Hortonworks Technical Workshop: Interactive Query with Apache Hive Hortonworks
Apache Hive is the defacto standard for SQL queries over petabytes of data in Hadoop. It is a comprehensive and compliant engine that offers the broadest range of SQL semantics for Hadoop, providing a powerful set of tools for analysts and developers to access Hadoop data. The session will cover the latest advancements in Hive and provide practical tips for maximizing Hive Performance.
Audience: Developers, Architects and System Engineers from the Hortonworks Technology Partner community.
Recording: https://hortonworks.webex.com/hortonworks/lsr.php?RCID=7c8f800cbbef256680db14c78b871f97
Windows Server 2003 Migration - Presented by AtidanDavid J Rosenthal
End of support means:
No updates
37 critical updates were released in 2013 for Windows Server 2003/R2 under Extended Support. No updates will be developed or released after end of support.
No compliance
Lack of compliance with various standards and regulations can be devastating. This may include various regulatory and industry standards for which compliance can no longer be achieved. For example, lack of compliance with the Payment Card Industry (PCI) Data Security Standards might mean companies such as Visa and MasterCard will no longer do business with you. Or, the new cost of doing business will include paying catastrophic penalties and astronomically high transaction fees.
No safe haven
Both virtualized and physical instances of Windows Server 2003 are vulnerable and would not pass a compliance audit. Microsoft Small Business Server (SBS) 2003 servers are also affected.
Staying put will cost more in the end. Maintenance costs for aging hardware will also increase. Added costs will be incurred for intrusion detection systems, more advanced firewalls, network segmentation, and so on—simply to isolate Windows Server 2003 servers.
Many applications will also cease to be supported, once the operating system they are running on is unsupported. This includes all Microsoft applications.
Now is the time to act
You must start planning migration now.
Servers may still be running Windows Server 2003/R2 for a number of reasons. You can use these reasons as a discussion point:
Perceived challenges of upgrading applications
Presence of custom and legacy applications
Budget and resource constraints
Migration Best Practices: From RDBMS to Cassandra without a HitchDataStax Academy
Presenter: Duy Hai Doan, Technical Advocate at Datastax
Libon is a messaging service designed to improve mobile communications through free calls, chat and a voicemail services regardless of operator or Internet access provider. As a mobile communications application, Libon processes billions of messages and calls while backing up billions of contact data. Join this webinar to learn best practices and pitfalls to avoid when tackling a migration project from Relational Database (RDBMS) to Cassandra and how Libon is now able to ingest massive volumes of high velocity data with read and write latency below 10 milliseconds.
Data warehousing is a critical component for analysing and extracting actionable insights from your data. Amazon Redshift allows you to deploy a scalable data warehouse in a matter of minutes and starts to analyse your data right away using your existing business intelligence tools.
Flink Forward San Francisco 2018: - Jinkui Shi and Radu Tudoran "Flink real-t...Flink Forward
CloudStream service is a Full Management Service in Huawei Cloud. Support several features, such as On-Demand Billing, easy-to-use Stream SQL in online SQL editor, test Stream SQL in real-time style, Multi-tenant, security isolation and so on. We choose Apache Flink as streaming compute platform. Inside of CloudStream Cluster, Flink job can run on Yarn, Mesos, Kubernetes. We also have extended Apache Flink to meet IoT scenario needs. There are specialized tests on Flink reliability with college cooperation. Finally continuously improve the infrastructure around CS including open source projects and cloud services. CloudStream is different with any other real-time analysis cloud service. The development process can also be shared at architecture and principles.
Hortonworks Technical Workshop: Interactive Query with Apache Hive Hortonworks
Apache Hive is the defacto standard for SQL queries over petabytes of data in Hadoop. It is a comprehensive and compliant engine that offers the broadest range of SQL semantics for Hadoop, providing a powerful set of tools for analysts and developers to access Hadoop data. The session will cover the latest advancements in Hive and provide practical tips for maximizing Hive Performance.
Audience: Developers, Architects and System Engineers from the Hortonworks Technology Partner community.
Recording: https://hortonworks.webex.com/hortonworks/lsr.php?RCID=7c8f800cbbef256680db14c78b871f97
Windows Server 2003 Migration - Presented by AtidanDavid J Rosenthal
End of support means:
No updates
37 critical updates were released in 2013 for Windows Server 2003/R2 under Extended Support. No updates will be developed or released after end of support.
No compliance
Lack of compliance with various standards and regulations can be devastating. This may include various regulatory and industry standards for which compliance can no longer be achieved. For example, lack of compliance with the Payment Card Industry (PCI) Data Security Standards might mean companies such as Visa and MasterCard will no longer do business with you. Or, the new cost of doing business will include paying catastrophic penalties and astronomically high transaction fees.
No safe haven
Both virtualized and physical instances of Windows Server 2003 are vulnerable and would not pass a compliance audit. Microsoft Small Business Server (SBS) 2003 servers are also affected.
Staying put will cost more in the end. Maintenance costs for aging hardware will also increase. Added costs will be incurred for intrusion detection systems, more advanced firewalls, network segmentation, and so on—simply to isolate Windows Server 2003 servers.
Many applications will also cease to be supported, once the operating system they are running on is unsupported. This includes all Microsoft applications.
Now is the time to act
You must start planning migration now.
Servers may still be running Windows Server 2003/R2 for a number of reasons. You can use these reasons as a discussion point:
Perceived challenges of upgrading applications
Presence of custom and legacy applications
Budget and resource constraints
Migration Best Practices: From RDBMS to Cassandra without a HitchDataStax Academy
Presenter: Duy Hai Doan, Technical Advocate at Datastax
Libon is a messaging service designed to improve mobile communications through free calls, chat and a voicemail services regardless of operator or Internet access provider. As a mobile communications application, Libon processes billions of messages and calls while backing up billions of contact data. Join this webinar to learn best practices and pitfalls to avoid when tackling a migration project from Relational Database (RDBMS) to Cassandra and how Libon is now able to ingest massive volumes of high velocity data with read and write latency below 10 milliseconds.
Data warehousing is a critical component for analysing and extracting actionable insights from your data. Amazon Redshift allows you to deploy a scalable data warehouse in a matter of minutes and starts to analyse your data right away using your existing business intelligence tools.
Flink Forward San Francisco 2018: - Jinkui Shi and Radu Tudoran "Flink real-t...Flink Forward
CloudStream service is a Full Management Service in Huawei Cloud. Support several features, such as On-Demand Billing, easy-to-use Stream SQL in online SQL editor, test Stream SQL in real-time style, Multi-tenant, security isolation and so on. We choose Apache Flink as streaming compute platform. Inside of CloudStream Cluster, Flink job can run on Yarn, Mesos, Kubernetes. We also have extended Apache Flink to meet IoT scenario needs. There are specialized tests on Flink reliability with college cooperation. Finally continuously improve the infrastructure around CS including open source projects and cloud services. CloudStream is different with any other real-time analysis cloud service. The development process can also be shared at architecture and principles.
LinkedIn started its Trino journey back in 2015 and has been an active contributor in the community. We have been witnessing massive growth YoY and our workload has been exponentially growing with more than 5k unique users, processing 100s of PB, millions of queries and quadrillions of rows every week. Trino at LinkedIn is used for a diverse variety of use cases like detecting fraud and abuse, data scientists measure impact of COVID on economic and jobs landscape, engineers run ad hoc analysis to debug production issues, business analysts build robust data driven offering to help salespeople make smarter decisions, site-reliability engineers analyze internal system performances and more. In this talk, we will go through Trino's growth at LinkedIn, how it fits into our data ecosystem, some of our operating challenges and dive into a few of our use cases. We'll also talk about our learnings, contributions, and philosophy on open source and what has worked well for us.
Using OPC-UA to Extract IIoT Time Series Data from PLC and SCADA SystemsInfluxData
Algist Bruggeman NV produces yeast for large-scale bakeries and home bakers. The company lacked insight into its fermentation process as its sensor data collection process was manual. Production data was committed to paper, making it difficult to compare batches, aggregate production parameters or detect anomalies.
Factry.IO’s data historian, built on InfluxDB, has helped the company collect process data, enabling it to gain more insight into its production process and provide predictive maintenance.
In this webinar, learn about Algist Bruggeman NV’s business outcomes and the technical setup of linking time series data with ERP, planning and quality data for operational improvement.
Hybrid Cloud Journey - Maximizing Private and Public CloudRyan Lynn
This presentation walks through the elements of private and public cloud and how to start looking at use cases for hybrid cloud architectures. It covers benefits, statistics, trends and practical next steps for your hybrid cloud journey.
Live presentation of some of this content: https://www.youtube.com/watch?v=9_5yJr0HKw4&t=13s
Safeguarded Copy function that is available with IBM® Spectrum Virtualize software Version
8.4.2 supports the ability to create cyber-resilient point-in-time copies of volumes that cannot
be changed or deleted through user errors, malicious actions, or ransomware attacks. The
system integrates with IBM Copy Services Manager to provide automated backup copies and
data recovery.
This IBM Redpaper publication introduces the features and functions of Safeguarded Copy
function by using several examples.
This document is aimed at pre-sales and post-sales technical support and storage
administrators.
High Availability can be a curiously nebulous term, and most people probably don't care about it until they can't access their online banking service, or their plane crashes.
This presentation examines some of the considerations necessary when building highly available computer systems, then focuses on the HA infrastructure software currently available from the Corosync/OpenAIS, Linux-HA and Pacemaker projects.
Originally presented at Linux Users Victoria in April 2010 (http://luv.asn.au/2010/04/06)
Many inventions over the past 70 years lead up to the modern datacenter. This infographic features some of the milestones that changed datacenter history.
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
Organizations often need to quickly analyze large amounts of data, such as logs generated from a wide variety of sources and formats. However, traditional approaches require a lot of time and effort designing complex data transformation and loading processes; and configuring data warehouses. Using AWS, you can start querying your datasets within minutes. In this session you will learn how you can deploy a managed Presto environment in minutes to interactively query log data using standard ANSI SQL. Presto is a popular open source SQL engine for running interactive analytic queries against data sources of all sizes. We will talk about common use cases and best practices for running Presto on Amazon EMR.
When the world changes, it brings both disruption and progress. Cloud computing is rightly emerging as the key technology trend of 2021 and is becoming a technology of choice across industries for driving the app-based technology ecosystem. From healthcare to education, and from manufacturing to gaming, every industry is moving its IT infrastructure to the cloud. This presentation captures the future trends in cloud computing that we think will drive the cloud revolution in 2021.
Extentia® is a global technology and services firm that helps clients transform and realize their digital strategies. With a unique Experience Centric Transformation approach, our ground-breaking solutions are in the space of mobile, cloud, and design. Our team is differentiated by an emphasis on excellent design skills that they bring to every project. Focused on enterprise mobility, cloud computing, and user experiences, we strive to accomplish and surpass their customers’ business goals. Our inclusive work environment and culture inspire team members to be innovative and creative and to provide clients with an exceptional partnership experience.
Expand your digital horizons with us. We will help you transform your business and surpass your goals.
Write to us at inquiries@extentia.com
https://www.extentia.com/
The fact that a Meter Data Management (MDM) system is the single, secure repository for the millions of data points collected by an AMI makes it the logical solution for data analytics such as validation, editing and estimation that improve the accuracy of billing information. Yet, as a single-source system of record, the MDM also is the starting point for integration of meter-read data with other enterprise systems to improve real-time efficiency of network operations and business processes.
The MDM with meter modelling components and standardized connectivity can integrate with the utility geodatabase (GIS) and outage management system (OMS) to significantly streamline outage detection and restoration verification.
MDM integrated with the utility supervisory control and data acquisition (SCADA) system or distribution management system (DMS) allows comparison of information at substation/net-stations with aggregated meter data to detect potential theft or network loss during distribution. Similar aggregate comparison helps analyse power quality, identify demand trending and forecast demand. These network analysis capabilities empower accurate asset planning and the utility’s ability to meet demand without adding more capacity.
In all of these enterprise-level functions, MDM integration with the GIS provides valuable visualization that facilitates operator and analyst identification of areas of concern or opportunity.
The real-time network intelligence possible with such a powerful MDM solution can return substantial benefits to several utility operations and business processes — well beyond the initial-level billing accuracy improvement.
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
In the past, many NoSQL systems came with minimal security features and put security functions in the application layer. However, some newer NoSQL databases are supporting fine-grain security policy management. In this webinar we will discuss the trends in NoSQL security and the ability for new releases of some NoSQL databases to address in-database security concerns. We will see how security policies can be migrated from SQL to NoSQL systems.
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...DataStax
This webinar highlights DataStax's newest big data platform, DataStax Enterprise (DSE) 3.0. The webinar features DataStax CEO, Billy Bosworth; 451 Group research manager, Matt Aslett; and HealthCare Anytime CTO, Terrell Deppe. The three speakers will explain the importance of security and visual management tools when selecting a big data stack, and discuss how DSE 3.0 addresses these two key criteria.
LinkedIn started its Trino journey back in 2015 and has been an active contributor in the community. We have been witnessing massive growth YoY and our workload has been exponentially growing with more than 5k unique users, processing 100s of PB, millions of queries and quadrillions of rows every week. Trino at LinkedIn is used for a diverse variety of use cases like detecting fraud and abuse, data scientists measure impact of COVID on economic and jobs landscape, engineers run ad hoc analysis to debug production issues, business analysts build robust data driven offering to help salespeople make smarter decisions, site-reliability engineers analyze internal system performances and more. In this talk, we will go through Trino's growth at LinkedIn, how it fits into our data ecosystem, some of our operating challenges and dive into a few of our use cases. We'll also talk about our learnings, contributions, and philosophy on open source and what has worked well for us.
Using OPC-UA to Extract IIoT Time Series Data from PLC and SCADA SystemsInfluxData
Algist Bruggeman NV produces yeast for large-scale bakeries and home bakers. The company lacked insight into its fermentation process as its sensor data collection process was manual. Production data was committed to paper, making it difficult to compare batches, aggregate production parameters or detect anomalies.
Factry.IO’s data historian, built on InfluxDB, has helped the company collect process data, enabling it to gain more insight into its production process and provide predictive maintenance.
In this webinar, learn about Algist Bruggeman NV’s business outcomes and the technical setup of linking time series data with ERP, planning and quality data for operational improvement.
Hybrid Cloud Journey - Maximizing Private and Public CloudRyan Lynn
This presentation walks through the elements of private and public cloud and how to start looking at use cases for hybrid cloud architectures. It covers benefits, statistics, trends and practical next steps for your hybrid cloud journey.
Live presentation of some of this content: https://www.youtube.com/watch?v=9_5yJr0HKw4&t=13s
Safeguarded Copy function that is available with IBM® Spectrum Virtualize software Version
8.4.2 supports the ability to create cyber-resilient point-in-time copies of volumes that cannot
be changed or deleted through user errors, malicious actions, or ransomware attacks. The
system integrates with IBM Copy Services Manager to provide automated backup copies and
data recovery.
This IBM Redpaper publication introduces the features and functions of Safeguarded Copy
function by using several examples.
This document is aimed at pre-sales and post-sales technical support and storage
administrators.
High Availability can be a curiously nebulous term, and most people probably don't care about it until they can't access their online banking service, or their plane crashes.
This presentation examines some of the considerations necessary when building highly available computer systems, then focuses on the HA infrastructure software currently available from the Corosync/OpenAIS, Linux-HA and Pacemaker projects.
Originally presented at Linux Users Victoria in April 2010 (http://luv.asn.au/2010/04/06)
Many inventions over the past 70 years lead up to the modern datacenter. This infographic features some of the milestones that changed datacenter history.
Build cloud like Rackspace with OpenStack AnsibleJirayut Nimsaeng
Build cloud like Rackspace with OpenStack Ansible Workshop in 2nd Cloud OpenStack-Container Conference and Workshop 2016 at Grand Postal Building, Bangrak, Bangkok on September 22-23, 2016
Organizations often need to quickly analyze large amounts of data, such as logs generated from a wide variety of sources and formats. However, traditional approaches require a lot of time and effort designing complex data transformation and loading processes; and configuring data warehouses. Using AWS, you can start querying your datasets within minutes. In this session you will learn how you can deploy a managed Presto environment in minutes to interactively query log data using standard ANSI SQL. Presto is a popular open source SQL engine for running interactive analytic queries against data sources of all sizes. We will talk about common use cases and best practices for running Presto on Amazon EMR.
When the world changes, it brings both disruption and progress. Cloud computing is rightly emerging as the key technology trend of 2021 and is becoming a technology of choice across industries for driving the app-based technology ecosystem. From healthcare to education, and from manufacturing to gaming, every industry is moving its IT infrastructure to the cloud. This presentation captures the future trends in cloud computing that we think will drive the cloud revolution in 2021.
Extentia® is a global technology and services firm that helps clients transform and realize their digital strategies. With a unique Experience Centric Transformation approach, our ground-breaking solutions are in the space of mobile, cloud, and design. Our team is differentiated by an emphasis on excellent design skills that they bring to every project. Focused on enterprise mobility, cloud computing, and user experiences, we strive to accomplish and surpass their customers’ business goals. Our inclusive work environment and culture inspire team members to be innovative and creative and to provide clients with an exceptional partnership experience.
Expand your digital horizons with us. We will help you transform your business and surpass your goals.
Write to us at inquiries@extentia.com
https://www.extentia.com/
The fact that a Meter Data Management (MDM) system is the single, secure repository for the millions of data points collected by an AMI makes it the logical solution for data analytics such as validation, editing and estimation that improve the accuracy of billing information. Yet, as a single-source system of record, the MDM also is the starting point for integration of meter-read data with other enterprise systems to improve real-time efficiency of network operations and business processes.
The MDM with meter modelling components and standardized connectivity can integrate with the utility geodatabase (GIS) and outage management system (OMS) to significantly streamline outage detection and restoration verification.
MDM integrated with the utility supervisory control and data acquisition (SCADA) system or distribution management system (DMS) allows comparison of information at substation/net-stations with aggregated meter data to detect potential theft or network loss during distribution. Similar aggregate comparison helps analyse power quality, identify demand trending and forecast demand. These network analysis capabilities empower accurate asset planning and the utility’s ability to meet demand without adding more capacity.
In all of these enterprise-level functions, MDM integration with the GIS provides valuable visualization that facilitates operator and analyst identification of areas of concern or opportunity.
The real-time network intelligence possible with such a powerful MDM solution can return substantial benefits to several utility operations and business processes — well beyond the initial-level billing accuracy improvement.
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
In the past, many NoSQL systems came with minimal security features and put security functions in the application layer. However, some newer NoSQL databases are supporting fine-grain security policy management. In this webinar we will discuss the trends in NoSQL security and the ability for new releases of some NoSQL databases to address in-database security concerns. We will see how security policies can be migrated from SQL to NoSQL systems.
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...DataStax
This webinar highlights DataStax's newest big data platform, DataStax Enterprise (DSE) 3.0. The webinar features DataStax CEO, Billy Bosworth; 451 Group research manager, Matt Aslett; and HealthCare Anytime CTO, Terrell Deppe. The three speakers will explain the importance of security and visual management tools when selecting a big data stack, and discuss how DSE 3.0 addresses these two key criteria.
This webinar will cover new security features in MongoDB 2.6 including x.509 authentication, user defined roles, collection level access control, enterprise features like LDAP authentication and auditing, and many other SSL features. We will first give a brief overview of security features through MongoDB 2.4 then cover new features in 2.6 and coming releases.
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
This talk (hopefully) provides some new pentesters tools and tricks. Basically a continuation of last year’s Dirty Little Secrets they didn’t teach you in Pentest class. Topics include; OSINT and APIs, certificate stealing, F**king with Incident Response Teams, 10 ways to psexec, and more. Yes, mostly using metasploit.
Talk on threats to database security. The title is, of course, deadly serious. Wile E. Coyote & other experts on correctness & security are enlisted to help make key points.
This presentation targets to guiding security expert and developer to protect PaaS deployment to eliminate security threats. This also introduces Threat Modeling.
Today is the age of computer and internet. More and more people are creating their own websites to market their products and earn more profit from it. Having our own website will definitely help us in getting more customers purchasing our products but at the same time we can also attract hackers to play around with our website. If we have not taken enough care to protect our website from hackers then our business can even come to an end because of these hackers. If we own a website, then we might know the importance of ensuring that our website is safe from viruses and hackers.
After going online most of the website designers think that their work is over. They have delivered what they were paid for and now they will be available for the maintenance of the site only. But sometimes the main problem starts after publishing the website. What if the website they have built suddenly start showing different stuff from what was already present there? What if weird things start appearing on the pages of our website? And most horribly what if the password of our login panel has changed and we are not able to login into our website. This is called hacking, a website hacking. We have to figure out how this happened so we can prevent it from happening again. In this seminar we are going to discuss some of major website hacking techniques and we are also going to discuss how to prevent website from getting vulnerable to different attacks currently use by various hackers.
Controlling Access to IBM i Systems and DataPrecisely
Security best practice and regulations such as SOX, HIPAA, GDPR and others require you to restrict access to your critical IBM i systems and their data, but this is easier said than done. Legacy, proprietary access protocols now co-exist with new, open-source protocols to create access control headaches.
View this webcast on-demand for an in-depth discussion of IBM i access points that must be secured and how exit points can be leveraged to accomplish the task. We’ll cover:
• Securing network access and communication ports
• How database access via open-source protocols can be secured
• Taking control of command execution
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
This presentation is prepared by Mr. Satyajit Mukherjee, Senior Consultant of IBM. This will provide the user a brief understanding of unethical hacking and SQL Injection.
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
When we talk about security for your library, we should understand some of the tools people may use to harm your network and infrastructure. In this session, learn how hackers may hack and ways to protect yourself. IT security is more than just a buzzword; it’s a necessity to understand and implement the correct measures to keep you, your library, and your patrons safe.
The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security.
How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down:
• Vulnerability anatomy – how they present themselves
• Analysis of vulnerability root cause and protection schemas
• Test procedures to validate susceptibility (or not) for each threat
Expand Your Control of Access to IBM i Systems and DataPrecisely
Controlling all the ways your company’s data is being accessed, especially given the proliferation of open source software and other non-traditional data-access methods, is critical to ensuring security and regulatory compliance. This webinar reviews the different ways your data can be accessed, discusses how exit points work and how they can be managed, and why a global data access control strategy is especially important to efficiently protect sensitive data against unwanted access.
Topics include:
• IBM i access methods and risks
• Using exit programs to block traditional and modern access methods
• Real life examples and perspectives
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/
Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues.
How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss:
- How application attacks work
- Open Web Application Security Project (OWASP) goals
- How to build defenses into your applications
- The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities
- How to test for and prevent these types of threats
Build, Deploy and Run Node Js Application on Azure using DockerOsama Mustafa
Build, Deploy and Run Node Js Application on Azure using Docker,
This documentation explains step by step how to Build, Deploy and Run Node.js application on Azure using docker.
Learn the basic of the docker and how to use it with Oracle Weblogic, Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
2. Overview
• Introduction
• Why Database security is important ?
• How Database Are hacked ?
• How to Protect against Database Attack ?
• Conclusion
• Reference
• Q&A
3. Who Am I ?
•
•
•
•
•
•
Certified OCP,OCE,OCS 10g,11g
Oracle ACE
Certified Ethical hacker / LPT
Sun / Linux Certified
Author Of Oracle Penetration testing book
Presenter & Contributor in Oracle Community .
osama.mustafa@gurussolutions.com
@OsamaOracle
http://osamamustafa.blogspot.com
Osama Mustafa
5. Introduction
• 10 January 2014 Target data theft affected 70 million
customers.
• Data Theft is Becoming Major Threat.
• Data Theft is Bank of gold.
• 90% of companies say they've been hacked.
• Most of the Target Data are Personal Stuff Such as
Credit Card, Account Number, and Passwords.
7. Introduction
“Your Personal Data is Worth Pretty Penny, But it All Depends On Who
Wants it” TrendMicro
Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this
Website :
http://www.ft.com/cms/s/2/927ca86e-d29b-11e2-88ed00144feab7de.html#axzz2ukFAZIUF
8.
9. Introduction
• In 2012 Report from Verizon Data Indicate that 96% of Records breached are
from database.
• Less Than 5% of Security Spend on Data Center (WW Security Products ) .
Data Center
5%
95%
10. Why Database Security Is Important
• Database is the most important Data Banking :
• Financial Data
• Client/Customer Data
• Corporate/organization Data.
• If the database stop working the company will lose money.
• If the database is getting hacked, imagine what happened to the
company.
11. Why Database Security Is Important
• Ensure the data is confidential, and prevent any outsourcing
modification.
• Secure database provide an additional benefit which is data
management become more efficient and effective.
• Access to database should be only restricted to authorized people
only unless one thing it’s Public Database.
• Secure Database leads to monitor activity and knows
authorized people.
12. Laws about Security
• SOX Sarbanes Oxley
• “protect investors by improving reliability of corporate”
• PCI Payment Card industry
• Related to Credit card companies such as Visa, Master card.
• GLBA Gramm Leach Bliley Act
• companies that offer consumers financial products or services like loans.
• DATA Data Accountability and Trust Act
• security policies and procedures to protect data containing personal
information
14. How Database are Hacked ?
• As Database Administrator you need to know Threats that can effect
on your database.
• Definition of threats : context of computer security, refers to anything
that has the potential to cause serious harm to a computer system. A
threat is something that may or may not happen, but has the
potential to cause serious damage. Threats can lead to attacks on
computer systems, networks and more.
• Vulnerability: Existence of a weakness design or implementation
error that Existence of a weakness, design, or implementation error
that can lead to an unexpected and undesirable event compromising
the security of the system
15. Elements Of Security
• Confidentiality :
• The concealment of information or resources.
• Authenticity
• The identification and assurance of the origin of information.
• Integrity
• The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes.
• Availability
• The ability to use the desired information or resource
17. What The Hacker Do ?
• Gather Information
• Active : Directly Such as social engineering
• Passive : Google search, Social media
• Scanning :
• use some tools for scan vulnerabilities of the system.
• Gaining Access:
• Penetration Phase, continue attacking to explore deeper into the target network.
• Maintaining Access
• Downloading Phase
• Clearing Tracks
“The more the hacker learns about your internal operations means the more likely he will be
intrude and exploit. So be Secure.”
18. Attack Oracle-Database Server
• Database servers are usually hacked to get the critical information
• Mistakes made by the web designers can reveal the databases of the
server to the hacker
• Finding an Oracle database server on network is done using TCP port
scan
• Once Oracle Database Server has been discovered, First Port of call is
TNS Listener.
19. Top Threats Effect on Database Server
• Unused Privileges:• When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what
he is doing.
•
•
•
•
•
•
•
•
REVOKE CREATE DATABASE LINK FROM connect;
REVOKE EXECUTE ON utl_tcp FROM public;
REVOKE EXECUTE ON utl_smtp FROM public;
REVOKE EXECUTE ON utl_http FROM public;
REVOKE EXECUTE ON utl_mail FROM public;
REVOKE EXECUTE ON utl_inaddr FROM public;
REVOKE EXECUTE ON utl_file FROM public;
REVOKE EXECUTE ON dbms_java FROm public;
20. Top Threats Effect on Database Server
• http://support.oracle.com
• Review database user privileges
• Note 1020286.6 - Script to Create View to Show All User Privs
Note 1050267.6 - SCRIPT: Script to show table privileges for users and roles
Note 1020176.6 - SCRIPT: Script to Generate object privilege GRANTS
• Revoke privileges from PUBLIC where not necessary
• Note 247093.1 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 234551.1 - PUBLIC Is it a User, a Role, a User Group, a Privilege ?
Note 390225.1 - Execute Privileges Are Reset For Public After Applying Patchset
21. Top Threats Effect on Database Server
• Weak Authentication
• Most common Default Password for Database
Username
Password
Sys
Manager
Sys
System
Sys
Oracle
System
Same as sys
Apps
Apps ( EBS User )
scott
tiger
Oracle Default Password List By Pete Finnigan
http://www.petefinnigan.com/default/default_password_list.htm
22. Voyager Beta worm
• On 20-december 2005 an anonymous poster (kwbbwi@findnot.com )
posted an variant of the Oracle Voyager Worm.
• Read more About this Worm :
• http://www.red-database-security.com/advisory/oracle_worm_voyager.html
• attacks Oracle servers using default accounts and password
• It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listens.
• If Ok Then Tries Series of Username and password
• System/manager, sys/change_on_install , dbsnmp/dbsnmp, scott/tiger.
• Authenticate Ok , It will create table to transfer payload.
23. Top Threats Effect on Database Server
• Denial of service (DoS) :• Common DoS techniques include buffer overflows, data corruption, network
flooding, and resource consumption.
• It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable, or significantly slow it down
for legitimate users, by overloading its resources.
• Attackers may:
• Attempt to flood a network, thereby preventing legitimate network traffic.
• Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines, thereby preventing access to a service.
• Attempt to prevent a particular individual from accessing a service.
• Attempt to disrupt service to a specific system or person.
24. Top Threats Effect on Database Server
• The Impact:• Disabled network
• Disabled organization
• Financial loss
• Loss of goodwill
• DoS Attack Classification:•
•
•
•
•
Smurf :- Generates a large amount of ICMP echo (ping)
Buffer Overflow Attack :- The program writes more information into the buffer.
Ping of death :- Send IP Packets larger than the 65,536 Bytes.
Teardrop :- IP Requires that packet that is too large for next Router.
SYN Attack :- Sends bogus TCP SYN requests to a victim server.
25. Top Threats Effect on Database Server
• Examples DoS Attack Tools :•
•
•
•
•
•
•
•
•
•
•
Jolt2
Bubonic.c
Land and LaTierra
Targa
Blast20
Nemesy
Panther2
Crazy Pinger
Some Trouble
UDP Flood
FSMax
26. Top Threats Effect on Database Server
• SQL Injection
• type of security exploit in which the attacker "injects" Structured Query
Language (SQL) code through a web form input box to gain Structured Query
Language (SQL) code through a web form input box, to gain access to
resources, or make changes to data
• Programmer use sequential commands with user inputs making it easier for
attackers to inject commands.
• Attacker can do SQL Commands through web application.
• For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation,
a SQL query is used.
• What I Need Any Web Browser.
27. Top Threats Effect on Database Server
• What Should I look For in SQL Injection ?
• HTML method
• POST you cannot see any parameters in browser.
• GET
• Check HTML Source Code.
<Form action=search.asp method=post> <input type=hidden name=X value=Z>
</Form>
• Examples
• http:// www.mywebsite.com /index.asp?id=10
28. Top Threats Effect on Database Server
If you get this error, then the website is vulnerable to an SQL injection
attack
29. Top Threats Effect on Database Server
• But Wait How Can I Test SQL Injection !!!
• Different Way, Different Tools
• Easy Way to use Single Quote in the input
• Examples :
• • blah’ or 1=1—
• Login:blah’ or 1=1—
• • Password:blah’ or 1=1—
http:// www.mywebsite.com /index.asp?id=10
Will be like this
http:// www.mywebsite.com/index.asp?id=blah’ or 1=1--
30. Top Threats Effect on Database Server
• Another examples for single quote usage in SQL Injection :
• ‘ or 1=1—
• “ or 1=1—
• ‘ or ‘a’=‘a
• “ or “a”=“a
• ‘) or (‘a’=‘a)
• The hacker breaks into the system by injecting malformed SQL into the query
because the executed query is formed by the concatenation of a fixed string and
values entered by the user:
• string strQry = "SELECT Count(*) FROM Users WHERE UserName='" + txtUser.Text + "' AND
Password='" + txtPassword.Text + "'";
31. Top Threats Effect on Database Server
• If the user enter valid username and password the query strQry will be changed
Like this :
SELECT Count(*) FROM Users WHERE UserName='Paul' AND Password='password‘
• But The Hacker will not leave weak code Alone and he will enter :' Or 1=1 –
• The New Query Will be
SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password=''
• 1=1 is always true for every row in the table, so assuming there is at least one row
in the table this SQL always return nonzero count of records.
33. Top Threats Effect on Database Server
Performance impacts.
Determine what is important to be audited.
Limited Resource.
Which Mechanism Of Audit Trail I should Use ?
No End-To-End Auditing
35. Top Threats Effect on Database Server
• Whether database auditing is enabled or disabled, Oracle will always audit
certain database actions into the OS audit trail. There is no way to change this
behavior because it is a formal requirement of the security evaluation criteria.
Documents Every DBA Should Read
•
•
•
•
•
NOTE:174340.1 - Audit SYS User Operations (How to Audit SYSDBA)
NOTE:553225.1 - How To Set the AUDIT_SYSLOG_LEVEL Parameter?
NOTE:1299033.1- Master Note For Oracle Database Auditing
Note 174340.1 - Audit SYS User Operations
note 1171314.1 Huge/Large/Excessive Number Of Audit Records Are Being Generated In The
Database
• Note 1509723.1 - Oracle Database Auditing Performance
36. Top Threats Effect on Database Server
• Malware
• is software designed to infiltrate or damage a computer system without the
owner's informed consent The expression is a general term used by computer
professionals to mean a variety of forms of hostile, intrusive, or annoying
software or program code.
Report From Verizon Data:“69% breaches incorporated malware”
http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-DataBreach-Report-2012.pdf
37. Top Threats Effect on Database Server
• Malware includes computer viruses, worms, trojan horses, spyware, adware,
most rootkits, and other malicious programs. In law, malware is sometimes
known as a computer contaminant, in various legal codes.
38. Top Threats Effect on Database Server
Most Common Ports:Name
Protocol
Ports
Back Office
UDP
31337 Or 31338
Deep Throat
UDP
2140 and 3150
Net Bus
TCP
12345 and 12346
Whack-a-mole
TCP
12361 and 12362
Net Bus 2 Pro
TCP
20034
Girlfriend
TCP
21544
Master Paradise
TCP
3129, 40421, 40422,
40423 and 40426
Windows : netstat –an | findstr <port number>
Linux : netstat –an | grep <port number>
39. Top Threats Effect on Database Server
• Storage/Backup Media Exposure
• When data is saved to tape, you want to be confident that data will be
accessible decades from now, as well as tomorrow.
• Backup database storage media is often completely unprotected from attack.
As a result, several high profile security breaches have involved theft of
database backup tapes and hard disks.
• Always Remember Company Data Means Money to another Person.
40. Top Threats Effect on Database Server
• Unpatched Database
• Oracle Provide Something Called Critical Patch Updates.
• Critical Patch Updates are collections of security fixes for Oracle products.
• They are released on the Tuesday closest to the 17th day of January, April, July and
October. The next four dates are:
•
•
•
•
•
17th day of January.
15 April 2014
15 July 2014
14 October 2014
20 January 2015
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
42. Top Threats Effect on Database Server
• Another Thing should be follow and Monitored which is :
• Security Alerts
• Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch
Update
43. Top Threats Effect on Database Server
• Unsecure Sensitive Data:• Who has access to company data ?
• Dose the company meet requirement ?
• What Will make the Hacker Rich ?
• What Could damage the reputation of the organization ?
44. Top Threats Effect on Database Server
• Limited Education/Trained end users:• Humans are the weakest link in the information security.
• The errors committed by the human elements of an organization remain a major
contributor to data loss incidents worldwide.
• What do we want to accomplish by making users aware of security?
•
•
•
•
Encourage safe usage habits and discourage unsafe behavior
Change user perceptions of information security
Inform users about how to recognize and react to potential threats
Educate users about information security techniques they can use
45. Top Threats Effect on Database Server
• Challenges:•
•
•
•
Delivering a desired message to the end-user.
Motivating users to take a personal interest in information security.
Giving end user security awareness a higher priority within organizations.
No Budget in the company for Security Awareness.
46. How to Secure Database
• What Should I Do to Secure Database ?
• Set a good password policy
• No password reuse.
• Strong passwords
• Keep up to date with security patches
• Check Firewall level
• Trusted Connection Only
• Block Unused Ports
• Encryption
• network level
• SSL
• File Level Such as Backup.
• Database Such As Sensitive Data.
• Monitor Database
• Periodically check for users with database administration privileges
47. How to Secure Database
• audit your web applications
• Misconfigurations.
• Log as much as possible
• Failed logins.
• Permissions errors
• Your Data is your money protect it.
• Train IT staff on database security.
• Always Ask For Professional Services.