This document provides an overview of the NGINX web server. It discusses why NGINX was created, its basic configuration and usage, how to set up servers and locations, handle static content, rewrite URLs, add authentication and caching, load balance between servers, and use PHP with FastCGI. The document also includes code examples for common NGINX configurations.
Este slide foi feito para uma apresentação no Papo Reto da Bluesoft. Nesta apresentação eu falo sobre o protocolo ACME (Automated Certificate Management Environment) para automatizar o gerenciamento de certificados para validação de domínio. Falo também sobre o Let's Encrypt, uma CA baseada no protocolo ACME e que será lançada em setembro de 2015.
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...Ontico
С чем у вас ассоциируется получение информации об уязвимостях?
Почтовые списки, рассылки вендоров, репорты сканеров информационной безопасности и огромное многообразие источников данных, включая даже индивидуально настроенные обновления на поисковые запросы в Google. Вы используете разные платформы, множество аппаратных решений и целый букет библиотек в зависимостях вашего кода. Как отличить тот момент, когда пора все бросать и бежать ставить патчи, от minor-проблемы, не требующей мгновенных действий?
Разрозненность данных, отсутствие унификации и миллион источников отлично характеризуют ситуацию. Казалось бы, CVE и CPE решили эту проблему. Да, каждая уязвимость имеет свой уникальный идентификатор, CVSS-вектор и привязку к уязвимому продукту. Можно отслеживать появление новых и вчитываться в суть проблемы. Но вы точно хотите выделить под это отдельного человека?
В своем докладе мы раскроем, почему SCAP не решил проблему, как собрать все воедино в одном формате и создать одну из крупнейших бесплатных баз данных уязвимостей. Python, Elasticsearch, MongoDB и все-все-все. Также мы коснемся интимной темы vulnerability intelligence, расскажем, как просканировать Linux на наличие уязвимостей "бесплатно без SMS" за 160 миллисекунд и сделать систему оповещения о новых уязвимостях такой, какая нужна именно вам.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
Este slide foi feito para uma apresentação no Papo Reto da Bluesoft. Nesta apresentação eu falo sobre o protocolo ACME (Automated Certificate Management Environment) para automatizar o gerenciamento de certificados para validação de domínio. Falo também sobre o Let's Encrypt, uma CA baseada no protocolo ACME e que será lançada em setembro de 2015.
Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко...Ontico
С чем у вас ассоциируется получение информации об уязвимостях?
Почтовые списки, рассылки вендоров, репорты сканеров информационной безопасности и огромное многообразие источников данных, включая даже индивидуально настроенные обновления на поисковые запросы в Google. Вы используете разные платформы, множество аппаратных решений и целый букет библиотек в зависимостях вашего кода. Как отличить тот момент, когда пора все бросать и бежать ставить патчи, от minor-проблемы, не требующей мгновенных действий?
Разрозненность данных, отсутствие унификации и миллион источников отлично характеризуют ситуацию. Казалось бы, CVE и CPE решили эту проблему. Да, каждая уязвимость имеет свой уникальный идентификатор, CVSS-вектор и привязку к уязвимому продукту. Можно отслеживать появление новых и вчитываться в суть проблемы. Но вы точно хотите выделить под это отдельного человека?
В своем докладе мы раскроем, почему SCAP не решил проблему, как собрать все воедино в одном формате и создать одну из крупнейших бесплатных баз данных уязвимостей. Python, Elasticsearch, MongoDB и все-все-все. Также мы коснемся интимной темы vulnerability intelligence, расскажем, как просканировать Linux на наличие уязвимостей "бесплатно без SMS" за 160 миллисекунд и сделать систему оповещения о новых уязвимостях такой, какая нужна именно вам.
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
Presented to the Philly DevOps Meetup November 29, 2016.
Managing secrets is hard. It’s even harder in the cloud. At Jornaya (formerly LeadiD), we chose Hashicorp Vault to manage our secrets in AWS, and I’d like to share our experience with everyone.
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
My presentation on how to use malware indicators of compromise to create rootcheck signatures for OSSEC. Explains different malware collection and analysis techniques.
Configuring SSL on NGNINX and less tricky serversAxilis
Sergej Jakovljev explains how to setup different levels of security over SSL. What's the difference between different SSL certificates and how to set them up on NGINX, Heroku and Node.js.
The many benefits of a RESTful architecture has made it the standard way in which to design web based APIs. For example, the principles of REST state that we should leverage standard HTTP verbs in order to help keep our APIs simple. Server components that are considered RESTFul should be stateless which help to ensure that they can easily scale.
However, the best practices of REST and security often seem to clash. How should sensitive information be transmitted in RESTful APIs? How should a user be authenticated in a stateless application? How is it possible to design an API so it is both secure and RESTful? Securing RESTful endpoints is further complicated by the the fact that security best practices evolve so rapidly.
In this talk Rob will explore various ways to perform authentication in RESTful APIs. Along the way we will clear up misconceptions, explore common pitfalls, and discover new insights into authentication.
Sounds daunting right? But there is always a case where your organisation has either a custom, or third party system that you could leverage generating secrets for, or maybe an IAM system that doesn't quite fit on the ones included in Vault. Well, a couple of months ago I went from "no go" to writing my first plugin from Vault, and I'd like to tell you how I did it. This talk doesn't require you to know go, but it does require a minimal level of understanding of object oriented programming.
ModSecurity 3.0 and NGINX: Getting Started - EMEANGINX, Inc.
On demand version can be accessed at https://www.nginx.com/resources/webinars/modsecurity-3-0-and-nginx-getting-started-emea/
The long-awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
Watch this webinar to learn:
- A brief history of the ModSecurity project
- How ModSecurity stops Layer 7 attacks
- What’s changed with ModSecurity 3.0 and how it integrates with NGINX
- How to install and configure ModSecurity with both open source NGINX and NGINX Plus
Her ne kadar yazılımların saldırı vektörleri çok fazla olsa da aslında güvenli yazılım geliştirme adına yapılacak pratik çözümler ile çok sayıda uygulama güvenliği problemi ortadan kaldırılabilir. Bu sunum içeriği; güvenli yazılım geliştirme adına yapılması gereken en yaygın 10 pratik çözümü ve örneklerini içeriyor olacaktır.
The tools at our disposal today for deploying HTTPS are tremendously powerful, and easy to use. Initiatives like Let's Encrypt offer certificates, and new security policies like HSTS and HPKP allow you to protect against extremely powerful attacks. HTTPS, Here and Now!
This was an invited talk at the ICT Security Happening, organized by the VDAB Competence Center in Leuven.
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was presented at the OWASP Belgium Chapter Meeting in May 2017.
Password cracking is a staple part of any pentest. This presentation dives into custom hashcat rules and analysis to yield better results when cracking, then follows up with cracking length limitations imposed by hardware.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
My presentation on how to use malware indicators of compromise to create rootcheck signatures for OSSEC. Explains different malware collection and analysis techniques.
Configuring SSL on NGNINX and less tricky serversAxilis
Sergej Jakovljev explains how to setup different levels of security over SSL. What's the difference between different SSL certificates and how to set them up on NGINX, Heroku and Node.js.
The many benefits of a RESTful architecture has made it the standard way in which to design web based APIs. For example, the principles of REST state that we should leverage standard HTTP verbs in order to help keep our APIs simple. Server components that are considered RESTFul should be stateless which help to ensure that they can easily scale.
However, the best practices of REST and security often seem to clash. How should sensitive information be transmitted in RESTful APIs? How should a user be authenticated in a stateless application? How is it possible to design an API so it is both secure and RESTful? Securing RESTful endpoints is further complicated by the the fact that security best practices evolve so rapidly.
In this talk Rob will explore various ways to perform authentication in RESTful APIs. Along the way we will clear up misconceptions, explore common pitfalls, and discover new insights into authentication.
Sounds daunting right? But there is always a case where your organisation has either a custom, or third party system that you could leverage generating secrets for, or maybe an IAM system that doesn't quite fit on the ones included in Vault. Well, a couple of months ago I went from "no go" to writing my first plugin from Vault, and I'd like to tell you how I did it. This talk doesn't require you to know go, but it does require a minimal level of understanding of object oriented programming.
ModSecurity 3.0 and NGINX: Getting Started - EMEANGINX, Inc.
On demand version can be accessed at https://www.nginx.com/resources/webinars/modsecurity-3-0-and-nginx-getting-started-emea/
The long-awaited ModSecurity 3.0 is available now. ModSecurity 3.0 is a complete rewrite of ModSecurity, and is the first version to work natively with NGINX. ModSecurity 3.0 loads into NGINX as a dynamic module.
Watch this webinar to learn:
- A brief history of the ModSecurity project
- How ModSecurity stops Layer 7 attacks
- What’s changed with ModSecurity 3.0 and how it integrates with NGINX
- How to install and configure ModSecurity with both open source NGINX and NGINX Plus
Her ne kadar yazılımların saldırı vektörleri çok fazla olsa da aslında güvenli yazılım geliştirme adına yapılacak pratik çözümler ile çok sayıda uygulama güvenliği problemi ortadan kaldırılabilir. Bu sunum içeriği; güvenli yazılım geliştirme adına yapılması gereken en yaygın 10 pratik çözümü ve örneklerini içeriyor olacaktır.
The tools at our disposal today for deploying HTTPS are tremendously powerful, and easy to use. Initiatives like Let's Encrypt offer certificates, and new security policies like HSTS and HPKP allow you to protect against extremely powerful attacks. HTTPS, Here and Now!
This was an invited talk at the ICT Security Happening, organized by the VDAB Competence Center in Leuven.
Unique course notes for the Certified Kubernetes Administrator (CKA) for each section of the exam. Designed to be engaging and used as a reference in the future for kubernetes concepts.
A review of the webshells used by bad guys. How they are protected but also mistakes in their implementation. This talk was presented at the OWASP Belgium Chapter Meeting in May 2017.
Password cracking is a staple part of any pentest. This presentation dives into custom hashcat rules and analysis to yield better results when cracking, then follows up with cracking length limitations imposed by hardware.
Slides from "Managing Secrets at scale" at Velocity EU 2015
Secrets come in many shapes and sizes: database API keys, database passwords, private keys. Distributing and managing these secrets is usually an afterthought. It's hard to get right, and can be very expensive if you get it wrong. In this session, we'll look at the core operations and properties that make up a good secret management system, and how these principals can be implemented
You’re ready to make your applications more responsive, scalable, fast and secure. Then it’s time to get started with NGINX. In this webinar, you will learn how to install NGINX from a package or from source onto a Linux host. We’ll then look at some common operating system tunings you could make to ensure your NGINX install is ready for prime time.
View full webinar on demand at http://nginx.com/resources/webinars/installing-tuning-nginx/
When one server just isn’t enough, how can you scale out? In this webinar, you'll learn how to build out the capacity of your website. You'll see a variety of scalability approaches and some of the advanced capabilities of NGINX Plus.
View full webinar on demand at http://nginx.com/resources/webinars/nginx-load-balancing-software/
Next Generation DevOps in Drupal: DrupalCamp London 2014Barney Hanlon
In this talk, Barney will be discussing and demonstrating how to:
- Use nginx, Varnish and Apache together in a "SPDY sandwich" to support HTTP 2.0
- Setting up SSL properly to mitigate against attack vectors
- Performance improvements with mod_pagespeed and nginx
- Deploying Drupal sites with Docker containers
Barney is a Technical Team Leader at Inviqa, a Drupal Association member and writes for Techportal on using technologies to improve website performance. He first started using PHP professionally in 2003, and has over seventeen years experience in software development. He is an advocate of Scrum methodology and has an interest in performance optimization, researching and speaking on various techniques to improve user experience through faster load times.
DockerCon Live 2020 - Securing Your Containerized Application with NGINXKevin Jones
NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.Additional Sponsor InformationDuring our session we will be Raffling off a swag pack to live attendees. We'll also be offering 30% off our swag store that can be shared via social. Details below:URL: swag-nginx.com
Code: DOCKERCON30
Value: 30% off
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
On-demand recording: nginx.com/resources/webinars/nginx-basics-best-practices-live-emea
You have heard of NGINX and the benefits it can provide to your web application, but maybe you are not sure how to get started. There are a lot of tutorials online, but they can be outdated and contradict each other – making things more challenging.
This webinar will teach you how to:
* Install NGINX and verify it’s properly running
* Create NGINX configurations for reverse proxy, load balancing, and more
* Improve performance using keepalives and other NGINX directives
* Debug and troubleshoot using NGINX logs
Learn how to load balance your applications following best practices with NGINX and NGINX Plus.
On-Demand Recording: https://www.nginx.com/resources/webinars/high-performance-load-balancing/
Join this webinar to learn:
* How to configure basic HTTP load balancing features
* The essential elements of load balancing: session persistence, health checks, and SSL termination
* How to load balance MySQL, DNS, and other common TCP/UDP applications
* How to have NGINX Plus automatically discover new service instances in an auto-scaling or microservices environment
About the webinar
You’ve built a great application and it’s gaining in popularity. Or maybe you already have a hardware load balancer and you’re looking to replace it with a software solution. In this webinar we’ll share the latest information on how to scale-out and load balance your applications with NGINX and NGINX Plus.
A talk I gave at the recent Advanced AWS Meeup - this is a detailed guide to how I installed and set up Spinnaker to work with our infrastructure at Stitch Fix. I go over the various problems I ran into and how I solved them. I hope this can be useful for others setting up, or interested in setting up Spinnaker for their purposes.
**Big thanks to Armory for recording the talks! Video for this talk can be found here: https://youtu.be/ywzPblFpIE0 (I'm the second speaker)**
I will be giving a brief overview of the history of NGINX along with an overview of the features and functionality in the project as it stands today. I will give some real use case of example of how NGINX can be used to solve problems and eliminate complexity within infrastructure. I will then dive into the future of the modern web and how NGINX is monitoring and leveraging industry changes to enhance the product for individuals and companies in the industry.
Learn how to load balance your applications following best practices with NGINX and NGINX Plus.
Join this webinar to learn:
- How to configure basic HTTP load balancing features
- The essential elements of load balancing: session persistence, health checks, and SSL termination
- How to load balance MySQL, DNS, and other common TCP/UDP applications
- How to have NGINX Plus automatically discover new service instances in an auto-scaling or microservices environment
Securing Network Access with Open Source solutionsNick Owen
My presentation from Atlanta Linux Fest on how to allow users secure access to your network using open source technologies. Examples include how to add two-factor authentication to Apache, OpenVPN, Astaro, NX etc.
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
Web Applications Hacking – Ruby on Rails example.
Attack web applications by using SQL attacks, CSRF, XSS. You will learn how to extract information by generating API json / xml and how to use cookies to code injection.
Google is ranking your site higher if you have SSL installed. And now some browsers are warning us if a site is not
secure. Here is the presentation from a Meetup I lead on adding SSL to your website.
Let us spend less time writing trivial stuff and more time focusing on great code that doesn't need documentation to be understood.
Save other peoples time by writing less !
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
4. WORKING FOR
ResearchGate gives science back to the people who make it happen.
We help researchers build reputation and accelerate scientific
progress.
On their terms.
26. LOAD BALANCING LEGACY
upstream web_workers {
ip_hash;
server www1.example.com;
server www2.example.com;
server www3.example.com;
server www4.example.com;
}
33. REALLY SUPPORTS ANY LAYOUT
Make /foo/ go to .../foo/index.php
location ~ ^.+.php {
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/myApp/src$fastcgi_script_name;
}