This presentation was delivered at the SANS CTI Summit in Washington, DC on February 3, 2015. Created and delivered by Matt Jonkman, the CTO and founder of Emerging Threats.
Going on an HTTP Diet: Front-End Web PerformanceAdam Norwood
Is your web site or web app feeling sluggish? Getting tired of watching your pages slowly render, the long seconds ticking away before your snazzy jQuery doohickey even has a chance to fire? Chances are it’s not that slow bit of code or that clunky database behind the scenes that’s to blame – 80% of the time spent loading most web pages is on the client side! At this talk, we’ll take a look at some of the easiest low-hanging fruit you can go after to help speed up web performance on the front end, from slimming down the size of content to optimizing HTTP requests, and more.
Oleh Zasadnyy "Progressive Web Apps: line between web and native apps become ...IT Event
Over the years developers were used to thing that web is not user-friendly, performance efficient and powerful as native apps. But things have been changed so far; now you can build offline applications with notifications, Bluetooth and camera access and so on. Web development is great again.
- Quick startup - I will show how to prioritize content loading in the application to show users meaningful pixels as soon as possible
- Progressive enhancement - I will encourage you to use maximum of the platform but still support earlier browsers
- Offline application - here I will explain how you can easily make your web application working offline
- Push Notifications - one of the best way to increase conversion of your application and now it's possible on the web. I am going to show how to do it right with few steps.
- Experimental APIs - I will show how to sign in once on all your devices with Credential API, use native share menu and make payments in few clicks
Rails security: above and beyond the defaultsMatias Korhonen
In a world with increasingly sophisticated adversaries employing both targeted and automated attacks, what can we do to keep our users and our web apps safe?
While Rails provides pretty decent security options straight out of the box, we can go further and make attacks more difficult to accomplish.
For example, why and how to implement a Content Security Policy. Should you use HTTP Public Key Pinning? How do you know if you've configured HTTPS correctly?
Going on an HTTP Diet: Front-End Web PerformanceAdam Norwood
Is your web site or web app feeling sluggish? Getting tired of watching your pages slowly render, the long seconds ticking away before your snazzy jQuery doohickey even has a chance to fire? Chances are it’s not that slow bit of code or that clunky database behind the scenes that’s to blame – 80% of the time spent loading most web pages is on the client side! At this talk, we’ll take a look at some of the easiest low-hanging fruit you can go after to help speed up web performance on the front end, from slimming down the size of content to optimizing HTTP requests, and more.
Oleh Zasadnyy "Progressive Web Apps: line between web and native apps become ...IT Event
Over the years developers were used to thing that web is not user-friendly, performance efficient and powerful as native apps. But things have been changed so far; now you can build offline applications with notifications, Bluetooth and camera access and so on. Web development is great again.
- Quick startup - I will show how to prioritize content loading in the application to show users meaningful pixels as soon as possible
- Progressive enhancement - I will encourage you to use maximum of the platform but still support earlier browsers
- Offline application - here I will explain how you can easily make your web application working offline
- Push Notifications - one of the best way to increase conversion of your application and now it's possible on the web. I am going to show how to do it right with few steps.
- Experimental APIs - I will show how to sign in once on all your devices with Credential API, use native share menu and make payments in few clicks
Rails security: above and beyond the defaultsMatias Korhonen
In a world with increasingly sophisticated adversaries employing both targeted and automated attacks, what can we do to keep our users and our web apps safe?
While Rails provides pretty decent security options straight out of the box, we can go further and make attacks more difficult to accomplish.
For example, why and how to implement a Content Security Policy. Should you use HTTP Public Key Pinning? How do you know if you've configured HTTPS correctly?
In this one hour tutorial Simon Collison will demonstrate why convention, order and understanding are vital to web design and development teams. He'll give insights into how Erskine approach projects and will help attendees explore ways of creating and evolving their own "Ultimate Package".
Why conventions are essential for successful web projects. How Erskine approach HTML, CSS & JavaScript in their own projects. What to consider when developing your own "Ultimate Package".
Walkthrough of the OCCI specification - for more information, a copy of the slides & transcript go to http://www.occi-wg.org for more information and contact details.
Turbocharge your development efforts your with a "hands on" introduction to quickly building apps using the MongoDB database as a service offering known as Atlas and the serverless / REST based application development environment known as Stitch. We'll begin with a brief introduction to MongoDB, Atlas, and Stitch. You will learn about 3 real world examples of two day prototypes and rapid production cycles. You will then create your own free MongoDB Atlas database as a service cluster. Then you will write your first Stitch application to put data into your database and query data out of it. You will learn how to enhance your application with serverless stitch functions and triggers. At the end of the 90 minute session you will have a hands on experience and good grasp of how to write custom serverless applications with MongoDB.
"Mobile themes for Wordpress, QR codes, and custom shortURLs". Delivered by Chris Traganos, Web Developer at Harvard Public Affairs & Communications, on May 18th, 2010 at Lamont Library, Forum Room.
HTML5 and CSS3 Techniques You Can Use TodayTodd Anglin
As more browsers deliver rich support for the next generation of standards-based web development, new techniques are enabling web developers to design with unprecedented levels of control. In this session, you’ll learn practical HTML5 and CSS3 techniques that you can use in any web project today. Learn how to easily add drop shadows to HTML objects, how to quickly create rounded corners, how to use custom fonts, and even how to animate with CSS. All techniques will be demonstrated with special attention to cross-browser support and tips for supporting older browsers.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
More Related Content
Similar to Emerging threats jonkman_sans_cti_summit_2015
In this one hour tutorial Simon Collison will demonstrate why convention, order and understanding are vital to web design and development teams. He'll give insights into how Erskine approach projects and will help attendees explore ways of creating and evolving their own "Ultimate Package".
Why conventions are essential for successful web projects. How Erskine approach HTML, CSS & JavaScript in their own projects. What to consider when developing your own "Ultimate Package".
Walkthrough of the OCCI specification - for more information, a copy of the slides & transcript go to http://www.occi-wg.org for more information and contact details.
Turbocharge your development efforts your with a "hands on" introduction to quickly building apps using the MongoDB database as a service offering known as Atlas and the serverless / REST based application development environment known as Stitch. We'll begin with a brief introduction to MongoDB, Atlas, and Stitch. You will learn about 3 real world examples of two day prototypes and rapid production cycles. You will then create your own free MongoDB Atlas database as a service cluster. Then you will write your first Stitch application to put data into your database and query data out of it. You will learn how to enhance your application with serverless stitch functions and triggers. At the end of the 90 minute session you will have a hands on experience and good grasp of how to write custom serverless applications with MongoDB.
"Mobile themes for Wordpress, QR codes, and custom shortURLs". Delivered by Chris Traganos, Web Developer at Harvard Public Affairs & Communications, on May 18th, 2010 at Lamont Library, Forum Room.
HTML5 and CSS3 Techniques You Can Use TodayTodd Anglin
As more browsers deliver rich support for the next generation of standards-based web development, new techniques are enabling web developers to design with unprecedented levels of control. In this session, you’ll learn practical HTML5 and CSS3 techniques that you can use in any web project today. Learn how to easily add drop shadows to HTML objects, how to quickly create rounded corners, how to use custom fonts, and even how to animate with CSS. All techniques will be demonstrated with special attention to cross-browser support and tips for supporting older browsers.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. 2
CONFIDENTIAL
● 13+ year old open IDS community
● ET-Open IDS rules for Snort and Suricata
● ETPro Commercial rules
● IP and DNS reputation feeds
● Query Portal
3. CONFIDENTIAL
Powering Network Defense Solutions Worldwide
• Installed in 10,000s of IDS/IPS sensors globally
• International staff of top threat researchers
• Trusted for timely, accurate, comprehensive threat intelligence
3
• HQ in Indianapolis, IN
• Originally founded as open
source community in 2003
• Industry-leading cyber threat
intelligence services
• ETPro™ Ruleset
• IQRisk™ Rep List
• IQRisk™ Query
• 500+ customers in over 40
countries worldwide
4. 4
● The Problem: Malware, Kits, Zombies →
● How to APPLY data
● Suricata + Kibana + ETOpen + Rep Feeds
Agenda
21. <!-- k7a63YKrBr5NBnpY --><html><head><meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>C# Tutorial: GDI Drawing with Pen and Brush</title>
<LINK REL=StyleSheet HREF="default-1.css" tppabs="http://csharpcomputing.com/Tutorials/default.css" type="text/css">
</head><body>
<p> <a href="Lesson14.htm" tppabs="http://csharpcomputing.com/Tutorials/Lesson14.htm"><img border="0" src="PreviousArrow.gif"
tppabs="http://csharpcomputing.com/images/PreviousArrow.gif" width="26" height="26"></a>
<a href="index.htm" tppabs="http://csharpcomputing.com/Tutorials/index.htm"><img border="0" src="TOCIcon.gif"
tppabs="http://csharpcomputing.com/images/TOCIcon.gif" width="26" height="26"></a>
<a href="Lesson16.htm" tppabs="http://csharpcomputing.com/Tutorials/Lesson16.htm"><img border="0" src="NextArrow.gif"
tppabs="http://csharpcomputing.com/images/NextArrow.gif" width="26" height="26"></a></p>
<p><img border="0" src="blueline.gif" tppabs="http://csharpcomputing.com/images/blueline.gif" width="550" height="8"></p>
<h1>C# Tutorial, Lesson 15: Drawing with Pen and Brush.<br>
</h1>
<!-- {/*jgJ-.J} -->
<p>In this lesson I would like to introduce the Pen and the Brush objects. These objects are members of GDI+ library.
GDI+ or GDI.NET is a graphics library that lets you draw on a form. Prior to
.NET, C programmers were using GDI library to create breathtaking graphics.
GDI.NET is in fact just a wrapper for GDI. GDI+ is a great platform for
moderately complicated static graphs. However, it tends to be slow for moving
images and not sophisticated enough for 3 dimensional graphics. On Windows NT
platforms, GDI+ as well as GDI do not perform very well. The problem lies in the
way GDI/GDI+ runs. Windows NT architecture accepts user input in so called user
context and access graphics devices in system context. When GDI/GDI+ application
runs on Windows NT based machine, it has to constantly wait for these context
switches to occur. This makes GDI/GDI+ applications too slow for video game
programming and fancy 3 D graphics. Microsoft recently released a highly
optimized graphics platform - Managed DirectX which I will cover in a separate
tutorial.</p>
<script type="text/javascript"
src="show_ads.js" tppabs="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<p>The
22. <!-- k7a63YKrBr5NBnpY --><html><head><meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>C# Tutorial: GDI Drawing with Pen and Brush</title>
<LINK REL=StyleSheet HREF="default-1.css" tppabs="http://csharpcomputing.com/Tutorials/default.css" type="text/css">
</head><body>
<p> <a href="Lesson14.htm" tppabs="http://csharpcomputing.com/Tutorials/Lesson14.htm"><img border="0" src="PreviousArrow.gif"
tppabs="http://csharpcomputing.com/images/PreviousArrow.gif" width="26" height="26"></a>
<a href="index.htm" tppabs="http://csharpcomputing.com/Tutorials/index.htm"><img border="0" src="TOCIcon.gif"
tppabs="http://csharpcomputing.com/images/TOCIcon.gif" width="26" height="26"></a>
<a href="Lesson16.htm" tppabs="http://csharpcomputing.com/Tutorials/Lesson16.htm"><img border="0" src="NextArrow.gif"
tppabs="http://csharpcomputing.com/images/NextArrow.gif" width="26" height="26"></a></p>
<p><img border="0" src="blueline.gif" tppabs="http://csharpcomputing.com/images/blueline.gif" width="550" height="8"></p>
<h1>C# Tutorial, Lesson 15: Drawing with Pen and Brush.<br>
</h1>
<!-- {/*jgJ-.J} -->
<p>In this lesson I would like to introduce the Pen and the Brush objects. These objects are members of GDI+ library.
GDI+ or GDI.NET is a graphics library that lets you draw on a form. Prior to
.NET, C programmers were using GDI library to create breathtaking graphics.
GDI.NET is in fact just a wrapper for GDI. GDI+ is a great platform for
moderately complicated static graphs. However, it tends to be slow for moving
images and not sophisticated enough for 3 dimensional graphics. On Windows NT
platforms, GDI+ as well as GDI do not perform very well. The problem lies in the
way GDI/GDI+ runs. Windows NT architecture accepts user input in so called user
context and access graphics devices in system context. When GDI/GDI+ application
runs on Windows NT based machine, it has to constantly wait for these context
switches to occur. This makes GDI/GDI+ applications too slow for video game
programming and fancy 3 D graphics. Microsoft recently released a highly
optimized graphics platform - Managed DirectX which I will cover in a separate
tutorial.</p>
<script type="text/javascript"
src="show_ads.js" tppabs="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<p>The
34. Suricata – Cost-effective IDS
• Open-source IDPS
• Developed by the OISF
• First beta introduced in December 2009
• Supported OS
• FreeBSD
• Linux
• UNIX
• Mac OS
• Microsoft Windows
• Licensing and Availability
• GNU General Public License
• www.suricata-ids.org
72. 7
1,CnC,Malware Command and Control Server
2,Bot,Known Infected Bot
3,Spam,Known Spam Source
4,Drop,Drop site for logs or stolen credentials
5,SpywareCnC,Spyware Reporting Server
6,OnlineGaming,Questionable Gaming Site
7,DriveBySrc,Driveby Source
9,ChatServer,POLICY Chat Server
10,TorNode,POLICY Tor Node
13,Compromised,Known compromised or Hostile
15,P2P,P2P Node
16,Proxy,Proxy Host
17,IPCheck,IP Check Services
19,Utility,Known Good Public Utility
20,DDoSTarget,Target of a DDoS
21,Scanner,Host Performing Scanning
23,Brute_Forcer,SSH or other brute forcer
24,FakeAV,Fake AV and AS Products
25,DynDNS,Domain or IP Related to a Dynamic DNS
Entry or Request
26,Undesirable,Undesirable but not illegal
27,AbusedTLD,Abused or free TLD Related
28,SelfSignedSSL,Self Signed SSL or other
suspicious encryption
29,Blackhole,Blackhole or Sinkhole systems
30,RemoteAccessService,GoToMyPC and similar
remote access services
31,P2PCnC,Distributed CnC Nodes
33,Parking,Domain or SEO Parked
34,VPN,VPN Server
35,EXE_Source,Observed serving executables
37,Mobile_CnC,Known CnC for Mobile specific
Family
38,Mobile_Spyware_CnC,Spyware CnC specific
to mobile devices
39,Skype_SuperNode,Observed Skype Bootstrap
or Supernode
40,Bitcoin_Related,Bitcoin Mining and related
41,DDoSAttacker,DDoS Source