Internet of Things (IoT) devices are being used by bot net builders to target high profile applications with Distributed Denial of Service (DDoS) attacks. There are some very basic steps an IoT developer can take to ensure their devices are not suspect to takeover from a malicious intruder. Learn what those steps are and help battle the bot net builders.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack.
- Become aware of the different types of insider threats, including their motives and methods of attack
- Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat
- Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats
- Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack
- Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years
Extending Network Visibility: Down to the EndpointLancope, Inc.
In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever.
Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response.
Discover how you can:
- Achieve additional visibility and context to network activity
- Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence)
- Improve incident response by obtaining real-time and historical endpoint data
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
Dave Asprey, VP-Cloud Security of Trend Micro presented to members of the SDforum in Jan. 2011. This is an adapted version of is presentation which covers key considerations addressing data privacy concerns in the Cloud.
How to do Cryptography right in Android Part OneArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
Youtube playlist:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gJgHWhKrIhS-L05xHVCPh2
gist:
https://gist.github.com/aramezx
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
Android Gated-Authentication Architecture and User Authentication using finger-print has been reviewed in this part.
youtube playlist:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7jyqMXjSpNeRRzgoW_1iJg5
aparat:
https://www.aparat.com/v/LvVtZ
Certificate pinning in android applicationsArash Ramez
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
Biometrics - Fantastic Failure Point of the FutureAdam Englander
Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will be requiring you implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. The very nature of biometrics requires special handling and forethought. Learn how biometric authentication is performed and how to safely secure biometrics to protect your users and future-proof your authentication.
php[world] 2016 - You Don’t Need Node.js - Async Programming in PHPAdam Englander
Asynchronous frameworks allow developers to build stateful protocols and Internet of Things applications without threading and forking. Python, Ruby, and Node.js have had asynchronous frameworks for over ten years. PHP is now starting to catch up with Icicle.io. Learn the basics concepts of event based programming, and how the event loop allows a single thread to process all the requests for your application.
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack.
- Become aware of the different types of insider threats, including their motives and methods of attack
- Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat
- Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats
- Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack
- Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years
Extending Network Visibility: Down to the EndpointLancope, Inc.
In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever.
Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response.
Discover how you can:
- Achieve additional visibility and context to network activity
- Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence)
- Improve incident response by obtaining real-time and historical endpoint data
In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
Dave Asprey, VP-Cloud Security of Trend Micro presented to members of the SDforum in Jan. 2011. This is an adapted version of is presentation which covers key considerations addressing data privacy concerns in the Cloud.
How to do Cryptography right in Android Part OneArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
Youtube playlist:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gJgHWhKrIhS-L05xHVCPh2
gist:
https://gist.github.com/aramezx
How to do right cryptography in android part 3 / Gated Authentication reviewedArash Ramez
Android Gated-Authentication Architecture and User Authentication using finger-print has been reviewed in this part.
youtube playlist:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7jyqMXjSpNeRRzgoW_1iJg5
aparat:
https://www.aparat.com/v/LvVtZ
Certificate pinning in android applicationsArash Ramez
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
An overview of Secure IoT development using Java technologies. A brief overview of some recent attacks, some considerations on what to consider and the related Java technologies
Biometrics - Fantastic Failure Point of the FutureAdam Englander
Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will be requiring you implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. The very nature of biometrics requires special handling and forethought. Learn how biometric authentication is performed and how to safely secure biometrics to protect your users and future-proof your authentication.
php[world] 2016 - You Don’t Need Node.js - Async Programming in PHPAdam Englander
Asynchronous frameworks allow developers to build stateful protocols and Internet of Things applications without threading and forking. Python, Ruby, and Node.js have had asynchronous frameworks for over ten years. PHP is now starting to catch up with Icicle.io. Learn the basics concepts of event based programming, and how the event loop allows a single thread to process all the requests for your application.
How let your PHP application interact with phones through incoming and outgoing SMS and voice calls. This talk uses the Twilio platform and API to show how to send and receive text and voice calls to allow for different interactive options for you and your applications.
SunshinePHP 2017: Tales From The Crypt - A Cryptography PrimerAdam Englander
This presentation is meant to help PHP developers gain a working understanding of common terms used in cryptography, understand the key drivers for choosing cryptography methodologies, algorithms and strengths,
and know which PHP modules and packages to use.
PHP UK 2017 - Don't Lose Sleep - Secure Your RESTAdam Englander
Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. Open and proven standards are the best ways to secure your REST APIs for now and well into the future. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards based REST API. In this talk, you will learn how to use the components of JOSE to secure your REST API for now and the future.
Zend con 2016 - Asynchronous Prorgamming in PHPAdam Englander
Asynchronous frameworks allow developers to build stateful protocol and Internet of Things applications without threading and forking. Python, Ruby, and Node.js have had asynchronous frameworks for over ten years. PHP is now starting to catch up with Icicle.io. Learn the basic concepts of event-based programming and how the event loop allows a single thread to process all the requests for an application.
Node.js interactive NA 2016: Tales From the CryptAdam Englander
Cryptography is a complex and confusing subject. There seems to be more disinformation than actual information. Learn how to properly use cryptography to secure user credentials and sensitive data. We will discuss cryptographic methodologies and algorithms available to Node.js. The focus will be on encryption, digital signatures, and hashing. We will discuss methodologies as part of a compare and contrast based on cryptography strength and randomness.
A primer for securing your IoT devices and applications written in Node.js. This presentation covers all layers of security on your device implementation.
php[world] 2016 - Tales From the Crypto: A Cryptography PrimerAdam Englander
Cryptography is a complex and confusing subject. There seems to be more misinformation than actual information. Learn how to properly use cryptography to secure user credentials and sensitive data. We will discuss cryptographic methodologies and algorithms available to PHP. The focus will be on encryption, digital signatures, and hashing. We will discuss methodologies as part of a compare and contrast; based on cryptography strength and randomness.
Keeping IT in Control of Mac in the EnterpriseParallels Inc
Licensing and fear go hand-in-hand for IT pros. Managing individual licenses in a business is not optimal and can absorb valuable time and resources. Left in the hands of end users, administration and security are lost and opens the door for potential hackers or data breaches. This session will show you how to take control of Parallels software to the next level with centralized visibility and management of user licenses, restriction and lock down features as well as addressing FileVault requirements. Furthermore, find out how to benefit from a single console for managing Macs and learn how other businesses are utilizing Parallels to support their growing numbers of Macs.
Asynchronous PHP and Real-time MessagingSteve Rhoades
With every major browser supporting WebSockets, HTML 5 has changed how we handle client to server communications. The high demand for real time client and server messaging has developers flocking away from PHP to languages such as Node.js. In this session we'll explore the libraries and extensions that make Asynchronous PHP possible and analyze the performance differences with Node.js. In addition we'll identify use cases and walk through examples of how Asynchronous PHP can handle everything from WebSockets and Message Queues to MySQL.
With the evolution of software, starts an evolution of the software developer and how things are approached. A different and more responsible mindset is now required and with that comes the use of the Engineering Cycle that will provide not only the basic skill set but also the core base for a Software Engineer to handle any type of project.
Talk given at PHP World 2015 about the Hack language released by Facebook. A short history and look at it's key features as well as how Hack and PHP are evolving together.
If you build web applications you now have a huge responsibility: everything must be tested and secured. But how do you test and secure legacy applications or how do you get started with a new project using test-driven techniques to maximise quality and security without investing too much time in it.
In this workshop we will start with a clean project and build a simple catalogue application using test-driven and security-hardened techniques to achieve our goal. Once we have achieved our goal, we're going to apply the same on a legacy application.
Have you been working with other frameworks and feel ready to try something new? Why not try Zend Framework? Not only can you use it for the full stack of your application, but you can pull out the individual components into your existing application. Get ready for a course on how to build an ZF2 application from the ground up — from the basics of an MVC app to the more advanced components. When you leave this tutorial, you will have a great grasp on how the framework is structured
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
Ransomware - a malicious software used by hackers to block access to a computer system until a ransom is paid. Attackers contact the user with ransom demands. Most attackers request payment in Bitcoin (the crypto-currency). Even if you pay the ransom, the attackers may not deliver the key to unencrypt files.
As ransomware attacks continue to grow in number and sophistication, individual PC users and organizations should reassess their current security strategy. There is a common misconception that adding layers of automated defence technologies will reduce the risk of falling victim to ransomware attacks. While endpoint security products and secure email gateways can offer some level of protection, sooner or later a phishing email, which is the most widely-used attack vector, will penetrate defences and user will be faced with determining whether or not an email is legitimate or part of an attack.
Cybersecurity for Building Controls and Smart BuildingsVeridify Security
Veridify’s DOME™ platform protects existing BACnet devices, Building Controls, and Smart Buildings from cyberattacks. DOME provides “cybersecurity in a box” that delivers real-time protection and stops cyberattacks before they can happen. DOME can be deployed and managed by existing technicians without IT/cyber expertise. DOME works with existing building protocols and enables any BACnet device to be secured with BACnet/SC.
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Codero
Codero is an Infrastructure-as-a-Service provider that offers dedicated, cloud, managed and hybrid hosting services to over 3,400 domestic and international customers from three data center locations. We are at an interesting vantage point where we see all sorts of interesting things – this presentation will focus as a ‘report from the field’ related to cybersecurity from our position.
Workshop on Cyber security and investigationMehedi Hasan
Introduction:
In the fast-evolving digital age of the 21st century, cybersecurity has emerged as a paramount concern for governments, businesses, and individuals. The Workshop on Cybersecurity is a comprehensive and immersive event designed to address the challenges posed by cyber threats and equip participants with the knowledge and tools to safeguard their digital assets. This workshop, to be held over five days, seeks to empower attendees with the latest insights and practices in cyber defense, fostering a culture of resilience and proactive security measures.
Day 1: Understanding the Cyber Landscape
The workshop commences with a deep dive into the complex cyber landscape that defines modern society. Distinguished experts from the cybersecurity field will present an overview of the ever-changing cyber ecosystem, highlighting its interconnectedness and vulnerabilities. Participants will gain valuable insights into the roles of governments, corporations, and individuals in shaping the cyber landscape.
Key topics covered will include the global impact of cyberattacks, the importance of international collaboration in countering cyber threats, and the significance of public-private partnerships. This foundational knowledge will serve as the basis for the subsequent discussions on cyber defense strategies.
Day 2: Unraveling Cyber Threats and Attack Vectors
Day two focuses on understanding the multitude of cyber threats and attack vectors that can target individuals and organizations. Renowned cybersecurity researchers will present real-life case studies of recent cyber incidents, ranging from nation-state-sponsored attacks to financially motivated hacking campaigns. Participants will gain a comprehensive understanding of the tactics employed by threat actors and the motivations behind their actions.
Through interactive sessions, attendees will be immersed in simulated cyber-attack scenarios, enabling them to identify and mitigate potential threats effectively. The day will emphasize the need for a proactive and adaptive approach to cybersecurity, as well as the importance of threat intelligence sharing to bolster collective defense capabilities.
Day 3: Building Robust Cyber Defense Strategies
Day three delves into the development and implementation of robust cyber defense strategies. Experts in the field will introduce participants to cutting-edge tools and technologies that can effectively detect, prevent, and respond to cyber threats. Topics covered will include advanced threat hunting techniques, next-generation firewalls, intrusion detection systems, and incident response best practices.
DNS security is important. But, in today’s world of dynamic cloud environments (AWS and Azure), content delivery networks (CDNs) and crowdsourced content and advertisements, looking only at the domain name is not a complete indicator of security. “Grey” domains are no longer the exception, they have become the norm. Join this webcast to explore the risks of relying on DNS-only based solutions and ways to add security to your DNS traffic without sacrificing performance or additional security insights.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
"In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function is becoming more powerful, its security has been questioned by many people. People are worried that smart speakers will be hacked to leak their privacy, and our research proves that this concern is very necessary.
In this talk, we will present how to use multiple vulnerabilities to achieve remote attack some of the most popular smart speakers. Our final attack effects include silent listening, control speaker speaking content and other demonstrations. And we're also going to talk about how to extract firmware from BGA packages Flash chips such as EMMC, EMCP, NAND Flash, etc. In addition, it contains how to turn on debug interfaces and get root privileges by modifying firmware content and Re-soldering Flash chips, which can be of great help for subsequent vulnerability analysis and debugging. Finally, we will play several demo videos to demonstrate how we can remotely access some Smart Speaker Root permissions and use smart speakers for eavesdropping and playing voice."
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
Ведущий: Джефф Кац
По прогнозам Cisco, в этом году 25 млрд устройств будут подключены к интернету, а к 2020 году число увеличится вдвое. Планируя разработку решения в сфере Интернета вещей (IoT), вы должны подумать о том, что в один прекрасный день к вам нагрянет ФСБ . Вопрос безопасности пользователей нужно продумать заранее, не следует откладывать его на потом. Докладчик расскажет, как использовать преимущества IoT-продуктов, не ущемляя личных прав ваших клиентов. Доклад сопровождается примерами услуг, в которых конфиденциальность и безопасность были обеспечены в начале разработки.
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
Using advanced security and data-protection featuresMariaDB plc
MariaDB has the most comprehensive set of security of features available in an enterprise open source database, rivaling those of proprietary databases. In this session, MariaDB's Anders Karlsson explores some advanced security capabilities, including the built-in database firewall and data masking, both needed to fully protect personally identifiable and/or sensitive personal information (PII/SPI). He then takes a look at the new security features in MariaDB Server 10.4, from client-side encryption to password-crack detection.
Similar to IoT Lock Down - Battling the Bot Net Builders (20)
Gain a practical understanding of how to integrate AI capabilities into your PHP projects with examples from the leading sources of hosted AI: OpenAI and Hugging Face. Armed with this knowledge, you can unlock new possibilities for intelligent, dynamic, and user-centric PHP applications that leverage the power of Artificial Intelligence.
So, join us for this transformative journey as we bridge the gap between PHP and AI, opening the door to a world of smarter and more innovative web applications.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
Cryptography is the invisible layer protecting everything around us. As software engineers, we are required to have some understanding of cryptography. Most of us only have a cursory understanding. Let’s dive deep into algorithms and modes for encryption, digital signatures, hashing, and key derivation. To get the most from this presentation, it is expected that you have a basic understanding of cryptography.
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
php[tek] 2108 - Cryptography Advances in PHP 7.2Adam Englander
There were some pretty substantial cryptography advances in PHP 7.2. Most of these changes were made to make advanced cryptography easier to use. That’s a good thing for developers and end users alike. The addition of libsodium is a game changer. It makes synchronous and asynchronous cryptography a no-brainer and adds better hashing than we've ever had. Argon2i for passwords is pretty substantial as well. We’ll go over the changes and have some practical examples of each. Developers need to know about these advances and just how awesome they are.
php[tek] 2018 - Biometrics, fantastic failure point of the futureAdam Englander
This presentation attempts to prepare developers for the coming storm of biometric authentication. It is coming; for many, it is already here. Unfortunately, few of us have been prepared to select tools for utilizing biometric authentication properly. In this presentation, Adam Englander will express the special dangers of biometrics with regards to lifespan and storage. Due to the user's inability to change a biomteric, it is much more valuable to bad actors as the lifespan will undoubtedly exceed the lifespan of the cryptography. Any biometric database stolen today will likely be able to be cracked by the average computer in 20 years. This creates a unique problem many of us have not had to tackle before. We need a different mindset when thinking about biometrics. This presentation will try and give that much-needed perspective.
Biometric identification might be more secure than passwords, but it’s still vulnerable to hacking. Why not hold up a photograph of the phone owner to fool the new facial recognition system? In this presentation, Adam Englander will walk through the risks and dangers of leveraging biometrics for user authentication, and why we all should be thinking twice about it.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
Cryptography for Beginners - Midwest PHP 2018Adam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography . This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureAdam Englander
Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will require you to implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. Learn a few tricks to help safely secure biometrics to protect your users.
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards-based REST API. Let me show you how to ensure the data sent too and received from your API is as safe and secure as is reasonably possible.
Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.
The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this session we'll put a human face on the users of our software. It will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join us in the fight. The Red Team is coming!
Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatAdam Englander
BDD API Development with Symfony and Behat You may have built an API in Symfony before. You may have even written some browser tests in Beta. Did you ever consider using Behat to write integration tests for your API? If not, you definitely should. The portability and reusability of Behat steps make it the perfect platform for API integration tests. The Symfony kernel integration for Behat and absence of JavaScript in an API makes this match made in heaven. Pull up a cloud and let me show you the pure awesomeness that is BDD API Development with Symfony and Behat.
Coder Cruise 2017 - The Red Team Is ComingAdam Englander
The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this presentation, I will put a human face on the users of our software. I will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join me in the fight. The Red Team is coming!
Many developers struggle with how to properly secure REST APIs. If you are like me, you followed a process from a trusted provider like Amazon, Google, etc. What if I told you there was a better way? It’s JOSE, a collection of open standards from the IETF that has strong library support. It’s also the basis of OAuth 2.0 and OpenID Connect. Let me show you how to make a highly secure API for today and well into the future built on the framework of JOSE.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
4. @adam_englander
Dyn DNS DDOS Attack
• Up to 380,000 IoT devices
• Generating up to 1.2 terabits per second of DNS
request data
• Producing 50x normal traffic after mitigation
• One month after similar Krebs on Security attack
6. @adam_englander
IoT Benefits of Embedded Linux
• Making IoT
development and
manufacturing more
accessible
• Enables rapid
prototyping and
reduces time to market
7. @adam_englander
Security Benefits of Embedded Linux
• Linux provides
facilities for fantastic
security
• Numerous resources
exist for implementing
super secure Linux
13. @adam_englander
Operating System Security
• Patching strategy
• Minimal distribution
• Randomize default
usernames and
passwords
• Require strong
passwords via PAM
Network
Application
Services
File System
OS
14. @adam_englander
File System Security
• Named application user
• Remove “everyone”
access where possible
• Restrict application user
to files necessary to run
• Avoid write access
where possible
Network
Application
Services
File System
OS
15. @adam_englander
Service Security
• Reduce local service
dependencies
• Remove all non-essential
services (SSH, FTP, SMTP,
etc)
• Require authentication
• Be as secure as possible
with service data
Network
Application
Services
File System
OS
16. @adam_englander
Network Layer Security
• Outbound connections
only
• Restrict inbound and
outbound IP traffic
• Prefer paired Bluetooth
• Pair Bluetooth with
challenge-response
Network
Application
Services
File System
OS
23. @adam_englander
Account Hijacking
• Secure application with
passwords using strong
hashing: Argon2i, scrypt,
bcrypt, or PBKDF2
• Secure initial setup via
hardware or force wipe
• Alert for changes to
accounts
25. @adam_englander
Replay/Denial of Service
• Identify bad actors
either by tracking
utilization or with a
Honey Pot
• Mitigate by not
responding to the
request or with minimal
processing
29. @adam_englander
Open Web Application Security Project
• Testing guides
• Attack surface areas
• Top 10 security
vulnerability studies
• https://www.owasp.org
30. @adam_englander
Bug Bounty
• Pay ETHICAL hackers to test the
security of your devices and systems
• Attract experts in the field for a little
money and recognition
• Can be managed internally or
externally