Aproveitando a infraestrutura dinâmica disponível por meio de provedores e containers da nuvem, podemos dimensionar como nunca antes. Entretanto, ao aumentar nossa escala, o monitoramento se tornou mais complicado e precisamos ajustar nossa estratégia de monitoramento de acordo. Nesta sessão, aprenda a dimensionar sua estratégia de monitoramento. Mostramos a você como enquadrar suas métricas para determinar quais dados coletar e como interpretá-los. Essa sessão é oferecida pelo parceiro AWS, Datadog.
Henry Ford una vez dijo, “El único verdadero error es áquel del que no aprendemos nada.” Entonces, ¿Cómo podemos aprender más de las fallas de los sistemas? En esta sesión mostramos como usar los datos para mitigar y evitar fallas en el futuro. Esta sesión es presentada a usted, por nuestro socio AWS, Datadog.
Aprovechando la infraestructura dinámica disponible a través de los proveedores de nube y los contenedores, podemos escalar como nunca antes. Sin embargo, al incrementar nuestra escala, el monitoreo se ha vuelto más complicado y por consiguiente, necesitamos ajustar nuestra estrategia de monitoreo. En esta sesión, aprenda cómo escalar su estrategia de monitoreo. Le mostraremos cómo estructurar sus métricas para determinar qué información recolectar y como interpretarla. Esta sesión es presentada a usted, por nuestro Socio AWS, Datadog
Aproveitando a infraestrutura dinâmica disponível por meio de provedores e containers da nuvem, podemos dimensionar como nunca antes. Entretanto, ao aumentar nossa escala, o monitoramento se tornou mais complicado e precisamos ajustar nossa estratégia de monitoramento de acordo. Nesta sessão, aprenda a dimensionar sua estratégia de monitoramento. Mostramos a você como enquadrar suas métricas para determinar quais dados coletar e como interpretá-los. Essa sessão é oferecida pelo parceiro AWS, Datadog.
Henry Ford una vez dijo, “El único verdadero error es áquel del que no aprendemos nada.” Entonces, ¿Cómo podemos aprender más de las fallas de los sistemas? En esta sesión mostramos como usar los datos para mitigar y evitar fallas en el futuro. Esta sesión es presentada a usted, por nuestro socio AWS, Datadog.
Aprovechando la infraestructura dinámica disponible a través de los proveedores de nube y los contenedores, podemos escalar como nunca antes. Sin embargo, al incrementar nuestra escala, el monitoreo se ha vuelto más complicado y por consiguiente, necesitamos ajustar nuestra estrategia de monitoreo. En esta sesión, aprenda cómo escalar su estrategia de monitoreo. Le mostraremos cómo estructurar sus métricas para determinar qué información recolectar y como interpretarla. Esta sesión es presentada a usted, por nuestro Socio AWS, Datadog
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Mickaël Rémond
Here are the slides from my talk at DotScale 2016 conference.
Erlang is a programming language dedicated to building robust and scalable services.
It has matured for many years and finally reached a point where it is one of the secret weapon used by many prominent companies.
To help you understand Erlang, I am going to walk you through old programming concepts that are at the root of Erlang using … A time machine !
Application Form for HEC Recruitment 2016 Apply Online for 133 Management Tra...Priya Jain
The whole acknowledgement regarding HEC Limited jobs 2016 such as vacancies details, essential qualification, salary details, selection process and how to apply are well mentioned below on this page which is being provided by the team of http://www.recruitmentinboxx.com/hec-limited-recruitment/20193/
New base energy news issue 836 dated 24 april 2016Khaled Al Awadi
Greetings,
Attached FYI ( NewBase Special 24 April March 2016 ) , from Hawk Energy Services Dubai . Daily energy news covering the MENA area and related worldwide energy news. In today’s issue you will find news about:-
https://onedrive.live.com/redir?resid=C2FE1124DDC2307A!477&authkey=!AAF8sDELWgNkFGY&ithint=file%2cpdf
• After being grounded for 9 months Solar Impulse takes off from Hawaii to resume flight
• UAE: Adnoc plans to extend ‘mega tender’ scheme
• Egypt: UAE Masdar completes clean energy projects in Egypt
• Bahrain says dependence on oil revenues slashed in 2015
• Tunisia: Independent Resources submits application for extension of Ksar Hadada
• Gabon: Shell eyes $700 million exit from Gabon
• Botswana: Tlou Energy expands gas production testing at its Lesedi CBM Project
• Uganda Will Route Oil Pipeline Via Tanzania Instead of Kenya
• Libya's NOC says eastern govt tried to export 650,000 barrels
• US oil closes up 1.3 pct, ending week with more than 8 pct gain
• Baker Hughes: US Oil Drillers Cut Rigs For 5th Week
• Oversupplied oil market to rebalance by next year, says IEA
we would appreciate your actions to send to all interested parties that you may wish. Also note that if you or your organization wish to include your own article or advert in our circulations, please send it to
khdmohd@hotmail.com or khdmohd@hawkenergy.net
Best Regards.
Khaled Al Awadi
Energy Consultant & NewBase Chairman - Senior Chief Editor
MS & BS Mechanical Engineering (HON), USA
Emarat member since 1990
ASME meme since 1995
Hawk Energy since 201
AGRI MECH is one of the most reputed magazines of the Agriculture Machinery world.
This magazine will be serving among the top manufacturers, dealers,
AGRI MECH is one of the best advertising solutions in targeting all aspects and markets of agriculture when looking for any type of services or farm equipment for sale.
For more details, please contact:
Raji Naqvi
Advertisement Manager
AGRI MECH
+91 80534 35051
rkmedcom@gmail.com
URBACT: Links Project - COMMON SET OF PRINCIPLES AND RECOMMENDATIONSURBACT
Conclusions formulated by the URBACT LINKS partner cities, after a three-years collaboration.
Points are summarized here as an introduction to the subject matter and points of discussion during the project Final Conference organized in Brussels on the 10 of January, 2013.
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Mickaël Rémond
Here are the slides from my talk at DotScale 2016 conference.
Erlang is a programming language dedicated to building robust and scalable services.
It has matured for many years and finally reached a point where it is one of the secret weapon used by many prominent companies.
To help you understand Erlang, I am going to walk you through old programming concepts that are at the root of Erlang using … A time machine !
Application Form for HEC Recruitment 2016 Apply Online for 133 Management Tra...Priya Jain
The whole acknowledgement regarding HEC Limited jobs 2016 such as vacancies details, essential qualification, salary details, selection process and how to apply are well mentioned below on this page which is being provided by the team of http://www.recruitmentinboxx.com/hec-limited-recruitment/20193/
New base energy news issue 836 dated 24 april 2016Khaled Al Awadi
Greetings,
Attached FYI ( NewBase Special 24 April March 2016 ) , from Hawk Energy Services Dubai . Daily energy news covering the MENA area and related worldwide energy news. In today’s issue you will find news about:-
https://onedrive.live.com/redir?resid=C2FE1124DDC2307A!477&authkey=!AAF8sDELWgNkFGY&ithint=file%2cpdf
• After being grounded for 9 months Solar Impulse takes off from Hawaii to resume flight
• UAE: Adnoc plans to extend ‘mega tender’ scheme
• Egypt: UAE Masdar completes clean energy projects in Egypt
• Bahrain says dependence on oil revenues slashed in 2015
• Tunisia: Independent Resources submits application for extension of Ksar Hadada
• Gabon: Shell eyes $700 million exit from Gabon
• Botswana: Tlou Energy expands gas production testing at its Lesedi CBM Project
• Uganda Will Route Oil Pipeline Via Tanzania Instead of Kenya
• Libya's NOC says eastern govt tried to export 650,000 barrels
• US oil closes up 1.3 pct, ending week with more than 8 pct gain
• Baker Hughes: US Oil Drillers Cut Rigs For 5th Week
• Oversupplied oil market to rebalance by next year, says IEA
we would appreciate your actions to send to all interested parties that you may wish. Also note that if you or your organization wish to include your own article or advert in our circulations, please send it to
khdmohd@hotmail.com or khdmohd@hawkenergy.net
Best Regards.
Khaled Al Awadi
Energy Consultant & NewBase Chairman - Senior Chief Editor
MS & BS Mechanical Engineering (HON), USA
Emarat member since 1990
ASME meme since 1995
Hawk Energy since 201
AGRI MECH is one of the most reputed magazines of the Agriculture Machinery world.
This magazine will be serving among the top manufacturers, dealers,
AGRI MECH is one of the best advertising solutions in targeting all aspects and markets of agriculture when looking for any type of services or farm equipment for sale.
For more details, please contact:
Raji Naqvi
Advertisement Manager
AGRI MECH
+91 80534 35051
rkmedcom@gmail.com
URBACT: Links Project - COMMON SET OF PRINCIPLES AND RECOMMENDATIONSURBACT
Conclusions formulated by the URBACT LINKS partner cities, after a three-years collaboration.
Points are summarized here as an introduction to the subject matter and points of discussion during the project Final Conference organized in Brussels on the 10 of January, 2013.
Gene Scriven, Chief Information Security Officer at Sabre Corporation, discussed the biggest threats to today’s enterprises during his presentation at the 2015 Chief Information Officer Leadership Forum in Dallas on March 11. In his presentation, “Top 12 Threats to Enterprise – aka ‘Gene’s Dirty Dozen,’” Scriven pointed out that information security is a major problem for many organizations, but there are several ways that organizations can protect themselves against myriad cyber threats.
Graphs in Action: Slide 3
Under the Hood: What Graphs are and Where They Fit -- Slide 35
Transform Your Data from RDBMS to Graph: A Worked Example -- Jump to slide 82
If last year’s presentation on the SANS 20 felt like more of a rant than a practical application of elite IT knowledge, Ian Trump’s technical track presentation is going to unleash GFI MAX as a security dashboard like nothing you have seen.
The Octopi team has leveraged network scanning and event log checks, and Ian takes the GFI MAX dashboard to a whole new level. MSP’s can take his code and research and immediately apply it to their practices to secure their customers from cyber threats. Dehydrated from the summer information security conferences, Ian will give you the threat intel you need to be on the lookout for in the months ahead.
Besides all the GFI MAX goodness, being part of a live demo to find APT, and seeing Ian link Human Rights, Market Research, Ice, Law, Iggy Azalea, War Ferrets, Christian Studies, Event Auditing, Security Tools, Taylor Swift and How we can all fix the cyber problem into one epic presentation – well, you don’t want to miss this.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
Cybersecurity attorney Shawn Tuma presented on Protecting Your IP: Data Security for Software Technology at Texas Bar CLE's Intellectual Property Law 101 Course for 2017 on February 22, 2017 in Austin, Texas.
Startup Metrics, a love story. All slides of an 6h Lean Analytics workshop.Andreas Klinger
Everything you need to know about Startup Product Metrics.
This is a slideshare exclusive. The full 8hour workshop deck.
#iCatapult Workshop - 2013-08-12
Links:
http://klinger.io/
http://icatapult.co/
Data breaches and security issues plague financial institutions constantly. They are important to safeguard against for the protection of confidential information housed at institutions and for the regulatory exams that expect detailed security plans in place. Douglas Jambor, Vice President and Director of Technology Consulting at Turner & Associates, provides insight into the topic of data breaches and penetration testing. He reviews these security topics, discusses how to implement a plan in the case of a security breach, and how to limit data breach risk exposures to your organization.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
GIDS-2023 A New Hope for 2023? What Developers Must Learn NextSteve Poole
Over the last ten years we’ve seen cybercrime accelerate beyond all comprehension, We’ve seen the growing and relentless impact it has on our society and our economies. It’s taken a long time for the world to act but finally we’re coming together to resist this uniquely 21st century evil.
At the heart of the resistance are developers. Whatever role you have, whatever programming language or software you use - the battle is at your door.
In this session we’ll brief you on the state of the situation and what you can do to be more prepared. We’ll look at the bad guys and how they operate, we’ll examine recent legal and government responses and, most importantly, how the software industry is working together to create the tools, frameworks and education needed to help us all become the developers we need to be.
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Failing well: Managing Risk in High Performance ApplicationsAlison Gianotto
These are the slides from my 2013 Foocamp ignite talk. For more on risk management, please see the blog post I wrote while creating this presentation: http://www.snipe.net/2013/08/failing-well-managing-risk-in-web-applications/
Deck I created for noise to help clients understand what changes with the FB Timeline for business fan pages, how it affects them, and best practices moving forward.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
dotScale 2014
1. Alison Gianotto (aka “snipe”)WHO AM I?
• Former
agency
CTO/CSO
• Security
&
privacy
advocate
• 20
years
in
IT
&
so<ware
development
• Co-‐author
of
a
few
PHP/MySQL
books
• Survivor
of
more
corporate
audits
than
I
care
to
remember
• @snipeyhead
on
TwiJer
1
dotScale
May
2014
-‐
#dotScale
2. IT IS IMPOSSIBLE TO ANTICIPATE
EVERY RISK.
2
dotScale
May
2014
-‐
#dotScale
Srsly.
3. IT IS INAPPROPRIATE TO MITIGATE
EVERY RISK.
3
dotScale
May
2014
-‐
#dotScale
No, Srsly.
4. WHY PEOPLE HACK
4
• To
steal/sell
idenOOes,
credit
card
numbers,
corporate
secrets,
military
secrets
• Fun/Notoriety
• PoliOcal
(“HackOvism”)
• Revenge
• Blackhat
SEO
• ExtorOon/Ransomware
dotScale
May
2014
-‐
#dotScale
5. MEGA BREACHES: RESULTING IN
PERSONAL DETAILS OF >= 10
MILLION IDENTITIES EXPOSED IN AN
INDIVIDUAL INCIDENT.
5
dotScale
May
2014
-‐
#dotScale
6. THERE WERE EIGHT MEGA-
BREACHES IN 2013, COMPARED
WITH ONLY ONE IN 2012.
6
Source:
Symantec
Internet
Security
Threat
Report
2014
::
Volume
19,
Published
April
2014
+700%
dotScale
May
2014
-‐
#dotScale
7. OCT 2013: ADOBE
EXPOSED CUSTOMER DATA, DEBIT/
CREDIT CARD NUMBERS, SOURCE
IMPACTED: 152 MILLION USERS
7
Source:
Symantec
Internet
Security
Threat
Report
2014
::
Volume
19,
Published
April
2014
dotScale
May
2014
-‐
#dotScale
8. DEC 2013: TARGET
EXPOSED CUSTOMER DATA, DEBIT/
CREDIT CARD NUMBERS, PINS
IMPACTED: 110 MILLION USERS
8
Source:
Symantec
Internet
Security
Threat
Report
2014
::
Volume
19,
Published
April
2014
dotScale
May
2014
-‐
#dotScale
9. BREACHGrowth
• credit card info
• birth dates
• government ID numbers
• home addresses
• medical records
• phone numbers
• financial informa9on
• email addresses
• login
• passwords
Data Stolen
9
232
552
0
100
200
300
400
500
600
2011
2013
Iden))es
Stolen
by
Year
(in
Millions)
Source:
Symantec
Internet
Security
Threat
Report
2014
::
Volume
19,
Published
April
2014
dotScale
May
2014
-‐
#dotScale
10. 190,000
464,000
570,000
2011
2012
2013
ATTACKS
10
Source:
Symantec
Internet
Security
Threat
Report
2014
::
Volume
19,
Published
April
2014
Per Day
dotScale
May
2014
-‐
#dotScale
11. SOMETIMES YOUR EFFORTS TO
MITIGATE RISK CAN INCREASE
YOUR ATTACK SURFACE.
11
dotScale
May
2014
-‐
#dotScale
Because THAT’S fair.
12. DEFENSE IN DEPTH PROMISES
12
• MiOgates
single
points
of
failure.
(“Bus
factor”)
• Requires
more
effort
on
the
part
of
the
aJacker,
theoreOcally
exhausOng
aJacker
resources.
Except...
dotScale
May
2014
-‐
#dotScale
13. DEFENSE IN DEPTH CHALLENGES
13
• Larger,
more
complicated
systems
are
harder
to
maintain.
• Can
lead
to
more
cracks
for
bad
guys
to
poke
at
• More
surfaces
that
can
get
be
overlooked
• The
bad
guys
have
nearly
limitless
resources.
We
don’t.
• AJacks
are
commodiOzed
now.
Botnets
for
$2/hour.
dotScale
May
2014
-‐
#dotScale
14. HACKERS ARE NOT YOUR ONLY
PROBLEM.
14
dotScale
May
2014
-‐
#dotScale
Sorry. :(
16. CONFIDENTIALITY IS A SET OF
RULES THAT LIMITS ACCESS TO
INFORMATION
16
dotScale
May
2014
-‐
#dotScale
17. INTEGRITY IS THE ASSURANCE
THAT THE INFORMATION IS
TRUSTWORTHY & ACCURATE.
17
dotScale
May
2014
-‐
#dotScale
18. AVAILABILITY IS A GUARANTEE OF
READY ACCESS TO THE INFO BY
AUTHORIZED PEOPLE.
18
dotScale
May
2014
-‐
#dotScale
19. APPSEC STRATEGY
PICK
TWO
19
ABSOLUTELY
F*CKED
UTTERLY
F*CKED
COMPLETELY
F*CKED
dotScale
May
2014
-‐
#dotScale
20. CREATING A RISK MATRIX
20
• Type
of
resource
• Third-‐Party
• Diagram
ID
• DescripOon
• Triggering
AcOon
• Consequence
of
Failure
• Risk
of
Failure
• Probability
of
Failure
• User
Impact
• Method
used
for
monitoring
this
risk
• Efforts
to
MiOgate
in
Case
of
Failure
• Contact
info
Grab
a
starter
template
here!
hJp://snipe.ly/risk_matrix
dotScale
May
2014
-‐
#dotScale
21. 20 THINGS YOU CAN START
DOING TODAY.
21
Dooo eeeeeet.
dotScale
May
2014
-‐
#dotScale
22. #1. CAPTURE ALL THE FLAGS!
22
dotScale
May
2014
-‐
#dotScale
23. 23
• Strip
specific
messaging
from
login
forms.
• Use
solid
password+salOng
like
bcrypt.
• Implement
brute-‐force
prevenOon
for
all
login
systems.
• Encrypt
everything,
where
feasible.
• Supress
debugging
and
server
informaOon
(language/
framework
versions,
web
server
versions,
stack-‐traces,
etc.)
WHAT DEVS LEARN FROM CTF
dotScale
May
2014
-‐
#dotScale