Kevin Dorosh presented on operationalizing multi-cluster Istio and developing ambient mesh. He discussed connectivity and communication challenges when services span multiple clusters. He then explained how Istio provides service discovery, secure communication, traffic control, policy enforcement, and resilience. Dorosh also covered ambient mesh, which removes the sidecar proxy and instead runs a single proxy on each node for lower overhead and easier operations. He demonstrated how ambient mesh maintains Istio's security features like mTLS and access control.
Presented at All Thing Open RTP Meetup
Presented by Brent Laster
Abstract: Kubernetes is the leading way to run and manage your containerized workloads across any cloud or on-premises environment. It provides an automated, reliable way to execute the services, deployments, etc. that make up your application. But what happens when running those doesn’t go as you’d expect, or the system isn’t happy with what you’re trying to get to run? How do you figure out what’s going wrong, track down the root causes, figure out a solution, and get things working again?
In this hands-on three-hour workshop, we’ll look at some basic and advanced ways to debug problems that you may run into with Kubernetes. You’ll learn techniques from basic ways to zero in on root cause to log analysis to using advanced tools such as creating your own debug containers. Armed with these skills, you’ll be in a position to deal with day-to-day issues with running workloads in Kubernetes and keep them from becoming disruptions and/or show-stoppers.
Authentication is one of the big parts of every application. Security is always something that is changing and evolving. We’re using the same authentication methods from the dawn of the web. Unfortunately, passwords are increasingly broken. In this talk Viral will discuss about the JWT Authentication with JS which plays an important role in modern day application development where it is a lot more than just the login screen, People will get know about different ways of authentication and authorization, concepts that make up modern identity and how they can integrate with any particular language or stack and how they can use JSON Web Tokens to add both Authentication and Authorization to our functions with Auth0 authentication, which is an online web service that handles authentication protocols like OAuth2, LDAP, and OpenID Connect to allow clients to create authenticated services without the need to build the entire infrastructure. This way, an application can retrieve user-related data and showcase protected information to only logged in users.
#CSA #Dehradun
XSS Video POC in Yahoo :
https://www.youtube.com/watch?v=I2WKUJn8P7I
Tapjacking bug poc in Android 6.0 Video :
https://www.youtube.com/watch?v=8BcP3Q4ZWXQ
Slides of my talk I gave @ PyRE.it in ReggioEmilia about developing a Rest Api in Python using a little bit of Flask and SqlAlchemy.
www.pyre.it
www.alessandrocucci.it/pyre/restapi
Presented at All Thing Open RTP Meetup
Presented by Brent Laster
Abstract: Kubernetes is the leading way to run and manage your containerized workloads across any cloud or on-premises environment. It provides an automated, reliable way to execute the services, deployments, etc. that make up your application. But what happens when running those doesn’t go as you’d expect, or the system isn’t happy with what you’re trying to get to run? How do you figure out what’s going wrong, track down the root causes, figure out a solution, and get things working again?
In this hands-on three-hour workshop, we’ll look at some basic and advanced ways to debug problems that you may run into with Kubernetes. You’ll learn techniques from basic ways to zero in on root cause to log analysis to using advanced tools such as creating your own debug containers. Armed with these skills, you’ll be in a position to deal with day-to-day issues with running workloads in Kubernetes and keep them from becoming disruptions and/or show-stoppers.
Authentication is one of the big parts of every application. Security is always something that is changing and evolving. We’re using the same authentication methods from the dawn of the web. Unfortunately, passwords are increasingly broken. In this talk Viral will discuss about the JWT Authentication with JS which plays an important role in modern day application development where it is a lot more than just the login screen, People will get know about different ways of authentication and authorization, concepts that make up modern identity and how they can integrate with any particular language or stack and how they can use JSON Web Tokens to add both Authentication and Authorization to our functions with Auth0 authentication, which is an online web service that handles authentication protocols like OAuth2, LDAP, and OpenID Connect to allow clients to create authenticated services without the need to build the entire infrastructure. This way, an application can retrieve user-related data and showcase protected information to only logged in users.
#CSA #Dehradun
XSS Video POC in Yahoo :
https://www.youtube.com/watch?v=I2WKUJn8P7I
Tapjacking bug poc in Android 6.0 Video :
https://www.youtube.com/watch?v=8BcP3Q4ZWXQ
Slides of my talk I gave @ PyRE.it in ReggioEmilia about developing a Rest Api in Python using a little bit of Flask and SqlAlchemy.
www.pyre.it
www.alessandrocucci.it/pyre/restapi
One sink to rule them all: Introducing the new Async SinkFlink Forward
Flink Forward San Francisco 2022.
Next time you want to integrate with a new destination for a demo, concept or production application, the Async Sink framework will bootstrap development, allowing you to move quickly without compromise. In Flink 1.15 we introduced the Async Sink base (FLIP-171), with the goal to encapsulate common logic and allow developers to focus on the key integration code. The new framework handles things like request batching, buffering records, applying backpressure, retry strategies, and at least once semantics. It allows you to focus on your business logic, rather than spending time integrating with your downstream consumers. During the session we will dive deep into the internals to uncover how it works, why it was designed this way, and how to use it. We will code up a new sink from scratch and demonstrate how to quickly push data to a destination. At the end of this talk you will be ready to start implementing your own Flink sink using the new Async Sink framework.
by
Steffen Hausmann & Danny Cranmer
Stormpath .NET Developer Evangelist, Nate Barbettini, presents Token Authentication with ASP.NET Core. Nate will explain how Token Authentication can be used to secure web applications built with ASP.NET Core, REST APIs, and 'unsafe' clients while supporting security best practices and even improving performance and scale.
Presented at OWASP AppSecUSA 2011
It's all about scale; how can an organization possibly keep up with a growing number of web applications, features, and supported capabilities with a limited security team? One option that has provided successful results for several companies is a bug bounty program. These programs successfully engage the world community and bring many eyes towards the common good.
This talk will discuss the benefits and risks of a bounty program for web applications. What types of organizations consider starting a bounty? How would an organization start such a program and what should they expect? Is the return worth the effort? How does such a program compete with the black market?
In addition to these topics, we will also discuss the progress, metrics and lessons learned from the Mozilla web application bounty that was launched in December 2010.
Being Functional on Reactive Streams with Spring ReactorMax Huang
The journey begins with using Java 8 introduced Optional/Stream/CompletableFuture more functional, after which Reactive Streams is introduced with a homemade implementation that is ultimately made functional to increase usability. Finally Spring Reactor (Project Reactor) is presented and used for building a device simulator periodically reporting data to device controller.
Content Security Policy (CSP) is a browser security mechanism against content injection. Using the CSP header, browsers can restrict content from just the domains whitelisted in the policy. This session shares lessons learned with deploying CSP at Yahoo.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Low latency microservices in java QCon New York 2016Peter Lawrey
In this talk we explore how Microservices and Trading System overlap and what they can learn from each other. In particular, how can we make microservices easy to test and performant. How can Trading System have shorter time to market and easier to maintain.
Apache Kafka is the de facto standard for data streaming to process data in motion. With its significant adoption growth across all industries, I get a very valid question every week: When NOT to use Apache Kafka? What limitations does the event streaming platform have? When does Kafka simply not provide the needed capabilities? How to qualify Kafka out as it is not the right tool for the job?
This session explores the DOs and DONTs. Separate sections explain when to use Kafka, when NOT to use Kafka, and when to MAYBE use Kafka.
No matter if you think about open source Apache Kafka, a cloud service like Confluent Cloud, or another technology using the Kafka protocol like Redpanda or Pulsar, check out this slide deck.
A detailed article about this topic:
https://www.kai-waehner.de/blog/2022/01/04/when-not-to-use-apache-kafka/
This is a bug bounty hunter presentation given at Nullcon 2016 by Bugcrowd's Faraz Khan.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
Setup ephemeral password for TURN, Learn RTC in less than 200 Lines of codeAmitesh Madhur
TURN is used for relaying data from source to target. TURN consumes bandwidh and it is expensive.
Therefore there is a need for authorizing the TURN connection. However given that the connection is made from a client using javascript, use of a static username/password can be easily compromised.
Ephemeral password comes to the rescue here.
Learn WebRTC in 200 Line of code:
You will need a lot of patience going through libraries that are present today simply because they have thousands of line of code. So I will highly encourage you all to refer the source code located here: github.com/amiteshawa/learn-rtc
PHP is the most commonly used server-side programming and deployed more than 80% in web server all over the world. However, PHP is a 'grown' language rather than deliberately engineered, making writing insecure PHP applications far too easy and common. If you want to use PHP securely, then you should be aware of all its pitfalls.
Writing and testing high frequency trading engines in javaPeter Lawrey
JavaOne presentation of Writing and Testing High Frequency Trading Engines in Java. Talk looks at low latency trading, thread affinity, lock free code, ultra low garbage and low latency persistence and IPC.
Anonymous club of BMSCE, Talk and Demo on exploits on the Metasploit Framework and building Trojans using Msfvenom . By Siddharth.K (tech Head of anonymous club BMSCE)
ksqlDB is a stream processing SQL engine, which allows stream processing on top of Apache Kafka. ksqlDB is based on Kafka Stream and provides capabilities for consuming messages from Kafka, analysing these messages in near-realtime with a SQL like language and produce results again to a Kafka topic. By that, no single line of Java code has to be written and you can reuse your SQL knowhow. This lowers the bar for starting with stream processing significantly.
ksqlDB offers powerful capabilities of stream processing, such as joins, aggregations, time windows and support for event time. In this talk I will present how KSQL integrates with the Kafka ecosystem and demonstrate how easy it is to implement a solution using ksqlDB for most part. This will be done in a live demo on a fictitious IoT sample.
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
It's been two years since we introduced the Istio project to the Triangle Kubernetes Meetup group. This presentation will be a brief re-introduction of the Istio project, and a summary of the updates to the Istio project since its 1.0 release.
One sink to rule them all: Introducing the new Async SinkFlink Forward
Flink Forward San Francisco 2022.
Next time you want to integrate with a new destination for a demo, concept or production application, the Async Sink framework will bootstrap development, allowing you to move quickly without compromise. In Flink 1.15 we introduced the Async Sink base (FLIP-171), with the goal to encapsulate common logic and allow developers to focus on the key integration code. The new framework handles things like request batching, buffering records, applying backpressure, retry strategies, and at least once semantics. It allows you to focus on your business logic, rather than spending time integrating with your downstream consumers. During the session we will dive deep into the internals to uncover how it works, why it was designed this way, and how to use it. We will code up a new sink from scratch and demonstrate how to quickly push data to a destination. At the end of this talk you will be ready to start implementing your own Flink sink using the new Async Sink framework.
by
Steffen Hausmann & Danny Cranmer
Stormpath .NET Developer Evangelist, Nate Barbettini, presents Token Authentication with ASP.NET Core. Nate will explain how Token Authentication can be used to secure web applications built with ASP.NET Core, REST APIs, and 'unsafe' clients while supporting security best practices and even improving performance and scale.
Presented at OWASP AppSecUSA 2011
It's all about scale; how can an organization possibly keep up with a growing number of web applications, features, and supported capabilities with a limited security team? One option that has provided successful results for several companies is a bug bounty program. These programs successfully engage the world community and bring many eyes towards the common good.
This talk will discuss the benefits and risks of a bounty program for web applications. What types of organizations consider starting a bounty? How would an organization start such a program and what should they expect? Is the return worth the effort? How does such a program compete with the black market?
In addition to these topics, we will also discuss the progress, metrics and lessons learned from the Mozilla web application bounty that was launched in December 2010.
Being Functional on Reactive Streams with Spring ReactorMax Huang
The journey begins with using Java 8 introduced Optional/Stream/CompletableFuture more functional, after which Reactive Streams is introduced with a homemade implementation that is ultimately made functional to increase usability. Finally Spring Reactor (Project Reactor) is presented and used for building a device simulator periodically reporting data to device controller.
Content Security Policy (CSP) is a browser security mechanism against content injection. Using the CSP header, browsers can restrict content from just the domains whitelisted in the policy. This session shares lessons learned with deploying CSP at Yahoo.
Get an overview of HashiCorp's Vault concepts.
Learn how to start a Vault server.
Learn how to use the Vault's postgresql backend.
See an overview of the Vault's SSH backend integration.
This presentation was held on the DigitalOcean Meetup in Berlin. Find more details here: https://www.meetup.com/DigitalOceanBerlin/events/237123195/
Low latency microservices in java QCon New York 2016Peter Lawrey
In this talk we explore how Microservices and Trading System overlap and what they can learn from each other. In particular, how can we make microservices easy to test and performant. How can Trading System have shorter time to market and easier to maintain.
Apache Kafka is the de facto standard for data streaming to process data in motion. With its significant adoption growth across all industries, I get a very valid question every week: When NOT to use Apache Kafka? What limitations does the event streaming platform have? When does Kafka simply not provide the needed capabilities? How to qualify Kafka out as it is not the right tool for the job?
This session explores the DOs and DONTs. Separate sections explain when to use Kafka, when NOT to use Kafka, and when to MAYBE use Kafka.
No matter if you think about open source Apache Kafka, a cloud service like Confluent Cloud, or another technology using the Kafka protocol like Redpanda or Pulsar, check out this slide deck.
A detailed article about this topic:
https://www.kai-waehner.de/blog/2022/01/04/when-not-to-use-apache-kafka/
This is a bug bounty hunter presentation given at Nullcon 2016 by Bugcrowd's Faraz Khan.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is widely used technology specially for API's authentication. This PPT describes about security concerns with JWT..
Setup ephemeral password for TURN, Learn RTC in less than 200 Lines of codeAmitesh Madhur
TURN is used for relaying data from source to target. TURN consumes bandwidh and it is expensive.
Therefore there is a need for authorizing the TURN connection. However given that the connection is made from a client using javascript, use of a static username/password can be easily compromised.
Ephemeral password comes to the rescue here.
Learn WebRTC in 200 Line of code:
You will need a lot of patience going through libraries that are present today simply because they have thousands of line of code. So I will highly encourage you all to refer the source code located here: github.com/amiteshawa/learn-rtc
PHP is the most commonly used server-side programming and deployed more than 80% in web server all over the world. However, PHP is a 'grown' language rather than deliberately engineered, making writing insecure PHP applications far too easy and common. If you want to use PHP securely, then you should be aware of all its pitfalls.
Writing and testing high frequency trading engines in javaPeter Lawrey
JavaOne presentation of Writing and Testing High Frequency Trading Engines in Java. Talk looks at low latency trading, thread affinity, lock free code, ultra low garbage and low latency persistence and IPC.
Anonymous club of BMSCE, Talk and Demo on exploits on the Metasploit Framework and building Trojans using Msfvenom . By Siddharth.K (tech Head of anonymous club BMSCE)
ksqlDB is a stream processing SQL engine, which allows stream processing on top of Apache Kafka. ksqlDB is based on Kafka Stream and provides capabilities for consuming messages from Kafka, analysing these messages in near-realtime with a SQL like language and produce results again to a Kafka topic. By that, no single line of Java code has to be written and you can reuse your SQL knowhow. This lowers the bar for starting with stream processing significantly.
ksqlDB offers powerful capabilities of stream processing, such as joins, aggregations, time windows and support for event time. In this talk I will present how KSQL integrates with the Kafka ecosystem and demonstrate how easy it is to implement a solution using ksqlDB for most part. This will be done in a live demo on a fictitious IoT sample.
Istio Triangle Kubernetes Meetup Aug 2019Ram Vennam
It's been two years since we introduced the Istio project to the Triangle Kubernetes Meetup group. This presentation will be a brief re-introduction of the Istio project, and a summary of the updates to the Istio project since its 1.0 release.
This talk will guide you through the first steps to understand Consul and do some cool stuff with it.
You also have a live Vagrant demo available in github at https://github.com/lynxman/consul-first-steps
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
FIWARE Wednesday Webinar - How to Secure IoT Devices (22nd April 2020)
Corresponding webinar recording: https://youtu.be/_87IZhrYo3U
Live coding session and commentary, demonstrating various techniques and methods for securing the interactions between Devices, IoT Agents and the Context Broker
Chapter: Security
Difficulty: 3
Audience: Any Technical
Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)
Managing microservices with Istio Service MeshRafik HARABI
Developing and managing hundreds (or maybe thousands) of microservices at scale is a challenge for both development and operations teams.
We have seen over the last years the appearance of new frameworks dedicated to deliver ‘Cloud Native’ applications by providing a set of (out of box) building blocks. Most of these frameworks integrate microservices concerns at the code level.
Recently, we have seen the emerging of a new pattern known as sidecar or proxy promoting to push all these common concerns outside of the business code and provides them on the edge by integrate a new layer to the underlying platform called Service Mesh.
Istio is one of the leading Service Mesh implementing sidecar pattern.
We will go during the presentation throw the core concepts behind Istio, the capabilities that provides to manage, secure and observe microservices and how it gives a new breath for both developers and operations.
The presentation will be guided by a sequence of demo exposing Istio capabilities.
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannotapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Multicluster Service Mesh in Action
Denis Jannot, Director of Field Engineering - EMEA at Solo.io
Behind the Code 'September 2022 // by ExnessMaxim Gaponov
Here you can find slides from the Behind The Code information security meet-up hosted by Exness on September 30 2022.
Next events are to come, stay tuned!
Individual microservices are relatively easy to develop, but managing a distributed system composed of microservices is never a simple task. Kubernetes helps, but it falls short of providing everything such a system needs. This is where the Istio Service Mesh comes in.
Running microservices in production, you'll soon realize you want things like traffic splitting, automatic connection retries, timeouts and failovers, secure communication and authentication between your services, distributed metrics, tracing and logging. By introducing Istio into your architecture, you get all of that and more. And you get most of it without changing your code at all.
In this talk, you'll see a demonstration of Istio in action and learn about the tricks that make its magic possible.
Spring Boot - Microservice Metrics MonitoringDonghuKIM2
마이크로서비스 아키텍쳐에서의 분산된 서비스간의 모니터링 방법을 소개합니다.
- Microservice Monitoring with Service Discovery (Eureka) Spring Boot Admin
- Microservice Monitoring with Service Discovery (Consul), Prometheus, Grafana
Presentation in IBM Cloud Meet-up of Toronto
https://www.meetup.com/IBM-Cloud-Toronto/events/253903913/?_xtd=gatlbWFpbF9jbGlja9oAJGU3NmM3ZjdmLWE2NzgtNGVlNC1iNGZiLTBlZGE5ZWM0NDZjOQ
This presentation will introduce the Lockheed Martin Cyber Kill Chain and MITRE ATT&CK frameworks. By working through 4 different practical scenarios in a fictional company https://sensenet-library.com, the attendees will learn how they can use those frameworks to measure their security response in today's diverse security threat landscape. We'll go through categorising security controls, responding to a vulnerability report, assessing a threat intel report and decide on future of the company's toolset where you will be able to answer a question if you should continue investing in a tool or should you buy a new one.
This work is part of the open source testbed setup for Cloud interoperability & portability. Cloud Security Workgroup will further review and generate complete working set as we move along. This is part I of the effort.
Similar to Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient Mesh.pptx.pdf (20)
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
12. 12
Create ServiceEntries for external services
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin-ext
spec:
hosts:
- httpbin.org
ports:
- number: 80
name: http
protocol: HTTP
resolution: DNS
location: MESH_EXTERNAL
$ istioctl proxy-config endpoints ratings-v1-fd78f799f-gj8td | grep httpbin
34.199.75.4:80 HEALTHY OK outbound|80||httpbin.org
34.231.30.52:80 HEALTHY OK outbound|80||httpbin.org
54.166.163.67:80 HEALTHY OK outbound|80||httpbin.org
54.91.118.50:80 HEALTHY OK outbound|80||httpbin.org
https://istio.io/latest/docs/reference/config/networking/service-entry/
13. 13
Block undefined external endpoints
myapp
envoy
Change outboundTrafficPolicy to REGISTRY_ONLY
NOTE: Traffic can be configured to bypass envoy using annotations:
traffic.sidecar.istio.io/excludeOutboundIPRanges
traffic.sidecar.istio.io/excludeOutboundPorts
spec:
meshConfig:
outboundTrafficPolicy:
mode: REGISTRY_ONLY
https://istio.io/latest/docs/tasks/traffic-management/egress/egress-control/
14. 14
Direct external traffic thru egress gateways
myapp
envoy
curl http://httpbin.org/headers
Egress GW
httpbin.org
• Dedicated traffic exit points
• Only Egress gateways can run on internet enabled nodes
• Meet compliance requirements
• Use Network Policies on workloads to prevent bypassing the egress gateway
https://istio.io/latest/blog/2019/egress-traffic-control-in-istio-part-1/
https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/
17. 17
Istio mutual TLS mode
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
namespace: istio-system # can be granular
spec:
mtls:
mode: PERMISSIVE # or STRICT
• Change PERMISSIVE to STRICT
after onboarding all your
workloads to the mesh
• Can be disabled at the port level
frontend backend
Another App
30. Istio - The Industry’s Leading Service Mesh
2017
Istio Launched
2022
Ambient Mesh
Launched
Data Plane
Enhancements
2019-20
7 New Community Releases
1000s Production Customers
~ 1000 Community Contributors
2022
CNCF
2019-2022
32. What is Istio Ambient Mesh?
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
Proxy
Istio Sidecar Data Plane
1 Pod/Container = 1 Proxy
Ambient Mesh Data Plane
1 Node = 1 Proxy
Move from Sidecar Proxy per-pod architecture
to a Proxy per-node architecture.
“Making the Mesh
Transparent to Applications”
● Reduced Compute Cost
● Improve Business Continuity
● Increase Business Flexibility
● Simplified Operations
● Reduced Maintenance
● Simplified Upgrades
● Easier to Add Applications
● Less Day-2-Day Complexity
● Adapt to Application Needs
● Offer SLAs for Applications
● Many Apps = 1 Platform
Application
Team
● Mesh is transparent to Apps
● Applications won’t break
● Flexible Performance Available
● Manage Security vs Performance
Business
Owner
Platform
Team
33. Istio enables Zero-Trust Security
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
L4 Proxy
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
Istio Security with Sidecar Proxy Istio Security with Ambient Mesh
L4 Proxy
L7 Proxy
● All traffic goes through Proxy
● Proxy manages mTLS, Identity
● Proxy manages L7 Application Filters | Policies
● All traffic goes through Proxy
● L4 Proxy manages mTLS, Identity
● L7 Proxy manages L7 Application Filters | Policies
34. Istio enables Service Mesh flexibility
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
P
Proxy
Istio Sidecar Data Plane
1 Pod/Container = 1 Proxy
Ambient Mesh Data Plane
1 Node = 1 Proxy
Istio Control Plane
Cost Flexibility
Operational Flexibility
Performance Flexibility
37. HBONE - The protocol used to connect nodes
HTTP Based Overlay Network Encapsulation protocol
source: https://www.solo.io/blog/understanding-istio-ambient-ztunnel-and-secure-overlay/