The document discusses microservice architecture and compares it to monolithic and service-oriented architectures. It describes microservices as independently deployable services with well-defined interfaces that work together. The document notes that microservices can improve scalability and flexibility but also presents challenges around integration and operational complexity.
My talk at Hack in the Box 2010 - Kuala Lumpur
It has been a decade since I started talking about computer security. 10 years have witnessed a change in threat landscapes, attack targets, exploits, techniques and damage. Two eco-systems are slowly and surely converging into one. On one hand, we have the application layer. Much has been talked about it. There is a steady trickling flow of XSS, XSRF, SQL injection and the usual suspects. Some of them are under the guise of "Web 2.0", and some of them are as ancient as CGI attacks of 1999. On the other hand, we have the desktop. Dominating the desktop is the browser, with its horde of assistants. Exploitation in this space has accelerated in the last 3 years.
How will the threat landscape change with the advent of new technologies and services? New standards are emerging, and the darling child of the web is HTML 5. A closer look at standards reveals and awful mess. Are the standards mitigating any security concerns? More importantly, will browser vendors and web application developers really respect the standards? The browser wars taught us that "might is right". If everyone breaks the web, that becomes a new adopted standard. New technologies, coupled with popular online services make for some very interesting exploit delivery techniques.
This talk explores some innovative exploit delivery techniques that are born as a result of bloated standards and services designed without much thought towards security. We cover techniques where exploits can be delivered through URL shorteners and images. We take a look at some browser exploits. This talk ends with a discussion on exploit sophistication, ranging from highly polished and elegant techniques such as Return Oriented Programming to the downright crude and ugly techniques such as DLL Hijacking. How will we combine all this together? And will Anti-Virus still save us all?
A Presentation by Thomas Powell (PINT) and me at the Bird Rock Systems luncheon at the Del Mar Race Track on 11th August 2010.
We talked about web attacks and the threat landscape as it stands today.
My talk at Hack in the Box 2010 - Kuala Lumpur
It has been a decade since I started talking about computer security. 10 years have witnessed a change in threat landscapes, attack targets, exploits, techniques and damage. Two eco-systems are slowly and surely converging into one. On one hand, we have the application layer. Much has been talked about it. There is a steady trickling flow of XSS, XSRF, SQL injection and the usual suspects. Some of them are under the guise of "Web 2.0", and some of them are as ancient as CGI attacks of 1999. On the other hand, we have the desktop. Dominating the desktop is the browser, with its horde of assistants. Exploitation in this space has accelerated in the last 3 years.
How will the threat landscape change with the advent of new technologies and services? New standards are emerging, and the darling child of the web is HTML 5. A closer look at standards reveals and awful mess. Are the standards mitigating any security concerns? More importantly, will browser vendors and web application developers really respect the standards? The browser wars taught us that "might is right". If everyone breaks the web, that becomes a new adopted standard. New technologies, coupled with popular online services make for some very interesting exploit delivery techniques.
This talk explores some innovative exploit delivery techniques that are born as a result of bloated standards and services designed without much thought towards security. We cover techniques where exploits can be delivered through URL shorteners and images. We take a look at some browser exploits. This talk ends with a discussion on exploit sophistication, ranging from highly polished and elegant techniques such as Return Oriented Programming to the downright crude and ugly techniques such as DLL Hijacking. How will we combine all this together? And will Anti-Virus still save us all?
A Presentation by Thomas Powell (PINT) and me at the Bird Rock Systems luncheon at the Del Mar Race Track on 11th August 2010.
We talked about web attacks and the threat landscape as it stands today.
Build cognitive Apps that help enhance, scale and accelerate Human ExpertiseNiklas Heidloff
Sessions at http://developerworld.heise.de / March 2015
IBM Watson represents a bold new partnership between people and computers that enhances, scales, and accelerates human expertise. Watson provides various cognitive services that can be integrated via REST APIs in your own apps, for example user modeling, questions and answers, speech recognition, concept expansion and much more. Attend this session to learn about the cognitive Watson services available on IBM Bluemix, IBM's Platform as a Service. With Bluemix developers can focus on writing code rather than setting up infrastructure and they can mix various services into their applications. In this session you'll see a live demo how to build apps leveraging these cognitive capabilities.
Do you want your administration day even easier? Are you aware of the free code snippets, tools and products you could be using in your arsenal? This session will fly through as many of them as we can in sixty minutes. Screenshots, demos and a nice bundled list of where to get them all. Just in case we can't fit them all in!
Examples are Domino server console shortcuts, Sametime buddylist management, LDAP verification, improved search tools within your Notes client and even more. I don't want to give all the hints away here.
Integrate Application Security Testing into your SDLCIBM Security
Considering security early in the development stage is good and valuable, running security tests during the development life cycle is better, integrating that testing into your build system is the best approach.
This Presentation shows how to connect a servo motor to a pi and control it via Watson IoT Platform. We used this to build a payloader which we added to a DJI drone.
Managing integration in a multi cluster world. Webinar recording link:
https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=linkedInShareFromReg&ms=1589488744528&eventid=2224596&sessionid=1&key=3ECE7F975C7141D20CAC88BAB409A245®Tag=&sourcepage=register
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
View On Demand Webinar: https://securityintelligence.com/events/life-on-the-endpoint-edge-winning-the-battle-against-cyber-attacks/
The perimeter – the boundary that encloses what you need to protect – was once a fixed value. Now your perimeter is wherever your endpoints are—from on-site servers at your headquarters, to employee devices connecting remotely around the globe. That picture is further complicated by the increasing types of devices that comprise your perimeter: point-of-sale systems (POS), ATMs, remote servers and even that ‘yet-to-be-invented device’ (that your boss will probably want on your network the week it’s released).
With cyber-attacks and vulnerabilities increasing in number and sophistication, how do you ensure endpoints in your organization are immunized against a potential breach while dealing with reduced budgets and limited resources?
View this on-demand webinar to learn about the state of endpoint security and how it is evolving to keep pace with attackers looking to exploit any gap in your perimeter.
I this Lab we create a ChatBot which connects to a Hacked Air-freshener that has a Particle or a esp8266 connected to the IBM IoT platform. The Freshness can be controlled via Voice and the Chatbot.
Capgemini Connected Car Demo Using IBM Internet of Things Foundation on BluemixCapgemini
Does the buzz about IBM Internet of Things (IoT) and Bluemix makes you curious to see some real-world demos and implementations?
IBM and Capgemini are going to show you the future of vehicle technology, focusing on different ways in which vehicles can be connected using IoT and IBM Bluemix. We’ll demo an app named “Follow your Friend” that lets you connect with and exchange GPS positions with other vehicles.
We’ll also demo “Geofence” for location-based marketing: it knows about the drivers’ needs as they drive and informs retailers about potential customers, so they can push offers to their customer’s vehicle devices (or mobile devices) as they drive by.
Presented at IBM InterConnect 2015 by Capgemini's Avinash Vaidya.
Infographic: The State of Mobile InsecurityIBM Security
According to a study by the Ponemon Institute, today’s large companies each spend an average of $34 million annually to develop mobile apps we use to shop, bank and more. However, only an average of 5.5% of this immense budget is spent on securing these apps against hackers and security breaches. For more information, visit http://ibm.co/1LwTYkB.
Connecting Devices to the IBM IoT via MQTT - Session 1231 @IBMInsight2015Markus Van Kempen
This session explains how to connect any devices to the IBM IoT Cloud. It shows how to collect the device sensor information and visualize the data using IBM Bluemix. It demonstrates the tools in Bluemix via nodes.js to issue commands via the IoT Cloud to the device. For example, you might set the temperature on your Google Nest smart thermostat via IoT or change the color of the screen on your phone. We connect the International Space Station to IOT and display the location via real time insights ....
Location sensing and IBM presence insightsDerek Baron
The next generation of context-aware apps will use a variety of location sensing technology as its canvas for creating more productive, meaningful, and interactive user experiences.
IBM Presence Insights Integrates multi-sensor engagement capabilities, Facilitates mobile apps that sense, analyze, act, engage, and Partnership opportunities (retail, events, social media).
Build cognitive Apps that help enhance, scale and accelerate Human ExpertiseNiklas Heidloff
Sessions at http://developerworld.heise.de / March 2015
IBM Watson represents a bold new partnership between people and computers that enhances, scales, and accelerates human expertise. Watson provides various cognitive services that can be integrated via REST APIs in your own apps, for example user modeling, questions and answers, speech recognition, concept expansion and much more. Attend this session to learn about the cognitive Watson services available on IBM Bluemix, IBM's Platform as a Service. With Bluemix developers can focus on writing code rather than setting up infrastructure and they can mix various services into their applications. In this session you'll see a live demo how to build apps leveraging these cognitive capabilities.
Do you want your administration day even easier? Are you aware of the free code snippets, tools and products you could be using in your arsenal? This session will fly through as many of them as we can in sixty minutes. Screenshots, demos and a nice bundled list of where to get them all. Just in case we can't fit them all in!
Examples are Domino server console shortcuts, Sametime buddylist management, LDAP verification, improved search tools within your Notes client and even more. I don't want to give all the hints away here.
Integrate Application Security Testing into your SDLCIBM Security
Considering security early in the development stage is good and valuable, running security tests during the development life cycle is better, integrating that testing into your build system is the best approach.
This Presentation shows how to connect a servo motor to a pi and control it via Watson IoT Platform. We used this to build a payloader which we added to a DJI drone.
Managing integration in a multi cluster world. Webinar recording link:
https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=linkedInShareFromReg&ms=1589488744528&eventid=2224596&sessionid=1&key=3ECE7F975C7141D20CAC88BAB409A245®Tag=&sourcepage=register
Life on the Endpoint Edge: Winning the Battle Against Cyber AttacksIBM Security
View On Demand Webinar: https://securityintelligence.com/events/life-on-the-endpoint-edge-winning-the-battle-against-cyber-attacks/
The perimeter – the boundary that encloses what you need to protect – was once a fixed value. Now your perimeter is wherever your endpoints are—from on-site servers at your headquarters, to employee devices connecting remotely around the globe. That picture is further complicated by the increasing types of devices that comprise your perimeter: point-of-sale systems (POS), ATMs, remote servers and even that ‘yet-to-be-invented device’ (that your boss will probably want on your network the week it’s released).
With cyber-attacks and vulnerabilities increasing in number and sophistication, how do you ensure endpoints in your organization are immunized against a potential breach while dealing with reduced budgets and limited resources?
View this on-demand webinar to learn about the state of endpoint security and how it is evolving to keep pace with attackers looking to exploit any gap in your perimeter.
I this Lab we create a ChatBot which connects to a Hacked Air-freshener that has a Particle or a esp8266 connected to the IBM IoT platform. The Freshness can be controlled via Voice and the Chatbot.
Capgemini Connected Car Demo Using IBM Internet of Things Foundation on BluemixCapgemini
Does the buzz about IBM Internet of Things (IoT) and Bluemix makes you curious to see some real-world demos and implementations?
IBM and Capgemini are going to show you the future of vehicle technology, focusing on different ways in which vehicles can be connected using IoT and IBM Bluemix. We’ll demo an app named “Follow your Friend” that lets you connect with and exchange GPS positions with other vehicles.
We’ll also demo “Geofence” for location-based marketing: it knows about the drivers’ needs as they drive and informs retailers about potential customers, so they can push offers to their customer’s vehicle devices (or mobile devices) as they drive by.
Presented at IBM InterConnect 2015 by Capgemini's Avinash Vaidya.
Infographic: The State of Mobile InsecurityIBM Security
According to a study by the Ponemon Institute, today’s large companies each spend an average of $34 million annually to develop mobile apps we use to shop, bank and more. However, only an average of 5.5% of this immense budget is spent on securing these apps against hackers and security breaches. For more information, visit http://ibm.co/1LwTYkB.
Connecting Devices to the IBM IoT via MQTT - Session 1231 @IBMInsight2015Markus Van Kempen
This session explains how to connect any devices to the IBM IoT Cloud. It shows how to collect the device sensor information and visualize the data using IBM Bluemix. It demonstrates the tools in Bluemix via nodes.js to issue commands via the IoT Cloud to the device. For example, you might set the temperature on your Google Nest smart thermostat via IoT or change the color of the screen on your phone. We connect the International Space Station to IOT and display the location via real time insights ....
Location sensing and IBM presence insightsDerek Baron
The next generation of context-aware apps will use a variety of location sensing technology as its canvas for creating more productive, meaningful, and interactive user experiences.
IBM Presence Insights Integrates multi-sensor engagement capabilities, Facilitates mobile apps that sense, analyze, act, engage, and Partnership opportunities (retail, events, social media).