OAuth is an open standard for authentication that allows users to log into third party applications using their existing credentials from another service, without having to expose their password. OEmbed is a format for converting URLs into embeddable rich content like photos or videos. It allows websites to display content from other sites without having to manually embed HTML or write custom code. Both standards aim to simplify authentication and content embedding while keeping users' data and identities secure.
Pure Sign Breakfast Presentations - Drupal FieldAPIPure Sign
Introduction to Drupal FieldAPI.
Topics:
The different abstractions behind the FieldAPI.
The Drupal hooks needed to define your own custom Field.
The advantages of creating fields using the Drupal FieldAPI.
Media handling in Drupal (Drupalcamp Leuven 2013)Pure Sign
Drupal provides various ways to enrich your dull textual content by adding pictures, video's and other media. All of the available solutions come with their advantages and disadvantages or pitfalls to take into account.
This presentation will give you an overview of the media landscape in Drupal and walk through the options that are available to you.
Topics include:
* Media handling in Drupal core
* Module comparison: Media, Scald, Asset
* WYSIWYG integration
* oEmbed
Pure Sign Breakfast Presentations - Drupal FieldAPIPure Sign
Introduction to Drupal FieldAPI.
Topics:
The different abstractions behind the FieldAPI.
The Drupal hooks needed to define your own custom Field.
The advantages of creating fields using the Drupal FieldAPI.
Media handling in Drupal (Drupalcamp Leuven 2013)Pure Sign
Drupal provides various ways to enrich your dull textual content by adding pictures, video's and other media. All of the available solutions come with their advantages and disadvantages or pitfalls to take into account.
This presentation will give you an overview of the media landscape in Drupal and walk through the options that are available to you.
Topics include:
* Media handling in Drupal core
* Module comparison: Media, Scald, Asset
* WYSIWYG integration
* oEmbed
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
The presentation done at Colombo White Hat Security Meetup for introducing OAuth framework to the security enthusiasts. The event details are in [1].
[1] https://www.meetup.com/Colombo-White-Hat-Security/events/255358391/
OAuth 2.0
Oauth2.0 is an “authorization” framework for web applications. It permits selective access to a user’s resource without disclosing the password to the website which asks for the resource.
Agenda for the session:
What is Oauth 2.0
Oauth 2.0 Terminologies
Oauth workflow
Exploiting Oauth for fun and profit
Reference
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
Adding Identity Management and Access Control to your AppFIWARE
Adding Identity Management and Access Control to your App presentation, by Alvaro Alonso & Cyril Dangerville.
Security Chapter. 1st FIWARE Summit, Málaga Dec. 13-15, 2016.
This presentation describes best practices and considerations when using OAuth2 with native applications, and how best practices can be implemented with node in Electron and NW.js.
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
We know and love our authentication standards for the web, yet on mobile we often still resort to usernames & passwords in our apps.
This presentation explores OpenID Connect (OIDC) and OAuth 2.0 in the context of mobile apps to see how they decouple authentication logic from your app and promote simpler and more flexible patterns for user authentication and API authorization.
This presentation was first given in the London Mobile Security Meetup
https://www.meetup.com/London-Mobile-Developer-Security/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
The presentation done at Colombo White Hat Security Meetup for introducing OAuth framework to the security enthusiasts. The event details are in [1].
[1] https://www.meetup.com/Colombo-White-Hat-Security/events/255358391/
OAuth 2.0
Oauth2.0 is an “authorization” framework for web applications. It permits selective access to a user’s resource without disclosing the password to the website which asks for the resource.
Agenda for the session:
What is Oauth 2.0
Oauth 2.0 Terminologies
Oauth workflow
Exploiting Oauth for fun and profit
Reference
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
Adding Identity Management and Access Control to your AppFIWARE
Adding Identity Management and Access Control to your App presentation, by Alvaro Alonso & Cyril Dangerville.
Security Chapter. 1st FIWARE Summit, Málaga Dec. 13-15, 2016.
This presentation describes best practices and considerations when using OAuth2 with native applications, and how best practices can be implemented with node in Electron and NW.js.
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
We know and love our authentication standards for the web, yet on mobile we often still resort to usernames & passwords in our apps.
This presentation explores OpenID Connect (OIDC) and OAuth 2.0 in the context of mobile apps to see how they decouple authentication logic from your app and promote simpler and more flexible patterns for user authentication and API authorization.
This presentation was first given in the London Mobile Security Meetup
https://www.meetup.com/London-Mobile-Developer-Security/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
4. A simple open standard for secure API
authentication.
http://oauth.net
5. The (API) Love Triangle
End User
Web Service 3rd Party App
“Service Provider” “Consumer Application”
6. Specifically OAuth is...
Authentication
Need to log in to access parts of a website
ex: post a message, add a friend, view private
data
Token-based Authentication
Logged-in user has a unique token used to
access data from the site
7. Just like...
‣ Flickr Auth
‣ Google’s AuthSub
‣ Yahoo’s BBAuth
‣ Facebook Auth
‣ and others...
10. Goals
Be Simple
‣ standard for website API authentication
‣ consistent for developers
‣ easy for end users to understand *
* this is hard
11. Goals
Be Secure
‣ secure for end users
‣ easy to implement security features
‣ 3rd party developers don’t have access
to passwords
‣ balance security with ease of use
12. Goals
Be Open
‣ any website can implement OAuth
‣ any 3rd party developer can use OAuth
‣ open source client libraries
‣ community-designed technical
specifications
13. Goals
Be Flexible
‣ authentication method agnostic
‣ don’t need a username and password
‣ can use OpenID
‣ 3rd party developers don’t handle auth
15. OAuth Setup
‣ Service provider gives
documentation of endpoint URLs
and signature method
‣ Consumer registers an application
with the service provider and gets
a consumer key/secret
24. Basic Authorization Process
1. Obtain request token
2. User authorizes
request token
3. Exchange request token
for access token
4. Use access token to
obtain protected resources
25. Where is this information
passed?
‣ HTTP Authorization header
‣ HTTP POST request body (form
parameters)
‣ URL query string parameters
26. Timestamp and nonce
oauth_timestamp
‣ seconds since Unix epoch
‣ must be greater than last request
oauth_nonce
‣ “number used once”
‣ ensure unique requests
29. Security considerations
‣ PLAINTEXT needs to be encrypted
‣ Secrecy of consumer secret
(desktop consumers)
‣ Phishing attacks
‣ Repeat authorizations
‣ and more...
30. Session fixation attack
Attacker gets victim to authorize
attacker’s request token.
April 2009
http://oauth.net/advisories/2009-1
31. 1.0a
‣ Consumer must specify
oauth_callback during the request
token phase
‣ Service provider returns
oauth_callback_confirmed with
request token and oauth_verifier
after user verification
‣ oauth_verifier used when
exchanging request token for
access token
32. Current status
‣ 1.0 final (Dec 2007)
‣ 1.0a (24 June 2009)
‣ IETF draft phase
‣ 2.0 coming soon!
‣ Lots of client libraries
46. Discovery
‣ white-lists
‣ HTML head item
<link rel="alternate" type="text/xml+oembed"
href="http://www.youtube.com/oembed?
url=http%3A//www.youtube.com/watch?v
%3Di-5AMapzFWg&format=xml" title="Drunk
Ewok Moonwalks & Molests Al Roker on
Today Show" />
