ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
•
0 likes•32 views
This document discusses bug bounty programs and their growing adoption. It addresses common objections to running bug bounty programs, such as them being too risky, expensive, or hard to manage. Data is presented showing bug bounties attract talented researchers who find critical issues quickly. Stories from companies highlight how bug bounties help expand security teams cost effectively. The document concludes by advising companies to align expectations, communicate openly, and pay bounty hunters fast and well to have healthy bug bounty relationships.
Report
Share
Report
Share
Download to read offline
Recommended
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
Takeaways from Black Hat 2016
Graphic Recording Artist Kelly Kingman visualized some of the fascinating presentations delivered at Tripwire's booth during Black Hat 2016.
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
Our current approach to security assessment is inherently flawed; automation tools only find what they are programmed to find and penetration testing is extremely limited. Bug bounties build upon and improve upon these existing application security testing tools by harnessing the human creativity of the whitehat researcher community with a pay-for-results rewards model.
As a cyber security veteran, Casey will analyze the evolution of the application security industry over the past several years and address why the existing tools and practices are falling short. With data from hundreds of bug bounty programs, he will also show how bug bounties are bridging the gap between companies who need to find security flaws before they’re exploited, and the hackers at the table ready to help.
https://2017.conference.auscert.org.au/speaker/casey-ellis/
Moti Sagey CPX keynote _Are All security products created equal
This document discusses network security and compares different generations (Gens) of security products. Gen V security is defined as being effective, efficient, and everywhere. Check Point is presented as providing Gen V security through real-time prevention innovations, an unparalleled sense of urgency in responding to vulnerabilities, proven security with third-party tests, no security shortcuts, and an efficient software-based architecture that allows security everywhere. Check Point is said to have the best security through these factors and fighting FUD with facts.
The Emerging IT Landscape and the IT GRC and Security Professional
A presentation made by Mr. Tokunbo Taiwo (Principal Consultant/CEO, Safe Sail Consulting Ltd.) at the ISACA Lagos 2016 National Conference on December 1 2016.
The theme of the conference was “Driving Economic Growth through Information Technology”
The presentation identifies opportunities, risks and controls around the emerging fields of Big Data, Cloud, Mobile and Cybersecurity.
It discusses existing skills gaps and how they can be filled.
Attention is given to the impact of these fields on job creation, national security and productivity.
It also provides reference to useful ISACA tools.
IT Governance, Risk Security and Compliance professionals would find this useful
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
This document discusses cognitive security solutions and their potential benefits. It notes that current security challenges include keeping up with the increasing speed, sophistication and volume of threats. Cognitive security solutions could help by ingesting and organizing vast amounts of security data to provide better intelligence, speed and accuracy. The document profiles organizations as "Primed", "Pressured" or "Prudent" based on their security effectiveness, understanding of cognitive benefits, and readiness. The "Primed" are most familiar with cognitive security and have the resources to adopt it. While still emerging, the document recommends organizations recognize weaknesses and become educated on cognitive security to prepare.
Edgescan vulnerability stats report 2020
Vulnerability landscape for 2019 covering the most common cyber security risks based on thousands of full stack assessments.
CPX 2016 Moti Sagey Security Vendor Landscape
This document from Check Point discusses network security solutions. It highlights Check Point's consistent performance in independent tests, achieving "Recommended" ratings. It also emphasizes Check Point's focus on uncompromised security, dynamic architecture, operational simplicity, and commitment to customer success. Check Point argues it is consistently one step ahead of competitors in detection capabilities and rapid remediation of vulnerabilities.
Recommended
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
Takeaways from Black Hat 2016
Graphic Recording Artist Kelly Kingman visualized some of the fascinating presentations delivered at Tripwire's booth during Black Hat 2016.
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
Our current approach to security assessment is inherently flawed; automation tools only find what they are programmed to find and penetration testing is extremely limited. Bug bounties build upon and improve upon these existing application security testing tools by harnessing the human creativity of the whitehat researcher community with a pay-for-results rewards model.
As a cyber security veteran, Casey will analyze the evolution of the application security industry over the past several years and address why the existing tools and practices are falling short. With data from hundreds of bug bounty programs, he will also show how bug bounties are bridging the gap between companies who need to find security flaws before they’re exploited, and the hackers at the table ready to help.
https://2017.conference.auscert.org.au/speaker/casey-ellis/
Moti Sagey CPX keynote _Are All security products created equal
This document discusses network security and compares different generations (Gens) of security products. Gen V security is defined as being effective, efficient, and everywhere. Check Point is presented as providing Gen V security through real-time prevention innovations, an unparalleled sense of urgency in responding to vulnerabilities, proven security with third-party tests, no security shortcuts, and an efficient software-based architecture that allows security everywhere. Check Point is said to have the best security through these factors and fighting FUD with facts.
The Emerging IT Landscape and the IT GRC and Security Professional
A presentation made by Mr. Tokunbo Taiwo (Principal Consultant/CEO, Safe Sail Consulting Ltd.) at the ISACA Lagos 2016 National Conference on December 1 2016.
The theme of the conference was “Driving Economic Growth through Information Technology”
The presentation identifies opportunities, risks and controls around the emerging fields of Big Data, Cloud, Mobile and Cybersecurity.
It discusses existing skills gaps and how they can be filled.
Attention is given to the impact of these fields on job creation, national security and productivity.
It also provides reference to useful ISACA tools.
IT Governance, Risk Security and Compliance professionals would find this useful
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
This document discusses cognitive security solutions and their potential benefits. It notes that current security challenges include keeping up with the increasing speed, sophistication and volume of threats. Cognitive security solutions could help by ingesting and organizing vast amounts of security data to provide better intelligence, speed and accuracy. The document profiles organizations as "Primed", "Pressured" or "Prudent" based on their security effectiveness, understanding of cognitive benefits, and readiness. The "Primed" are most familiar with cognitive security and have the resources to adopt it. While still emerging, the document recommends organizations recognize weaknesses and become educated on cognitive security to prepare.
Edgescan vulnerability stats report 2020
Vulnerability landscape for 2019 covering the most common cyber security risks based on thousands of full stack assessments.
CPX 2016 Moti Sagey Security Vendor Landscape
This document from Check Point discusses network security solutions. It highlights Check Point's consistent performance in independent tests, achieving "Recommended" ratings. It also emphasizes Check Point's focus on uncompromised security, dynamic architecture, operational simplicity, and commitment to customer success. Check Point argues it is consistently one step ahead of competitors in detection capabilities and rapid remediation of vulnerabilities.
Automotive Cybersecurity: The Gap Still Exists
This document summarizes the key findings of a survey conducted by the Ponemon Institute regarding automotive cybersecurity. Some of the main points from the survey include:
- There is a growing concern among automakers and suppliers that hackers are actively targeting modern connected vehicles. However, organizations are not prioritizing security.
- A lack of skilled security personnel and pressure to meet deadlines are hindering secure development practices. Cryptography use and legacy systems are also issues.
- While security responsibility is unclear, respondents believe the most challenging aspects of securing vehicles are the expenses involved, the time added to development, and lack of formal requirements and policies.
Enterprise Cyber Security 2016
In 2015 alone, hackers stole the records of
- 11 million people from Premiere Blue Cross
- 10 million people from Excellus BlueCross BlueShield
- 80 million people from Anthem
. We review the challenges, trends and opportunity of the cyberspace wars. Presented to APICS Ventura on March 8, 2016 by Gerry Poe - CEO of Santa Clarita Consultants. http://www.scc-co.com
Application Security by Ethical Hackers
This document provides information about an application security company called Entersoft. It discusses Entersoft's current traction in the market, serving over 300 clients and winning multiple awards. It describes Entersoft's offensive security approach and product called Enprobe, which is a cloud-based application vulnerability scanning platform. The document also provides details on Entersoft's team, launch plans for Enprobe in Q2, and revenue model, as well as their vision to be a global leader in application security by 2020.
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
The document summarizes the findings of a survey of over 700 C-suite executives from 29 countries and 18 industries regarding their perspectives on cybersecurity. Some key findings include: 75% of CxOs believe a comprehensive cybersecurity program is important; however, over half may be overstating the likelihood of a significant cybersecurity incident. Additionally, while CxOs acknowledge some risks, they understate risks from insiders and overstate risks from external threats. The C-suites were clustered into three groups based on their cybersecurity effectiveness: not prepared, progressing, and cybersecure. The cybersecure C-suites were more likely to have robust cybersecurity governance and collaboration.
Car Cybersecurity: The Gap Still Exists
Our second annual Ponemon Institute Survey tells us there's a growing concern that hackers will target automobiles, and the lack of skilled personnel impedes secure software development.
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Stay safe, grab a drink and join us virtually for our upcoming "Reveal the Security Risks in the Software Development Lifecycle" Meetup to learn how to find application security threats, issues in software development life cycle, build mature application security incident response processes and implement application security posture management.
Agenda:
17:00 - 17:05 - 'Opening words' - by Gary Berman (Cyber Heroes Network)
17:05 - 17:35 - 'Why securing the SDLC fails at scale' - by Liav Caspi (Co-Founder & CTO at Legit Security)
17:35 - 18:05 - 'The Real AppSec Issues' - by Josh Grossman (CTO at BounceSecurity)
18:05 - 18:35 - 'Application security and IR process' - by Vitaly Davidoff (Application Security Lead at JFrog)
18:35 - 19:00 - 'The ASPM way - a new approach' - by Liav Caspi (Co-Founder & CTO at Legit Security)
SVB Cybersecurity Impact on Innovation Report
In a survey of U.S. technology and healthcare executives nationwide, Silicon Valley Bank found that companies believe cyber attacks are a serious threat to both their data and their business continuity.
Highlights
- 98% are maintaining or increasing resources devoted to cyber security
- 50% are increasing their cyber security resources, preparing for when, not if, cyber attacks occur
- Just 35% are completely or very confident in the security of their company information, and only 16% feel the same about their business partners
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson presented on cyber risk management challenges and recommendations in 2017. He discussed trends like the increasing involvement of boards in cybersecurity oversight. Mattsson also covered topics such as talking to boards about cyber risk, data security blind spots within organizations, and how the Payment Card Industry Data Security Standard is evolving to incorporate concepts like data discovery and integrating security into the development process. He emphasized the importance of generating security metrics and adopting a DevSecOps approach to strengthen an organization's security posture and compliance.
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
The webinar discusses cybersecurity trends for small and medium enterprises (SMEs) and professional accountants in light of the COVID-19 pandemic. It will provide an overview of pre-pandemic cybersecurity trends and risks, examine how the pandemic has influenced these trends and risks, and offer practical insights for SMEs to respond proactively. A panel of cybersecurity experts from Deloitte, KPMG and Cherry Bekaert will discuss topics like the global state of cybersecurity in SMEs before the pandemic, the impact of widespread remote working during the pandemic, and key considerations for cybersecurity in a post-pandemic environment.Carbon Black: Keys to Shutting Down Attacks
Robert Hood discusses keys to shutting down attacks on endpoints. He emphasizes the importance of (1) protecting endpoints through technologies like antivirus and anti-malware, as well as educating users on social engineering threats, and (2) using advanced endpoint security solutions that provide real-time forensics and analytics to more easily detect legitimate incidents and reduce alerts for security teams to analyze. Hood also notes that as employees work remotely on mobile devices, endpoints effectively extend network perimeters, making their protection even more critical.
[Webinar] The Art & Value of Bug Bounty Programs
Her TED talk on the power of bug bounties has over a million views, on May 20, 2015, cybersecurity expert Keren Elazari joined Bugcrowd for an exclusive webinar. We did some bug bounty myth busting and trend spotting and had a great turnout. Keren's slides are here.
Cisco 2016 Security Report
The document describes how Cisco collaborated with other security companies to identify and shut down a major Angler exploit kit operation that was targeting 90,000 victims per day and generating tens of millions of dollars annually through ransomware attacks. By working with the hosting provider Limestone Networks, Cisco was able to determine that most of the Angler traffic was coming from a small number of Limestone and Hetzner servers, and helped get those servers taken offline to cripple the ransomware campaign. The success highlights the importance of industry collaboration to combat sophisticated cybercriminal operations.
Cisco Annual Security Report 2016
Adversaries and defenders are both developing technologies
and tactics that are growing in sophistication. For their part,
bad actors are building strong back-end infrastructures
with which to launch and support their campaigns. Online
criminals are refining their techniques for extracting money
from victims and for evading detection even as they continue
to steal data and intellectual property.
Hanu whitepaper
This document discusses the risks of outsourcing software development projects offshore. It identifies the five most common risks as: misunderstanding requirements, quality assurance issues, intellectual property protection, differing internal processes, and communication barriers due to cultural/language differences. For each risk, it provides details on how the risk can occur and recommendations for mitigating the risk, such as clearly documenting requirements before starting development to prevent misunderstandings. The key message is that identifying and addressing these risks early is important for avoiding problems that can undermine the benefits of outsourcing.
Cisco 2016 Annual Security Report
The Cisco 2016 Annual Security Report highlights several major developments in cybersecurity:
1) Cisco helped sideline the largest Angler exploit kit operation in the US that was targeting 90,000 victims per day and generating tens of millions annually for threat actors.
2) Cisco and Level 3 Threat Research Labs significantly weakened one of the largest DDoS botnets ever observed called SSHPsychos (Group 93).
3) Malicious browser extensions are a major source of data leakage, affecting over 85% of organizations studied.
Cisco asr-2016-160121231711
Como cybercriminals cada vez mais ataques a sua estratégia de risco cibernético está sob o microscópio. Com o Cisco 2016 Annual Security Report, que analisa os avanços da indústria de segurança e dos criminosos, veja como seus empresas avaliam a preparação para a segurança em suas organizações e obtêm idéias sobre onde fortalecer suas defesas. Seja um profissional de Segurança da informação faça o curso de analista de Redes e segurança http://www.trainning.com.br/curso_mcse_ccna_ceh_itil_vmware/?v=Slide
Cisco Annual Security Report
As cybercriminals increasingly profit from brazen attacks, your cyber-risk strategy is under the microscope. With the Cisco 2016 Annual Security Report, which analyzes advances by security industry and criminals, see how your peers assess security preparedness in their organizations and gain insights into where to strengthen your defenses.
Introduction to PolySwarm
PolySwarm is an open source, decentralized threat detection marketplace where anti-malware software authored by specialized security experts compete to detect and block threats at the single file level, millions of times per day. Accuracy and early detection are rewarded, and the protection from a global force of security experts and antivirus companies is combined into a single access point.
Introduction to PolySwarm
PolySwarm is an open source, decentralized threat detection marketplace where anti-malware software authored by specialized security experts compete to detect and block threats at the single file level, millions of times per day. Accuracy and early detection are rewarded, and the protection from a global force of security experts and antivirus companies is combined into a single access point.
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
What could cybersecurity look like in the cognitive era? Organizations are facing a number of well-known security challenges and these challenges are leading to gaps in intelligence, speed, and accuracy when it comes to threats and incidents. The gaps can’t be addressed by simply scaling up legacy processes and infrastructure – new approaches are needed, and cognitive security solutions may help address these gaps. IBM conducted a survey of over 700 security professionals leaders and practitioners from 35 countries, representing 18 industries to get a sense for what challenges they are facing, how they are being addressed, and how they view cognitive security solutions as a potential powerful new tool.
Join us as Diana Kelley, Executive Security Advisor in IBM Security, and David Jarvis, Functional Research Lead for CIO and Cybersecurity in the IBM Institute for Business Value, discuss findings from the 2016 Cybersecurity Study “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System” This webinar will cover an overview of the study findings, including:
Security challenges, shortcomings and what security leaders are doing about them
Views on cognitive security solutions – how they might help, readiness to implement and what might be holding them back
What those that are ready to implement cognitive enabled security today are thinking and doing
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
The document discusses the increasing adoption of crowdsourced security practices like vulnerability disclosure programs (VDP) and bug bounty programs within critical infrastructure sectors. It notes that while conservative sectors are slower to adopt these practices, regulatory pressure is accelerating their adoption. The document also observes that aging critical infrastructure organizations tend to have many publicly accessible initial access vectors, and that digital transformation compounds this issue. Finally, it discusses moving security practices from a "broke" to "woke" approach, emphasizing the human aspects of security rather than just technology.
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Bugcrowd was founded at an inflection point in the history of the Internet and awareness of cybersecurity. A lot has changed since 2012 - to the cybersecurity industry, to the technology landscape, to the view of hackers as helpful and not just harmful, and - importantly - to the awareness of cybersecurity as "everyone's problem".
In 2023, we find ourselves at a similar inflection point for our space. This keynote unpacks the last 11 years as a predictor of what is next, and as an encouragement and roadmap for budding cybersecurity entrepreneurs and solutioneers.
More Related Content
Similar to ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
Automotive Cybersecurity: The Gap Still Exists
This document summarizes the key findings of a survey conducted by the Ponemon Institute regarding automotive cybersecurity. Some of the main points from the survey include:
- There is a growing concern among automakers and suppliers that hackers are actively targeting modern connected vehicles. However, organizations are not prioritizing security.
- A lack of skilled security personnel and pressure to meet deadlines are hindering secure development practices. Cryptography use and legacy systems are also issues.
- While security responsibility is unclear, respondents believe the most challenging aspects of securing vehicles are the expenses involved, the time added to development, and lack of formal requirements and policies.
Enterprise Cyber Security 2016
In 2015 alone, hackers stole the records of
- 11 million people from Premiere Blue Cross
- 10 million people from Excellus BlueCross BlueShield
- 80 million people from Anthem
. We review the challenges, trends and opportunity of the cyberspace wars. Presented to APICS Ventura on March 8, 2016 by Gerry Poe - CEO of Santa Clarita Consultants. http://www.scc-co.com
Application Security by Ethical Hackers
This document provides information about an application security company called Entersoft. It discusses Entersoft's current traction in the market, serving over 300 clients and winning multiple awards. It describes Entersoft's offensive security approach and product called Enprobe, which is a cloud-based application vulnerability scanning platform. The document also provides details on Entersoft's team, launch plans for Enprobe in Q2, and revenue model, as well as their vision to be a global leader in application security by 2020.
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
The document summarizes the findings of a survey of over 700 C-suite executives from 29 countries and 18 industries regarding their perspectives on cybersecurity. Some key findings include: 75% of CxOs believe a comprehensive cybersecurity program is important; however, over half may be overstating the likelihood of a significant cybersecurity incident. Additionally, while CxOs acknowledge some risks, they understate risks from insiders and overstate risks from external threats. The C-suites were clustered into three groups based on their cybersecurity effectiveness: not prepared, progressing, and cybersecure. The cybersecure C-suites were more likely to have robust cybersecurity governance and collaboration.
Car Cybersecurity: The Gap Still Exists
Our second annual Ponemon Institute Survey tells us there's a growing concern that hackers will target automobiles, and the lack of skilled personnel impedes secure software development.
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Stay safe, grab a drink and join us virtually for our upcoming "Reveal the Security Risks in the Software Development Lifecycle" Meetup to learn how to find application security threats, issues in software development life cycle, build mature application security incident response processes and implement application security posture management.
Agenda:
17:00 - 17:05 - 'Opening words' - by Gary Berman (Cyber Heroes Network)
17:05 - 17:35 - 'Why securing the SDLC fails at scale' - by Liav Caspi (Co-Founder & CTO at Legit Security)
17:35 - 18:05 - 'The Real AppSec Issues' - by Josh Grossman (CTO at BounceSecurity)
18:05 - 18:35 - 'Application security and IR process' - by Vitaly Davidoff (Application Security Lead at JFrog)
18:35 - 19:00 - 'The ASPM way - a new approach' - by Liav Caspi (Co-Founder & CTO at Legit Security)
SVB Cybersecurity Impact on Innovation Report
In a survey of U.S. technology and healthcare executives nationwide, Silicon Valley Bank found that companies believe cyber attacks are a serious threat to both their data and their business continuity.
Highlights
- 98% are maintaining or increasing resources devoted to cyber security
- 50% are increasing their cyber security resources, preparing for when, not if, cyber attacks occur
- Just 35% are completely or very confident in the security of their company information, and only 16% feel the same about their business partners
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson presented on cyber risk management challenges and recommendations in 2017. He discussed trends like the increasing involvement of boards in cybersecurity oversight. Mattsson also covered topics such as talking to boards about cyber risk, data security blind spots within organizations, and how the Payment Card Industry Data Security Standard is evolving to incorporate concepts like data discovery and integrating security into the development process. He emphasized the importance of generating security metrics and adopting a DevSecOps approach to strengthen an organization's security posture and compliance.
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
The webinar discusses cybersecurity trends for small and medium enterprises (SMEs) and professional accountants in light of the COVID-19 pandemic. It will provide an overview of pre-pandemic cybersecurity trends and risks, examine how the pandemic has influenced these trends and risks, and offer practical insights for SMEs to respond proactively. A panel of cybersecurity experts from Deloitte, KPMG and Cherry Bekaert will discuss topics like the global state of cybersecurity in SMEs before the pandemic, the impact of widespread remote working during the pandemic, and key considerations for cybersecurity in a post-pandemic environment.Carbon Black: Keys to Shutting Down Attacks
Robert Hood discusses keys to shutting down attacks on endpoints. He emphasizes the importance of (1) protecting endpoints through technologies like antivirus and anti-malware, as well as educating users on social engineering threats, and (2) using advanced endpoint security solutions that provide real-time forensics and analytics to more easily detect legitimate incidents and reduce alerts for security teams to analyze. Hood also notes that as employees work remotely on mobile devices, endpoints effectively extend network perimeters, making their protection even more critical.
[Webinar] The Art & Value of Bug Bounty Programs
Her TED talk on the power of bug bounties has over a million views, on May 20, 2015, cybersecurity expert Keren Elazari joined Bugcrowd for an exclusive webinar. We did some bug bounty myth busting and trend spotting and had a great turnout. Keren's slides are here.
Cisco 2016 Security Report
The document describes how Cisco collaborated with other security companies to identify and shut down a major Angler exploit kit operation that was targeting 90,000 victims per day and generating tens of millions of dollars annually through ransomware attacks. By working with the hosting provider Limestone Networks, Cisco was able to determine that most of the Angler traffic was coming from a small number of Limestone and Hetzner servers, and helped get those servers taken offline to cripple the ransomware campaign. The success highlights the importance of industry collaboration to combat sophisticated cybercriminal operations.
Cisco Annual Security Report 2016
Adversaries and defenders are both developing technologies
and tactics that are growing in sophistication. For their part,
bad actors are building strong back-end infrastructures
with which to launch and support their campaigns. Online
criminals are refining their techniques for extracting money
from victims and for evading detection even as they continue
to steal data and intellectual property.
Hanu whitepaper
This document discusses the risks of outsourcing software development projects offshore. It identifies the five most common risks as: misunderstanding requirements, quality assurance issues, intellectual property protection, differing internal processes, and communication barriers due to cultural/language differences. For each risk, it provides details on how the risk can occur and recommendations for mitigating the risk, such as clearly documenting requirements before starting development to prevent misunderstandings. The key message is that identifying and addressing these risks early is important for avoiding problems that can undermine the benefits of outsourcing.
Cisco 2016 Annual Security Report
The Cisco 2016 Annual Security Report highlights several major developments in cybersecurity:
1) Cisco helped sideline the largest Angler exploit kit operation in the US that was targeting 90,000 victims per day and generating tens of millions annually for threat actors.
2) Cisco and Level 3 Threat Research Labs significantly weakened one of the largest DDoS botnets ever observed called SSHPsychos (Group 93).
3) Malicious browser extensions are a major source of data leakage, affecting over 85% of organizations studied.
Cisco asr-2016-160121231711
Como cybercriminals cada vez mais ataques a sua estratégia de risco cibernético está sob o microscópio. Com o Cisco 2016 Annual Security Report, que analisa os avanços da indústria de segurança e dos criminosos, veja como seus empresas avaliam a preparação para a segurança em suas organizações e obtêm idéias sobre onde fortalecer suas defesas. Seja um profissional de Segurança da informação faça o curso de analista de Redes e segurança http://www.trainning.com.br/curso_mcse_ccna_ceh_itil_vmware/?v=Slide
Cisco Annual Security Report
As cybercriminals increasingly profit from brazen attacks, your cyber-risk strategy is under the microscope. With the Cisco 2016 Annual Security Report, which analyzes advances by security industry and criminals, see how your peers assess security preparedness in their organizations and gain insights into where to strengthen your defenses.
Introduction to PolySwarm
PolySwarm is an open source, decentralized threat detection marketplace where anti-malware software authored by specialized security experts compete to detect and block threats at the single file level, millions of times per day. Accuracy and early detection are rewarded, and the protection from a global force of security experts and antivirus companies is combined into a single access point.
Introduction to PolySwarm
PolySwarm is an open source, decentralized threat detection marketplace where anti-malware software authored by specialized security experts compete to detect and block threats at the single file level, millions of times per day. Accuracy and early detection are rewarded, and the protection from a global force of security experts and antivirus companies is combined into a single access point.
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
What could cybersecurity look like in the cognitive era? Organizations are facing a number of well-known security challenges and these challenges are leading to gaps in intelligence, speed, and accuracy when it comes to threats and incidents. The gaps can’t be addressed by simply scaling up legacy processes and infrastructure – new approaches are needed, and cognitive security solutions may help address these gaps. IBM conducted a survey of over 700 security professionals leaders and practitioners from 35 countries, representing 18 industries to get a sense for what challenges they are facing, how they are being addressed, and how they view cognitive security solutions as a potential powerful new tool.
Join us as Diana Kelley, Executive Security Advisor in IBM Security, and David Jarvis, Functional Research Lead for CIO and Cybersecurity in the IBM Institute for Business Value, discuss findings from the 2016 Cybersecurity Study “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System” This webinar will cover an overview of the study findings, including:
Security challenges, shortcomings and what security leaders are doing about them
Views on cognitive security solutions – how they might help, readiness to implement and what might be holding them back
What those that are ready to implement cognitive enabled security today are thinking and doing
Similar to ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES (20)
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
Cybersecurity in the Cognitive Era: Priming Your Digital Immune System
More from Casey Ellis
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
The document discusses the increasing adoption of crowdsourced security practices like vulnerability disclosure programs (VDP) and bug bounty programs within critical infrastructure sectors. It notes that while conservative sectors are slower to adopt these practices, regulatory pressure is accelerating their adoption. The document also observes that aging critical infrastructure organizations tend to have many publicly accessible initial access vectors, and that digital transformation compounds this issue. Finally, it discusses moving security practices from a "broke" to "woke" approach, emphasizing the human aspects of security rather than just technology.
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Bugcrowd was founded at an inflection point in the history of the Internet and awareness of cybersecurity. A lot has changed since 2012 - to the cybersecurity industry, to the technology landscape, to the view of hackers as helpful and not just harmful, and - importantly - to the awareness of cybersecurity as "everyone's problem".
In 2023, we find ourselves at a similar inflection point for our space. This keynote unpacks the last 11 years as a predictor of what is next, and as an encouragement and roadmap for budding cybersecurity entrepreneurs and solutioneers.
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
This deck goes through what Log4j is from ground-level concepts up, explains how Log4j works, how it is vulnerable, how the Log4shell exploit works, how to mitigate the risk and defend against exploitation, and some current observations through the Bugcrowd platform and predictions about what happens next.
Bug bounty or beg bounty?
The first security technology bug bounty predated the Internet by over one hundred years: Alfred C Hobbs breaking an unbreakable lock at the Great Exhibition of 1851 for the princely sum of 200 Guineas. With the acceleration of technology adoption, unintended consequences, our adversaries, and the need to quickly understand how "unhackable" things really are, it's safe to say that things have escalated since then.
In 2021, there as many who benefit from engaging the good-faith hacker community as there are folks who find themselves lost in a mish-mash of term confusion, unclear expectations, and general reservations - in spite of the increasingly obvious truth that "it takes an army of allies to overcome an army of adversaries". This breakout is for both.
Casey John Ellis, the Founder, Chairman, and CTO of Bugcrowd, pioneer of the crowdsourced security as-a-service category, and co-founder of The Disclose.io Project will unpack the "family tree" of vulnerability disclosure, bug bounty, and crowdsourced security testing, frame up how we got here, and facilitate a discussion from the group about where it all goes next.
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
When most folks hear the word “hacker” their reaction is one of fear, but those responsible for cybersecurity are increasingly understanding the role of the “digital locksmiths” amongst us. In this talk, Casey Ellis will unpack the unlikely romance between trusted, good-faith computer hackers, and the people who build and defend software infrastructure. He’ll share insights on how this feedback loop between builders and breakers has broken out of the early-adopter technology bubble to create a more resilient Internet for more traditionally conservative industries, including those where ICS/SCADA make up the core of their business.
There will also be plenty of time for Q&A, so get your questions ready!
Corncon 2021 - Inside the Unlikely Romance
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers in order to level the skill and resourcing playing field against our adversaries.
So, how’s it all going? Did it all turn out to be a “tech company” thing? What have the results, and the impact on cybersecurity defense been on more traditionally conservative industries, like financial services? What can the history of the relationship between helpful hackers and organizations tell us about what we’ll need for the future?
In this talk, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) will unpack some salient lessons after nearly 10 years building Bugcrowd.
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers in order to level the skill and resourcing playing field against our adversaries.
So, how’s it all going? Did it all turn out to be a “tech company” thing? What have the results, and the impact on cybersecurity defense been on more traditionally conservative industries, like financial services? What can the history of the relationship between helpful hackers and organizations tell us about what we’ll need for the future?
In this talk, Casey Ellis (Founder, Chairman, and CTO of Bugcrowd) will unpack some salient lessons after nearly 10 years building Bugcrowd.
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
Just over 8 years ago bug bounty was a shiny security thing that crazy tech companies did sometimes, the concept of a digital locksmith hadn't been established in the consumer yet, and the Internet was generally a smaller and less politicized place. Casey Ellis decided it might be a good idea to "release the hounds" into the status quo, launching Bugcrowd and kicking off the crowdsourced security as a service market category, and it's safe to say that a fair bit has happened since. This keynote is for infosec practitioners and budding cybersecurity entrepreneurs, talking through what we've learned, what's changed, where I think it's all going next, and where we can position ourselves to continue making the Internet a more resilient place.
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized Biography
How did we get here? What is my opportunity? How can I seize it?
TechCrunch Early Stage 2020 - How to prioritize security at your startup
Security is one of the most important things for a startup to focus on, but many struggle to dedicate time, resources, or budget to protect against something you never want to happen. How should startups prioritize security, and what do emerging companies need to know?
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
Of all the problems the internet has, there seems to be one that rules them all: It doesn’t understand how to work with it’s immune system.
In this talk I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
In this keynote I’ll run through the past/present/future of the vulnerability disclosure, and give a run-through of disclose.io: an open-source and vendor-agnostic initiative to make conversations between builders and breakers safe, standardized, and simple. I’ll close with a Call To Action for all participants with simple ways to help and get involved.
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
This document summarizes a presentation on cybersecurity legal issues for companies. It discusses the growing costs and impacts of cyberattacks like data breaches and ransomware. Bug bounty programs that hire security researchers are presented as a way for companies to find vulnerabilities, but they may also increase legal obligations to notify breaches. The role of legal counsel in addressing these issues is examined, including maintaining technical competence. Elements of effective cybersecurity programs and incident response planning are outlined to help mitigate risks and consequences.
Full Disclosure Debate - NBT 5
The document discusses the debate between full disclosure and proactive vulnerability disclosure. It defines full disclosure as publicly disclosing a vulnerability before notifying the vendor. The document argues that full disclosure is like an unavoidable aspect like death and taxes because parts of the internet will always be poor at proactive disclosure. It lists several reasons why full disclosure is considered bad, such as giving unsophisticated actors access to exploits, reinforcing negative stereotypes of hackers, and scaring people away from supporting proactive disclosure programs. The document concludes by arguing that hyping up low criticality vulnerabilities and clickbaity journalism can hurt the reputation and progress of the security community overall.
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
Over the past 7 years Bugcrowd has had a front-row seat to watch hackers (and cybersecurity itself) go from scary, to relevant, to cool, to normal...
So, what now?
Webinar kym-casey-bug bounty tipping point webcast - po edits
Our 2016 State of Bug Bounty Report announced that bug bounty programs adoption has increased 210% since 2013.
As more and more companies leverage the capabilities of the global researcher community to identify critical vulnerabilities, we must ask...has the bug bounty economy reached a tipping point?
Join Bugcrowd as we unpack the top trends in crowdsourced cybersecurity and review the key findings from The State of Bug Bounty Report 2016.
Webinar: https://www.brighttalk.com/webcast/14415/221275/the-bug-bounty-tipping-point-strength-in-numbers
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
Exploring the dynamics and relationship between the hacker community and the engineering coalface. Today’s cybersecurity battle is not a fair fight. The attackers — growing in numbers and sophistication — have overwhelmed the comparatively small pool of defenders. Add an engineering team that’s economically incentivized to ignore security, and you’re off to a bad start. This talk is story of what happens to engineers the first time some random kid 8,000 miles away hacks their stuff as a part of their bug bounty. It’s about its outsourcing the creation of the “oh shit” moment, and seeing your engineering team become a blue team. Why is this about pairing engineering teams with hackers specifically? Because it addresses a marked gap: people who build things for a living paired with people who break things for a living.
AppSecUSA - Your License for Bug Hunting Season
Tweet Share
You don’t need a license for bug hunting season anymore. Bug bounty programs are becoming well established as a valuable tool in identifying vulnerabilities early. The Department of Defense has authorized its first bug bounty program, and many vendors are taking a fresh look. While the programs are highly effective, many questions remain about how to structure bug bounty programs to address the concerns that vendors and researchers have about controlling bug hunters, security and privacy, contractual issues with bug hunters, what happens if there is a rogue hacker in the crowd, and liability and compliance concerns. This presentation will cover the best practices for structuring effective bug bounty programs.
Video: https://www.youtube.com/watch?v=ziUUyA0-zwg
Introducing Bugcrowd
An introductory presentation on bug bounty programs and crowdsourcing at the Coles Security Summit in 2013.
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
More from Casey Ellis (20)
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
TechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startup
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po edits
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Recently uploaded
Northern Engraving | Nameplate Manufacturing Process - 2024
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"What does it really mean for your system to be available, or how to define w...
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Tomaz Bratanic
Graph ML and GenAI Expert - Neo4j
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Containers & AI - Beauty and the Beast!?!
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Keywords: AI, Containeres, Kubernetes, Cloud Native
Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
What is an RPA CoE? Session 2 – CoE Roles
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
• What roles are essential?
• What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Introducing BoxLang : A new JVM language for productivity and modularity!
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
So… you want to become a Test Automation Engineer (or hire and develop one)? While there’s quite a bit of information available about important technical and tool skills to master, there’s not enough discussion around the path to becoming an effective Test Automation Engineer that knows how to add VALUE. In my experience this had led to a proliferation of engineers who are proficient with tools and building frameworks but have skill and knowledge gaps, especially in software testing, that reduce the value they deliver with test automation.
In this talk, Lee will share his lessons learned from over 30 years of working with, and mentoring, hundreds of Test Automation Engineers. Whether you’re looking to get started in test automation or just want to improve your trade, this talk will give you a solid foundation and roadmap for ensuring your test automation efforts continuously add value. This talk is equally valuable for both aspiring Test Automation Engineers and those managing them! All attendees will take away a set of key foundational knowledge and a high-level learning path for leveling up test automation skills and ensuring they add value to their organizations.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Essentials of Automations: Exploring Attributes & Automation Parameters
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Discover the Unseen: Tailored Recommendation of Unwatched Content
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
Recently uploaded (20)
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
- 1. September 2016 AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
- 2. 1/24/172 FOUNDER & CEO PEN TESTER HACKER FATHER YOUR SPEAKER
- 3. Financial Services Consumer Tech Retail & Ecommerce Infrastructure Technology Automotive Security Technology Other WIDE ADOPTION OF CROWDSOURCED SECURITY
- 4. WHAT IS A BUG BOUNTY? 4
- 6. WHY IS THERE AN ISSUE TO ADDRESS? 6 Ballooning attack surface Cybersecurity resource shortage Broken status-quo Active, efficient adversaries Breaking The Vulnerability Cycle
- 7. BROKEN STATUS QUO 7 $7.8B Estimated Security Assessment Market Size by 2021 Source: http://cybersecurityventures.com/cybersecurity-market-report/
- 8. BALLOONING ATTACK SURFACE 8 1.1B Websites as of January 2016… ...and the rest. Source: http://www.internetlivestats.com/total-number-of-websites/
- 9. CYBERSECURITY RESOURCE SHORTAGE 9 209K Unfilled cybersecurity jobs as of 2015 Source: http://peninsulapress.com/2015/03/31/cybersecurity-jobs-growth/
- 10. ACTIVE AND EFFICIENT ADVERSARIES 10 350% Increase of breaches caused by hacking from 2007 to 2015 Source: http://www.idtheftcenter.org/2016databreaches.html
- 12. September 2016
- 13. 13
- 14. WHAT ARE YOU WAITING FOR? 14
- 15. 15 Only crazy tech companies run bug bounty programs Bug bounties don’t attract talented testers or results They’re too hard to manage and too expensive Running a bounty program is too risky OBJECTIONS If the model makes sense, what is stopping you?
- 17. OBJECTION: “ONLY TECH COMPANIES RUN BUG BOUNTY PROGRAMS” 17 30% of all bug bounty programs are run by Traditional organizations.
- 18. OBJECTION: “THEY DON’T ATTRACT TALENTED TESTERS OR RESULTS” 18 13 HRS In 2016, a critical issue was reported every...
- 19. OBJECTION: “THEY DON’T ATTRACT TALENTED TESTERS OR RESULTS” 19 KNOWLEDGE SEEKERS HOBBYISTS FULL-TIMERS VIRTUOSOS PROTECTORS
- 20. 20 “We decided to run a bug bounty program to get access to a wide variety of security testers. Hiring security researchers is very difficult in today’s market...” Jon Green Sr. Director of Security Architecture
- 21. OBJECTION: “THEY’RE TOO HARD TO MANAGE AND TOO EXPENSIVE” 21 68% Of all bug bounty programs are private, or invite-only.
- 22. OBJECTION: “THEY’RE TOO HARD TO MANAGE AND TOO EXPENSIVE” (cont.) 22
- 23. 23 Efficiency and effectiveness of the crowd is really why we bring them on… it’s helped in expanding our team for a fraction of the cost. Now my internal resources are better utilized. DavidBaker CSO
- 24. OBJECTION: “RUNNING A BOUNTY PROGRAM IS TOO RISKY” 1/24/1724 Time Pen Test Pen Test Zone of Vulnerability Blindness Zone of Vulnerability Blindness Code Release Code Release Coverage Automation
- 25. In reality, public disclosure incidents occur less than .0005% of the time 25
- 26. HOW TO HAVE A HEALTHY RELATIONSHIP... 1/24/1726
- 29. PAY FAST, PAY WELL 1/24/1729
- 31. 13 HRS In 2016, a critical issue was reported every... 31
- 32. 32 Time Pen Test Pen Test Zone of Vulnerability Blindness Zone of Vulnerability Blindness Code Release Code Release Coverage Automation BROKEN STATUS QUO (cont.)