The Uniface Lectures are an ongoing series of free monthly technical webinars that cover a wide range of useful topics. In this edition of the Lectures webinar on Application & Infrastructure Security - JSON Web Tokens we cover the following main topics:
• The JWT standard
• Applying JWT to Uniface
• Uniface technology to support JWT
• Sample application of JWT
• And more…
Session video recording is on: youtube.com/unifacesme
Webinar video recording archive: go.uniface.com/Lectures-page
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
What is JWT?
When should you use JSON Web Tokens?
WHAT IS THE JSON WEB TOKEN STRUCTURE?
JWT Process
PROS AND CONS
JWT.IO
Using JSON Web Tokens as API Keys
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 LinkMongoDB
Encryption is not a new concept to MongoDB. Encryption may occur in-transit (with TLS) and at-rest (with the encrypted storage engine). But MongoDB 4.2 introduces support for Client Side Encryption, ensuring the most sensitive data is encrypted before ever leaving the client application. Even full access to your MongoDB servers is not enough to decrypt this data. And better yet, client side encryption can be enabled at the "flick of a switch". This session covers using client side encryption in your applications. This includes the necessary setup, how to encrypt data without sacrificing queryability, and what trade-offs to expect.
The Uniface Lectures are an ongoing series of free monthly technical webinars that cover a wide range of useful topics. In this edition of the Lectures webinar on Application & Infrastructure Security - JSON Web Tokens we cover the following main topics:
• The JWT standard
• Applying JWT to Uniface
• Uniface technology to support JWT
• Sample application of JWT
• And more…
Session video recording is on: youtube.com/unifacesme
Webinar video recording archive: go.uniface.com/Lectures-page
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
What is JWT?
When should you use JSON Web Tokens?
WHAT IS THE JSON WEB TOKEN STRUCTURE?
JWT Process
PROS AND CONS
JWT.IO
Using JSON Web Tokens as API Keys
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 LinkMongoDB
Encryption is not a new concept to MongoDB. Encryption may occur in-transit (with TLS) and at-rest (with the encrypted storage engine). But MongoDB 4.2 introduces support for Client Side Encryption, ensuring the most sensitive data is encrypted before ever leaving the client application. Even full access to your MongoDB servers is not enough to decrypt this data. And better yet, client side encryption can be enabled at the "flick of a switch". This session covers using client side encryption in your applications. This includes the necessary setup, how to encrypt data without sacrificing queryability, and what trade-offs to expect.
Using JSON Web Tokens for REST Authentication Mediacurrent
This session will provide an introduction to JSON Web Tokens (JWT) (https://jwt.io/introduction/), advantages over other authentication methods, and how to use it to authenticate requests to Drupal REST resources. After this session, attendees will have a better understanding of how JWTs work and will be able to set up and use JWT for authenticating REST requests in Drupal.
This presentation shows what are JSON Web Tokens, explaining about the structure, signature, encryption and how we can integrate this with Authentication/Authorization together with Spring Security.
The link for the project in Github is:
https://github.com/BHRother/spring-boot-security-jwt
The example implements JWT + Spring Security in a Spring-Boot project.
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
In this community call, we discuss mastering JWTs with WSO2 API Manager including
- Backend user authentication with JWT
- Backend JWT generation
- Best practices to validate JWT
- User-related claims in JWT
- JWT grant
Building nTier Applications with Entity Framework Services (Part 2)David McCarter
Learn how to build real world nTier applications with the new Entity Framework and related services. Make sure to attend Part 1. This second part to the series will focus on using the Entity Framework in an nTier/ SOA world by separating out the different layers using T4 templates and using the new WCF Data Services to easily expose entity models via REST and to Silverlight clients. Lots of code!
It gives an overview about the WebRTC Identity and Security model, and our in-place SAML based Identity Federations. It gives detailed description about the combination and integration possibilities and difficulties. Demonstrating the integration with an example web application.
https://youtu.be/aeXaWDNU_sg
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"iosrjce
Cloud cоmрutіոg іs tyріcаlly defіոed as а type of cоmрutіոg that relies оո shаrіոg cоmрutіոg
resources. The Іոfrаstructure as а Service іո cloud offers the dаtа-ceոter servіces to stоre аոd mаոаge
іոfоrmаtіоո, the рrіvаte іոfоrmаtіоո cаո be shared аmоոg the busіոess-cоmраոy employees or the member’s of
а cоmmuոіty. Рreservіոg data рrіvаcy requires it to be encrypted before uрlоаdіոg іոtо the cloud server. The
аuthоrіzed users’ are оոly іոteոded to dоwոlоаd аոd decrypt usіոg а secret-key. The рreseոtly exіstіոg
cryрtоgrарhіc models use key mаոаgemeոt рrоtоcоls tо address key revоcаtіоո рrоblems аոd some other uses
relіаble security cоոtrоller for іssuіոg the sіgոаtures аոd аttаch secret-keys tо the users. This leads to а lot of
оverheаd. Іո our рrороsed model, we іոtrоduce а ոоvel secure data shаrіոg аlgоrіthm SL-SKE (Sіgոаture
Less-Secret Key Eոcryрtіоո) does ոоt require а dіgіtаl-sіgոаture аոd also ոо аddіtіоаl relіаble security
cоոtrоller іs required. The complete аlgоrіthm runs аmоոg the cloud server, data owner аոd the trusted-users.
The newly generated keys are fully based оո the user’s рrоfіle. It will be іոtіmаted to the user through аո emаіl.
Fіոаlly the results shows that it mіոіmіzes the оverheаds аոd the аddіtіоոаl requirements like а trusted third
раrty.
ANDROID BASED WS SECURITY AND MVC BASED UI REPRESENTATION OF DATAIJCSEIT Journal
Google’s Android is open source; Programmable software framework is subject to typical Smartphone
attacks. Such attacks can make the phone partially or fully unusable, cause unwanted changes. While
accessing data over web services there should be security mechanisms like encryption of data on server
side and decryption using key on client side so that attacks can cause minimal damage to device and data
integrity
In the second part we have tried to implement here is that representation of data in UI in MVC architecture
so that data can be separated from the representation details and user can view data in a manner
whichever gives him/her comfort in analyzing the data.
Building nTier Applications with Entity Framework Services (Part 2)David McCarter
Learn how to build real world nTier applications with the new Entity Framework and related services. This second part to the series will focus on using the Entity Framework in an nTier/ SOA world by separating out the different layers using T4 templates and using the new WCF Data Services to easily expose entity models via REST and to Silverlight clients.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Using JSON Web Tokens for REST Authentication Mediacurrent
This session will provide an introduction to JSON Web Tokens (JWT) (https://jwt.io/introduction/), advantages over other authentication methods, and how to use it to authenticate requests to Drupal REST resources. After this session, attendees will have a better understanding of how JWTs work and will be able to set up and use JWT for authenticating REST requests in Drupal.
This presentation shows what are JSON Web Tokens, explaining about the structure, signature, encryption and how we can integrate this with Authentication/Authorization together with Spring Security.
The link for the project in Github is:
https://github.com/BHRother/spring-boot-security-jwt
The example implements JWT + Spring Security in a Spring-Boot project.
[WSO2 API Manager Community Call] Mastering JWTs with WSO2 API ManagerWSO2
In this community call, we discuss mastering JWTs with WSO2 API Manager including
- Backend user authentication with JWT
- Backend JWT generation
- Best practices to validate JWT
- User-related claims in JWT
- JWT grant
Building nTier Applications with Entity Framework Services (Part 2)David McCarter
Learn how to build real world nTier applications with the new Entity Framework and related services. Make sure to attend Part 1. This second part to the series will focus on using the Entity Framework in an nTier/ SOA world by separating out the different layers using T4 templates and using the new WCF Data Services to easily expose entity models via REST and to Silverlight clients. Lots of code!
It gives an overview about the WebRTC Identity and Security model, and our in-place SAML based Identity Federations. It gives detailed description about the combination and integration possibilities and difficulties. Demonstrating the integration with an example web application.
https://youtu.be/aeXaWDNU_sg
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"iosrjce
Cloud cоmрutіոg іs tyріcаlly defіոed as а type of cоmрutіոg that relies оո shаrіոg cоmрutіոg
resources. The Іոfrаstructure as а Service іո cloud offers the dаtа-ceոter servіces to stоre аոd mаոаge
іոfоrmаtіоո, the рrіvаte іոfоrmаtіоո cаո be shared аmоոg the busіոess-cоmраոy employees or the member’s of
а cоmmuոіty. Рreservіոg data рrіvаcy requires it to be encrypted before uрlоаdіոg іոtо the cloud server. The
аuthоrіzed users’ are оոly іոteոded to dоwոlоаd аոd decrypt usіոg а secret-key. The рreseոtly exіstіոg
cryрtоgrарhіc models use key mаոаgemeոt рrоtоcоls tо address key revоcаtіоո рrоblems аոd some other uses
relіаble security cоոtrоller for іssuіոg the sіgոаtures аոd аttаch secret-keys tо the users. This leads to а lot of
оverheаd. Іո our рrороsed model, we іոtrоduce а ոоvel secure data shаrіոg аlgоrіthm SL-SKE (Sіgոаture
Less-Secret Key Eոcryрtіоո) does ոоt require а dіgіtаl-sіgոаture аոd also ոо аddіtіоаl relіаble security
cоոtrоller іs required. The complete аlgоrіthm runs аmоոg the cloud server, data owner аոd the trusted-users.
The newly generated keys are fully based оո the user’s рrоfіle. It will be іոtіmаted to the user through аո emаіl.
Fіոаlly the results shows that it mіոіmіzes the оverheаds аոd the аddіtіоոаl requirements like а trusted third
раrty.
ANDROID BASED WS SECURITY AND MVC BASED UI REPRESENTATION OF DATAIJCSEIT Journal
Google’s Android is open source; Programmable software framework is subject to typical Smartphone
attacks. Such attacks can make the phone partially or fully unusable, cause unwanted changes. While
accessing data over web services there should be security mechanisms like encryption of data on server
side and decryption using key on client side so that attacks can cause minimal damage to device and data
integrity
In the second part we have tried to implement here is that representation of data in UI in MVC architecture
so that data can be separated from the representation details and user can view data in a manner
whichever gives him/her comfort in analyzing the data.
Building nTier Applications with Entity Framework Services (Part 2)David McCarter
Learn how to build real world nTier applications with the new Entity Framework and related services. This second part to the series will focus on using the Entity Framework in an nTier/ SOA world by separating out the different layers using T4 templates and using the new WCF Data Services to easily expose entity models via REST and to Silverlight clients.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
2. What is JWT
JSON Web Token (JWT) is an open
standard (RFC 7519) that defines a
compact and self-contained way for
securely transmitting information
between parties as a JSON object.
4. JavaScript Object Signing and
Encryption (JOSE)
JWT defines the token format and uses complementary specifications to
handle signing and encryption, this collection of specifications is known as
JOSE (JavaScript Object Signing & Encryption) and consists of the
following components
1. JWS - Defines the process to digitally signing JWT
2. JWE - Defines the process to encrypt a JWT
3. JWA - Defines list of algorithms for signing and encryption
4. JWK - Defines how a cryptographic keys to be represented
5. JWT Claims
JWT defines seven pre-defined(optional) claims to represent the token
iss Issuer of the token
sub Subject that the JWT is representing
aud Audience for the JWT
exp Time the JWT is set to expire
nbf Time the JWT is valid from (not-before)
iat Time when JWT issued
jti JWT ID (unique ID)
6. Authorization Tokens
JWT Token contains three parts separated by period (.) and starts with Bearer
Bearer eyJhbGciOiJIUzI1NiIsInR5IkpXVCJ9.eyJzdWIiOiJhZG1pbiIsImlh6MTUxNjIzOTAyMn0.sVt6cyu3HKd89LZVMNbqT0DTl3FvG9oYbj8hBDqU
NOTE: The Bearer scheme is used by many APIs for its simplicity. The name Bearer implies that the application
making the request is the bearer of the following pre-agreed token. In summary: you need to put Bearer up front to
tell the server that what follows is an API token, and not something else.
7.
8. Data Obfuscation
Data masking or data obfuscation is the process of hiding original data
with modified content The main reason for applying masking to a data
field is to protect data that is classified as personally identifiable
information(PII) , sensitive personal data, or commercially sensitive data.
9. Data Obfuscation Using JWT
1. Create a class that contains sensitive information.
2. Add @Obfuscate annotation to the sensitive data attributes
3. Extend that class to WebToken.
4. Pass the object to WebTokenUtil.generateToken(T ) method to generate JWT Token.
Method signature:
public static <T extends WebToken> String generateToken(final T clazz);
10. CustomerInfo customerInfo = new CustomerInfo();
customerInfo.setAccountId(939939939);
customerInfo.setCard("4123773773838838");
customerInfo.setSocial(”999-99-9999”);
transactionKey.setPhone(”999-999-9999”);