The document summarizes cybercrime statistics from a 2018 German Federal Criminal Agency report. It reported 87,000 cases of cybercrime in 2018 resulting in estimated damages of 60 million euros, though the actual damages are believed to be much higher. Separately, industry group Bitcom estimated annual damages in Germany from cybercrime to be 100 billion euros. The document also provides examples of the relatively low costs of various cyber attack services available for purchase online.
Techorama 2019 - Azure Security Center UnleashedTom Janetscheck
In cloud environments, management is increasingly distributed, attackers continue to innovate, and thus, cloud security management looks like mission impossible.
Join this session for a deep-dive into Azure Security Center, witness on-stage live attacks against an Azure environment and learn what you need to know in order to secure an Azure environment.
Experts Live Norway - Azure Infrastructure SecurityTom Janetscheck
In today's cloud era, admins struggle to keep their IT infrastructures safe. Cloud security is joint responsibility and what we need is a new approach!
In this session, you will learn how to securely deploy and maintain Azure infrastructure solutions, why automation is essential, what network security and encryption options you have, and how access control can prevent you from having sleepless nights.
We will successfully attack an Azure environment live on stage, dive deep into Azure Security Center, and see how we can use it to ultimately secure IT infrastructures on premises, hybrid, and on Azure.
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
The Time Has Come To Replace Your Antivirus Solution
After decades of frustration and failure, the security industry is ready to replace legacy antivirus systems with more effective solutions. As breaches continue to make headlines, we are left to wonder if anything can really stop modern threats. The answer is yes, but it requires us to approach the problem in a new way. Instead of continually adding functionality and complexity to legacy security architectures, we need a complete reset. This is exactly what CrowdStrike offers with its cloud-delivered endpoint protection platform.
The key to this new approach is going beyond malware to understanding and address cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.
In this CrowdCast, Dan Larson, Sr. Director of Technical Marketing, will discuss:
- The typical challenges with legacy antivirus implementations and how we solve them
- How CrowdStrike offers a greater level of protection, especially against modern threats
- How cloud-delivered endpoint protection reduces operational burden
- How to migrate from legacy antivirus to CrowdStrike Falcon
Link to on-demand webcast: https://www.crowdstrike.com/resources/crowdcasts/time-come-replace-antivirus-solution/
Battling Unknown Malware with Machine Learning CrowdStrike
Learn about the first signature-less engine to be integrated into VirusTotal. In this CrowdCast deck, CrowdStrike’s Chief Scientist Dr. Sven Krasser offers an exclusive look “under the hood” of this unique machine learning engine, revealing how it works, how it differs from all other signature-based engines integrated into VirusTotal to date, and how it fits into the larger ecosystem of techniques used by CrowdStrike Falcon to keep endpoints and environments safe.
Topics will include:
- What CrowdStrike Falcon machine learning is and how it works
- How to interpret results of machine learning-based threat detection
- How users can benefit from the CrowdStrike Falcon machine learning engine
- How this cutting-edge technology fits into the CrowdStrike Falcon breach prevention platform
Her ne kadar yazılımların saldırı vektörleri çok fazla olsa da aslında güvenli yazılım geliştirme adına yapılacak pratik çözümler ile çok sayıda uygulama güvenliği problemi ortadan kaldırılabilir. Bu sunum içeriği; güvenli yazılım geliştirme adına yapılması gereken en yaygın 10 pratik çözümü ve örneklerini içeriyor olacaktır.
Techorama 2019 - Azure Security Center UnleashedTom Janetscheck
In cloud environments, management is increasingly distributed, attackers continue to innovate, and thus, cloud security management looks like mission impossible.
Join this session for a deep-dive into Azure Security Center, witness on-stage live attacks against an Azure environment and learn what you need to know in order to secure an Azure environment.
Experts Live Norway - Azure Infrastructure SecurityTom Janetscheck
In today's cloud era, admins struggle to keep their IT infrastructures safe. Cloud security is joint responsibility and what we need is a new approach!
In this session, you will learn how to securely deploy and maintain Azure infrastructure solutions, why automation is essential, what network security and encryption options you have, and how access control can prevent you from having sleepless nights.
We will successfully attack an Azure environment live on stage, dive deep into Azure Security Center, and see how we can use it to ultimately secure IT infrastructures on premises, hybrid, and on Azure.
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
The Time Has Come To Replace Your Antivirus Solution
After decades of frustration and failure, the security industry is ready to replace legacy antivirus systems with more effective solutions. As breaches continue to make headlines, we are left to wonder if anything can really stop modern threats. The answer is yes, but it requires us to approach the problem in a new way. Instead of continually adding functionality and complexity to legacy security architectures, we need a complete reset. This is exactly what CrowdStrike offers with its cloud-delivered endpoint protection platform.
The key to this new approach is going beyond malware to understanding and address cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.
In this CrowdCast, Dan Larson, Sr. Director of Technical Marketing, will discuss:
- The typical challenges with legacy antivirus implementations and how we solve them
- How CrowdStrike offers a greater level of protection, especially against modern threats
- How cloud-delivered endpoint protection reduces operational burden
- How to migrate from legacy antivirus to CrowdStrike Falcon
Link to on-demand webcast: https://www.crowdstrike.com/resources/crowdcasts/time-come-replace-antivirus-solution/
Battling Unknown Malware with Machine Learning CrowdStrike
Learn about the first signature-less engine to be integrated into VirusTotal. In this CrowdCast deck, CrowdStrike’s Chief Scientist Dr. Sven Krasser offers an exclusive look “under the hood” of this unique machine learning engine, revealing how it works, how it differs from all other signature-based engines integrated into VirusTotal to date, and how it fits into the larger ecosystem of techniques used by CrowdStrike Falcon to keep endpoints and environments safe.
Topics will include:
- What CrowdStrike Falcon machine learning is and how it works
- How to interpret results of machine learning-based threat detection
- How users can benefit from the CrowdStrike Falcon machine learning engine
- How this cutting-edge technology fits into the CrowdStrike Falcon breach prevention platform
Her ne kadar yazılımların saldırı vektörleri çok fazla olsa da aslında güvenli yazılım geliştirme adına yapılacak pratik çözümler ile çok sayıda uygulama güvenliği problemi ortadan kaldırılabilir. Bu sunum içeriği; güvenli yazılım geliştirme adına yapılması gereken en yaygın 10 pratik çözümü ve örneklerini içeriyor olacaktır.
5 Tips to Successfully Running a Bug Bounty Programbugcrowd
Learn why bug bounties are great tools in application security, why they can be difficult, and how you can utilize them to start finding more critical vulnerabilities.
Part 1 of 3 part series of "Mastering Next-Gen SIEM Use Cases"
The following presentation talks about the mindset which next-gen threat hunters need to have in order to detect and respond to next-gen threats.
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Amazon Web Services
Executives from the Intelligence community discuss cloud security best practices in a field where security is imperative to operations. Security Cloud Chief John Nicely and Deputy Chief of Cyber Integration Scott Kaplan share success stories of migrating mass data to the cloud from a security perspective. Hear how they migrated their IT portfolios while managing their organizations' unique blend of constraints, budget issues, politics, culture, and security pressures. Learn how these institutions overcame barriers to migration, and ask these panelists what actions you can take to better prepare yourself for the journey of mass migration to the cloud.
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...PROIDEA
In this presentation, we show promising new defense-in-depth techniques to protect modern web applications from old and new classes of bugs: Suborigins to have finer-grained control over origin boundaries, Site Isolation and XSDB against Spectre and Meltdown attacks, and last but not least Origin and Feature Policy. In addition to that, we explain new features of the upcoming CSP 3 specification like 'unsafe-hashed-attributes' and give an overview of how we were able to enforce CSP as a strong mitigation against cross-site scripting on over 50% of production web traffic at Google. With increased adoption new challenges arise: dealing with CSP report noise - generated by buggy browsers, extensions, malware and security software - devising an effective monitoring infrastructure, and keeping on top of bypassing techniques. In this presentation we reveal how our internal CSP infrastructure works and how we solved problems, share our experience, show real-world examples, best practices and common pitfalls. Finally, we hint at a new promising web mitigation technique, which we hope to see gaining traction in the near future: Suborigins.
Integrity protection for third-party JavaScriptFrancois Marier
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere.
This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.
Understanding Information Security Assessment TypesHackerOne
There are many different types of security assessments,
...and they’re not always easy to keep separately in our minds (especially for sales types).”
Enter Daniel Miessler.
Daniel Miessler is a well-known information security professional based in San Francisco. For more than 20 years, he’s been writing about his infosec projects and other interests, as he puts it, “as a means of organizing everything
I have learned and want to learn.”
With organization and education in mind, Daniel wrote a helpful post describing the major types of security assessments and how they’re unique. If you’re one of the “sales types” Daniel mentions above, or just looking to educate yourself on infosec topics, then click ahead.
So here in all its glory is Daniel Miessler’s brief description of the major types of security assessment, along with what differentiates them.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity).
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking.
This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser.
https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
Prepared by Anastasiia, iOS Engineer at Stanfy for speaking at do {iOS} Amsterdam 2015.
We will talk a bit about avoiding snake oil, getting rid of cognitive biases when planning application security, and how to avoid becoming cryptography professor when you only need to protect your app.
Web App Security for Java Developers - PWX 2021Matt Raible
Web app security is not just authentication and authorization. It's also the things you do to protect your web app from attackers with their XSS (cross-site scripting), SQL injection, DoS/DDoS attacks, and CSRF (cross-site request forgery), to name a few.
Web app security is a central component of any web-based business. The internet exposes web apps to attacks from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications, and web services such as APIs.
In this presentation, you'll learn seven ways to better web app security, using Spring Security for code samples. You'll also see some quick demos of Spring Boot, Angular, and JHipster with Keycloak, Auth0, and Okta.
Wireless Pentesting: It's more than cracking WEPJoe McCray
This presentation walks you through the fundamentals of attacking and defending wireless networks.
Attacking WEP, WPA, WPA2, WPA Enterprise and captive portals is covered, and this presentation will be updated periodically. So keep checking back for updates.
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
In this session, you'll learn about recommended patterns for securing your backend APIs, the infrastructure they run on, and your SPAs and mobile apps.
The world is no longer a place where you just need to secure your apps’ UI. You need to pay attention to your dependency pipeline and open source frameworks, too. Once you have the app built, with secure-by-design code, what about the cloud it runs on? Are the servers secure? What about the accounts you use to access them?
If you lock all that sh*t down, how do you codify your solution so you can transport it cloud-to-cloud, or back to on-premises? This session will explore these concepts and many more!
If you think you’re safe because you have two-factor authentication protecting your applications and data, you might want to rethink your security strategy. While certain two-factor methods can be secure, others can be easily defeated leaving you vulnerable to attacks.
Learn why simple two-factor authentication is not enough and what you can do to make sure you are protected. We'll present a new approach to authentication, which continuously analyzes risk-factors including, geo-location, behavioural biometrics and threat intelligence, to ensure your users are who they say they are.
5 Tips to Successfully Running a Bug Bounty Programbugcrowd
Learn why bug bounties are great tools in application security, why they can be difficult, and how you can utilize them to start finding more critical vulnerabilities.
Part 1 of 3 part series of "Mastering Next-Gen SIEM Use Cases"
The following presentation talks about the mindset which next-gen threat hunters need to have in order to detect and respond to next-gen threats.
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Amazon Web Services
Executives from the Intelligence community discuss cloud security best practices in a field where security is imperative to operations. Security Cloud Chief John Nicely and Deputy Chief of Cyber Integration Scott Kaplan share success stories of migrating mass data to the cloud from a security perspective. Hear how they migrated their IT portfolios while managing their organizations' unique blend of constraints, budget issues, politics, culture, and security pressures. Learn how these institutions overcame barriers to migration, and ask these panelists what actions you can take to better prepare yourself for the journey of mass migration to the cloud.
CONFidence 2018: Defense-in-depth techniques for modern web applications and ...PROIDEA
In this presentation, we show promising new defense-in-depth techniques to protect modern web applications from old and new classes of bugs: Suborigins to have finer-grained control over origin boundaries, Site Isolation and XSDB against Spectre and Meltdown attacks, and last but not least Origin and Feature Policy. In addition to that, we explain new features of the upcoming CSP 3 specification like 'unsafe-hashed-attributes' and give an overview of how we were able to enforce CSP as a strong mitigation against cross-site scripting on over 50% of production web traffic at Google. With increased adoption new challenges arise: dealing with CSP report noise - generated by buggy browsers, extensions, malware and security software - devising an effective monitoring infrastructure, and keeping on top of bypassing techniques. In this presentation we reveal how our internal CSP infrastructure works and how we solved problems, share our experience, show real-world examples, best practices and common pitfalls. Finally, we hint at a new promising web mitigation technique, which we hope to see gaining traction in the near future: Suborigins.
Integrity protection for third-party JavaScriptFrancois Marier
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere.
This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.
Understanding Information Security Assessment TypesHackerOne
There are many different types of security assessments,
...and they’re not always easy to keep separately in our minds (especially for sales types).”
Enter Daniel Miessler.
Daniel Miessler is a well-known information security professional based in San Francisco. For more than 20 years, he’s been writing about his infosec projects and other interests, as he puts it, “as a means of organizing everything
I have learned and want to learn.”
With organization and education in mind, Daniel wrote a helpful post describing the major types of security assessments and how they’re unique. If you’re one of the “sales types” Daniel mentions above, or just looking to educate yourself on infosec topics, then click ahead.
So here in all its glory is Daniel Miessler’s brief description of the major types of security assessment, along with what differentiates them.
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity).
As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking.
This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser.
https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016
Avoiding damage, shame and regrets data protection for mobile client-server a...Stanfy
Prepared by Anastasiia, iOS Engineer at Stanfy for speaking at do {iOS} Amsterdam 2015.
We will talk a bit about avoiding snake oil, getting rid of cognitive biases when planning application security, and how to avoid becoming cryptography professor when you only need to protect your app.
Web App Security for Java Developers - PWX 2021Matt Raible
Web app security is not just authentication and authorization. It's also the things you do to protect your web app from attackers with their XSS (cross-site scripting), SQL injection, DoS/DDoS attacks, and CSRF (cross-site request forgery), to name a few.
Web app security is a central component of any web-based business. The internet exposes web apps to attacks from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications, and web services such as APIs.
In this presentation, you'll learn seven ways to better web app security, using Spring Security for code samples. You'll also see some quick demos of Spring Boot, Angular, and JHipster with Keycloak, Auth0, and Okta.
Wireless Pentesting: It's more than cracking WEPJoe McCray
This presentation walks you through the fundamentals of attacking and defending wireless networks.
Attacking WEP, WPA, WPA2, WPA Enterprise and captive portals is covered, and this presentation will be updated periodically. So keep checking back for updates.
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...Matt Raible
In this session, you'll learn about recommended patterns for securing your backend APIs, the infrastructure they run on, and your SPAs and mobile apps.
The world is no longer a place where you just need to secure your apps’ UI. You need to pay attention to your dependency pipeline and open source frameworks, too. Once you have the app built, with secure-by-design code, what about the cloud it runs on? Are the servers secure? What about the accounts you use to access them?
If you lock all that sh*t down, how do you codify your solution so you can transport it cloud-to-cloud, or back to on-premises? This session will explore these concepts and many more!
If you think you’re safe because you have two-factor authentication protecting your applications and data, you might want to rethink your security strategy. While certain two-factor methods can be secure, others can be easily defeated leaving you vulnerable to attacks.
Learn why simple two-factor authentication is not enough and what you can do to make sure you are protected. We'll present a new approach to authentication, which continuously analyzes risk-factors including, geo-location, behavioural biometrics and threat intelligence, to ensure your users are who they say they are.
In today's cloud era, admins struggle to keep their IT infrastructures safe. Cloud security is joint responsibility and what we need is a new approach!
In this session, you will learn how to securely deploy and maintain Azure infrastructure solutions, why automation is essential, what network security and encryption options you have, and how access control can prevent you from having sleepless nights.
We will successfully attack an Azure environment live on stage, dive deep into Azure Security Center, and see how we can use it to ultimately secure IT infrastructures on premises, hybrid, and on Azure.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
Join the Community IT monthly webinar series as we discuss the latest trends in IT Security for Nonprofits. Make IT Security a priority for your nonprofit in 2016.
Dayton Microcomputer Association (DMA):
April 2020 - Online Meeting
Date: April 28, 2020
Topic: Stupid Cyber Criminal Tricks and How to Combat Them
Speaker: Matt Scheurer
This talk covers various techniques used by cyber criminals, and how to spot them. This is the accompanying slide deck for a presentation that covers live demos. Who does not love a good cyber-crime story?
Introduction to the Current Threat LandscapeMelbourne IT
Do you know what threats are lurking in the shadows? Have you been compromised without even knowing about it? Most companies don't even know if their business has been subjected to attacks and even worse, may have lost sensitive data without knowing about it until it’s too late.
The latest vulnerabilities highlight the extent and depth that hackers are adopting to steal your content or destroy trust in your brand. Our industry experts joining us for the presentation have a wealth of experience in robust security strategies and will be discussing the current online threat landscape, the most prominent approaches to security breaches and what you need to consider to protect your online presence from any potential malicious attacks.
About Melbourne IT:
Melbourne IT Enterprise Services designs, builds and operates custom cloud solutions for Australia’s leading enterprises. Its expert staff help enterprises solve business challenges and build cultures that enable organisations to use technology investments efficiently to improve long-term value. With more than 15 years’ experience in delivering managed outcomes to Australian enterprises, Melbourne IT has been long associated with enabling success. Its certified cloud, consulting, and security experts repeatedly deliver results. Many of the brands you already know and trust rely on Melbourne IT. For more information, visit www.melbourneitenterprise.com.au
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsPrecisely
The most effective approach to cybersecurity is having multiple layers of defense mechanisms deployed to protect your systems. This is commonly referred to as “Defense in Depth”.
Because your IBM i holds data that is vital to your business, implementing multiple IBM i technologies that will help prevent or detect an accidental error or malicious behavior is essential.
Watch our on-demand webinar where Carol Woodbury of DXR Security discusses three of the current real-world issues facing organizations today and how layering multiple security technologies can protect your data and avoid business disruptions.
Register to hear about:
• The benefits of implementing defense in depth
• Determining the value and risk level of your data
• Developing a plan to implement as many layers as needed to appropriately reduce risk
Adversary tactics config mgmt-&-logs-oh-myJesse Moore
Jesse Presented at South Sound Hackers Meetup September 23rd 2018, to provide Security Awareness about Adversary tactics, logs and secure configs for Windows environment.
https://www.meetup.com/SouthSound-hackers-Meetup/events/past/
How to 2FA-enable Open Source Applications (Extended Session)
Presented at: Open Source 101 at Home 2020
Presented by: Mike Schwartz, Gluu
Abstract: Your organization loves open source tools like Wordpress, SuiteCRM, NextCloud, RocketChat, and OnlyOffice... but most of these tools are protected with plain old passwords. You want to use two-factor authentication... but how? In this workshop, you'll learn:
- Which 2FA technologies can be used without paying a license;
- How to enable users to enroll and delete 2FA credentials;
- How to configure open source applications to act as a federated relying party--delegating authentication to a central service
- How custom applications can act as a federated relying party
Here are the discussions that are mentioned in P19 of "Fend Off Cyberattack with Episodic Memory"
https://www.slideshare.net/HitoshiKokumai/fend-off-cyberattack-with-episodic-memory-24feb2023
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
Got Invited for conducting the workshop on ‘Cyber Security’ at top notch engineering college.
Sardar Patel Institute of Technology, Andheri on 3rd October, 2015.
Student feedback:-
https://drive.google.com/file/d/0B_uWWP1uW7TFWVdTanJFdTlqNkE/view?usp=sharing
Appreciation letter:-
https://drive.google.com/file/d/0B_uWWP1uW7TFMkVVUTR4V1JTN2c/view?usp=sharing
Similar to Microsoft Ignite The Tour 2020 - BRK30173 - Identity is the new control plane (20)
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
3. about me.
Tom Janetscheck
Principal Cloud Security Architect with Devoteam Alegri
Focused on Cloud Security, IaaS, Azure Identity, and Governance
Community Lead of Azure Meetup Saarbrücken
Co-founder and co-organizer of Azure Saturday
Tech blogger and book author
@azureandbeyond
https://blog.azureandbeyond.com
4. Federal criminal agency – 2018 cybercrime situation report
87.000 cases of cybercrime
in 2018
60.000.000 € amount of damage
with an immense dark figure
Estimated amount of damage
according to Bitcom:
100.000.000.000 (!) € per year
Source: BKA - 2018 Cybercrime situation report
5. Attack services are cheap
Ransomware:
https://aka.ms/CISOWorkshop
Zero-days:
Breaching services on
a per job basis:
Exploit kits:
Loads (compromised device):
Spearphishing services:
Compromised accounts:
Denial of Service:
Highest average price
6. Exploit kits:
Price: $1,400
per month
Attack services are cheap
Ransomware:
Price: $66 upfront or
30% of the profit
(affiliate model)
https://aka.ms/CISOWorkshop
Zero-days:
Price: $5,000 to $350,000
Breaching services on
a per job basis:
Price range: $250 or
much more
Loads (compromised device):
Price: PC - $0.13 to $0.89
Mobile - $0.82 to $2.78
Spearphishing services:
Price: $100 to $1,000 per
successful account take over
Compromised accounts:
https://aka.ms/CyberHygiene
Denial of Service:
Price: $766.67 per month
7. DDoS Attacks – value for money
Source: Kaspersky Lab Research Report 02/2018
Price per month Average cost (SMB) Average cost (enterprise)
$766.67
$120,000.00
$2,000,000.00
DDoS attack - value for money
15. User
Role: Sales Account Representative
Group: London Users
Device: Windows
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
Office resource
Conditional
access risk
Health: Device compromised
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Malicious activity detected on device
Device
Sensitivity: Medium
Block access
Force threat
remediation
https://channel9.msdn.com/events/Ignite/
Microsoft-Ignite-Orlando-2017/BRK3016
In January 2020, there was a DDoS attack conducted against a fintech service provider in Germany, resulting in a huge amount of people not being able to use online banking for some hours/days.
8
Key Takeaway: Defender need to transition to using an identity security perimeter as our primary defense strategy
CLICK 1
The first thing to note is that the network security perimeters we built still work against the attacks they were designed to repel. This is quickly confirmed by anyone exposes an unpatched operating system or application to the direct internet without a firewall.
CLICK 2
Unfortunately attackers have also developed a new generation of techniques that include phishing and credential theft. These techniques allow attackers to reliably penetrate the network security perimeter and navigate around behind it.
CLICK 3
Additionally, newer technologies to increase productivity are causing data to move outside the corporate network onto managed and unmanaged devices, cloud services (both sanctioned/managed and unauthorized/Shadow IT applications). The trustworthiness of these devices and services are not defined by which IP subnet they are hosted on, so we need to manage the identities of these users, devices, services, and data.
CLICK 4
Both of these trends diminish the effectiveness of the network as the sole security perimeter. We now need to establish an identity based perimeter so we can draw a line (of consistent security controls) between our assets and the threats to them.
Key Takeaway: This is a comparison of the visibility and control you get with classic network perimeters vs a modern identity perimeter (based on Azure Active Directory Conditional Access)
A network perimeter is composed of several functions (often combined into the same appliance) that uses data available from the network traffic to make a decision on whether to allow or block a connection. While this provides security visibility and control against some attacks, it has several significant limitations including:
Scope is limited to resources hosted on a controlled network such as an intranet/extranet
Visibility is limited to what is available on the network, which is often encrypted and frequently lacks important context on application function, user identity, data sensitivity, and other factors.
Control is limited to allow and block, which doesn’t allow for managing the user experience and providing self service corrections, exception management, etc.
CLICK 1
In contrast, an identity perimeter is aware of the user, device, and a number of attributes about each of them including the user's role, whether they logged on with MFA, when and where the device was last seen, the security health of the device, and more.
The conditional access engine uses this information to calculate the relative risk of the operation as high, medium or low.
The actions available include allow and block as well as
Allow Restricted – Users may be allowed to authenticate, but only granted limited access (e.g. a user would be granted only online access to document in SharePoint online vs. being allowed to download)
Require MFA - For authentication attempts with a medium risk (such as authentications from an unexpected time/geography), conditional access can require additional proof of identity before granting access (where this wouldn’t happen within their normal time/geography)
Force Remediation – For high risk scenarios such as a known compromised password or computer, conditional access can force the issue to be remediated (e.g. force the user to change a password that has been leaked, requiring defender to remediate the device
Network based perimeters provided needed controls for legacy workloads and PaaS components where the workload is under the control of the IT department (e.g. web applications), but protecting data and protecting newer asset types like Software as a Service (SaaS) requires and identity perimeter to provide the needed visibility and control.
Key Takeaway: This is an example of conditional access enforcing policy on an authentication attempt
In this example, a user is logging in with a device and attempting to access an internal file in Office 365 with a medium sensitivity
CLICK 1
The user provides valid credentials and the user/device information checks out (so far), so the conditional risk level would be low.
CLICK 2
As other factors are considered in the authentication decision, conditional access finds risk factors that would set risk to
Medium
An anonymous IP as the connection is coming in over the Tor network
The device was last seen in an unfamiliar sign in location
High
Defender ATP has indicated that this device has been compromised
Because of this, the conditional access engine blocks the authentication attempt and forces threat remediation (through Defender ATP)
az login -u john@azureandbeyond.com -p Secur1tyR0ck --allow-no-subscriptions -> wrong password
az login -u john@azureandbeyond.com -p Secur1tyR0cks --allow-no-subscriptions -> MFA challenge
Show AAD Sign In Logs after password spray
Tor browser – login Ben, John, Tim
Show Azure AD Identity Protection
Show passwordless signin with YubiKey
Show Azure AD PIM