Представитель одного из самых авторитетных в мире белых хакерских сообществ HackerOne, который присоединится к нам по видеосвязи, коснется разных организационных тонкостей, а также поделится опытом сотрудничества с международными компаниями.
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7Tripwire
In this webinar, we are joined by Tony Sager, Senior VP & Chief Evangelist for the Center for Internet Security (CIS). Tony will be discussing the latest changes to the CIS Controls framework and how they help protect your organization from cyberattacks. In almost every industry, complex organizations are adopting these foundational controls for effective cyber defense.
Attendees will learn about:
• How the CIS Controls align to common security & compliance frameworks
• The underlying principles that drive the success of the CIS Controls
• Why many organizations fail despite utilizing other "advanced" controls
• The available tools that have grown up around the CIS Controls
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
Creating a quality web application is hard. It’s hard to gain customers, it’s hard to build your reputation and it’s hard to keep the costs low. Nevertheless, security is often an afterthought. However… Have you considered the cost of fixing security issues later? What about the reputational damage of a security breach? Are you worried about your customers’ data? We will talk about good security coding practices for web applications and how to apply them early on using some real world examples. We will also help you to think about your website’s vulnerabilities from the view of a hacker.
5 Tips For Preventing Ransomware On Your NetworkNetFort
One of the hot topics with our customers at the moment is the increase in variants of ransomware viruses. This presentation gives you tips on how you can prevent ransomware from appearing on your network.
Pen testing or penetration testing is an ethical hacking process which involves assessing an application or an organization’s infrastructure for different types of vulnerabilities.
Security Metrics are often about the performance of information security professionals - traditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how successful your metrics program is at operationalizing that which is necessary to prevent a breach? The data we'll explore defined the 2016 Verizon DBIR Vulnerabilities section.
This talk will borrow concepts from epidemiology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management strategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulnerabilities which are susceptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty.
Attackers are human too - and currently available data allows us to make some predictions about how they'll behave. And to predict is to prevent.
Improving Software Security in an Agile Environment: A Case StudyDevOps.com
Security often isn’t the top priority for many developers, who already are juggling multiple projects and deadlines. In fact, security seems to get in the way of keeping up with the pace of business. However, developers control a critical piece of the security puzzle and need to be engaged in the security cause—no longer can they stand by and say the responsibility for security lies in the hands of the security team. Rather, security must be built-in from the start.
In this webinar, Secure Code Warrior CTO Matias Madou will look at what we as security professionals have been doing wrong and how agile, DevSecOps and DevOps are changing the role of the developer. Madou will discuss current best practices and ways in which they often fall short of the goal of building in security from the start, and will share new methodologies being deployed at multiple global organizations that make developers want to be part of the solution.
Madou will be joined by Alexandre Pluvinage, head of Cybersecurity and Fraud Awareness at ING Belgium and ING BD Netherlands, who will discuss how his team engaged developers to think with a security mindset and how they rolled out a security program for developers, and share the results of the program to date.
Enfilade: Tool to Detect Infections in MongoDB InstancesAditya K Sood
Attackers are targeting MongoDB instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MongoDB instances and trigger infections at scale to exfiltrate data, destruct data, and extort money via ransom.
Breaches happen every day. The culprit? Malware. It’s no longer a question of “if” you’ll be breached, but “when”. Don’t become another statistic. Protect your organization today. Learn more here >> http://cs.co/ampvodvepg
The state of web applications (in)security @ ITDays 2016Tudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
Matteo Meucci did a talk on software security in practice, describing the actual scenario and the roadmap for the enterprise to improve their maturity in the SDLC.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Philly ETE 2016: Securing Software by Constructionjxyz
The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and expensive security mistakes from becoming increasingly probable–we need to look to techniques that allow us to secure software by construction.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
http://2016.phillyemergingtech.com/session/securing-software-by-construction/
Taking Open Source Security to the Next LevelWhiteSource
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future.
Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.
In today's digital age, safeguarding your organization's sensitive data is paramount, and this event will empower you with the knowledge and tools you need.
Our expert speaker will guide you through the ever-evolving cybersecurity landscape, helping you understand the threats nonprofits face. Discover how to avoid common password pitfalls that can leave your organization vulnerable to attacks. Moreover, we'll unveil the crucial steps to establishing a people-first culture of security within your nonprofit, ensuring that everyone in your team is an active defender against cyber threats.
Don't miss out on this opportunity to fortify your nonprofit's cybersecurity posture. Register now to gain invaluable insights and practical strategies to protect your mission, your donors, and your community. Secure your spot today!
LEARNING OBJECTIVES
1. Understanding the Landscape of Cyber Threats
===
Participants will gain a comprehensive understanding of the various types of cyber threats that organizations face in today’s digital age, such as phishing attacks, ransomware, and data breaches.
2. Developing Effective Security Policies and Procedures
===
Participants will learn how to develop, implement, and maintain effective security policies and procedures to safeguard organizational data.
3. Promoting Employee Awareness and Training
===
Participants will acquire strategies for promoting security awareness among employees and providing them with the necessary training to recognize and respond to security threats.
Hosted by TechSoup with the support of the Communities Foundation of Texas.
Guest expert Michael Enos of TechSoup.
Recorded on December 7, 2023.
https://techsoupglobal.zoom.us/webinar/register/WN_E1pVmXZTS7O93W7-jPUn7Q
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7Tripwire
In this webinar, we are joined by Tony Sager, Senior VP & Chief Evangelist for the Center for Internet Security (CIS). Tony will be discussing the latest changes to the CIS Controls framework and how they help protect your organization from cyberattacks. In almost every industry, complex organizations are adopting these foundational controls for effective cyber defense.
Attendees will learn about:
• How the CIS Controls align to common security & compliance frameworks
• The underlying principles that drive the success of the CIS Controls
• Why many organizations fail despite utilizing other "advanced" controls
• The available tools that have grown up around the CIS Controls
N. Oskina, G. Asproni - Be your own Threatbuster! - Codemotion Milan 2018Codemotion
Creating a quality web application is hard. It’s hard to gain customers, it’s hard to build your reputation and it’s hard to keep the costs low. Nevertheless, security is often an afterthought. However… Have you considered the cost of fixing security issues later? What about the reputational damage of a security breach? Are you worried about your customers’ data? We will talk about good security coding practices for web applications and how to apply them early on using some real world examples. We will also help you to think about your website’s vulnerabilities from the view of a hacker.
5 Tips For Preventing Ransomware On Your NetworkNetFort
One of the hot topics with our customers at the moment is the increase in variants of ransomware viruses. This presentation gives you tips on how you can prevent ransomware from appearing on your network.
Pen testing or penetration testing is an ethical hacking process which involves assessing an application or an organization’s infrastructure for different types of vulnerabilities.
Security Metrics are often about the performance of information security professionals - traditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how successful your metrics program is at operationalizing that which is necessary to prevent a breach? The data we'll explore defined the 2016 Verizon DBIR Vulnerabilities section.
This talk will borrow concepts from epidemiology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management strategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulnerabilities which are susceptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty.
Attackers are human too - and currently available data allows us to make some predictions about how they'll behave. And to predict is to prevent.
Improving Software Security in an Agile Environment: A Case StudyDevOps.com
Security often isn’t the top priority for many developers, who already are juggling multiple projects and deadlines. In fact, security seems to get in the way of keeping up with the pace of business. However, developers control a critical piece of the security puzzle and need to be engaged in the security cause—no longer can they stand by and say the responsibility for security lies in the hands of the security team. Rather, security must be built-in from the start.
In this webinar, Secure Code Warrior CTO Matias Madou will look at what we as security professionals have been doing wrong and how agile, DevSecOps and DevOps are changing the role of the developer. Madou will discuss current best practices and ways in which they often fall short of the goal of building in security from the start, and will share new methodologies being deployed at multiple global organizations that make developers want to be part of the solution.
Madou will be joined by Alexandre Pluvinage, head of Cybersecurity and Fraud Awareness at ING Belgium and ING BD Netherlands, who will discuss how his team engaged developers to think with a security mindset and how they rolled out a security program for developers, and share the results of the program to date.
Enfilade: Tool to Detect Infections in MongoDB InstancesAditya K Sood
Attackers are targeting MongoDB instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MongoDB instances and trigger infections at scale to exfiltrate data, destruct data, and extort money via ransom.
Breaches happen every day. The culprit? Malware. It’s no longer a question of “if” you’ll be breached, but “when”. Don’t become another statistic. Protect your organization today. Learn more here >> http://cs.co/ampvodvepg
The state of web applications (in)security @ ITDays 2016Tudor Damian
The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
Matteo Meucci did a talk on software security in practice, describing the actual scenario and the roadmap for the enterprise to improve their maturity in the SDLC.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Philly ETE 2016: Securing Software by Constructionjxyz
The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and expensive security mistakes from becoming increasingly probable–we need to look to techniques that allow us to secure software by construction.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
http://2016.phillyemergingtech.com/session/securing-software-by-construction/
Taking Open Source Security to the Next LevelWhiteSource
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future.
Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.
In today's digital age, safeguarding your organization's sensitive data is paramount, and this event will empower you with the knowledge and tools you need.
Our expert speaker will guide you through the ever-evolving cybersecurity landscape, helping you understand the threats nonprofits face. Discover how to avoid common password pitfalls that can leave your organization vulnerable to attacks. Moreover, we'll unveil the crucial steps to establishing a people-first culture of security within your nonprofit, ensuring that everyone in your team is an active defender against cyber threats.
Don't miss out on this opportunity to fortify your nonprofit's cybersecurity posture. Register now to gain invaluable insights and practical strategies to protect your mission, your donors, and your community. Secure your spot today!
LEARNING OBJECTIVES
1. Understanding the Landscape of Cyber Threats
===
Participants will gain a comprehensive understanding of the various types of cyber threats that organizations face in today’s digital age, such as phishing attacks, ransomware, and data breaches.
2. Developing Effective Security Policies and Procedures
===
Participants will learn how to develop, implement, and maintain effective security policies and procedures to safeguard organizational data.
3. Promoting Employee Awareness and Training
===
Participants will acquire strategies for promoting security awareness among employees and providing them with the necessary training to recognize and respond to security threats.
Hosted by TechSoup with the support of the Communities Foundation of Texas.
Guest expert Michael Enos of TechSoup.
Recorded on December 7, 2023.
https://techsoupglobal.zoom.us/webinar/register/WN_E1pVmXZTS7O93W7-jPUn7Q
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
Stay safe, grab a drink and join us virtually for our upcoming "Reveal the Security Risks in the Software Development Lifecycle" Meetup to learn how to find application security threats, issues in software development life cycle, build mature application security incident response processes and implement application security posture management.
Agenda:
17:00 - 17:05 - 'Opening words' - by Gary Berman (Cyber Heroes Network)
17:05 - 17:35 - 'Why securing the SDLC fails at scale' - by Liav Caspi (Co-Founder & CTO at Legit Security)
17:35 - 18:05 - 'The Real AppSec Issues' - by Josh Grossman (CTO at BounceSecurity)
18:05 - 18:35 - 'Application security and IR process' - by Vitaly Davidoff (Application Security Lead at JFrog)
18:35 - 19:00 - 'The ASPM way - a new approach' - by Liav Caspi (Co-Founder & CTO at Legit Security)
aMs Southeast Asia 2021 : Insider risk protection and containment in microsof...Mitul Rana
Insider threats can have a profound impact on an organization. Beyond the lost value of the asset that was removed, disclosed or destroyed, organizations can suffer immediate losses of intrinsic value as well as lost revenue. Insider Risk's focus is on an organization's data problems rather than its people problems. Join me to learn more on this topic Insider risk protection and containment in Microsoft 365 at aMS Southeast Asia 2021.
Taking Open Source Security to the Next LevelSBWebinars
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future.
Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.
To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”
After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.
The 3 core takeaways for the audience are:
1.) Where security practices have gone wrong so far.
2.) What new technologies will cause a paradigm shift in how security is applied at scale.
3.) How security will look like in 5-10 years.
Similar to HackerOne, Security Meetup 4 декабря 2014, Mail.Ru Group (20)
Автоматизация без тест-инженеров по автоматизации, Мария Терехина и Владислав...Mail.ru Group
В рамках доклада мы поделимся примерами проектов, на которых есть автоматизация, но нет ни одного специально выделенного инженера для выполнения задач, связанных с автоматизацией тестирования. Затронем такие вопросы как:
что нас привело к такому решению (отказаться от test automation инженеров);
сложности, с которыми мы столкнулись;
бонусы, которые мы в итоге получили.
BDD для фронтенда. Автоматизация тестирования с Cucumber, Cypress и Jenkins, ...Mail.ru Group
Автоматизация тестирования UI — это всегда непростая задача, особенно в условиях активной разработки и постоянного изменения требований. Как мы решали эту проблему в mall.my.com. Как и почему пришли к BDD. Какие инструменты выбрали. И что из этого вышло.
Использование Fiddler и Charles при тестировании фронтенда проекта pulse.mail...Mail.ru Group
Использование Fiddler и Charles при тестировании фронтенда проекта pulse.mail.ru;
Свежий взгляд на Fiddler и его сравнение с Clumsy и Charles;
Небольшой обзор и сравнение функционала Fiddler и Charles.
Управление инцидентами в Почте Mail.ru, Антон ВикторовMail.ru Group
что такое инциденты и почему это важно;
как из непонятного сделать «рутину»;
про автоматизацию: OTRS, Jira, чат-боты;
про диагностику: логирование, как работает Bomgar;
про сообщество: специальная программа тестирования почты для сотрудников.
На сегодняшний день такие популярные анализаторы, как OWASP ZAP и Burp Suite, не всегда хорошо справляются с задачей автоматического сканирования приложений. Нередко они не могут найти какие-то специфические директории, автоматически отправить запрос без участия человека. И чаще данные инструменты запускаются локально. При этом, если в компании хорошо работает команда по автоматизации тестирования, их работу можно взять за основу динамического анализа и фазинга.
Как бонус, обсудим разницу Burp Suite Professional и Burp Suite Enterprise с точки зрения CI/CD и подключения автоматизированных тестов.
Почему вам стоит использовать свой велосипед и почему не стоит Александр Бел...Mail.ru Group
Почему каждый DL-инженер должен написать свою либу для обучения сеток, а потом отказаться от неё.
Расскажу про опыт написания kekas-а, и почему в своей команде мы пользуемся pytorch-lightning как более зрелым решением.
CV в пайплайне распознавания ценников товаров: трюки и хитрости Николай Масл...Mail.ru Group
Расскажу про различные полезные библиотеки и функции Python: от простых и известных, до специфичных и редких. Поделюсь тем, какие технологии мы используем при разработке, обучении и деплое наших моделей: что помогало улучшить качество, а что тормозило разработку.
RAPIDS: ускоряем Pandas и scikit-learn на GPU Павел Клеменков, NVidiaMail.ru Group
Все мы знаем, что наш любимый Pandas исключительно однопоточный, а модели из scikit-learn часто учатся не очень быстро даже в несколько процессов. Поэтому в докладе я расскажу о проекте RAPIDS - наборе библиотек для анализа данных и построения предиктивных моделей с использованием NVIDIA GPU. В докладе я предложу подискутировать о том, что закон Мура больше не выполняется, рассмотрю принципы работы архитектуры CUDA. Разберу библиотеки cuDF и cuML, а также постараюсь предельно честно рассказать о том, ждать ли чуда от перехода на GPU и в каких случаях чудо неизбежно.
WebAuthn в реальной жизни, Анатолий ОстапенкоMail.ru Group
Я расскажу, как мы поддержали вход через WebAuthn в самом крупном почтовом сервисе рунета и какие сложности скрываются за красивыми презентациями о том, какой WebAuthn простой и безопасный:
как сделать WebAuthn понятным и доступным для пользователей;
как поддержать его во всех браузерах и устройствах;
как тестировать WebAuthn, в том числе автоматизированно;
куда двигаться дальше после его запуска и включения.
AMP для электронной почты, Сергей ПешковMail.ru Group
Библиотека AMP — это не только современный инструмент создания богатых функциональностью и производительных web-сайтов, адаптированных для работы на мобильных устройствах. AMP для электронной почты радикально обновляет традиционный формат электронных писем, позволяя создавать более привлекательные и полезные для пользователя рассылки.
В Почте Mail.ru очень вдохновляют новые возможности, которые может предоставить нашим пользователям и партнерам AMP для электронной почты. Этот доклад о том:
почему стандарт для по-настоящему интерактивных электронных писем не получалось создать раньше;
что из себя представляет стандарт AMP4Email, какие новые способы взаимодействия с письмом он дает;
как с его помощью повысить ценность рассылки для пользователя;
как мы реализовали поддержку AMP4Email в своих продуктах и обеспечили его безопасность;
как AMP4Email может повысить конверсию на примере внедрения AMP-рассылок в партнерстве с крупнейшим сервисом электронной коммерции в России.
Кейсы использования PWA для партнерских предложений в Delivery Club, Никита Б...Mail.ru Group
Delivery Club — крупнейшая фудтех-платформа в России, которая объединяет более 12 000 ресторанов разной ценовой категории в более чем 120 городах.
Мы разработали приложение для наших партнеров, в котором они могут управлять заказами, меню, ингредиентами, статистикой в удобном интерфейсе. В докладе пойдет речь о том, как внедрение практик PWA помогло нам улучшить пользовательский опыт, решить вопросы, связанные с работой приложения на разных платформах. И как поддержка offline-режима избавила нас от проблем с вечными перепадами сети у наших партнеров.
Этика искусственного интеллекта, Александр Кармаев (AI Journey)Mail.ru Group
AI Journey — двухдневная конференция с ведущими международными и российскими спикерами — экспертами в области искусственного интеллекта и анализа данных, а также представителями компаний — лидеров по развитию и применению технологий ИИ в бизнес-процессах.
Нейро-машинный перевод в вопросно-ответных системах, Федор Федоренко (AI Jour...Mail.ru Group
AI Journey — двухдневная конференция с ведущими международными и российскими спикерами — экспертами в области искусственного интеллекта и анализа данных, а также представителями компаний — лидеров по развитию и применению технологий ИИ в бизнес-процессах.
Конвергенция технологий как тренд развития искусственного интеллекта, Владими...Mail.ru Group
AI Journey — двухдневная конференция с ведущими международными и российскими спикерами — экспертами в области искусственного интеллекта и анализа данных, а также представителями компаний — лидеров по развитию и применению технологий ИИ в бизнес-процессах.
Обзор трендов рекомендательных систем от Пульса, Андрей Мурашев (AI Journey)Mail.ru Group
AI Journey — двухдневная конференция с ведущими международными и российскими спикерами — экспертами в области искусственного интеллекта и анализа данных, а также представителями компаний — лидеров по развитию и применению технологий ИИ в бизнес-процессах.
Мир глазами нейросетей, Данила Байгушев, Александр Сноркин ()Mail.ru Group
AI Journey — двухдневная конференция с ведущими международными и российскими спикерами — экспертами в области искусственного интеллекта и анализа данных, а также представителями компаний — лидеров по развитию и применению технологий ИИ в бизнес-процессах.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
2. Bounties and Other Incentives
Katie Moussouris
Chief Policy Officer
http://twitter.com/k8em0 <-- that’s a zero
3. Who I am
Chief Policy Officer, HackerOne
Mother of Microsoft’s Bounty Programs, Internet Bug Bounty Panelist
Chair of BlueHat Content Board 2010-2013
My (security*) work in bullet points:
◆ Linux Dev and Security Tzarina - TurboLinux, circa 2000
◆ Pen Tester - Artist formerly known as @stake
◆ Founder - Symantec Vulnerability Research (SVR)
◆ Founder - Microsoft Vulnerability Research (MSVR)
◆ Policy Maker
◆ Editor for ISO standard on Vulnerability Handling (30111)
◆ Lead SME for US National Body on Vulnerability Disclosure (29147)
◆ Lead editor for Penetration Testing as it applies to Common Criteria (20004-
2)and Secure Application Development processes (27034-3)
* Was a molecular biologist in a past professional life; worked on the Human
Genome Project
4. ● Vulnerability Coordination Platform
o Built by Facebook, Microsoft, Chrome security folks
● 100+ live programs with well over $100k paid out each month
● 1,000+ users hackers (researchers?) recognized for their work
● Important: We only host these programs.
o Researchers & Security Teams manage their own programs.
o HackerOne employees do not have access to reports.
What is HackerOne?
7. Signal-to-Noise Ratio
● There's noise on the internet
● Researcher Reputation - Good for researchers and teams
o The best researchers stand out from noisier ones
Mutual incentives to maintain a high-signal environment
o Security Teams benefit from additional context
o An Anecdote!
"Noisiest" researcher had 1,500+ submissions and a <5% success rate.
One month later: same researcher now has 60%+ success rate.
9. ● Sharing knowledge is valuable to the entire community
o Those who do not learn from the mistakes of the past are doomed
to repeat them
● Q: How can we encourage more vulnerability sharing?
o One-click disclosures
o Streamlined coordination
o Shared goals
o No surprises
Knowledge
11. IE Preview Bug Bounty: All in the timing
● Running a bounty program during the Preview (beta)
period for IE11 addressed the greatest number of
issues with the least impact to customers AND
engineers
● Vulnerability brokers don’t offer payment for the IE
browser in beta, so there is a gap in the marketplace
● Actual Results: 23 submissions, 18 bulletin-class
issues – including 4 sandbox escapes