Docker is the new kool kid in town. This presentation covers some of the common goof-ups and what should be kept in mind when dealing with docker configurations.
Download the Vulnerable Docker VM : https://www.notsosecure.com/vulnerable-docker-vm/
IPv6 is slowly making its way into our environments and we need to be aware of how it impacts the systems we manage. This presentation takes us through a basic review of the protocol from a pentesters perspective
Password cracking is a staple part of any pentest. This presentation dives into custom hashcat rules and analysis to yield better results when cracking, then follows up with cracking length limitations imposed by hardware.
Open Source Software - Please Drink ResponsiblyDaniel Sauble
Open Source Software (OSS) has many benefits, but in recent years we've seen an increase in the number of attacks on applications through their OSS dependencies. I present five principles to help you use OSS safely, as well as a collection of tools to help you apply these principles in your own software supply chain. I put a special emphasis on automation, because the weakest part of even the most secure system is the humans that operate it.
Containing the Gear: Deep Dive on SELinux, Multi-tenancy, Containers & Security with Dan Walsh
Presenter: Dan Walsh
In this talk, Dan will do a deep dive into the Origin PaaS use of SELinux and containerization. He will discuss how SELinux being utilized to ensure that Origin is the the most secure PAAS available today. He will address some of his ideas for the future of Origin and SELinux.
From 2013-04-14 OpenShift Origin Community Day in Portland, Oregon
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
Many free security testing tools are available, but finding ones that meet your needs and work in your environment can involve substantial time and effort. Especially when you are just starting out with security testing, finding reputable tools that do what you need is not easy. And installing them correctly just to evaluate them can be prohibitively time consuming. Kali Linux is a free Linux distribution with hundreds of security testing and auditing tools installed. Gene Gotimer gives an overview of Kali Linux, ways to effectively use it, and a survey of the tools available. Although Kali Linux is primarily intended for professional penetration testers, it provides great convenience and value to developers and software testers who may be getting started in security testing. Gene demonstrates some of the simplest tools to help jumpstart your web application security testing practices.
IPv6 is slowly making its way into our environments and we need to be aware of how it impacts the systems we manage. This presentation takes us through a basic review of the protocol from a pentesters perspective
Password cracking is a staple part of any pentest. This presentation dives into custom hashcat rules and analysis to yield better results when cracking, then follows up with cracking length limitations imposed by hardware.
Open Source Software - Please Drink ResponsiblyDaniel Sauble
Open Source Software (OSS) has many benefits, but in recent years we've seen an increase in the number of attacks on applications through their OSS dependencies. I present five principles to help you use OSS safely, as well as a collection of tools to help you apply these principles in your own software supply chain. I put a special emphasis on automation, because the weakest part of even the most secure system is the humans that operate it.
Containing the Gear: Deep Dive on SELinux, Multi-tenancy, Containers & Security with Dan Walsh
Presenter: Dan Walsh
In this talk, Dan will do a deep dive into the Origin PaaS use of SELinux and containerization. He will discuss how SELinux being utilized to ensure that Origin is the the most secure PAAS available today. He will address some of his ideas for the future of Origin and SELinux.
From 2013-04-14 OpenShift Origin Community Day in Portland, Oregon
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
Many free security testing tools are available, but finding ones that meet your needs and work in your environment can involve substantial time and effort. Especially when you are just starting out with security testing, finding reputable tools that do what you need is not easy. And installing them correctly just to evaluate them can be prohibitively time consuming. Kali Linux is a free Linux distribution with hundreds of security testing and auditing tools installed. Gene Gotimer gives an overview of Kali Linux, ways to effectively use it, and a survey of the tools available. Although Kali Linux is primarily intended for professional penetration testers, it provides great convenience and value to developers and software testers who may be getting started in security testing. Gene demonstrates some of the simplest tools to help jumpstart your web application security testing practices.
Buffer overflow exploitation without operating system protections is a well understood subject. But how does one achieve the same results with all protections enabled (N/X, ASLR, …). Hint: re-use what the vulnerable binary offers you.
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
Incident response is generally predicated on the ability to examine a system post-breach, pull memory dumps, file system artifacts, system logs, etc. But what happens when that system was part of a fleet of containers? How do you pull a memory dump from an ephemeral container? How do you do forensics when the container and the host that ran the container have been gone for days? Even assuming you catch an intrusion while it's ongoing, how do you respond effectively if you can't access the systems in question because they are read-only, no SSH access? Coinbase has spent the last year attacking these challenges in a AWS-based, immutable and fully containerized infrastructure that stores over a billion dollars of digital currency. Come see how we do it.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Linux container (LXC) seems to be preferred technology for deployment of Platform as a service (PaaS) in cloud. Partly because it's easy to install on top of existing visualization platforms (KVM, VMware, VirtualBox), partly because it is lightweight solution to provide separation and process allocations between separate containers running under single kernel.
In this talk we will take a look at LXC and try to explain how to combine it with mandatory access control (MAC) mechanisms within Linux kernel to provide secure separation between different users of applications.
Apache HttpD Web Server - Hardening and other Security ConsiderationsAndrew Carr
This talk discusses methods of testing security robustness of your apache setup and common methods of securing your Apache Web server, OpenSSL instance, and Php settings. The slides are lacking, this is given as part of a talk, and I hope to upload a youtube video of that at a later date.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)NGINX, Inc.
On demand recording: nginx.com/watch-on-demand/?id=modsecurity-and-nginx-tuning-the-owasp-core-rule-set
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Docker Concepts for Oracle/MySQL DBAs and DevOpsZohar Elkayam
Oracle Week 2017 Slides
Agenda:
Docker overview – why do we even need containers?
Installing Docker and getting started
Images and Containers
Docker Networks
Docker Storage and Volumes
Oracle and Docker
Docker tools, GUI and Swarm
Buffer overflow exploitation without operating system protections is a well understood subject. But how does one achieve the same results with all protections enabled (N/X, ASLR, …). Hint: re-use what the vulnerable binary offers you.
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
Incident response is generally predicated on the ability to examine a system post-breach, pull memory dumps, file system artifacts, system logs, etc. But what happens when that system was part of a fleet of containers? How do you pull a memory dump from an ephemeral container? How do you do forensics when the container and the host that ran the container have been gone for days? Even assuming you catch an intrusion while it's ongoing, how do you respond effectively if you can't access the systems in question because they are read-only, no SSH access? Coinbase has spent the last year attacking these challenges in a AWS-based, immutable and fully containerized infrastructure that stores over a billion dollars of digital currency. Come see how we do it.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
Linux container (LXC) seems to be preferred technology for deployment of Platform as a service (PaaS) in cloud. Partly because it's easy to install on top of existing visualization platforms (KVM, VMware, VirtualBox), partly because it is lightweight solution to provide separation and process allocations between separate containers running under single kernel.
In this talk we will take a look at LXC and try to explain how to combine it with mandatory access control (MAC) mechanisms within Linux kernel to provide secure separation between different users of applications.
Apache HttpD Web Server - Hardening and other Security ConsiderationsAndrew Carr
This talk discusses methods of testing security robustness of your apache setup and common methods of securing your Apache Web server, OpenSSL instance, and Php settings. The slides are lacking, this is given as part of a talk, and I hope to upload a youtube video of that at a later date.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)NGINX, Inc.
On demand recording: nginx.com/watch-on-demand/?id=modsecurity-and-nginx-tuning-the-owasp-core-rule-set
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Docker Concepts for Oracle/MySQL DBAs and DevOpsZohar Elkayam
Oracle Week 2017 Slides
Agenda:
Docker overview – why do we even need containers?
Installing Docker and getting started
Images and Containers
Docker Networks
Docker Storage and Volumes
Oracle and Docker
Docker tools, GUI and Swarm
Introducing resinOS: An Operating System Tailored for Containers and Built fo...Balena
This presentation, from the Embedded Linux Conference Europe in October 2016, discusses how resinOS was built, highlights some of its key features, and shares a roadmap for future development and contribution.
resinOS is the latest open-source tool built by resin.io to enable the future of hardware with the tools of modern software. resinOS is a simple yet powerful operating system that brings standard Docker containers to embedded devices and works on a wide variety of device types and architectures. resinOS was born from the team’s experience deploying embedded containers across device types and has been battle-tested in production environments.
You can download resinOS at https://resinos.io
Wonder how you can make your testing more efficient? Join Glenn Buckholz as he explores Docker, a technology that allows rapid development and deployment via containers. First, he explains exactly what composes a container, and discusses the differences between a container and an image. Once this is clear, Glenn demonstrates how Docker solves the problem of what he calls the state capture problem. When a test case produces a failure, the developer and testers often expend significant effort reproducing the issue so the developer can see the issue and fix it. Glenn demonstrates how Docker enables succinct, accurate, and quick communication between testers and developers, helping mitigate the state capture problem. In addition, testers can use Docker to load data, efficiently insert testing tools into a running system, set system state, and aid in test reproducibility. After you look at the inner workings of Docker and run through a few practical examples, you’ll find that Docker will hold an important place in your testing toolbox.
Microservices with Terraform, Docker and the Cloud. JavaOne 2017 2017-10-02Derek Ashmore
Much has been written about how to write Microservices, but not enough about how to effectively deploy and manage them. Microservices architecture multiplies the number of deployables IT has to manage by at least 10x. In that world, tooling to manage cloud deployments and related infrastructure becames essential for success. Terraform and Docker are increasingly being leveraged to facilitate microservice environments. Terraform has become becoming the leading coding framework for building and managing change in cloud environments.
Attendees will learn best practices for deploying and managing microservices in production. We will leverage true "infrastructure as code" using Terraform. That code is easily re-used and make changes easy. That code makes it easy to deploy and scale software including Docker images. You will learn not only how to establish that environment initially, but how changes can be effectively managed. I'll cover best practices and common mistakes along the way. AWS will be used as the cloud provider, but Terraform operates seamlessly on other cloud environments as well.
This session is targeted at architects and team leads. This session is intended to be platform-generic.
This slide deck describes some of the best practices found when running Oracle Database inside a Docker container. Those best practices are general observations collected over time and may not reflect your actual environment or current situation.
An overview on docker and container technology behind it. Lastly, we discuss few tools that might come handy when dealing with large number of containers management.
Webinar by ZNetLive & Plesk- Winning the Game for WebOps and DevOps ZNetLive
This webinar presentation illustrates everything that the experts of Plesk & ZNetLive discussed about the opportunities in WebOps and DevOps market along with new features of ZNetLive's Managed WordPress hosting and Cloud VPS, both powered by Plesk Onyx.
To know more, visit- https://www.znetlive.com/
Leveraging Docker for Hadoop build automation and Big Data stack provisioningDataWorks Summit
Apache Bigtop as an open source Hadoop distribution, focuses on developing packaging, testing and deployment solutions that help infrastructure engineers to build up their own customized big data platform as easy as possible. However, packages deployed in production require a solid CI testing framework to ensure its quality. Numbers of Hadoop component must be ensured to work perfectly together as well. In this presentation, we'll talk about how Bigtop deliver its containerized CI framework which can be directly replicated by Bigtop users. The core revolution here are the newly developed Docker Provisioner that leveraged Docker for Hadoop deployment and Docker Sandbox for developer to quickly start a big data stack. The content of this talk includes the containerized CI framework, technical detail of Docker Provisioner and Docker Sandbox, a hierarchy of docker images we designed, and several components we developed such as Bigtop Toolchain to achieve build automation.
This presentation covers how to dockerize an Oracle Database single instance environment using the publicly available and fully open source GitHub build files. It covers what Docker is, how to install docker-engine on top of Oracle Linux, how to build an Oracle Database Docker image and how to run an Oracle Database inside Docker.
It will then follow on with some tips and tricks for building the Docker image as well as running Oracle databases inside Docker containers
Parallelizing CI using Docker Swarm-ModeAkihiro Suda
Presented at Open Source Summit Japan (http://sched.co/AOmo)
- - -
Slowness of CI is a critical issue in software development, because it discourages engineers from writing tests, and hence deteriorates the quality of the product.
In this presentation, Akihiro Suda will talk about how to accelerate CI by executing test functions in parallel, across a Docker Swarm-mode cluster.
One of the major challenges was the nonuniformity of the makespan. e.g. some chunk of test functions can take 30 minutes, some chunk can take just 10 seconds...
So, he mitigates such a nonuniformity by randomizing the composition of chunks of test functions.
As a result, for example, the integration test of Docker itself that had taken more than 80 minutes can be finished in 4 minutes, with 10 Docker Swarm-mode nodes.
This hack can be easily applied to CI of other software as well.
Webinar: End-to-End CI/CD with GitLab and DC/OSMesosphere Inc.
Seven years ago, Apache Mesos was born as a platform to bring the distributed computing capabilities that powered the largest digital companies to the masses. Today, Mesosphere DC/OS technologies power more containers in production than any other software stack in the world, and has emerged as the premier platform for building and elastically scaling data-rich, modern applications and the associated CI/CD infrastructure across any infrastructure, public or private.
GitLab is an end-to-end software development and delivery platform with built-in CI/CD, monitoring, and performance metrics. With a unified experience for every step of the development lifecycle and seamless integration with container schedulers, GitLab provides the most efficient approach to reduce cycle time, increase velocity, and improve software quality.
In this webinar, you will learn how to combine DC/OS and GitLab to easily build a CI/CD infrastructure and build a complete CI/CD pipeline in minutes.
Slides cover:
1. An introduction to Apache Mesos and Mesosphere DC/OS and overview of DC/OS features and capabilities for developing, deploying, and operating containerized applications, microservices and CI/CD
2. An introduction to GitLab
3. How to use DC/OS and GitLab to build a CI/CD solution and go from idea to production
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.