080p playback and dual monitor support. Both models are centrally managed and offer a lower cost alternative to PCs for extending Citrix deployments.
The SCOPIA 100/400 MCU Series is a unified communications solution that provides high-quality video conferencing from room systems and desktops. It connects HD and SD endpoints and enables easy scheduling and ad-hoc video meetings. The solution includes MCUs, management software, and desktop conferencing to extend video networks and allow collaboration from any device.
The EL-900 is Tranzeo's second generation high-powered 900MHz outdoor wireless access point, featuring a +29dBm radio, 64MB of RAM, and a powerful processor. It was designed for flexibility, performance, and an attractive appearance, and includes features such as multiple ESSIDs, security protocols, QoS, VLAN support, and remote management via web GUI.
Software Only Multimedia Video ConferencingVideoguy
vPoint HD is Emblaze-VCON's latest software-only videoconferencing client that provides high-definition audio and video calling capabilities. It allows for simultaneous video and data sharing using DualStream technology, as well as chairing or participating in corporate broadcasts with Simulcast. Additional features include integrated video messaging, remote management by administrators, and support for multiple audio/video devices.
Business Video Update from Cisco SystemsCisco Canada
One year after the acquisition of Tandberg this session will focus on the new products and features that have been recently launched from our business video group. During this session we will take a deep technical dive into the new software updates on various endpoint platforms that aim to help and evolve your video experience. These updates will range from the touch panel interface to Clearpath, our cutting edge error resiliency mechanism. We will also take a closer look at some of the new products such as our Advanced Collaboration rooms as well as the expansion of our desktop line with the EX60.
Digistor standalone NVR - Info tech Middle EastAli Shoaee
The document provides an overview of Digistor Linux standalone network video recorders (NVRs) from Digiever. It describes Digiever's background and experience developing networking products. It then summarizes Digistor NVR product lines including the DS-4200, DS-4000, and DS-2000 series. Key features of the Digistor NVRs are their local HD display, hardware design with hot swap hard drives, intuitive playback, remote monitoring capabilities, and security features. The document promotes Digiever's integrated surveillance solutions and services.
Intdev offers dedicated server hosting solutions that provide a fully managed and fault-tolerant environment for corporate applications. They use Internet Solutions' infrastructure to guarantee connectivity and availability. Clients can host their own server hardware through Intdev or lease a server from Intdev. Services include rack space, hardware, monitoring, backups, firewalls and support. Pricing depends on factors like server size and bandwidth usage. Intdev ensures high availability through their hosting infrastructure and data center facilities.
The iServer is a wireless locating system that uses signal strength and time differentials to triangulate the location of wireless devices within 3 meters. It has a low-cost setup, easy maintenance, and powerful notification options including email, paging, and voice alerts. The iServer also offers expandability, supervision of all system components, and integration with other systems.
HARMAN provides premium audio, video, and lighting solutions for cruise ships, including brands like JBL, Crown, Martin, and AKG. They offer a full-service approach with integrated systems designed for high quality and reliability. Their solutions simplify deployment and management across entertainment, communications, and other applications. HARMAN also provides unmatched support through their expertise in large-scale system planning, operation, and service worldwide.
The document describes Minicom's remote access and management solutions. Minicom provides KVM access and remote management solutions that improve IT service levels by maximizing existing IT investments. Their solutions enable both local and remote access to mixed IT environments from a single web portal in a secure and centralized manner.
MASERGY provides premium grade IP bandwidth networks engineered for consistent, superior quality video transmission. The networks allow for high-definition and telepresence video transmission as well as easy migration of data and voice to the same connection. MASERGY's global video networks are backed by strong service level agreements ensuring 100% video packet delivery, guaranteed in-sequence packet delivery, and less than 1ms latency variation.
Brocade: Storage Networking For the Virtual Enterprise EMC
The document discusses storage networking technologies for virtualized environments. It summarizes Brocade's Fibre Channel fabrics for scaling SANs across data centers through technologies like In-Chassis Links (ICLs) and Ethernet fabrics for supporting protocols like FCoE, iSCSI, and NAS. It also discusses capabilities for improving metro connectivity, automating management through tools like Brocade Network Advisor, and enhancing performance for virtual desktop infrastructures (VDIs) and other emerging workloads.
This document provides product specifications for the AP 622 dual-band wireless access point. The AP 622 features dual radios that can operate independently on the 2.4GHz and 5GHz bands. It supports high-performance 802.11a/b/g/n wireless networking and delivers security, quality of service, and mobility services when used with a wireless controller. The AP 622 is designed for reliability, ease of deployment, and cost-effective wireless networking.
Understanding CleanAir Technology to improve enterprise WLAN spectrum managementCisco Mobility
Managing the Radio Frequency and Spectrum is a critical challenge for modern WLAN networks especially with advanced applications like VoWLAN. This session looks at the theory of operations and best practices for taking advantage of Radio Resource Management and usage of several tools included or available from Cisco like ´Planning Mode´ and ´Cisco Spectrum Expert´. Learn More: http://www.cisco.com/go/cleanair
Deploying Cisco ISR G2 and ASR 1000 in the EnterpriseCisco Canada
This presentation discusses the disrupting networking trends that are changing the Enterprise landscape, scope of these changes include the areas of network security, services delivery, application performance optimization and cloud access in tomorrow's borderless networks. The biggest challenge is to help Enterprise IT scale. Borderless Networks is an architectural approach to networking that, if designed correctly, can automate business and network processes driving down operational cost, thus allowing IT to scale. Cisco ISR G2 and ASR 1000 platforms offer the best in class service richness and flexibility that is needed to deliver the promise of borderless networks and allow users to turn on services on-demand.
The NX 9000 NOC Controller allows centralized management of up to 10,000 access points across multiple locations. It provides zero-touch configuration, firmware updates, traffic handling, security, and remote troubleshooting through a single interface. Using the NX 9000 and Motorola's WiNG 5 architecture provides high scalability without bottlenecks compared to traditional wireless controllers.
vPoint HD is Emblaze-VCON's latest software-only desktop videoconferencing client that offers HD audio and video up to 1080p. It allows simultaneous sending and receiving of video and data streams. It also enables users to participate in and chair corporate broadcasts. vPoint HD includes features like video email and recording capabilities. It is available in Basic, Professional, and Executive models to meet different corporate needs.
The document discusses how QLogic adapters can provide benefits for virtualized environments. It claims that QLogic adapters allow for more virtual machines per server, more deployed applications, and better performance compared to other solutions. It also discusses how QLogic's NPAR technology provides flexible configuration and quality of service guarantees. The document provides examples showing QLogic adapters providing up to 54% faster scalability and 22% higher IOPS compared to Emulex adapters on VMware and Hyper-V workloads.
El documento describe el uso de la firma digital y biométrica en smartphones y tablets. Explica que la firma digital y biométrica permiten firmar documentos de forma segura y válida legalmente de manera remota sin necesidad de desplazamientos físicos. También presenta la plataforma SealSign, la cual integra servicios de firma digital y biométrica que pueden usarse en aplicaciones móviles y de escritorio.
Seguridad, mantenimiento y gestión de parches de seguridad en la nubeEventos Creativos
Este documento describe las herramientas de administración y monitoreo remoto GFI MAX para soporte de TI, incluyendo los beneficios de centralización, costos reducidos, ahorro de recursos y evolutividad. También anuncia nuevas funciones como copia de seguridad en línea administrada, soporte para Linux y integración con control de dispositivos extraíbles y correo electrónico.
El documento describe las nuevas características de Windows 8, incluyendo un kernel más pequeño, la interfaz Metro, equipos híbridos, Internet Explorer 10, la tienda de aplicaciones de Windows, y mejoras en la seguridad y la recuperación de sistemas.
Un paseo por la seguridad de las comunicaciones móviles (2G/3G) de voz y datosEventos Creativos
El documento resume las vulnerabilidades de seguridad en comunicaciones móviles, enumerando vulnerabilidades en 2G como el cifrado débil de A5/1 y ataques mediante estaciones base falsas, y en 3G como ataques durante el handover entre tecnologías. También discute áreas de investigación abiertas como ataques a nivel de banda base, contramedidas para detectar estaciones falsas, y criptoanálisis.
How "·$% developers defeat the web vulnerability scannersChema Alonso
Share Favorite
Favorited X
Download More...
Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel
Edit your favorites Cancel
Send to your Group / Event Select Group / Event
Add your message Cancel
Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com
Without related presentations
0 commentsPost a comment
Post a comment
..
Embed Video Subscribe to follow-up comments Unsubscribe from followup comments .
Edit your comment Cancel .Notes on slide 1
no notes for slide #1
no notes for slide #1
..Favorites, Groups & Events
more
How "·$% developers defeat the web vulnerability scanners - Presentation Transcript
1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica
2.Agenda
1.- Introduction
2.- Inverted Queries
3.- Arithmetic Blind SQL Injection
4.- Time-Based Blind SQL Injection using Heavey Queries
5.- Conclusions
3.1.-Introduction
4.SQL Injection is still here among us
5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs
6.Need to Improve Automatic Scanning
Not always a manual scanning is possible
Time
Confidentiality
Money, money, money…
Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools.
7.2.-Inverted Queries
8.
9.Homers, how are they?
Lazy
Bad trainined
Poor Experience in security stuff
Don´t like working
Don´t like computing
Don´t like coding
Don´t like you!
10.Flanders are Left-handed
11.Right
SELECT UID
FROM USERS
WHERE NAME=‘V_NAME’
AND
PASSWORD=‘V_PASSW’;
12.Wrong?
SELECT UID
FROM USERS
WHERE ‘V_NAME’=NAME AND
‘ V_PASSW’=PASSWORD
13.Login Inverted Query
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1
Select uid
From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password
FAIL
14.Login Inverted SQL Injection an example
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica
Select uid
From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password
Success
15.Blind Attacks
Attacker injects code but can´t access directly to the data.
However this injection changes the behavior of the web application.
Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data.
Blind SQL Injection
Biind Xpath Injection
Blind LDAP Injection
16.Blind SQL Injection Attacks
Attacker injects:
“ True where clauses”
“ False where clauses“
Ex:
Program.php?id=1 and 1=1
Program.php?id=1 and 1=2
Program doesn’t return any visible data from database or data in error messages.
The attacker can´t see any data extracted from the database.
17.Blind SQL Injection Attacks
Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”:
Different hashes
Different html structure
Different patterns (keywords)
Different linear ASCII sums
“ Different behavior”
By example: Response Time
18.Blind SQL Injection Attacks
If any difference exists, then:
Attacker can extract all information from database
How? Using “booleanization”
MySQL:
Program.php?id=1 and 100>(ASCII(Substring(user(),1,1)))
“ True-Answer Page” or “False-Answer Page”?
MSSQL:
Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers)
Oracle:
Program.php?id=1 and 100>(Select ASCII(Sub
Software Only Multimedia Video ConferencingVideoguy
vPoint HD is Emblaze-VCON's latest software-only videoconferencing client that provides high-definition audio and video calling capabilities. It allows for simultaneous video and data sharing using DualStream technology, as well as chairing or participating in corporate broadcasts with Simulcast. Additional features include integrated video messaging, remote management by administrators, and support for multiple audio/video devices.
Business Video Update from Cisco SystemsCisco Canada
One year after the acquisition of Tandberg this session will focus on the new products and features that have been recently launched from our business video group. During this session we will take a deep technical dive into the new software updates on various endpoint platforms that aim to help and evolve your video experience. These updates will range from the touch panel interface to Clearpath, our cutting edge error resiliency mechanism. We will also take a closer look at some of the new products such as our Advanced Collaboration rooms as well as the expansion of our desktop line with the EX60.
Digistor standalone NVR - Info tech Middle EastAli Shoaee
The document provides an overview of Digistor Linux standalone network video recorders (NVRs) from Digiever. It describes Digiever's background and experience developing networking products. It then summarizes Digistor NVR product lines including the DS-4200, DS-4000, and DS-2000 series. Key features of the Digistor NVRs are their local HD display, hardware design with hot swap hard drives, intuitive playback, remote monitoring capabilities, and security features. The document promotes Digiever's integrated surveillance solutions and services.
Intdev offers dedicated server hosting solutions that provide a fully managed and fault-tolerant environment for corporate applications. They use Internet Solutions' infrastructure to guarantee connectivity and availability. Clients can host their own server hardware through Intdev or lease a server from Intdev. Services include rack space, hardware, monitoring, backups, firewalls and support. Pricing depends on factors like server size and bandwidth usage. Intdev ensures high availability through their hosting infrastructure and data center facilities.
The iServer is a wireless locating system that uses signal strength and time differentials to triangulate the location of wireless devices within 3 meters. It has a low-cost setup, easy maintenance, and powerful notification options including email, paging, and voice alerts. The iServer also offers expandability, supervision of all system components, and integration with other systems.
HARMAN provides premium audio, video, and lighting solutions for cruise ships, including brands like JBL, Crown, Martin, and AKG. They offer a full-service approach with integrated systems designed for high quality and reliability. Their solutions simplify deployment and management across entertainment, communications, and other applications. HARMAN also provides unmatched support through their expertise in large-scale system planning, operation, and service worldwide.
The document describes Minicom's remote access and management solutions. Minicom provides KVM access and remote management solutions that improve IT service levels by maximizing existing IT investments. Their solutions enable both local and remote access to mixed IT environments from a single web portal in a secure and centralized manner.
MASERGY provides premium grade IP bandwidth networks engineered for consistent, superior quality video transmission. The networks allow for high-definition and telepresence video transmission as well as easy migration of data and voice to the same connection. MASERGY's global video networks are backed by strong service level agreements ensuring 100% video packet delivery, guaranteed in-sequence packet delivery, and less than 1ms latency variation.
Brocade: Storage Networking For the Virtual Enterprise EMC
The document discusses storage networking technologies for virtualized environments. It summarizes Brocade's Fibre Channel fabrics for scaling SANs across data centers through technologies like In-Chassis Links (ICLs) and Ethernet fabrics for supporting protocols like FCoE, iSCSI, and NAS. It also discusses capabilities for improving metro connectivity, automating management through tools like Brocade Network Advisor, and enhancing performance for virtual desktop infrastructures (VDIs) and other emerging workloads.
This document provides product specifications for the AP 622 dual-band wireless access point. The AP 622 features dual radios that can operate independently on the 2.4GHz and 5GHz bands. It supports high-performance 802.11a/b/g/n wireless networking and delivers security, quality of service, and mobility services when used with a wireless controller. The AP 622 is designed for reliability, ease of deployment, and cost-effective wireless networking.
Understanding CleanAir Technology to improve enterprise WLAN spectrum managementCisco Mobility
Managing the Radio Frequency and Spectrum is a critical challenge for modern WLAN networks especially with advanced applications like VoWLAN. This session looks at the theory of operations and best practices for taking advantage of Radio Resource Management and usage of several tools included or available from Cisco like ´Planning Mode´ and ´Cisco Spectrum Expert´. Learn More: http://www.cisco.com/go/cleanair
Deploying Cisco ISR G2 and ASR 1000 in the EnterpriseCisco Canada
This presentation discusses the disrupting networking trends that are changing the Enterprise landscape, scope of these changes include the areas of network security, services delivery, application performance optimization and cloud access in tomorrow's borderless networks. The biggest challenge is to help Enterprise IT scale. Borderless Networks is an architectural approach to networking that, if designed correctly, can automate business and network processes driving down operational cost, thus allowing IT to scale. Cisco ISR G2 and ASR 1000 platforms offer the best in class service richness and flexibility that is needed to deliver the promise of borderless networks and allow users to turn on services on-demand.
The NX 9000 NOC Controller allows centralized management of up to 10,000 access points across multiple locations. It provides zero-touch configuration, firmware updates, traffic handling, security, and remote troubleshooting through a single interface. Using the NX 9000 and Motorola's WiNG 5 architecture provides high scalability without bottlenecks compared to traditional wireless controllers.
vPoint HD is Emblaze-VCON's latest software-only desktop videoconferencing client that offers HD audio and video up to 1080p. It allows simultaneous sending and receiving of video and data streams. It also enables users to participate in and chair corporate broadcasts. vPoint HD includes features like video email and recording capabilities. It is available in Basic, Professional, and Executive models to meet different corporate needs.
The document discusses how QLogic adapters can provide benefits for virtualized environments. It claims that QLogic adapters allow for more virtual machines per server, more deployed applications, and better performance compared to other solutions. It also discusses how QLogic's NPAR technology provides flexible configuration and quality of service guarantees. The document provides examples showing QLogic adapters providing up to 54% faster scalability and 22% higher IOPS compared to Emulex adapters on VMware and Hyper-V workloads.
El documento describe el uso de la firma digital y biométrica en smartphones y tablets. Explica que la firma digital y biométrica permiten firmar documentos de forma segura y válida legalmente de manera remota sin necesidad de desplazamientos físicos. También presenta la plataforma SealSign, la cual integra servicios de firma digital y biométrica que pueden usarse en aplicaciones móviles y de escritorio.
Seguridad, mantenimiento y gestión de parches de seguridad en la nubeEventos Creativos
Este documento describe las herramientas de administración y monitoreo remoto GFI MAX para soporte de TI, incluyendo los beneficios de centralización, costos reducidos, ahorro de recursos y evolutividad. También anuncia nuevas funciones como copia de seguridad en línea administrada, soporte para Linux y integración con control de dispositivos extraíbles y correo electrónico.
El documento describe las nuevas características de Windows 8, incluyendo un kernel más pequeño, la interfaz Metro, equipos híbridos, Internet Explorer 10, la tienda de aplicaciones de Windows, y mejoras en la seguridad y la recuperación de sistemas.
Un paseo por la seguridad de las comunicaciones móviles (2G/3G) de voz y datosEventos Creativos
El documento resume las vulnerabilidades de seguridad en comunicaciones móviles, enumerando vulnerabilidades en 2G como el cifrado débil de A5/1 y ataques mediante estaciones base falsas, y en 3G como ataques durante el handover entre tecnologías. También discute áreas de investigación abiertas como ataques a nivel de banda base, contramedidas para detectar estaciones falsas, y criptoanálisis.
How "·$% developers defeat the web vulnerability scannersChema Alonso
Share Favorite
Favorited X
Download More...
Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel
Edit your favorites Cancel
Send to your Group / Event Select Group / Event
Add your message Cancel
Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com
Without related presentations
0 commentsPost a comment
Post a comment
..
Embed Video Subscribe to follow-up comments Unsubscribe from followup comments .
Edit your comment Cancel .Notes on slide 1
no notes for slide #1
no notes for slide #1
..Favorites, Groups & Events
more
How "·$% developers defeat the web vulnerability scanners - Presentation Transcript
1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica
2.Agenda
1.- Introduction
2.- Inverted Queries
3.- Arithmetic Blind SQL Injection
4.- Time-Based Blind SQL Injection using Heavey Queries
5.- Conclusions
3.1.-Introduction
4.SQL Injection is still here among us
5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs
6.Need to Improve Automatic Scanning
Not always a manual scanning is possible
Time
Confidentiality
Money, money, money…
Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools.
7.2.-Inverted Queries
8.
9.Homers, how are they?
Lazy
Bad trainined
Poor Experience in security stuff
Don´t like working
Don´t like computing
Don´t like coding
Don´t like you!
10.Flanders are Left-handed
11.Right
SELECT UID
FROM USERS
WHERE NAME=‘V_NAME’
AND
PASSWORD=‘V_PASSW’;
12.Wrong?
SELECT UID
FROM USERS
WHERE ‘V_NAME’=NAME AND
‘ V_PASSW’=PASSWORD
13.Login Inverted Query
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1
Select uid
From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password
FAIL
14.Login Inverted SQL Injection an example
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica
Select uid
From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password
Success
15.Blind Attacks
Attacker injects code but can´t access directly to the data.
However this injection changes the behavior of the web application.
Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data.
Blind SQL Injection
Biind Xpath Injection
Blind LDAP Injection
16.Blind SQL Injection Attacks
Attacker injects:
“ True where clauses”
“ False where clauses“
Ex:
Program.php?id=1 and 1=1
Program.php?id=1 and 1=2
Program doesn’t return any visible data from database or data in error messages.
The attacker can´t see any data extracted from the database.
17.Blind SQL Injection Attacks
Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”:
Different hashes
Different html structure
Different patterns (keywords)
Different linear ASCII sums
“ Different behavior”
By example: Response Time
18.Blind SQL Injection Attacks
If any difference exists, then:
Attacker can extract all information from database
How? Using “booleanization”
MySQL:
Program.php?id=1 and 100>(ASCII(Substring(user(),1,1)))
“ True-Answer Page” or “False-Answer Page”?
MSSQL:
Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers)
Oracle:
Program.php?id=1 and 100>(Select ASCII(Sub
This files is the Latch MyCar plugin documentation. This plugin uses Latch service to allow or deny an start process in a car using it. You can see the video at http://www.elladodelmal.com/2017/02/latch-mycar-como-controlar-el-arranque.html
Offline bruteforce attack on WiFi Protected Setup0xcite
This document discusses offline brute force attacks on WiFi Protected Setup (WPS). It describes how WPS uses an 8-digit PIN code that can be cracked through brute force attacks. It also details the "Pixie Dust" attack method, which recovers the pseudorandom number generator state used by WPS to determine the encryption keys, allowing offline cracking of the PIN and recovery of the WiFi passphrase. The document warns that many access points still have vulnerable WPS implementations and recommends disabling WPS to prevent such attacks.
The document describes two outdoor network cameras, the DCS-7410 and DCS-7510. The cameras have infrared LEDs for night vision, weatherproof casing, and Power over Ethernet for easy installation. They provide high-quality video compression and allow remote monitoring from a mobile phone. Key features of the DCS-7510 include a varifocal lens, auto-iris control, and a removable infrared filter. Both cameras are suitable for 24-hour outdoor surveillance.
6. Business Opportunities with D-Link IP Cameras in 2014.pdfPawachMetharattanara
D-Link provides a comprehensive overview of its surveillance solutions, including an introduction to D-Link as a company, perspectives on the business IP surveillance market opportunity, D-Link's IP surveillance strategies, and a question and answer section. Key aspects of D-Link's solutions highlighted are its global presence through 190 local offices, leadership in switches and wireless networking, and its full range of consumer and SMB camera, video management system, and network video recorder products. The presentation also outlines D-Link's vertical solution portfolio and strategies like the mydlink cloud service and D-Link ASV technology.
DIGIEVER is a leading company dedicated to providing high quality and outstanding performance of IP video surveillance solutions. DIGIEVER takes DIGIEVER NVR, Linux-embedded network video recorder, as the core and develops relative video surveillance product lines, including central management software DIGIEVER CMS, DIGIEVER Video Wall Decoder, external storage expansion box DIGIARRAY and DIGIMobileV2 to satisfy increasing video surveillance requirements in the world. DIGIEVER’s comprehensive NVR products have been successfully distributed through worldwide channel partners that cross five continentals.
Formed with a group of experts who have rich experience in research and development in networking products, DIGIEVER, focuses on providing leading-edge surveillance solutions not only in software applications, also in hardware design and devoting to optimize users' experience. DIGIEVER is one of the members in Intel Brand Advantage Program and Intel IoT (Internet of Things) Alliance. DIGIEVER also has profound relationship with various global partners all over the world such as AXIS, ImmerVision, Seagate and Western Digital.
Vision
The products that DIGIEVER introduced are guaranteed to be high quality and outstanding performance to meet client’s demand. Our innovative network video recorder and solutions are well-reputed for its solid hardware design and ease of use software interface. In addition, the comprehensive integration and partnership with numerous network hardware brands increases flexibility and conveys value to our clients and channel partners. With a goal to develop reliable products and services and a mission to drive the IP-based surveillance systems, DIGIEVER is proud to be a supplier in IP video surveillance industry that enable our partners and clients to optimize their approach to business and life.
Cisco mds 9000 series software license packagesIT Tech
The Cisco MDS 9000 Series includes software and hardware for storage area networks. The software includes Cisco NX-OS and features for services-oriented SANs, data mobility, acceleration, and network management. The Cisco MDS 9000 Family Enterprise Package provides advanced traffic engineering and security features for large or complex SANs through licensing per switch. Limitations on the Cisco MDS 9100 Series exclude some enterprise package features.
This document discusses Newtec's vision for shaping the future of broadcast through a multiservice approach. It outlines Newtec's Dialog platform which provides a single solution for linear and non-linear content exchanges across hybrid satellite, terrestrial and fiber networks. The platform supports various broadcast workflows and use cases including contribution, distribution and news gathering. Newtec aims to offer a future-proof solution that can adapt to new services on a shared infrastructure.
This document describes a proposed Wi-Fi solution for the Northern Railways headquarters office by Nexgen Techtronics. The current network has issues like internet backbone failures, poor performance, lack of redundancy and management. The proposed solution uses Ruckus ZoneFlex 802.11n systems with adaptive antenna technology for better coverage, performance and reliability. It will implement a centralized managed wireless LAN with secure guest access and future support for voice, data and video applications over Wi-Fi. Point-to-point radio links and a load balancer will provide network redundancy.
Complete IP CCTV solution offering with technical requirement for selecting different application specific cameras and recording solution also find system architecture showing NAS ,NVR and even DVR connected to an common IT network for monitoring.
The Anue 5200 Net Tool Optimizer from Ixia provides:
1) Increased network visibility for security and monitoring tools by addressing lack of SPAN ports and network segments.
2) Reduced tool costs by allowing expensive tools to monitor high speed networks and eliminating duplicate tools.
3) Increased staff productivity by simplifying monitoring setup and reducing troubleshooting time.
The Anue 5200 Net Tool Optimizer from Ixia helps maximize ROI from existing network monitoring tools by improving network visibility, optimizing tool utilization, and boosting staff productivity. It extends network monitoring coverage and scales to high-density and 40G networks while allowing expensive tools to monitor faster links. This reduces tool costs and overhead while simplifying monitoring. It also adds security by controlling access between core devices and tools.
This document summarizes the features and specifications of the TeleEye RX Series video recording servers. The RX Series provides video recording, monitoring and transmission capabilities. Key features include support for multiple video inputs and recording rates up to 400fps, integrated network connectivity, event management tools, and remote access software. The servers are designed for security and surveillance applications.
Cisco at v mworld 2015 vmworld 2015 mds final presoldangelo0772
This document discusses Cisco's 16G MDS and 10/40G FCoE switches for building next generation data center storage area networks (SANs). It introduces Cisco's new 16G MDS family for deploying small, medium, and large SANs including the MDS 9148S, MDS 9396S, and MDS 9700. It also discusses using 10/40G Ethernet to converge IP and Fibre Channel storage traffic and provides an example of a large-scale converged Ethernet deployment with the Nexus 7700 and 7000 series.
Acme Packet Presentation Materials for VUC June 18th 2010Michael Graves
1) The document discusses Acme Packet's enterprise session border controller (SBC) solutions which control four IP network borders, including SIP trunking, private networks, public internet, and hosted services.
2) It provides an overview of Acme Packet's SBC product portfolio including the Net-Net product family and their session capacity, throughput, and features for securing SIP trunking and enabling interoperability.
3) The SBC helps secure SIP trunking by acting as an application layer gateway, providing dynamic port control, full SIP firewalling, and DDOS protection to establish a "defense in depth" security model for SIP trunk traffic.
Net-X was originally established in 1992 as InterwebNetz serving small businesses on the East Coast, and has since grown into a national company through acquisitions. It provides networking design, installation, and support services to CASPAIN across five sites in Virginia and Norfolk. The proposed solution includes routers, switches, firewalls, access points, servers, workstations, phones, and management software. Net-X recommends a 3-year renewable warranty contract for $53,706 to cover all hardware. The total cost of the project is $669,250.
Apresentações | Jantar Exclusivo Cisco e Netapp | 27 de Junho de 2012 | Spett...Softcorp
A Softcorp, em parceria com a NetApp e a Cisco, realizou um jantar especial sobre a tecnologia FlexPod™.
Durante o evento foi possível conhecer os benefícios da solução e tirar dúvidas técnicas, operacionais e consultivas com os especialistas das três empresas.
O momento também foi oportuno para trocar experiências com outros profissionais do setor.
Para descontrair, tivemos uma palestra com boas dicas sobre cortes de carne e os segredos do bom churrasqueiro para garantir o sucesso do churrasco.
Meeting the business and technical challenges of today's organizations requires an architectural approach. The Cisco Borderless Network Architecture is the technical architecture that allows organizations to connect anyone, anywhere, anytime, and on any device - securely, reliably, and seamlessly. It is built on an infrastructure of scalable and resilient hardware and software. Components of the architecture come together to build network systems that span your organization from network access to the cloud. Intelligent network, endpoint, and user services provide the flexibility, speed, and scale to support new devices, applications, and deployment models.
The impact of the consumerization of IT and mobility cannot be understated. The impact that these two key business elements have on the evolution of Enterprise Architecture and for Service Provider's ability to offer services to Enterprises, Governments, and Consumers will be addressed in this webinar. We will talk about the importance of the shift and movement of the secure network edge leads to a very close examination of the changing threat vectors and vulnerabilities impacting your businesses today. We will also detail service delivery and consumption on the three 'service horizons,' (Mobile Endpoint and CPE, Virtualized Network Edge/Data Center Edge, and the Cloud).
MS TechDays 2011 - Virtualization Solutions to Optimize PerformanceSpiffy
F5 Networks provides application delivery networking solutions that optimize availability, security, and performance for Microsoft applications and platforms. F5 has a 10-year global partnership with Microsoft involving joint product development, strategic planning, and Microsoft technical training. F5's Dynamic Control Plane architecture integrates application delivery, network optimization, security, and management across physical and virtual infrastructure on private and public clouds.
The MS-1000 is a one box HD/SD mobile video studio solution featuring a 6-channel video switcher with 6 HD/SD-SDI inputs and 3 HD/SD-SDI outputs. It provides a built-in frame synchronizer and format converters, and integrates talkback/intercom, dual monitor banks, a hard drive recorder/player, and power distribution in a portable design for live production in the field or studio.
The document summarizes the features of the DCS-7010L HD Mini Bullet Outdoor Network Camera. It provides 720p HD video and images using a megapixel sensor. An IR illuminator and weatherproof casing allow it to monitor areas 24/7. The mydlink app allows remote access from mobile devices to view live video and manage the camera remotely. MicroSD storage and support for up to 32 cameras make it a complete surveillance solution.
The NX 7500 integrated services platform provides comprehensive management of up to 2,048 network elements through a single interface. It allows all network infrastructure to intelligently route traffic for maximum speed and throughput without congestion. The NX 7500 offers advanced wireless LAN performance for mid-sized and campus environments with features such as plug-and-play installation, hierarchical management, smart routing, BYOD support, and integrated security services. It provides flexibility and investment protection through modular upgrades.
Charla impartida por Javier Domínguez, de la empresa Microsoft para el evento Asegur@itCamp4! que tuvo lugar durante los días 26, 27 y 28 de Octubre de 2012 en El Escorial, Madrid.
Charla impartida por Pablo González, de la empresa Informática 64 para el evento Asegur@itCamp4! que tuvo lugar durante los días 26, 27 y 28 de Octubre de 2012 en El Escorial, Madrid.
Charla impartida por Josep Albors, de la empresa ESET - Ontinet.com para el evento Asegur@itCamp4! que tuvo lugar durante los días 26, 27 y 28 de Octubre de 2012 en El Escorial, Madrid.
Charla impartida por Juan Miguel Aguayo, de la empresa Informática 64 para el evento Asegur@itCamp4! que tuvo lugar durante los días 26, 27 y 28 de Octubre de 2012 en El Escorial, Madrid.
Atacando iphone a través de wireless y javascript botnetEventos Creativos
Este documento describe cómo un ataque de botnet puede infectar dispositivos con JavaScript como iPhones a través de un punto de acceso no autorizado (rogue AP). El ataque involucra redirigir el tráfico de clientes a través de un proxy para servir archivos JavaScript maliciosos que convierten los dispositivos en "zombies". Una vez infectados, los dispositivos pueden ser utilizados para robar cookies, ejecutar código de forma remota y más. Para evitarlo, es importante conectarse solo a redes seguras y limpiar periódicamente la
Charla impartida por Chema Alonso de la Empresa Informática 64, para el evento Asegur@itCamp4! que tuvo lugar durante los días 26, 27 y 28 de Octubre de 2012 en El Escorial, Madrid.
Presentación correspondiente a las charlas: Windows 8: Arquitectura y seguridad y Desarrollo de aplicaciones seguras en Windows 8 estilo Metro, impartidas en el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de junio de 2012.
Este documento presenta una introducción al análisis forense de dispositivos móviles. Explica que el crecimiento de la tecnología móvil ha llevado a usos fraudulentos que requieren análisis forense siguiendo buenas prácticas de preservación de información y métodos de análisis. También describe los principales desafíos del análisis forense de dispositivos móviles como la diversidad de modelos y tecnologías, y la necesidad de herramientas de software especializadas. Finalmente, resume los pas
Charla: Análisis Forense de Dispositivos Android, impartida por Antonio Díaz de Informática 64 para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012. Diapositivas 2/3
Charla: Análisis Forense de Dispositivos Android, impartida por Antonio Díaz de Informática 64 para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012. Diapositivas 1/3.
Charla: Análisis Forense de Dispositivos iOS, impartida por Juan M. Aguayo de Informática 64 para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Charla: Arquitectura, aplicaciones y seguridad en iOS, impartida por Juan M. Aguayo de Informática 64 para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Jailbreak y rooting más allá de los límites del dispositivoEventos Creativos
Charla: Jailbreak y rooting: más allá de los límites del dispositivo, impartida por Juan M. Aguayo de Informática 64 para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Charla: iOS en entorno corporativo, impartida por Juan M. Aguayo de Informática 64 para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Charla: Análisis Forense de tarjeta SIM, smartcards, etc., impartida por Juan M. Aguayo de Informática 64 para el curso de Especialización de Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Charla: Lo que las Apps esconden, impartida por Simón Roses de Vulnex para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Charla: Firma biométrica de dispositivos móviles, impartida por Rames Sarwat de SmartAccess para el curso de Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
Charla: NFC en móviles, impartida por Jesús González en el curso Especialización en Dispositivos Móviles que tuvo lugar en la Facultad de Informática de la Universidad de A Coruña del 20 al 22 de Junio de 2012.
El documento habla sobre el fraude en dispositivos móviles. Explica que los móviles se están convirtiendo en el centro de una sociedad hiperconectada y que esto los hace blanco de ataques maliciosos. Detalla varios vectores de ataque como malware, aplicaciones fraudulentas, ingeniería social, y robo de tokens de autenticación uno-tiempo. El documento también cubre los perjuicios que estos ataques pueden causar a usuarios, operadores, y terceros.
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
7. Familias de Storage de D-Link
DSN-6000 series
12 x SAS/SATA drive bays
Gran empresa Redundant controllers
Scalable
NAS & SAN
Mediana
Empresa
DNS-1550-04
1U 4-bay Rack DSN-1100
5-Bay Desktop
DNS-1100-04
4-Bay SMB
SAN
DSN-2000/3000 Series
Storage Single Controller
Micro/SMB SATA Drives
DNS-1200-05
5-Bay SMB NAS
ShareCenter Shadow
ShareCenter Solo
DNS-325
DNS-313
NAS
DNS-315
SOHO/ ShareCenter Pulse
DNS-320
Consumer
Capacity and Performance
8. Valor en Almacenamiento SAN
DSN-3200-10 / DSN-3400-10
•ƒ ƒ ƒ DSN-3200: 8 x 1GbE Port
•DSN:3400: 1 x 10GbE Port
•Handles Over 80,000 I/Os per Second
•ƒ ƒ ƒ Battery Protected Cache Memory: Up to
•4GB
•ƒ ƒ ƒ System Memory: Up to 512MB
•ƒ ƒ ƒ 15 Hot-Swap SATA Hard Drive Bays DSN-6600
15-BAY •ƒ ƒ ƒ 15TB Capacity with 1TB Hard Drives ƒ ƒ Dual Redundant Controller Solutions
•(Supports higher capacity drives as they Host connectivity
•are introduced) 8 x 1GbE ports (DSN-6120)
•ƒ ƒ ƒ SATA-II Support 4 x 10GbE ports (DSN-6420)
•ƒ ƒ ƒ 760 Watt Redundant Power Supply Disk connectivity
•ƒ ƒ ƒ Industry Standard 3U 19-inch Chassis 12 hot-swap drive bays supporting
4-Bay
(SAS and SATA II drives)
-Bay
DSN-2100-10 Performance:
DSN-6120: 900 MB/Sec 200,000 IOPS
ƒ ƒ 4 x 1GbE
DSN-6420: 1300 MB/Sec 220,000 IOPS
Handles Over 80,000 I/Os per Second
Cache Memory
•ƒ ƒ ƒ Battery Protected Cache Memory: Up to
8 -BAY 4GB
4GB standard
Battery backup – 72 hours
•System Memory: Up to 512MB
Dual Redundant hot swappable 500W PS
•8 Hot-Swap SATA Hard Drive Bays
•8TB Capacity with 1TB Hard Drives
(Supports higher capacity drives as they
are introduced)
•SATA-II Support
DSN-1100-10 •400 Watt Redundant Power Supply
ƒ ƒ 4 x 1GbE •Industry Standard 2U 19-inch Chassis
Handles Over 80,000 I/Os per Second
11-Bay
5 -BAY •ƒ ƒ ƒ Battery Protected Cache Memory: Up to
1GB
Bay
•System Memory: Up to 512MB
•5 Hot-Swap SATA Hard Drive Bays
•5TB Capacity with 1TB Hard Drives
(Supports higher capacity drives as they
are introduced)
•SATA-II Support
•200 Watt Power Supply
Q2/ 2010 Q3/ 2010 Q2/ 2011
9. D-Link IP-SAN Storage Solutions
D-Link Flexible Storage Architecture
Unified Small/Mid-size Enterprise
NAS & SAN
Workgroup
Entry-Level DSN-6000
DSN-1100-04
• 2U/12 Bay Hot-Swap
DNS-1200-05 • SAS and SATA-II
DNS-1550-04 • 3U-15 Bay Hot- HDD
Swap SATA-II HDD • Up to 8 x 1 GbE or 4
• 1 x 10GbE
Price
• 3U-15 Bay Hot-Swap x 10 GbE Ports
• Over 80k I/Os per • 200k I/Os per Sec
SATA-II HDD Sec
• 8 x 1GbE • ƒ ƒ ƒ Battery
• ƒ ƒ ƒ Battery Protected 4GB Cache
• Over 80k I/Os per Protected Cache
• 2U - 8 Bay Hot-Swap Sec Memory
Memory: Up to 4GB • 120 TB Capacity with
SATA-II HDD • ƒ ƒ ƒ Battery • 30 TB Capacity with 2TB HDDs
• 4 x 1GbE Protected Cache 2TB HDDSs • 1000 Watt (N+1)
• Over 80k I/Os per Memory: Up to 4GB • 760 Watt (N+1) Power Supply
Sec • 30TB Capacity with
• 5 Hot-Swap SATA-II Power Supply
• ƒ ƒ ƒ Battery 2TB HDDSs
HDD Drive Bays (10TB) Protected Cache • 760 Watt (N+1)
• 4 x 1GbE Memory: Up to 4GB Power Supply
• Over 80k I/Os per Sec • 16TB Capacity with Fully redundant
• ƒ ƒ ƒ Battery Protected 2TB HDDSs
Cache Memory: Up to • 400 Watt (N+1)
Single SAS & SATA drives
1GB Power Supply controller Expandable to 60
• 5TB Capacity with 1TB drives
HDDSs SATA drives
• 200 Watt Power Supply
Fixed
capacity
11. Valor en conmutación
Gama completa de conmutación
10/100, Giga y 10G
Soluciones PoE
L2/3/4
D-Link Green
Apilamiento físico
Redundancia
Alta disponibilidad
IPV6
17. Seguridad en Wireless Enterprise
Branch office Med-to Large Enterprise Large Enterprise
(6~24 APs) (48~64 APs) (256~512 APs)
DGS-3460 (TBD)
•Max. 24-64 APs per switch
•Max. 96-256 APs per peer group
DGS-3160 (Q2, 2011)
•Max. 12/24 APs per switch DGS-3660 (Q4, 2011)
•Max. 48/96 APs per peer group •Max. 256-512 APs per switch
•Max. 2048-4096 APs per peer group
Feature DWS-4026
•Support 64 APs per switch
•Support 256 APs per peer group
DWS-3024L DWS-3024/ 3026
•Max. 24 APs per switch •Support 48 APs per switch
•Max. 96 APs per peer group Available
•Support 192 APs per peer group
In Development
In Plan
Price
Unified Switch=Wireless Controller + L2/L3 (PoE) Switch
18. Seguridad en Wireless Enterprise
DWS-3024L, DWS-3024/3026 support DWL-3500AP/8500AP/8600AP
DWS-4026, DGS-3160/3460/3660, DWC-1000 support DWL-8600AP/6600AP/3600AP
DWL-8600AP
DWL-8500AP •802.11n Dual band
•802.11 a/b/g with PoE with PoE
•Plenum Chassis •Plenum Chassis
Price DWL-6600AP
(3Q, 2011)
•802.11 n Dual
band with PoE
•Plenum Chassis
DWL-3600AP
(2Q, 2011)
•802.11 n Single
DWL-3500AP band with PoE Available
•802.11b/g with PoE •Plenum Chassis In Development
•Plenum Chassis
In Plan
802.11 b/g 802.11 a/b/g 802.11 n
20. Valor en Servicios: DAS
Servicios Avanzados de Pago para productos Business Solutions
de D-Link
• Simplified Value proposition for the channel
Servicios Profesionales Onsite
• 3 Niveles diferentes de Servicio:
• 24 x7x4
• 9x5x4
• 9x5xNBD
• Servicios disponibles en contratos de 1 y 3 años
Servicio de Extensión de Garantía de 3 años
Servicios de Instalación y configuración disponibles bajo
demanda y por proyecto.
* Todos los servicios cuentan con soporte telefónico en español.
* Garantía limitada de por vida en el 80% de los equipos B.S
22. Formación a medida..
Webinars semanales impartidos por D-Link ( técnicos y
comerciales)
Formación e-Learning
D-Link Academy ( Impartida por Inf64 )
Canal : Si te has perdido algún Webinar, podrás
encontrarlo aquí.
Formaciones a medida