"Let's go HTTPS" by Simone Carletti
HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.
When you browse the net - you often send sensitive and highly personal data - passwords, banking information and so much more. One of the basic protections we have is a secure connection - or HTTPS instead of a HTTP. What does this mean? Should you enable this secure connection on your website? How can you inform your users to seek out these connections?
Typing our banking information, secure passwords or our credit card information into an unsecure connection - can put at anyone at high risk of having our information stolen.
This scenario and various others are all to true in the digital age and can wreak havoc on many individual’s personal lives. Some leading towards bankruptcy and financial ruin. This webinar will discuss:
- what HTTPS is
- how it functions
- how to enable it
- where to get a SSL certificate that will sign your HTTPS implementation
-along with where it should be implemented.
When you browse the net - you often send sensitive and highly personal data - passwords, banking information and so much more. One of the basic protections we have is a secure connection - or HTTPS instead of a HTTP. What does this mean? Should you enable this secure connection on your website? How can you inform your users to seek out these connections?
Typing our banking information, secure passwords or our credit card information into an unsecure connection - can put at anyone at high risk of having our information stolen.
This scenario and various others are all to true in the digital age and can wreak havoc on many individual’s personal lives. Some leading towards bankruptcy and financial ruin. This webinar will discuss:
- what HTTPS is
- how it functions
- how to enable it
- where to get a SSL certificate that will sign your HTTPS implementation
-along with where it should be implemented.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.
A brief introduction to Crytography,the various types of crytography and the advantages and disadvantages associated to using the following tyes with some part of the RSA algorithm
its all about cryptography introduction ......
not at advanced level but you can know basics of what actually cryptography is ...eliminating history and going to the point
Overview and clarification of blockchain on following respects: what blockchain is, when it appeared, how it works, who designed/develops it, what it can achieve?
Author : Dr Christian Cachin, IBM
This presentation will show you the basics of cryptography.
Main topics like basic terminology,goals of cryptography,threats,types of cryptography,algorithms of cryptography,etc. are covered in this presentation.If you like this presentation please do hit the like.
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
cmcs
MACs based on Block Ciphers
Digital Signature
Properties , Requirements and Security of Digital Signature
Various digital signature schemes ( Elgamal and Schnorr )
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Fun with Functional Programming in ClojureCodemotion
"Fun with Functional Programming in Clojure" by John Stevenson.
Clojure is a simple, powerful and fun language. With a small syntax its quick to learn, meaning you can focus on functional design concepts and quickly build up confidence. There are also a wide range of Clojure libraries to build any kind of apps or services quickly. With a focus on Immutability, Persistent data structures & lazy evaluation, you will quickly feel confident about the Functional Programming (FP) approach to coding. Discover Clojure in action as we write & evaluate Clojure using the REPL (interactive run-time environment), giving instant feedback on what the code is doing.
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.
A brief introduction to Crytography,the various types of crytography and the advantages and disadvantages associated to using the following tyes with some part of the RSA algorithm
its all about cryptography introduction ......
not at advanced level but you can know basics of what actually cryptography is ...eliminating history and going to the point
Overview and clarification of blockchain on following respects: what blockchain is, when it appeared, how it works, who designed/develops it, what it can achieve?
Author : Dr Christian Cachin, IBM
This presentation will show you the basics of cryptography.
Main topics like basic terminology,goals of cryptography,threats,types of cryptography,algorithms of cryptography,etc. are covered in this presentation.If you like this presentation please do hit the like.
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
cmcs
MACs based on Block Ciphers
Digital Signature
Properties , Requirements and Security of Digital Signature
Various digital signature schemes ( Elgamal and Schnorr )
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Fun with Functional Programming in ClojureCodemotion
"Fun with Functional Programming in Clojure" by John Stevenson.
Clojure is a simple, powerful and fun language. With a small syntax its quick to learn, meaning you can focus on functional design concepts and quickly build up confidence. There are also a wide range of Clojure libraries to build any kind of apps or services quickly. With a focus on Immutability, Persistent data structures & lazy evaluation, you will quickly feel confident about the Functional Programming (FP) approach to coding. Discover Clojure in action as we write & evaluate Clojure using the REPL (interactive run-time environment), giving instant feedback on what the code is doing.
This lecture addresses the internals of Linux processes, and its life cycle. This includes its creation, termination, and state transitions during its existence. It also addresses the difference between processes and threads in Linux
Check the other Lectures and courses in
http://Linux4EnbeddedSystems.com
or Follow our Facebook Group at
- Facebook: @LinuxforEmbeddedSystems
Lecturer Profile:
- https://www.linkedin.com/in/ahmedelarabawy
"Commodore 64 Mon Amour" by Andrea Ferlito.
Cosa succede se dopo 30 anni riprendi in mano un vecchio listato assembly? E' quello che racconterò in questo speech. Utilizzando come esempio un piccolo platform a livelli capiremo come si progettava e si scriveva un videogioco negi anni 80 e quali possono essere gli strumenti che oggi ci permettono di farlo ancora semplificandoci, e non poco, la vita. Un minimo di conoscenza del linguaggio assembly del 6510 sarebbe opportuno.
Refactoring to a Single Page ApplicationCodemotion
"Refactoring to a Single Page Application" by Marcello Teodori
In origine era il monolite. Spesso dietro una startup web di successo c'è un'applicazione in tecnologia singola (Java, Rails, ecc.) che cresce finché fatica a scalare all'aumentare degli utenti e con essa il relativo processo di sviluppo all'aumentare degli sviluppatori. Sul back-end una strategia consolidata è suddividere progressivamente il monolite in microservice. Per il front-end la soluzione duale è estrarre gradualmente il codice HTML, CSS e JavaScript in una Single Page Application, applicando diverse tecniche come quelle maturate durante la mia esperienza in Workshare.
This ppt gives a general idea about the multithreading concepts in the java programming language. hope you find it useful
P.S :
sorry there is a correction in one of the slides
where i have entered implements thread
it is wrong it is actually implements Runnable
thank you!
This is the twelfth set of slightly updated slides from a Perl programming course that I held some years ago.
I want to share it with everyone looking for intransitive Perl-knowledge.
A table of content for all presentations can be found at i-can.eu.
The source code for the examples and the presentations in ODP format are on https://github.com/kberov/PerlProgrammingCourse
"The road to Ember.js 2.0" by Lucio Grenzi
Why should I use Ember.js? JavaScript MVC frameworks are plentiful. In this presentation I will give you some compelling reasons to consider Ember,and the the new parts coming from the upcoming version 2.0. Different from other framework the new vesion does not brings a far new world because the dev team has planned continuos releases in order to improve backward compatibility. But there are new parts, like in React, the "virtual DOM" to improve performance. In this talk I will go through the new parts of EmberJS 2.0
"Are Drones our best friends?" by Nicola Marietti
Close to 4.3 million drones were shipped worldwide in 2015, and with each drone sold, the risk of 'bad-drone' abuse increases. During those years unexpected convergent consequences explode onto the drone scene at once .A drone is an aerial robot that can be controlled remotely or autonomously, drones are now effective data gathering platforms, Computer vision, sense-and-avoid and optical tracking become standard in consumer drones. Are we safe from a little drone attack? How we can defend our site from this new threat. Security solutions are the big new deal the next future.
The tools at our disposal today for deploying HTTPS are tremendously powerful, and easy to use. Initiatives like Let's Encrypt offer certificates, and new security policies like HSTS and HPKP allow you to protect against extremely powerful attacks. HTTPS, Here and Now!
This was an invited talk at the ICT Security Happening, organized by the VDAB Competence Center in Leuven.
SSL Certificate is a very common term that we definitely heard but there is only limited number of people who know it is meaning or what is it? Actually SSL stands for Secure Socket Layer Protocol which helps to secure more safety in the internet world. it was developed by Netscape and issued by the Certificate Authorities.
A presentation about how we can make the Internet hard to monitor - how we can and should encrypt more communication. This version includes a presentation of the TLS protocol.
Changes in 2.2: Added quotes from Viktor Dukhovni's IETF RFC 7435 about Opportunistic Security
Certificate pinning in android applicationsArash Ramez
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
The many benefits of a RESTful architecture has made it the standard way in which to design web based APIs. For example, the principles of REST state that we should leverage standard HTTP verbs in order to help keep our APIs simple. Server components that are considered RESTFul should be stateless which help to ensure that they can easily scale.
However, the best practices of REST and security often seem to clash. How should sensitive information be transmitted in RESTful APIs? How should a user be authenticated in a stateless application? How is it possible to design an API so it is both secure and RESTful? Securing RESTful endpoints is further complicated by the the fact that security best practices evolve so rapidly.
In this talk Rob will explore various ways to perform authentication in RESTful APIs. Along the way we will clear up misconceptions, explore common pitfalls, and discover new insights into authentication.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
If you own a website, specifically a WordPress site, it's time to move from HTTP to HTTPS. Google is implementing a Carrot-and-Stick plan to get you there. This WordCamp talk touched on the basics of HTTPS/SSL/TLS and Google's plan to make the web more secure. These slides cite links with supporting information.
This presentation is a tutorial intro to DANE (DNS Authentication of Named Entities). It describes the root problem, a possible solution using DANE, and briefly shows how you can starting using DANE and TLSA records yourself.
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...Sandro Gauci
WebRTC is often considered to be secure by default - with most security concerns being around IP address leakage which is more of a privacy issue than anything. Well, I have news for you - the applications and infrastructure that handles WebRTC can be attacked. It may indeed have various types of security vulnerabilities which are often overlooked. This presentation is based on experiences gained through security testing of WebRTC applications with anecdotal stories to illustrate the dangers. We will also take a peek at Video Delivery mechanisms such as RIST and SRT and discuss what could possibly go wrong there too!
Overview of SSL & TLS Client-Server InteractionsKatie Knowles
Overview of SSL & TLS client-sever interactions and perfect forward security with Diffie-Hellman exchange.
Originally created for the dc562 2016 Cryptoparty.
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Codemotion
Increased complexity makes it very hard and time-consuming to keep your software bug-free and secure. We introduce fuzz-testing as a method for automatically and continuously discovering vulnerabilities hidden in your code. The talk will explain how fuzzing works and how to integrate fuzz-testing into your Software Development Life Cycle to increase your code’s security.
Pompili - From hero to_zero: The FatalNoise neverending storyCodemotion
It was 1993 when we decided to venture in a beat'em up game for Amiga. The Catalypse's success story pushed me and my comrade to create something astonishing for this incredible game machine... but things went harder, assumptions were slightly different, and italian competitors appeared out of nowhere... the project died in 1996. Story ended? Probably not...
Il Commodore 65 è un prototipo di personal computer che Commodore avrebbe dovuto mettere in commercio quale successore del Commodore 64. Purtroppo la sua realizzazione si fermò appunto allo stadio prototipale. Racconterò l'affascinante storia del suo sviluppo ed il perchè della soppressione del progetto ormai ad un passo dalla immissione in commercio.
Rivivere l'ebbrezza di progettare un vecchio computer o una consolle da bar è oggi possibile sfruttando le FPGA, ovvero logiche programmabili che consentono a chiunque di progettare il proprio hardware o di ricrearne uno del passato. In questa sessione si racconta come dal reverse engineering dell'hardware di vecchie glorie come il Commodore 64 e lo ZX Spectrum sia stato possibile farle rivivere attraverso tecnologie oggi alla portata di tutti.
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Codemotion
There's a lot of talk about blockchain, but how does the technology behind it actually work? For developers, getting some hands-on experience is the fastest way to get familiair with new technologies. So let's build a blockchain, then! In this session, we're going to build one in plain old Java, and have it working in 40 minutes. We'll cover key concepts of a blockchain: transactions, blocks, mining, proof-of-work, and reaching consensus in the blockchain network. After this session, you'll have a better understanding of core aspects of blockchain technology.
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Codemotion
When was the last time you were truly lost? Thanks to the maps and location technology in our phones, a whole generation has now grown up in a world where getting lost is truly a thing of the past. Location technology goes far beyond maps in the palm of our hand, however. In this talk, we will explore how a ridesharing app works. How do we discover our destination?How do we find the closest driver? How do we display this information on a map? How do we find the best route?To answer these questions,we will be learning about a variety of location APIs, including Maps, Positioning, Geocoding etc.
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Codemotion
Eward Driehuis, SecureLink's research chief, will guide you through the bumpy ride we call the cyber threat landscape. As the industry has over a decade of experience of dealing with increasingly sophisticated attacks, you might be surprised to hear more attacks slip through the cracks than ever. From analyzing 20.000 of them in 2018, backed by a quarter of a million security events and over ten trillion data points, Eward will outline why this happens, how attacks are changing, and why it doesn't matter how neatly or securely you code.
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Codemotion
IoT revolution is ended. Thanks to hardware improvement, building an intelligent ecosystem is easier than never before for both startups and large-scale enterprises. The real challenge is now to connect, process, store and analyze data: in the cloud, but also, at the edge. We’ll give a quick look on frameworks that aggregate dispersed devices data into a single global optimized system allowing to improve operational efficiency, to predict maintenance, to track asset in real-time, to secure cloud-connected devices and much more.
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Codemotion
What if Virtual Reality glasses could transform your environment into a three-dimensional work of art in realtime in the style of a painting from Van Gogh? One of the many interesting developments in the field of Deep Learning is the so called "Style Transfer". It describes a possibility to create a patchwork (or pastiche) from two images. While one of these images defines the the artistic style of the result picture, the other one is used for extracting the image content. A team from TNG Technology Consulting managed to build an AI showcase using OpenCV and Tensorflow to realize such goggles.
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Codemotion
Blockchain (and Cryptocurrency) is an evolution of 20-year old research from scientists like Chaum, Lamport, and Castro & Liskov. Due to the current hype, it's hard to distinguish beneficial aspects of the technology from a desire for a "silver bullet" for device security, verifiable logistics, or "saving democracy". The problem: blockchain introduces new security challenges - and blind adoption without understanding reduces overall security. In this talk, Melanie Rieback and Klaus Kursawe explain the pitfalls and limits of blockchain, so you can avoid making your applications LESS secure.
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Codemotion
Networking is a core part of computing in the digital world we inhabit. But, how well do you know how it works? Do you understand all the moving parts of the OSI stack inside your computer, and how the network is actually put together? How can this ever work? This guided safari of layers, standards, protocols, and happenstance will bring us close to the copper wire, and up through the layers of CDMA/CD, ARP, routing and HTTP. We will make a few excursions through patchworks that still work forty years later, and cleverly designed mechanisms that show that simplicity is the only way to last.
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Codemotion
Performance tests are not only an important instrument for understanding a system and its runtime environment. It is also essential in order to check stability and scalability – non-functional requirements that might be decisive for success. But won't my cloud hosting service scale for me as long as I can afford it? Yes, but… It only operates and scales resources. It won't automatically make your system fast, stable and scalable. This talk shows how such and comparable questions can be clarified with performance tests and how DevOps teams benefit from regular test practise.
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Codemotion
Sascha will demonstrate the opportunities and challenges of Conversational AI learned from the practice. Both Technology and User Experience will be covered introducing a process finding micro-moments, writing happy paths, gathering intents, designing the conversational flow, and finally publishing on almost all channels including Voice Services and Chatbots. Valuable for enterprises, developers, and designers. All live on stage in just minutes and with almost no code.
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Codemotion
A key challenge we face at Pacmed is quickly calibrating and deploying our tools for clinical decision support in different hospitals, where data formats may vary greatly. Using Intensive Care Units as a case study, I’ll delve into our scalable Python pipeline, which leverages Pandas’ split-apply-combine approach to perform complex feature engineering and automatic quality checks on large time-varying data, e.g. vital signs. I’ll show how we use the resulting flexible and interpretable dataframes to quickly (re)train our models to predict mortality, discharge, and medical complications.
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Codemotion
Coolblue is a proud Dutch company, with a large internal development department; one that truly takes CI/CD to heart. Empowerment through automation is at the heart of these development teams, and with more than 1000 deployments a day, we think it's working out quite well. In this session, Pat Hermens (a Development Managers) will step you through what enables us to move so quickly, which tools we use, and most importantly, the mindset that is required to enable development teams to deliver at such a rapid pace.
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...Codemotion
Quantum computers can use all of the possible pathways generated by quantum decisions to solve problems that will forever remain intractable to classical compute power. As the mega players vie for quantum supremacy and Rigetti announces its $1M "quantum advantage" prize, we live in exciting times. IBM-Q and Microsoft Q# are two ways you can learn to program quantum computers so that you're ready when the quantum revolution comes. I'll demonstrate some quantum solutions to problems that will forever be out of reach of classical, including organic chemistry and large number factorisation.
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Codemotion
Chinese food exploded across America in the early 20th century, rapidly adapting to local tastes while also spreading like wildfire. How was it able to spread so fast? The GY6 is a family of scooter engines that has achieved near total ubiquity in Europe. It is reliable and cheap to manufacture, and it's made in factories across China. How are these factories able to remain afloat? Chinese-American food and the GY6 are both riveting studies in product-market fit, and both are the product of a distributed open source-like development model. What lessons can we learn for open source software?
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Codemotion
The design space has exploded in size within the last few years and Sketch is one of the most important milestones to represent the phenomenon. But behind the scenes of this growing reality there is a remote team that revolutionizes the design space all without leaving the home office. This talk will present how Sketch has grown to become a modern, product designer's tool.
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Codemotion
Would you fly in a plane designed by a craftsman or would you prefer your aircraft to be designed by engineers? We are learning that science and empiricism works in software development, maybe now is the time to redefine what “Software Engineering” really means. Software isn't bridge-building, it is not car or aircraft development either, but then neither is Chemical Engineering. Engineering is different in different disciplines. Maybe it is time for us to begin thinking about retrieving the term "Software Engineering" maybe it is time to define what our "Engineering" discipline should be.
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Codemotion
What is the job of a CTO and how does it change as a startup grows in size and scale? As a CTO, where should you spend your focus? As an engineer aspiring to be a CTO, what skills should you pursue? In this inspiring and personal talk, I describe my journey from early Red Hat engineer to CTO at Bloomon. I will share my view on what it means to be a CTO, and ultimately answer the question: Should the CTO be coding?
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
8. HTTPS (also called HTTP over TLS, HTTP
over SSL, and HTTP Secure) is a protocol for
secure communica?on over a computer
network which is widely used on the
Internet. HTTPS consists of communica?on
over Hypertext Transfer Protocol (HTTP)
within a connec?on encrypted by Transport
Layer Security or its predecessor, Secure
Sockets Layer.
hTps://en.wikipedia.org/wiki/HTTPS
IV
III
II
I
10. HTTPS is HTTP
over an encrypted connec?on
secured by TLS (previously SSL).
IV
III
II
I
11. HTTPS is how websites securely
exchange informa?on.
IV
III
II
I
12. Secure Connec@on
Encryp@on
The process of encoding messages or informa?on in such a way that
only authorized par?es can read it.
Authen@ca@on
The process of determining whether someone or something is, in
fact, who or what it is declared to be.
IV
III
II
I
27. ! HTML 5 powerful features
hTps://blog.mozilla.org/security/2015/04/30/depreca?ng-non-secure-hTp/
hTps://sites.google.com/a/chromium.org/dev/Home/chromium-security/depreca?ng-powerful-features-on-insecure-origins
29. ! Firefox form + HTTPS
hTps://www.fxsitecompat.com/en-CA/docs/2015/non-hTps-sites-containing-login-form-will-be-marked-insecure/
30. " SSL Cer@ficate
A cer?ficate is a digital document that contains a public key, some
informa?on about the en?ty associated with it, and a digital
signature from the cer?ficate issuer.
IV
III
II
I
31. x.509 SSL Cer@ficate
# Version
$ Serial Number
% Issuer
& Validity
' Subject
( Public Key
"
) Extensions
IV
III
II
I
32. Cer@ficate Types
! Single-name cer?ficate
example.com
! Wildcard-name cer?ficate
*.example.com
! SAN cer?ficate
example.com, www.example.com, foobar.com, …
IV
III
II
I
40. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
ClientHello
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
41. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
42. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
ClientKeyExchange
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
43. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
ClientKeyExchange
SYMMETRIC KEY IS GENERATED
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
44. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
! Client switches to encryp?on
! MAC of handshake
ClientKeyExchange
ChangeCipherSpec, Finished
SYMMETRIC KEY IS GENERATED
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
45. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
! Client switches to encryp?on
! MAC of handshake
ClientKeyExchange
ChangeCipherSpec, Finished
! Server switches to encryp?on
! MAC of handshake
ChangeCipherSpec, Finished
SYMMETRIC KEY IS GENERATED
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
46. Handshake
SYN SYN ACK
. Client Random
( Cipher suites
/ Server Random
( Cipher suite
" Cer?ficates
0 Session ID
1 Server key exchange data
ClientHello
ServerHello, Cer?ficate, ServerKeyExchange, ServerHelloDone
1 Client key exchange data
! Client switches to encryp?on
! MAC of handshake
ClientKeyExchange
ChangeCipherSpec, Finished
! Server switches to encryp?on
! MAC of handshake
ChangeCipherSpec, Finished
SYMMETRIC KEY IS GENERATED
2 Applica?on data2 Applica?on data
, -
DISCLAIMER: This schema is simplified on purpose.
IV
III
II
I
47. Cipher Suites
A cipher suite is a selec?on of cryptographic primi?ves and other
parameters that defines exactly how security will be implemented.
Bulletproof SSL and TLS
IV
III
II
I
48. Cryptographic primi@ves
At the lowest level, cryptography relies on various cryptographic
primi0ves. Each primi?ve is designed with a par?cular useful
func?onality in mind.
The primi?ves alone are not very useful, but we can combine them
into schemes and protocols to provide robust security.
For example, we might use one primi?ve for hashing, one for
encryp@on and another for integrity checking.
IV
III
II
I
50. self signed vs trusted
• Provides encryp?on
• Provides authen?ca?on
• Issued and signed by a publicly
trusted Cer?fica?on Authority
• Suitable for produc?on
environments as well for
tes?ng
• Generally not free
• Provides encryp?on
• Doesn't provide authen?ca?on
• self-signed
• Generally used for tes?ng
• Free
52. Chain of trust
• Browsers and opera?ng systems include a list of trusted cer?ficates
• These cer?ficates are called root cer'ficates, and they generally belong to trusted
par?es, such as cer?ficate authori?esIV
III
II
I
53. Chain of trust
• When a cer?ficate authority issues a cer?ficate, they sign the cer?ficate with
their root cer?ficate
IV
III
II
I
54. Chain of trust
• Truthfully, in most cases cer?fica?on authori?es use sub-cer?ficates to sign your
cer?ficate
• These cer?ficates are called intermediate cer'ficates, and they are signed with a
root cer?ficateIV
III
II
I
55. Chain of trust
• When the browser connects to a site via HTTPS, the browser reads the site
cer?ficate
• The cer?ficate doesn't match a trusted root cer?ficateIV
III
II
I
56. Chain of trust
• The browser aTempts to download the cer?ficate that was used to sign the
current cer?ficate
• The cer?ficate doesn't match a trusted root cer?ficateIV
III
II
I
57. Chain of trust
• The browser aTempts to download the cer?ficate that was used to sign the
current cer?ficate
• The cer?ficate matches a root cer?ficate
• The original cer@ficate is trusted :)
• The en?re cer@ficate chain is trusted
3
IV
III
II
I
58. Chain of trust
• The browser aTempts to download the cer?ficate that was used to sign the
current cer?ficate
• The cer?ficate doesn't match a root cer?ficate, and there are no more cer?ficates
• The original cer@ficate is untrusted :(
• The en?re cer@ficate chain is untrusted
4
IV
III
II
I
60. Create a Cer@ficate
Generate a
Private/Public key pair
$ openssl genrsa -des3 -out private.key 2048
...
Enter pass phrase for private.key:
Verifying - Enter pass phrase for private.key:
IV
III
II
I
61. Create a Cer@ficate
Generate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
$ openssl req -nodes -new -key private.key -out
server.csr
...
Country Name (2 letter code) [AU]:US
Common Name (eg, YOUR name) []:www.example.com
...
IV
III
II
I
62. Create a Cer@ficate
Generate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
for a self-signed cer?ficate
Sign the cer?ficate
$ openssl x509 -req -days 365 -in server.csr -signkey
private.key -out certificate.pem
hTps://devcenter.heroku.com/ar?cles/ssl-cer?ficate-self
IV
III
II
I
63. Request a trusted Cer@ficate
Generate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
for a trusted cer?ficate
Request the Cer?ficate (*)
Request generally means purchase.
You can purchase an SSL cer?ficate either
from a CA, or a reseller.
Some providers offer visual tools that help you
with the request process (e.g. by genera?ng
the CSR)
(*)
IV
III
II
I
64. Request a trusted Cer@ficate
Generate a
Private/Public key pair
Generate a
Cer?ficate Signing Request (CSR)
for a trusted cer?ficate
Request the Cer?ficate (*)
• Select the cer?ficate type
• Submit the CSR
• Validate the request
• Obtain the cer?ficate
(*)
IV
III
II
I
65. ! (DV) Domain Validated
asserts control of a domain
! (OV) Organiza?on Validated
asserts control of a domain as well basic organiza?onal vepng
! (EV) Extended Valida?on
asserts control of a domain as well extended organiza?onal vepng
Cer@ficate Types
IV
III
II
I
66. 5 Now you should have
1. A CSR file
2. A cer?ficate file
3. A private key file
4. (op0onally) A list of
intermediate cer?ficate files
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----IV
III
II
I
68. Install the cer@ficate on the server
along with the private key, and intermediate cer?ficate chain.
Configure HTTPS
configure protocol version, cypher suite and cypher sepngs.
To deploy HTTPS you need to:
IV
III
II
I
69. History of secure protocols
SSL 1 Never released
SSL 2 1996 A number of security flaws
SSL 3 1995 Broken. Vulnerable to POODLE aTack
TLS 1.0 1999
TLS 1.1 2006
TLS 1.2 2008IV
III
II
I
70. Example config
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ssl certificate config
ssl_certificate /path/to/certificate_and_intermediates;
ssl_certificate_key /path/to/private_key;
# ssl session config
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# protocol and cipher config
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
}
IV
III
II
I
71. Example config
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ssl certificate config
ssl_certificate /path/to/certificate_and_intermediates;
ssl_certificate_key /path/to/private_key;
# ssl session config
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# protocol and cipher config
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
}
IV
III
II
I
72. Example config
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ssl certificate config
ssl_certificate /path/to/certificate_and_intermediates;
ssl_certificate_key /path/to/private_key;
# ssl session config
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# protocol and cipher config
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
}
IV
III
II
I
73. Example config
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ssl certificate config
ssl_certificate /path/to/certificate_and_intermediates;
ssl_certificate_key /path/to/private_key;
# ssl session config
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# protocol and cipher config
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
}
IV
III
II
I
90. HSTS Header
$ curl -I https://dnsimple.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 15 Mar 2016 15:52:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
ETag: W/"f2d21600cdff911b9ee6a44dabcda234"
Cache-Control: max-age=0, private, must-revalidate
Set-Cookie: _session=eccefb19761929d668000056d1b2; path=/; HttpOnly; secure
X-Request-Id: 9d77f4c5-ab6b-443e-91bd-76a0383d8ab5
X-Runtime: 0.016254
Strict-Transport-Security: max-age=31536000
IV
III
II
I
91. HSTS Header
The first ?me your site is accessed using HTTPS and it returns the Strict-Transport-
Security header, the browser records this informa?on, so that future aTempts to
load the site using HTTP will automa?cally use HTTPS instead.
When the expira?on ?me specified by the Strict-Transport-Security header elapses,
the next aTempt to load the site via HTTP will proceed as normal instead of
automa?cally using HTTPS.
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
IV
III
II
I
92. HSTS Header
The first ?me your site is accessed using HTTPS and it returns the Strict-Transport-
Security header, the browser records this informa?on, so that future aTempts to
load the site using HTTP will automa?cally use HTTPS instead.
When the expira?on ?me specified by the Strict-Transport-Security header elapses,
the next aTempt to load the site via HTTP will proceed as normal instead of
automa?cally using HTTPS.
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
IV
III
II
I