SlideShare a Scribd company logo
PRAGMATIC SECURITY
AND RUGGED DEVOPS
WORKSHOP
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
CONVERSATION
#SXSW + #RUGGED CODE
#SXSW
#RUGGEDCODE
50% OFF GAUNTLT BOOK
FOR SXSW ATTENDEES!
leanpub.com/hands-on-gauntlt/c/50percentoff
#SXSW
#RUGGEDCODE
63% HANDS ON LABS!
APPLIEDTHEORY
#SXSW
#RUGGEDCODE
WORKSHOP PLEDGE
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY You/Me
I will not attempt to access
my neighbor’s computer

I will not hack the wifi

I will be friendly to those
around me
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
TWO 5-MINUTE BREAK
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HANDS-ON LABS
~8 Mini Labs lasting 5 to 10 minutes each

Let us know if you are having a problem, and we
will help

We will also be around after the class to help as
well
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
TIPS FOR THE LABS
Open the labs folder in your browser to
follow along to benefit from markdown
display

Run all commands from the ~/gauntlt-demo
#SXSW
#RUGGEDCODE
WHY ARE YOU HERE?
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
OUR GOAL: EQUIP YOU WITH
PRAGMATIC APPROACHES TO
SECURITY THAT CAN HELP YOU
MAKE A DIFFERENCE
#SXSW
#RUGGEDCODE
WHO ARE WE?
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
JAMES WICKETT
Sr. Engineer at Signal Sciences

Austin, TX

Gauntlt Core Team

DevOps Days Austin Organizer

Velocity, LASCON, ISC2, AppSecUSA,
B-Sides, …
signalsciences.com
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
MATT JOHANSEN
Houston, TX

Sr. Manager, TRC WhiteHat Security

BlackHat, DEFCON, RSA, more++

Wannabe Dev (node.js, angularjs)

I’m hiring
#SXSW
#RUGGEDCODE
WHY DOES THIS MATTER?
#SXSW
#RUGGEDCODE
SONY, SONY, SONY, SONY, SONY
SONY, SONY, SONY, SONY, SONY
SONY, SONY, SONY, SONY, SONY
SONY, SONY, SONY, SONY, SONY
SONY, SONY, SONY, SONY, SONY
SONY, SONY, SONY, SONY, SONY
#SXSW
#RUGGEDCODE
HUMANS OPTIMIZE FOR THE
PROBABLE
#SXSW
#RUGGEDCODE
WE OPTIMIZE FOR THE PROBABLE
#SXSW
#RUGGEDCODE
UNIT TESTING
#SXSW
#RUGGEDCODE
INTEGRATION TESTING
#SXSW
#RUGGEDCODE
HAPPY PATH ENGINEERING
#SXSW
#RUGGEDCODE
WE OPTIMIZE FOR THE POSSIBLE
#SXSW
#RUGGEDCODE
OVER ENGINEERING
#SXSW
#RUGGEDCODE
STRESS AND LOAD TESTING
#SXSW
#RUGGEDCODE
WE OPTIMIZE FOR THE
PERCEIVED PROBABLE
#SXSW
#RUGGEDCODE
HOW DO WE PERCEIVE WHAT IS
PROBABLE?
#SXSW
#RUGGEDCODE
EPISTEMOLOGICAL PROBLEM OF
SOFTWARE DEVELOPMENT
#SXSW
#RUGGEDCODE
WE ATTEMPT TO SOLVE IT BY
GATHERING DATA OR RHETORIC
#SXSW
#RUGGEDCODE
3 APPROACHES TO SOLVE THE
EPISTEMOLOGICAL PROBLEM OF
SOFTWARE DEVELOPMENT
#SXSW
#RUGGEDCODE
ARC 1:
AGILE
#SXSW
#RUGGEDCODE
AGILE SIDE-STEPS THE PROBLEM
#SXSW
#RUGGEDCODE
AGILE SAYS WE DON’T KNOW
WHAT WE ARE BUILDING
#SXSW
#RUGGEDCODE
SOLUTION: RELEASE FEATURES
TO CUSTOMERS RAPIDLY
#SXSW
#RUGGEDCODE
JUST SHIP IT!
#SXSW
#RUGGEDCODE
BEHAVIOR DRIVEN DEV
#SXSW
#RUGGEDCODE
BEHAVIOR DRIVEN DEVELOPMENT IS A SECOND-
GENERATION, OUTSIDE–IN, PULL-BASED,
MULTIPLE-STAKEHOLDER, MULTIPLE-SCALE, HIGH-
AUTOMATION, AGILE METHODOLOGY. IT DESCRIBES
A CYCLE OF INTERACTIONS WITH WELL-DEFINED
OUTPUTS, RESULTING IN THE DELIVERY OF
WORKING, TESTED SOFTWARE THAT MATTERS.
DAN NORTH , 2009
#SXSW
#RUGGEDCODE
AMPLIFY
THE
FEEDBACK
LOOP
#SXSW
#RUGGEDCODE
TLDR
RAPID ITERATIONS WIN
#SXSW
#RUGGEDCODE
AGILE IS
OUR
GUIDING
LIGHT
#SXSW
#RUGGEDCODE
PEOPLE MATTER
#SXSW
#RUGGEDCODE
WE DON'T SELL CD’S ANYMORE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
SOFTWARE AS A SERVICE
#SXSW
#RUGGEDCODE
THE LAST 15 YEARS HAVE BROUGHT
A COMPLETE CHANGE IN OUR
DELIVERY CADENCE, DISTRIBUTION,
AND REVENUE MODELS
#SXSW
#RUGGEDCODE
DEVOPS IS THE APPLICATION OF
AGILE METHODOLOGY TO SYSTEM
ADMINISTRATION
- THE PRACTICE OF CLOUD SYSTEM ADMINISTRATION BOOK
#SXSW
#RUGGEDCODEARC 2: DEVOPS
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
AGILE INFRASTRUCTURE
http://itrevolution.com/the-history-of-devops/
#SXSW
#RUGGEDCODE
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
#SXSW
#RUGGEDCODE
FIRST DEVOPS DAYS, GHENT 2009
@PATRICKDEBOIS
#SXSW
#RUGGEDCODE
THE OPPOSITE OF DEVOPS IS DESPAIR
- GENE KIM
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
http://dev2ops.org/blog/2010/2/22/what-is-devops.html
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
DEVOPS REALIZED THAT OPS
DOESN'T KNOW WHAT DEVS KNOW
AND VICE VERSA
#SXSW
#RUGGEDCODE
DEV : OPS
10 : 1
#SXSW
#RUGGEDCODE
DEVOPS IS AN EPISTEMOLOGICAL
BREAKTHROUGH JOINING DISPARATE
PEOPLE AROUND A COMMON PROBLEM
#SXSW
#RUGGEDCODE
DEVOPS IS AN INCLUSIVE MOVEMENT
THAT CODIFIES A CULTURE
- ADAM JACOBS
#SXSW
#RUGGEDCODE
CULTURE IS THE MOST IMPORTANT
ASPECT TO DEVOPS SUCCEEDING IN
THE ENTERPRISE
#SXSW
#RUGGEDCODE
WHAT WE VALUE
DETERMINES OUR
CULTURE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
MUTUAL UNDERSTANDING
SHARED LANGUAGE
OPENNESS
VISUALIZATION
TOOLING
#SXSW
#RUGGEDCODE
DEVOPS IS THE INEVITABLE RESULT OF NEEDING
TO DO EFFICIENT OPERATIONS IN A [DISTRIBUTED
COMPUTING AND CLOUD] ENVIRONMENT.
- TOM LIMONCELLI
#SXSW
#RUGGEDCODE
DEVOPS IS NOT A TECHNOLOGICAL PROBLEM.
DEVOPS IS A BUSINESS PROBLEM.
- DAMON EDWARDS
#SXSW
#RUGGEDCODE
http://puppetlabs.com/sites/default/files/2014-state-of-devops-report.pdf
#SXSW
#RUGGEDCODE
THE FIRST SCIENTIFIC STUDY OF THE
RELATIONSHIP BETWEEN
ORGANIZATIONAL
PERFORMANCE, IT PERFORMANCE
AND DEVOPS PRACTICES
#SXSW
#RUGGEDCODE
DEVOPS PRACTICES IMPROVE
IT PERFORMANCE
#SXSW
#RUGGEDCODE
CULTURE
AUTOMATION
MEASUREMENT
SHARING
@BOTCHAGALUPE
@DAMONEDWARDS
#SXSW
#RUGGEDCODE
ANTIPATTERN:
REBRAND YOUR
OPS TEAM TO
DEVOPS TEAM
#SXSW
#RUGGEDCODE
ANTIPATTERN:
MANUAL
CONFIG OF
PRODUCTION
ENVIRONMENT
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
CHEF, PUPPET, ANSIBLE, CFENGINE
RUNDECK, MCOLLECTIVE
JENKINS, TRAVIS, KITCHEN
CUCUMBER, GAUNTLT, SERVERSPEC
VAGRANT, DOCKER
#SXSW
#RUGGEDCODE
BEWARE OF THE
DEVOPS
SOFTWARE
SOLUTION
#SXSW
#RUGGEDCODE
“THAT THE WORD #DEVOPS GETS REDUCED TO
TECHNOLOGY IS A MANIFESTATION OF HOW
BADLY WE NEED A CULTURAL SHIFT”
- @PATRICKDEBOIS
http://www.slideshare.net/cm6051/london-devops-31-5-years-of-devops
#SXSW
#RUGGEDCODE
BUSINESS METRICS
EVENT CORRELATION
USAGE BASED MONITORING
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
ARC 3:
CONTINUOUS
DELIVERY
#SXSW
#RUGGEDCODE
CONTINUOUS DELIVERY IS NOT MERELY
HOW OFTEN YOU DELIVER BUT HOW
LITTLE YOU CAN DELIVER AT A TIME
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
BATCH SIZE OF 1
#SXSW
#RUGGEDCODE
OLD WAY
CHANGES BREAK STUFF, SO LIMIT
THEM AND BATCH THEM ALL TOGETHER
#SXSW
#RUGGEDCODE
NEW WAY
DELIVERY OF ONE CHANGE AT A
TIME REDUCES OUTAGES,
INCREASES PERFORMANCE, AND
LIMITS TECHNICAL DEBT
#SXSW
#RUGGEDCODE
NEVER PASS DEFECTS TO THE
NEXT STEP
The Practice of Cloud System Administration
#SXSW
#RUGGEDCODE
YOU MUST DEPLOY YOUR STUFF
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
LET THE BOTS TROLL THE USERS
FOR THE LOLZ.
#SXSW
#RUGGEDCODE
ALLOCATE TIME TO ENHANCE THE
BUILD, TEST AND DEPLOY SYSTEM
The Practice of Cloud System Administration
#SXSW
#RUGGEDCODE
REDUCE CODE LATENCY AND
INCREASE CODE VELOCITY
#SXSW
#RUGGEDCODE
THE NEXT ARC: SECURITY
Rugged
#SXSW
#RUGGEDCODE
“… THOSE STUPID DEVELOPERS”
- SECURITY PERSON
#SXSW
#RUGGEDCODE
“SECURITY PREFERS A SYSTEM
POWERED OFF AND UNPLUGGED”
- DEVELOPER
#SXSW
#RUGGEDCODE
CULTURAL UNREST WITH
SECURITY IN AN ORGANIZATION
#SXSW
#RUGGEDCODE
COMPLIANCE DRIVEN CULTURE:
PCI, SOX, …
#SXSW
#RUGGEDCODE
“[RISK ASSESSMENT] INTRODUCES A
DANGEROUS FALLACY: THAT STRUCTURED
INADEQUACY IS ALMOST AS GOOD AS
ADEQUACY AND THAT UNDERFUNDED
SECURITY EFFORTS PLUS RISK
MANAGEMENT ARE ABOUT AS GOOD AS
PROPERLY FUNDED SECURITY WORK”
#SXSW
#RUGGEDCODE
RATIO PROBLEM
DEVS : OPS : SECURITY
100 : 10 : 1
#SXSW
#RUGGEDCODE
SECURITY TOOLS
ARE RUN OUT-OF-BAND
#SXSW
#RUGGEDCODE
SECURITY TOOLS ARE
CONFUSING
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
AND WHEN THEY ARE DONE THEY
GIVE YOU THIS LOVELY GEM
#SXSW
#RUGGEDCODE
THE TIDE IS CHANGING
#SXSW
#RUGGEDCODE
RESILIENCY
ENGINEERING
#SXSW
#RUGGEDCODE
THE INFAMOUS
NETFLIX
CHAOS
MONKEY
#SXSW
#RUGGEDCODE
RUGGED
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
THE RUGGED MANIFESTO
(EXCERPTS)
#SXSW
#RUGGEDCODE
I AM RUGGED AND, MORE IMPORTANTLY, MY CODE
IS RUGGED.
I RECOGNIZE THAT SOFTWARE HAS BECOME A
FOUNDATION OF OUR MODERN WORLD.
I RECOGNIZE THE AWESOME RESPONSIBILITY THAT
COMES WITH THIS FOUNDATIONAL ROLE.
#SXSW
#RUGGEDCODE
I AM RUGGED BECAUSE MY CODE CAN FACE
THESE CHALLENGES AND PERSIST IN SPITE
OF THEM.
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#RUGGEDDEVOPS
#DEVOPSSEC
#SXSW
#RUGGEDCODE
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
#SXSW
#RUGGEDCODE
RUGGED JOURNEY
#SXSW
#RUGGEDCODE
http://videos.2012.appsecusa.org/video/54250716
#SXSW
#RUGGEDCODE
http://www.youtube.com/watch?v=jQblKuMuS0Y
#SXSW
#RUGGEDCODE
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
#SXSW
#RUGGEDCODE
HTTPS://SPEAKERDECK.COM/MKONDA/APPSECUSA-2013-INSECURE-EXPECTATIONS
http://vimeo.com/75930344
#SXSW
#RUGGEDCODE
SECURITY TOOLING TO DELIVERY
PIPELINE
#SXSW
#RUGGEDCODE
…TO INFLUENCE CULTURE,
AUTOMATION, MEASUREMENT AND
SHARING
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
RUGGED WEB APPS
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
VULNERABLE CODE IS EVERYWHERE
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
CROSS SITE SCRIPTING
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHAT IS IT?
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
REFLECTIVE
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
PERSISTENT
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
DOM BASED
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHY IS IT BAD?
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
DOCUMENT.COOKIE
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
DOCUMENT.LOCATION
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HOW DO I FIX IT?
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
GOOD: INPUT SANITIZATION
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
BLACKLIST :(
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHITELIST :)
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
BETTER: OUTPUT ENCODING
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
< > BECOME &LT; &GT;
[XSS]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
SQL INJECTION
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHAT IS IT?
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHY IS IT BAD?
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
CREDIT: XKCD
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HOW WOULD YOU EXPLOIT?
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
‘;
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
PWNED
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HOW DO I FIX IT?
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
PARAMETERIZED QUERIES
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
PARAMETERIZED QUERIES (PHP)
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
PARAMETERIZED QUERIES (JAVA)
[SQLi]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
CROSS SITE REQUEST FORGERY
[CSRF]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHAT IS IT?
[CSRF]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
WHY IS IT BAD?
[CSRF]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HOW DO I FIX IT?
[CSRF]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
TOKENS!
[CSRF]
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
IMAGE CREDIT: DOTNETBIPS.COM
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
AGAIN… VULNERABLE CODE IS
EVERYWHERE
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
GETS FIXED SLOWLY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
GETS FIXED SLOWLY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
…IF EVER
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
OWASP TOP 10
#SXSW
#RUGGEDCODE
LAB #1 - SETUP
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
SETUP
github.com/gauntlt/gauntlt-demo

Open the Labs in your browser > https://
github.com/gauntlt/gauntlt-demo/tree/master/labs/
sxsw-2015

You need Vagrant and VirtualBox installed on your
laptop
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 01_Overview.md
├── 02_Setup using Vagrant.md
├── 02_Setup using Vagrant.md
├── 02_Setup using Vagrant.md
├── 02_Setup using Vagrant.md
#SXSW
#RUGGEDCODE
5-MINUTE BREAK
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB #2 - WEB APP HACKING
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
XSS DEMO
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
FIND THE VULN
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
FIND THE VULN
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 04_Start up Vulnerable Target.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
For this lab, poke around and try to
find a second XSS vulnerability

Let us know when you find it…
#SXSW
#RUGGEDCODE
INTRO TO GAUNTLT
#SXSW
#RUGGEDCODE
WOULDN’T IT BE GREAT IF WE
COULD AUTOMATE OUR SECURITY
TESTS…
#SXSW
#RUGGEDCODE
http://static.hothdwallpaper.net/51b8e4ee5a5ae19808.jpg
#SXSW
#RUGGEDCODE
GAUNTLT IS AN
OPINIONATED
FRAMEWORK TO DO
RUGGED TESTING
#SXSW
#RUGGEDCODE
GAUNTLT IS
OPEN SOURCE
MIT LICENSED
#SXSW
#RUGGEDCODE
GAUNTLT AUTOMATES
SECURITY TOOLS
#SXSW
#RUGGEDCODE
GAUNTLT = SECURITY + CUCUMBER
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
C O D E
GARMR NMAP CURL ARACHNI
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
GARMR NMAP CURL ARACHNI
C O D E
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
BUILT ON CUCUMBER
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
GAUNTLT PHILOSOPHY
Gauntlt comes with pre-canned steps that hook
security testing tools

Gauntlt does not install tools

Gauntlt wants to be part of the CI/CD pipeline

Be a good citizen of exit status and stdout/stderr
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
GAUNTLT IS COLLABORATION
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
*.attack
something.attack
else.attack
GAUNTLT IN ACTION
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
Feature
Background
Scenario
Description
Setup
Logic
ATTACK STRUCTURE
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
ATTACK LOGIC
Given
When
Then
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
Given “arachni” is installed
Setup steps
Check Resource Available
ATTACK STEP: GIVEN
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
ATTACK STEP: WHEN
Action steps
When I launch an
“arachni-xss” attack
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
ATTACK STEP: THEN
Parsing Steps
Then the output should
not contain “fail”
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LET’S PUT IT ALL TOGETHER
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
LAB #3 - HELLO WORLD
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 05_Hello World with Gauntlt.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HELLO WORLD
#SXSW
#RUGGEDCODE
LAB #4 - BASIC PORT CHECK
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 06_Port Check.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
$ nmap -F localhost
$ nmap -F scanme.nmap.org
TRY OUT NMAP
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
@challenge @slow
Feature: check to make sure the right ports are
open on our server
Background:
Given "nmap" is installed
And the following profile:
| name | value |
| host | localhost |
Scenario: Verify server is open on expected ports
When I launch an "nmap" attack with:
"""
nmap -F <host>
"""
# Then ...
# TODO: figure out a way to parse the output and
determine what is passing
# For hints consult the README.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
$ bundle exec gauntlt --allsteps
@final @slow
Feature: check to make sure the right ports are open
on our server
Background:
Given "nmap" is installed
And the following profile:
| name | value |
| host | localhost |
Scenario: Verify server is open on expected ports
When I launch an "nmap" attack with:
"""
nmap -F <host>
"""
Then the output should contain:
"""
8008
"""
SOLUTION
#SXSW
#RUGGEDCODE
LAB #5 - CLI AND REGEX
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 07_Working with Gauntlt CLI.md
├── 08_Regex.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
Open 07_Working with Gauntlt CLI.md and run the following:
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
08_Regex.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
Then the output should match:
"""
8008/tcps+open
"""
Then the output should not match /3001.tcps+open/
SOLUTION
#SXSW
#RUGGEDCODE
LAB #6 - GARMR
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 09_Garmr and Web Security.md
#SXSW
#RUGGEDCODE
WHAT IS GARMR?
#SXSW
#RUGGEDCODE
GARMR IS A SCRIPT FROM
MOZILLA THAT CHECKS FOR A
BUNCH OF SECURITY POLICIES IN
WEB APPS
#SXSW
#RUGGEDCODE
MOZILLA SECURITY POLICY
DISTILLED FOR THE REST OF US
#SXSW
#RUGGEDCODE
LAB #7 - XSS WITH ARACHNI
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 10_Arachni and XSS testing.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
XSS LAB!
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
arachni --modules=xss --depth=1 
--link-count=10 --auto-redundant=2 
scanme.nmap.org
TRY OUT ARACHNI
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
BONUS POINTS, FIND THE VULN!
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
Hint….

When I launch an "arachni-full_xss" attack
#SXSW
#RUGGEDCODE
LET US KNOW WHEN YOU HAVE
FOUND IT
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
Arachni found XSS in Gruyere, Oh noes!

localhost:8008/signup/<script>alert(1)</script>
#SXSW
#RUGGEDCODE
LAB #8 - ADVANCED GAUNTLT
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
LAB INSTRUCTIONS
For this lab, you will complete:

├── 11_Assert Network.md
├── 12_Output to HTML.md
└── 13_Working with Environment Variables.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
bundle exec gauntlt --format html > out.html
HTML OUTPUT
out.html
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
RUGGED TESTING
ON EVERY COMMIT
#SXSW
#RUGGEDCODE
WE HAVE BEEN DOING CONTINUOUS
INTEGRATION WITH GAUNTLT THIS
WHOLE TIME WITH THE LABS!
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
SAHWEET!
#SXSW
#RUGGEDCODE
YOU VERY OWN BUILD SYSTEM
#SXSW
#RUGGEDCODE
bit.ly/secure-pipeline-lab0
#SXSW
#RUGGEDCODE
YOU NEED:
GITHUB ACCOUNT
TRAVIS CI ACCOUNT
#SXSW
#RUGGEDCODE
FORK THE REPO
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
YOU SHOULD HAVE:
A FORK OF THE REPO
UNDERSTANDING OF TRAVIS.YML
#SXSW
#RUGGEDCODE
bit.ly/secure-pipeline-lab1
#SXSW
#RUGGEDCODE
IN TRAVIS CI
SET THE REPO TO ‘ON’
In Travis CI set the repo to ‘ON’
#SXSW
#RUGGEDCODE
ADD THE TRAVIS BADGE IN
README.md
#SXSW
#RUGGEDCODE
ADD THE TRAVIS BADGE IN
README.md
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
READ THE RAKEFILE
rails-travis-example/Rakefile
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
HOMEWORK / EXTRAS
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
http://localhost:3000
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
<script>alert('The Obligatory XSS Popup');</
script>
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
arachni http://localhost:3000 
--plugin=autologin:url=http://localhost:3000/users/
sign_in,params='user[email]=test@test.com&user[passwo
rd]=testtest',check='Logout test@test.com' 
-e /users/sign_out
http://support.arachni-scanner.com/kb/general-use/logging-in-and-maintaining-a-valid-session
#SXSW
#RUGGEDCODE
@WICKETT // @MATTJAY
BRAKEMAN
#SXSW
#RUGGEDCODE
NOW WHAT?
#SXSW
#RUGGEDCODE
50% OFF GAUNTLT BOOK
FOR SXSW ATTENDEES!
leanpub.com/hands-on-gauntlt/c/50percentoff
#SXSW
#RUGGEDCODE
Google Group > groups.google.com/d/forum/gauntlt

Wiki > github.com/gauntlt/gauntlt/wiki

Twitter > @gauntlt

IRC > #gauntlt on freenode

Issue tracking > github.com/gauntlt/gauntlt
#SXSW
#RUGGEDCODE
QUESTIONS?

More Related Content

What's hot

Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless Application
James Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
James Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
James Wickett
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
James Wickett
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
jerryhargrove
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
Uchit Vyas ☁
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
James Wickett
 
Serverless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersServerless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defenders
James Wickett
 
DevSecOps at Agile 2019
DevSecOps at   Agile 2019 DevSecOps at   Agile 2019
DevSecOps at Agile 2019
Elizabeth Ayer
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
James Wickett
 
Understanding Technical Debt: A Primer for Product Owners and Founders
Understanding Technical Debt: A Primer for Product Owners and FoundersUnderstanding Technical Debt: A Primer for Product Owners and Founders
Understanding Technical Debt: A Primer for Product Owners and Founders
Andrea Goulet
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Erkang Zheng
 

What's hot (20)

Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless Application
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 
Serverless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersServerless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defenders
 
DevSecOps at Agile 2019
DevSecOps at   Agile 2019 DevSecOps at   Agile 2019
DevSecOps at Agile 2019
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
Understanding Technical Debt: A Primer for Product Owners and Founders
Understanding Technical Debt: A Primer for Product Owners and FoundersUnderstanding Technical Debt: A Primer for Product Owners and Founders
Understanding Technical Debt: A Primer for Product Owners and Founders
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 

Viewers also liked

DevOps Transformations
DevOps TransformationsDevOps Transformations
DevOps Transformations
Ernest Mueller
 
Why to docker
Why to dockerWhy to docker
Why to docker
Karthik Gaekwad
 
Shirt Ops: How to make awesome t-shirts for your conference
Shirt Ops: How to make awesome t-shirts for your conferenceShirt Ops: How to make awesome t-shirts for your conference
Shirt Ops: How to make awesome t-shirts for your conference
James Wickett
 
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back AgainRSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
Mike Schwartz
 
Containers - (Austin Cloud Meetup April 2016)
Containers - (Austin Cloud Meetup April 2016)Containers - (Austin Cloud Meetup April 2016)
Containers - (Austin Cloud Meetup April 2016)
Derrick Wippler
 
DevOps 101
DevOps 101DevOps 101
DevOps 101
Ernest Mueller
 
Adobe Presents Internal Service Delivery Platform at Velocity 13 Santa Clara
Adobe Presents Internal Service Delivery Platform at Velocity 13 Santa ClaraAdobe Presents Internal Service Delivery Platform at Velocity 13 Santa Clara
Adobe Presents Internal Service Delivery Platform at Velocity 13 Santa Clara
dev2ops
 
Support and Initiate a DevOps Transformation
Support and Initiate a DevOps TransformationSupport and Initiate a DevOps Transformation
Support and Initiate a DevOps Transformation
dev2ops
 
Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 milliseconds
James Wickett
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
Stephen de Vries
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudz
James Wickett
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?
James Wickett
 
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
John Allspaw
 
The Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareThe Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into Software
James Wickett
 
FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0 FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0
Mark Hinkle
 
Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
Kris Buytaert
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
Kris Buytaert
 
Looking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdaysLooking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdays
Kris Buytaert
 
devops is a reorg
devops is a reorgdevops is a reorg
devops is a reorg
Kris Buytaert
 
Run stuff, Deploy Stuff
Run stuff, Deploy StuffRun stuff, Deploy Stuff
Run stuff, Deploy Stuff
Kris Buytaert
 

Viewers also liked (20)

DevOps Transformations
DevOps TransformationsDevOps Transformations
DevOps Transformations
 
Why to docker
Why to dockerWhy to docker
Why to docker
 
Shirt Ops: How to make awesome t-shirts for your conference
Shirt Ops: How to make awesome t-shirts for your conferenceShirt Ops: How to make awesome t-shirts for your conference
Shirt Ops: How to make awesome t-shirts for your conference
 
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back AgainRSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again
 
Containers - (Austin Cloud Meetup April 2016)
Containers - (Austin Cloud Meetup April 2016)Containers - (Austin Cloud Meetup April 2016)
Containers - (Austin Cloud Meetup April 2016)
 
DevOps 101
DevOps 101DevOps 101
DevOps 101
 
Adobe Presents Internal Service Delivery Platform at Velocity 13 Santa Clara
Adobe Presents Internal Service Delivery Platform at Velocity 13 Santa ClaraAdobe Presents Internal Service Delivery Platform at Velocity 13 Santa Clara
Adobe Presents Internal Service Delivery Platform at Velocity 13 Santa Clara
 
Support and Initiate a DevOps Transformation
Support and Initiate a DevOps TransformationSupport and Initiate a DevOps Transformation
Support and Initiate a DevOps Transformation
 
Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 milliseconds
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudz
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?
 
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr
 
The Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareThe Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into Software
 
FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0 FLUX - Crash Course in Cloud 2.0
FLUX - Crash Course in Cloud 2.0
 
Continous Delivery of your Infrastructure
Continous Delivery of your InfrastructureContinous Delivery of your Infrastructure
Continous Delivery of your Infrastructure
 
Nightmare on Docker street
Nightmare on Docker streetNightmare on Docker street
Nightmare on Docker street
 
Looking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdaysLooking back at 7 years of #devopsdays
Looking back at 7 years of #devopsdays
 
devops is a reorg
devops is a reorgdevops is a reorg
devops is a reorg
 
Run stuff, Deploy Stuff
Run stuff, Deploy StuffRun stuff, Deploy Stuff
Run stuff, Deploy Stuff
 

Similar to Pragmatic Security and Rugged DevOps - SXSW 2015

Chaos engineering - The art of breaking stuff in production on purpose
Chaos engineering - The art of breaking stuff in production on purposeChaos engineering - The art of breaking stuff in production on purpose
Chaos engineering - The art of breaking stuff in production on purpose
Geert van der Cruijsen
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
James Wickett
 
Cloudbrew 2019 observability driven development
Cloudbrew 2019   observability driven developmentCloudbrew 2019   observability driven development
Cloudbrew 2019 observability driven development
Geert van der Cruijsen
 
DevOps isn't something you buy - DevOpsDays Cape Town
DevOps isn't something you buy - DevOpsDays Cape TownDevOps isn't something you buy - DevOpsDays Cape Town
DevOps isn't something you buy - DevOpsDays Cape Town
Ken Mugrage
 
Better Architecture without Architects.pdf
Better Architecture without Architects.pdfBetter Architecture without Architects.pdf
Better Architecture without Architects.pdf
Geert van der Cruijsen
 
Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...
Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...
Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...
Quentin Adam
 
Slides accompanying my Opening Keynote at Deutsche Bank DevDays 2017 in Fran...
Slides accompanying my Opening Keynote at  Deutsche Bank DevDays 2017 in Fran...Slides accompanying my Opening Keynote at  Deutsche Bank DevDays 2017 in Fran...
Slides accompanying my Opening Keynote at Deutsche Bank DevDays 2017 in Fran...
Kay Lummitsch - Digital Journeyman
 
GDSC Info Sessiongdsc info session nfsu delhi 23'.pdf
GDSC Info Sessiongdsc info session nfsu delhi 23'.pdfGDSC Info Sessiongdsc info session nfsu delhi 23'.pdf
GDSC Info Sessiongdsc info session nfsu delhi 23'.pdf
GDSCNFSUDelhi
 
Looking Back to Move Forward: Building the Modern Web
Looking Back to Move Forward: Building the Modern WebLooking Back to Move Forward: Building the Modern Web
Looking Back to Move Forward: Building the Modern Web
Rachel Andrew
 
Devops & the end of server management - ncrafts.io 2016
Devops & the end of server management - ncrafts.io 2016 Devops & the end of server management - ncrafts.io 2016
Devops & the end of server management - ncrafts.io 2016
Quentin Adam
 
The end of server management - devoxx UK talk version
The end of server management - devoxx UK talk versionThe end of server management - devoxx UK talk version
The end of server management - devoxx UK talk version
Quentin Adam
 
Be Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & YouBe Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & You
James Wickett
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
VMware Tanzu
 
Boxen: AATFT
Boxen: AATFTBoxen: AATFT
Boxen: AATFT
Puppet
 
DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...
DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...
DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...
Quentin Adam
 
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon
 
The end of server management : hosting have to become a commodity - Keynote D...
The end of server management : hosting have to become a commodity - Keynote D...The end of server management : hosting have to become a commodity - Keynote D...
The end of server management : hosting have to become a commodity - Keynote D...
Quentin Adam
 
Beyond Squishy: The Principles of Adaptive Design
Beyond Squishy: The Principles of Adaptive DesignBeyond Squishy: The Principles of Adaptive Design
Beyond Squishy: The Principles of Adaptive Design
Brad Frost
 
Software as Material (Greg Petroff at Enterprise UX 2016)
Software as Material (Greg Petroff at Enterprise UX 2016)Software as Material (Greg Petroff at Enterprise UX 2016)
Software as Material (Greg Petroff at Enterprise UX 2016)
Rosenfeld Media
 
DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016
DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016
DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016
Quentin Adam
 

Similar to Pragmatic Security and Rugged DevOps - SXSW 2015 (20)

Chaos engineering - The art of breaking stuff in production on purpose
Chaos engineering - The art of breaking stuff in production on purposeChaos engineering - The art of breaking stuff in production on purpose
Chaos engineering - The art of breaking stuff in production on purpose
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
Cloudbrew 2019 observability driven development
Cloudbrew 2019   observability driven developmentCloudbrew 2019   observability driven development
Cloudbrew 2019 observability driven development
 
DevOps isn't something you buy - DevOpsDays Cape Town
DevOps isn't something you buy - DevOpsDays Cape TownDevOps isn't something you buy - DevOpsDays Cape Town
DevOps isn't something you buy - DevOpsDays Cape Town
 
Better Architecture without Architects.pdf
Better Architecture without Architects.pdfBetter Architecture without Architects.pdf
Better Architecture without Architects.pdf
 
Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...
Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...
Le DevOps, levier d'automatisation et de passage au cloud - ADN Ouest Forum i...
 
Slides accompanying my Opening Keynote at Deutsche Bank DevDays 2017 in Fran...
Slides accompanying my Opening Keynote at  Deutsche Bank DevDays 2017 in Fran...Slides accompanying my Opening Keynote at  Deutsche Bank DevDays 2017 in Fran...
Slides accompanying my Opening Keynote at Deutsche Bank DevDays 2017 in Fran...
 
GDSC Info Sessiongdsc info session nfsu delhi 23'.pdf
GDSC Info Sessiongdsc info session nfsu delhi 23'.pdfGDSC Info Sessiongdsc info session nfsu delhi 23'.pdf
GDSC Info Sessiongdsc info session nfsu delhi 23'.pdf
 
Looking Back to Move Forward: Building the Modern Web
Looking Back to Move Forward: Building the Modern WebLooking Back to Move Forward: Building the Modern Web
Looking Back to Move Forward: Building the Modern Web
 
Devops & the end of server management - ncrafts.io 2016
Devops & the end of server management - ncrafts.io 2016 Devops & the end of server management - ncrafts.io 2016
Devops & the end of server management - ncrafts.io 2016
 
The end of server management - devoxx UK talk version
The end of server management - devoxx UK talk versionThe end of server management - devoxx UK talk version
The end of server management - devoxx UK talk version
 
Be Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & YouBe Mean To Your Code: Rugged Development & You
Be Mean To Your Code: Rugged Development & You
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
 
Boxen: AATFT
Boxen: AATFTBoxen: AATFT
Boxen: AATFT
 
DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...
DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...
DEVOPS AND IT AUTOMATION, THE WAY OF THE EFFICIENT DEVELOPER - Wolves Summit ...
 
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim KadlecDevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
DevSecCon London 2017: Their-problems-are-your-problems-devseccon by Tim Kadlec
 
The end of server management : hosting have to become a commodity - Keynote D...
The end of server management : hosting have to become a commodity - Keynote D...The end of server management : hosting have to become a commodity - Keynote D...
The end of server management : hosting have to become a commodity - Keynote D...
 
Beyond Squishy: The Principles of Adaptive Design
Beyond Squishy: The Principles of Adaptive DesignBeyond Squishy: The Principles of Adaptive Design
Beyond Squishy: The Principles of Adaptive Design
 
Software as Material (Greg Petroff at Enterprise UX 2016)
Software as Material (Greg Petroff at Enterprise UX 2016)Software as Material (Greg Petroff at Enterprise UX 2016)
Software as Material (Greg Petroff at Enterprise UX 2016)
 
DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016
DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016
DEV+OPS: How to automate infrastructure - Cloud Expo Europe 2016
 

More from James Wickett

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
James Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
James Wickett
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
James Wickett
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
James Wickett
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
James Wickett
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
James Wickett
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
James Wickett
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
James Wickett
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017
James Wickett
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
James Wickett
 

More from James Wickett (13)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 

Recently uploaded

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
Sease
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 

Recently uploaded (20)

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
From Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMsFrom Natural Language to Structured Solr Queries using LLMs
From Natural Language to Structured Solr Queries using LLMs
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 

Pragmatic Security and Rugged DevOps - SXSW 2015