Supporting marine management from the bottom up by Jacqueline F Tweddle, MarCRF Research Fellow in Marine Spatial Management at the University of Aberdeen and Marine Scotland Scienc at the workshop 'What are the research needs for planning in 21st century?' at the 2nd Baltic Maritime Spatial Planning Forum in Riga, Latvia on 23-24 November 2016 (the final conference of the Baltic SCOPE collaboration).
Video and other presentations - www.balticscope.eu
www.vasab.org
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...Mail.ru Group
Алексей рассказал о Cisco PSIRT, жизненном цикле управления уязвимостями и взаимодействии Cisco PSIRT с пользователями. Также докладчик разобрал два кейса: «Heartbleed» и «Програмный имплант в Cisco IOS».
Supporting marine management from the bottom up by Jacqueline F Tweddle, MarCRF Research Fellow in Marine Spatial Management at the University of Aberdeen and Marine Scotland Scienc at the workshop 'What are the research needs for planning in 21st century?' at the 2nd Baltic Maritime Spatial Planning Forum in Riga, Latvia on 23-24 November 2016 (the final conference of the Baltic SCOPE collaboration).
Video and other presentations - www.balticscope.eu
www.vasab.org
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...Mail.ru Group
Алексей рассказал о Cisco PSIRT, жизненном цикле управления уязвимостями и взаимодействии Cisco PSIRT с пользователями. Также докладчик разобрал два кейса: «Heartbleed» и «Програмный имплант в Cisco IOS».
Security Vulnerabilities in Third Party Code - Fix All the Things! Kymberlee Price
Developer Edition, presented at Philly Emerging Technologies in the Enterprise conference, 2016: increased discussion regarding management of third party libraries during design and development as a part of SDL process, overview of vulnerability management concepts, SDL, Incident Response processes, CVSS, and vulnerability data sources. Attendees were provided with concrete recommendations for each phase of SDL to improve their third party library security.
-------
Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly.
How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products – as well as actions developers, the security research community, and enterprise customers can take to address this problem.
Security in the Development Lifecycle - lessons learnedBoaz Shunami
In this presentation, I delivered in the OWASP IL conference on September 2012.
I discuss the lessons learned from several years of Implementing Application Security into the development lifecycle on organizations in IL, EU and US. I cover some different approaches to the subject and also different types of organizations. Concluding with some recommendations.
Feel free to contact me if you have any questions:
boaz (at) komodosec.com
check out our website and services on:
www.komodosec.com
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Security Vulnerabilities in Third Party Code - Fix All the Things! Kymberlee Price
Developer Edition, presented at Philly Emerging Technologies in the Enterprise conference, 2016: increased discussion regarding management of third party libraries during design and development as a part of SDL process, overview of vulnerability management concepts, SDL, Incident Response processes, CVSS, and vulnerability data sources. Attendees were provided with concrete recommendations for each phase of SDL to improve their third party library security.
-------
Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different third party libraries implemented. The result is that third-party and open source libraries have the ability to spread a single vulnerability across multiple products- exposing enterprises and requiring software vendors and IT organizations to patch the same vulnerability repeatedly.
How big of a problem is this? What libraries are the biggest offenders for spreading pestilence? And what can be done to minimize this problem? This presentation will dive deep into vulnerability data and explore the source and spread of these vulnerabilities through products – as well as actions developers, the security research community, and enterprise customers can take to address this problem.
Security in the Development Lifecycle - lessons learnedBoaz Shunami
In this presentation, I delivered in the OWASP IL conference on September 2012.
I discuss the lessons learned from several years of Implementing Application Security into the development lifecycle on organizations in IL, EU and US. I cover some different approaches to the subject and also different types of organizations. Concluding with some recommendations.
Feel free to contact me if you have any questions:
boaz (at) komodosec.com
check out our website and services on:
www.komodosec.com
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
API Meetup Tokyo #29 ニッポンのAPIエコノミー最前線 〜国産APIが社会を変える~ セッション資料
AOSテクノロジーズ株式会社 丸山耕二さん
AOSテクノロジーズが運営しているメディア「APIbank」の中の人として、メディアから見た国産APIの現状と未来へ向けた課題をお話しします。それぞれ、APIbankのデータと国産API提供者へのインタビューを元にお伝えする予定です。
This document discusses using GraphQL with Shopify's API. It notes some advantages of GraphQL over REST APIs, such as allowing clients to specify exactly which fields they need in a single request. It also provides examples of Shopify projects that use GraphQL and links to documentation and SDKs for building customized shopping experiences using the Storefront API. In summary, GraphQL allows more flexible data fetching and is now used internally by Shopify for mobile apps.
Shopify is an e-commerce platform founded in 2006 that now has over 600,000 merchants using its services worldwide. It provides tools for merchants to build and customize online stores, and also offers services for payment processing, shipping/fulfillment, marketing and sales. Shopify has offices around the world including its headquarters in Ottawa, Canada and offices in major tech hubs like San Francisco. It aims to make e-commerce simple and empower merchants of all sizes to easily build and grow their businesses online.
Augusto Marietti is the co-founder and CEO of Mashape, an API management platform. He grew up in Italy and Milan, studied there but dropped out to found Mashape with no money or connections in the US. He has since raised over $10M from investors like Bezos, Index and CRV. Mashape has offices in SF, Toronto and London and grew its headcount by 2x in 8 months. It offers four main products: Kong API gateway, Gelato developer portal, Galileo API analytics, and an API marketplace. Marietti is in Japan for the first time to enjoy sushi and Kobe beef and discuss how Kong supports the OpenAPI Specification.