Rotating Passwords With Ansible and HashiVault
•
0 likes•1,312 views
This document discusses integrating Hashicorp Vault with Ansible for automated secret and password management. It recommends generating passwords automatically rather than using human-created passwords. It also recommends storing secrets in Vault rather than in version control systems like Git to allow for increased rotation frequency and integration with systems like Active Directory. The document demonstrates configuring Vault as a secrets backend for Ansible and shows examples of rotating application keys and looking up secrets.
Report
Share
Report
Share
Download to read offline
Recommended
Using Puppet With A Secrets Server
The document discusses best practices for managing secrets using a secrets server and Puppet. It recommends defining access policies, checking secrets into source control, creating "host factories" to provision machines, increasing deployment velocity, and integrating the secrets server with the DevOps toolchain. It then provides an example of obtaining secrets directly on nodes with Puppet by encrypting secrets in Hiera.
Recipe for good secrets management
The document provides a recipe for good secrets management. It outlines requirements like separation of duties, least privilege, leak resistance, and auditing. It recommends having separate security environments for staging and production, designing for "robot" actors with limited access, rotating credentials, and automatically recording system activity. Configuration management and orchestration should provision robots and bootstrap machine identity by assigning credentials from an identity server. Secrets should be fetched from a secrets manager and stored separately from application data to satisfy compliance standards.
Security For Humans
This document discusses integrating security into modern development workflows. It begins by introducing the presenter and stating what topics will and will not be covered. Examples are then provided of how different user personas such as developers, operations staff, security teams, and business users can have their workflows negatively impacted when secrets are not properly managed. The talk suggests creating a cross-functional security UX team and provides recommendations to avoid issues like credential rotation schemes that require redeploys or cloud-specific solutions.
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
Lacework's Dir. of Research's presentation from DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty
DevSecOps in 10 minutes
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Analyzing Pwned Passwords with Spark and Scala
This document discusses analyzing pwned passwords with Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames/Datasets and Scala having the most robust API. It also discusses analyzing large datasets of pwned passwords with Spark for security purposes and exploring the intersection of big data and security.
Troubleshooting tldr
The document discusses steps for troubleshooting MySQL issues: (1) define the problem precisely, (2) collect diagnostic data from the operating system and MySQL, and (3) examine the error log. It then provides guidance on diagnosing specific issues like crashes, performance problems, table corruption, and replication errors.
Security Observability for Cloud Based Applications
You can't control what you can't see. Security observability is an intrinsic attribute of an application that provides direct observation of software vulnerabilities and attempted exploits as they happen, in order to allow rapid proactive remediation and prevention. Security Observability can be achieved by taking an instrumentation based approach that provides continuous visibility and exposure of vulnerabilities and threats and their context from within the software itself. This approach is particularly appropriate for cloud-based and hybridized distributed environments, because the instrumentation is agnostic to deployment methodologies and runtime environments. A demonstration will be provided that demonstrates the benefits of this approach for both custom code and open source dependencies, as well as across the software development lifecycle, showing both the rapid pinpointing of line-of-code level vulnerabilities for developers, and realtime exploit prevention in production.
Recommended
Using Puppet With A Secrets Server
The document discusses best practices for managing secrets using a secrets server and Puppet. It recommends defining access policies, checking secrets into source control, creating "host factories" to provision machines, increasing deployment velocity, and integrating the secrets server with the DevOps toolchain. It then provides an example of obtaining secrets directly on nodes with Puppet by encrypting secrets in Hiera.
Recipe for good secrets management
The document provides a recipe for good secrets management. It outlines requirements like separation of duties, least privilege, leak resistance, and auditing. It recommends having separate security environments for staging and production, designing for "robot" actors with limited access, rotating credentials, and automatically recording system activity. Configuration management and orchestration should provision robots and bootstrap machine identity by assigning credentials from an identity server. Secrets should be fetched from a secrets manager and stored separately from application data to satisfy compliance standards.
Security For Humans
This document discusses integrating security into modern development workflows. It begins by introducing the presenter and stating what topics will and will not be covered. Examples are then provided of how different user personas such as developers, operations staff, security teams, and business users can have their workflows negatively impacted when secrets are not properly managed. The talk suggests creating a cross-functional security UX team and provides recommendations to avoid issues like credential rotation schemes that require redeploys or cloud-specific solutions.
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
Lacework's Dir. of Research's presentation from DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryptobooty
DevSecOps in 10 minutes
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Analyzing Pwned Passwords with Spark and Scala
This document discusses analyzing pwned passwords with Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames/Datasets and Scala having the most robust API. It also discusses analyzing large datasets of pwned passwords with Spark for security purposes and exploring the intersection of big data and security.
Troubleshooting tldr
The document discusses steps for troubleshooting MySQL issues: (1) define the problem precisely, (2) collect diagnostic data from the operating system and MySQL, and (3) examine the error log. It then provides guidance on diagnosing specific issues like crashes, performance problems, table corruption, and replication errors.
Security Observability for Cloud Based Applications
You can't control what you can't see. Security observability is an intrinsic attribute of an application that provides direct observation of software vulnerabilities and attempted exploits as they happen, in order to allow rapid proactive remediation and prevention. Security Observability can be achieved by taking an instrumentation based approach that provides continuous visibility and exposure of vulnerabilities and threats and their context from within the software itself. This approach is particularly appropriate for cloud-based and hybridized distributed environments, because the instrumentation is agnostic to deployment methodologies and runtime environments. A demonstration will be provided that demonstrates the benefits of this approach for both custom code and open source dependencies, as well as across the software development lifecycle, showing both the rapid pinpointing of line-of-code level vulnerabilities for developers, and realtime exploit prevention in production.
Analyzing Pwned Passwords with Spark and Scala
Apache Spark aims to solve the problem of working with large scale distributed data -- and with access to over 500 million leaked passwords we have a lot of data to dig through.
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.
Rootconf admin101
This document discusses various topics related to MySQL administration including access control, diagnostic data, log files, and backups. It provides examples of how to configure user accounts and privileges using commands like CREATE USER, ALTER USER, GRANT, and REVOKE. It also explains how to view diagnostic information using SHOW commands, the INFORMATION_SCHEMA, and the SYS schema. Finally, it covers MySQL's different log files and various options for logical and physical backups.
Lacework Kubernetes Meetup | August 28, 2018
The document discusses container and cloud security. It describes Lacework's Polygraph security platform, which provides threat intelligence, detection, visibility, and alerting capabilities across cloud infrastructure, workloads, accounts, VMs, containers and files. It highlights risks like container escapes and privilege escalation. The document also provides examples of container security threats like the Healthz RCE vulnerability and recommendations like implementing multi-factor authentication, pod security policies, and restricting privileges.
All Your Containers Are Belong To Us
Lacework Head of Research James Condon's BSidesSF19 presentation "All Your Containers Are Belong To Us."
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
The document discusses analyzing pwned passwords using Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames. It also discusses the state of passwords, how Spark can be used to analyze large datasets of pwned passwords, and both the benefits and challenges of using Spark for this type of analysis. The document encourages securing authentication while providing a seamless user experience and notes that developers have a responsibility to secure authentication.
Kubernetes meetup k8s_aug_2019
This document discusses securing containers and Kubernetes environments. It describes security risks like remote administration and privilege escalation. It recommends implementing multi-factor authentication, secure network access, valid SSL certificates, and products like Lacework to discover threats. Specific techniques are outlined like using pod security policies to prevent root access, access to host ports, and certain volume types. The document promotes automating cloud security at scale using the Lacework security platform to secure containers and workloads.
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
The legacy approach of security controlling deployment is incompatible with serverless. Learn why serverless needs close partnership between Dev+AppSec. How to redesign security controls, so devs have their control, while being prevented from creating risk Tools & processes to support collaboration
See the full talk on Youtube: https://youtu.be/lq4qWw6c-Kg
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
James Condon presented a guide to securing Kubernetes. He began with an overview of Kubernetes architecture and then discussed major risk vectors like exposed Kubernetes components and pod compromise. He demonstrated finding exposed Kubernetes dashboards, API servers, kubelets, and etcd clusters. Condon recommended 10 essential practices for securing Kubernetes, including network security, role-based access control, security boundaries, upgrading, and audit logging. He concluded with resources for further information.
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
The document discusses securing secrets for Puppet infrastructure without slowing down automation. It acknowledges that many organizations manually copy secrets or store them insecurely due to time pressures. However, exploits are increasingly targeting insecure secrets. The document proposes using the open source CyberArk Conjur tool to authenticate and authorize machine identities to retrieve secrets in a secure workflow. It provides an example of updating Puppet manifests to use Conjur for dynamic secrets retrieval without overhauling existing code. Overall, the document advocates aligning security and velocity through identity-based secrets management to reduce risks and costs from security incidents.
ArcherySec 2.0 @ BlackHat Arsenal Europe 2020
ArcherySec is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. ArcherySec uses popular opensource tools to perform comprehensive scanning for web applications and networks. It also supports multiple continuous integrations and continuous delivery software. The developers could utilize this tool for the implementation of vulnerability management in the DevOps CI/CD environment.
- Perform Web and Network Vulnerability Scanning using opensource tools.
- Correlates and Collaborate all raw scans data, shows them in a consolidated manner.
- Perform authenticated web scanning.
- Vulnerability Management.
- Enable REST API's for developers to perform scanning and Vulnerability Management.
- JIRA Ticketing System.
- Sub domain discovery and scanning.
- Periodic scans.
- Concurrent scans.
- Integrate with CI/CD software.
Archery Open Source Vulnerability Assessment and Management - null Bangalore ...
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
All access demystifying certs
Explaining about certs at Spiceworks all access.
Ever wondered what HSTS is or what a CSP is? Well, now you can find out.
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
Talk by Blerim Sheqa:
Most monitoring environments are automated with configuration management tools like Puppet, Chef or Ansible. While these tools solve many problems, such as the initial setup, reproducibility and visibility, there are many other challenges that need to be tackled to truly monitor big environments. As a vendor of monitoring software, Icinga came up with unique approaches to solve some extraordinary problems to monitor large scale infrastructures. The methods are a result of real world problems as seen in the wild and applicable to many scenarios.
Archery - BlackHat Asia 2018
This document introduces Archery, an open source vulnerability assessment and management tool. It summarizes Archery's key features as automating vulnerability scanners, collecting scan data in a centralized database, providing a dashboard to help manage vulnerabilities, and integrating with the software development lifecycle. The document also outlines Archery's supported scanners, roadmap, how to contribute, documentation resources, and contact information.
Lacework | Top 10 Cloud Security Threats
James Condon presented the top 10 threats to cloud security. These included cryptojacking, data leaks from misconfigurations, SSH brute force attacks, data exfiltration by advanced persistent threats, malware like ransomware and coin miners, remote code execution from vulnerabilities, container escapes, server compromises, and malicious insiders. Mitigations involved visibility, access controls, patching, monitoring, and security best practices.
Best pratices reliability & scalability on Azure
Software will have bugs, hardware will fail and humans will make mistakes but your application might have to run 24/7 and scale as needed. Let's dive into how Microsoft Azure can help you to build such app using a powerful modern cloud capabilities.
Pacu ~ Rhino Security
This document introduces Pacu, an open source exploitation framework for attacking AWS environments. It discusses common ways that AWS access keys are compromised, such as misconfigurations and social engineering. It then demonstrates how Pacu can be used to enumerate information, escalate privileges, achieve persistence, and gain remote code execution on EC2 instances during a pentest. The document concludes by advocating for more offensive security research on AWS to improve security awareness.
DevSecOps - CrikeyCon 2017
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Icinga @ OSMC 2014
The document summarizes the state of Icinga monitoring software. It discusses Icinga 1 and the introduction of Icinga 2 which is written in C++ and supports clustering out of the box. Icinga Web 2 is also introduced as a new lightweight web interface. The roadmap focuses on integrating with more third party tools and providing configuration interfaces for Icinga 2 and cluster health monitoring. Attendees are encouraged to try out and provide feedback on Icinga 2 and Icinga Web 2.
All Change! How the new economics of Cloud will make you think differently ab...
Devoxxuk talk
http://cfp.devoxx.co.uk/2015/talk/AJY-8768/All_Change!_How_the_new_economics_of_Cloud_will_make_you_think_differently_about_Java
How far have you got with learning about Cloud? Got your head around Platform as a Service? Understand what IaaS means? Can spell Docker? Working in a DevOps mode? It's easy to focus on learning new technology but it's time to take a step back and look at what the technical implications are when an application is heading to the cloud. In the world of the cloud the benefits are high but the economics (financial and technical) can be radically different. Learn more about these new realities and how they can change application design, deployment and support The introduction of Cloud technologies and its rapid adoption creates new opportunities and challenges. Whether designer, developer or tester, this talk will help you to start thinking differently about Java and the Cloud
User Credential handling in Web Applications done right
In my work I often see very bad practices how the users' passwords are treated in web applications. This is a short summary of the current state of the art, how to do it the right way.
More Related Content
What's hot
Analyzing Pwned Passwords with Spark and Scala
Apache Spark aims to solve the problem of working with large scale distributed data -- and with access to over 500 million leaked passwords we have a lot of data to dig through.
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
This document provides an overview of automated end-to-end security for AWS. It discusses how the majority of compromises are due to credentials being compromised, failure to patch security flaws, insider threats, or human error. An example compromise is described where a developer at a company accidentally committed SSH keys to GitHub, allowing a hacker to access servers and exfiltrate customer data, resulting in a $148 million settlement. The document then outlines how Lacework can help secure workloads, containers, configuration, AWS accounts, and provide continuous auditing and compliance.
Rootconf admin101
This document discusses various topics related to MySQL administration including access control, diagnostic data, log files, and backups. It provides examples of how to configure user accounts and privileges using commands like CREATE USER, ALTER USER, GRANT, and REVOKE. It also explains how to view diagnostic information using SHOW commands, the INFORMATION_SCHEMA, and the SYS schema. Finally, it covers MySQL's different log files and various options for logical and physical backups.
Lacework Kubernetes Meetup | August 28, 2018
The document discusses container and cloud security. It describes Lacework's Polygraph security platform, which provides threat intelligence, detection, visibility, and alerting capabilities across cloud infrastructure, workloads, accounts, VMs, containers and files. It highlights risks like container escapes and privilege escalation. The document also provides examples of container security threats like the Healthz RCE vulnerability and recommendations like implementing multi-factor authentication, pod security policies, and restricting privileges.
All Your Containers Are Belong To Us
Lacework Head of Research James Condon's BSidesSF19 presentation "All Your Containers Are Belong To Us."
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
The document discusses analyzing pwned passwords using Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames. It also discusses the state of passwords, how Spark can be used to analyze large datasets of pwned passwords, and both the benefits and challenges of using Spark for this type of analysis. The document encourages securing authentication while providing a seamless user experience and notes that developers have a responsibility to secure authentication.
Kubernetes meetup k8s_aug_2019
This document discusses securing containers and Kubernetes environments. It describes security risks like remote administration and privilege escalation. It recommends implementing multi-factor authentication, secure network access, valid SSL certificates, and products like Lacework to discover threats. Specific techniques are outlined like using pod security policies to prevent root access, access to host ports, and certain volume types. The document promotes automating cloud security at scale using the Lacework security platform to secure containers and workloads.
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
The legacy approach of security controlling deployment is incompatible with serverless. Learn why serverless needs close partnership between Dev+AppSec. How to redesign security controls, so devs have their control, while being prevented from creating risk Tools & processes to support collaboration
See the full talk on Youtube: https://youtu.be/lq4qWw6c-Kg
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
James Condon presented a guide to securing Kubernetes. He began with an overview of Kubernetes architecture and then discussed major risk vectors like exposed Kubernetes components and pod compromise. He demonstrated finding exposed Kubernetes dashboards, API servers, kubelets, and etcd clusters. Condon recommended 10 essential practices for securing Kubernetes, including network security, role-based access control, security boundaries, upgrading, and audit logging. He concluded with resources for further information.
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
The document discusses securing secrets for Puppet infrastructure without slowing down automation. It acknowledges that many organizations manually copy secrets or store them insecurely due to time pressures. However, exploits are increasingly targeting insecure secrets. The document proposes using the open source CyberArk Conjur tool to authenticate and authorize machine identities to retrieve secrets in a secure workflow. It provides an example of updating Puppet manifests to use Conjur for dynamic secrets retrieval without overhauling existing code. Overall, the document advocates aligning security and velocity through identity-based secrets management to reduce risks and costs from security incidents.
ArcherySec 2.0 @ BlackHat Arsenal Europe 2020
ArcherySec is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. ArcherySec uses popular opensource tools to perform comprehensive scanning for web applications and networks. It also supports multiple continuous integrations and continuous delivery software. The developers could utilize this tool for the implementation of vulnerability management in the DevOps CI/CD environment.
- Perform Web and Network Vulnerability Scanning using opensource tools.
- Correlates and Collaborate all raw scans data, shows them in a consolidated manner.
- Perform authenticated web scanning.
- Vulnerability Management.
- Enable REST API's for developers to perform scanning and Vulnerability Management.
- JIRA Ticketing System.
- Sub domain discovery and scanning.
- Periodic scans.
- Concurrent scans.
- Integrate with CI/CD software.
Archery Open Source Vulnerability Assessment and Management - null Bangalore ...
Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. Archery uses popular opensource tools to perform comprehensive scanning for web application and network. It also performs web application dynamic authenticated scanning and covers the whole applications by using selenium. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
All access demystifying certs
Explaining about certs at Spiceworks all access.
Ever wondered what HSTS is or what a CSP is? Well, now you can find out.
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
Talk by Blerim Sheqa:
Most monitoring environments are automated with configuration management tools like Puppet, Chef or Ansible. While these tools solve many problems, such as the initial setup, reproducibility and visibility, there are many other challenges that need to be tackled to truly monitor big environments. As a vendor of monitoring software, Icinga came up with unique approaches to solve some extraordinary problems to monitor large scale infrastructures. The methods are a result of real world problems as seen in the wild and applicable to many scenarios.
Archery - BlackHat Asia 2018
This document introduces Archery, an open source vulnerability assessment and management tool. It summarizes Archery's key features as automating vulnerability scanners, collecting scan data in a centralized database, providing a dashboard to help manage vulnerabilities, and integrating with the software development lifecycle. The document also outlines Archery's supported scanners, roadmap, how to contribute, documentation resources, and contact information.
Lacework | Top 10 Cloud Security Threats
James Condon presented the top 10 threats to cloud security. These included cryptojacking, data leaks from misconfigurations, SSH brute force attacks, data exfiltration by advanced persistent threats, malware like ransomware and coin miners, remote code execution from vulnerabilities, container escapes, server compromises, and malicious insiders. Mitigations involved visibility, access controls, patching, monitoring, and security best practices.
Best pratices reliability & scalability on Azure
Software will have bugs, hardware will fail and humans will make mistakes but your application might have to run 24/7 and scale as needed. Let's dive into how Microsoft Azure can help you to build such app using a powerful modern cloud capabilities.
Pacu ~ Rhino Security
This document introduces Pacu, an open source exploitation framework for attacking AWS environments. It discusses common ways that AWS access keys are compromised, such as misconfigurations and social engineering. It then demonstrates how Pacu can be used to enumerate information, escalate privileges, achieve persistence, and gain remote code execution on EC2 instances during a pentest. The document concludes by advocating for more offensive security research on AWS to improve security awareness.
DevSecOps - CrikeyCon 2017
DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.
Icinga @ OSMC 2014
The document summarizes the state of Icinga monitoring software. It discusses Icinga 1 and the introduction of Icinga 2 which is written in C++ and supports clustering out of the box. Icinga Web 2 is also introduced as a new lightweight web interface. The roadmap focuses on integrating with more third party tools and providing configuration interfaces for Icinga 2 and cluster health monitoring. Attendees are encouraged to try out and provide feedback on Icinga 2 and Icinga Web 2.
What's hot (20)
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
AWS Security Week | Getting to Continuous Security and Compliance Monitoring ...
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Serverless DevSecOps: Why We Must Make it Everyone's Problem | Hillel Solow
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
Batten Down the Hatches: A Practical Guide to Securing Kubernetes - RMISC 2019
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...
Archery Open Source Vulnerability Assessment and Management - null Bangalore ...
Archery Open Source Vulnerability Assessment and Management - null Bangalore ...
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
hallenges of Monitoring Big Infrastructure - Icinga Camp Milan 2019
Similar to Rotating Passwords With Ansible and HashiVault
All Change! How the new economics of Cloud will make you think differently ab...
Devoxxuk talk
http://cfp.devoxx.co.uk/2015/talk/AJY-8768/All_Change!_How_the_new_economics_of_Cloud_will_make_you_think_differently_about_Java
How far have you got with learning about Cloud? Got your head around Platform as a Service? Understand what IaaS means? Can spell Docker? Working in a DevOps mode? It's easy to focus on learning new technology but it's time to take a step back and look at what the technical implications are when an application is heading to the cloud. In the world of the cloud the benefits are high but the economics (financial and technical) can be radically different. Learn more about these new realities and how they can change application design, deployment and support The introduction of Cloud technologies and its rapid adoption creates new opportunities and challenges. Whether designer, developer or tester, this talk will help you to start thinking differently about Java and the Cloud
User Credential handling in Web Applications done right
In my work I often see very bad practices how the users' passwords are treated in web applications. This is a short summary of the current state of the art, how to do it the right way.
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
The document discusses cryptography and security. It argues that most users want cryptography solutions that are simple, easy to use, cross-platform, and avoid common mistakes rather than new algorithms. It promotes the idea of "boring crypto" that just works without needing upgrades. It also discusses different options for implementing cryptography like crypto libraries, systems, and boxed solutions and how to choose the right approach for a given use case.
Zettaset Elastic Big Data Security for Greenplum Database
Here are the slides for Greenplum Chat #8. You can view the replay here: https://www.youtube.com/watch?v=FKFiyJDgdQk
The increased frequency and sophistication of high-profile data breaches and malicious hacking is putting organizations at continued risk of data theft and significant business disruption. Complicating this scenario is the unbounded growth of Big Data and petabyte-scale data storage, new open source database and distribution schemes, and the continued adoption of cloud services by enterprises.
Pivotal Greenplum customers often look for additional encryption of data-at-rest and data-in-motion. The massively parallel processing (MPP) architecture of Pivotal Greenplum provides an architecture that is unlike traditional OLAP on RDBMS for data warehousing, and encryption capabilities must address the scale-out architecture.
The Zettaset Big Data Encryption Suite has been designed for optimal performance and scalability in distributed Big Data systems like Greenplum Database and Apache HAWQ.
Here is a replay of our recent Greenplum Chat with Zettaset:
00:59 What is Greenplum’s approach for encryption and why Zettaset?
02:17 Results of field testing Zettaset with Greenplum
03:50 Introduction to Zettaset, the security company
05:36 Overview of Zettaset and their solutions
14:51 Different layers for encrypting data at rest
16:50 Encryption key management for big data
20:51 Zettaset BD Encrypt for data at rest and data in motion
22:19 How to mitigate encryption overhead with an MPP scale-out system
24:12 How to deploy BD Encrypt
25:50 Deep dive on data at rest encryption
30:44 Deep dive on data in motion encryption
36:72 Q: How does Zettaset deal with encrypting Greenplums multiple interfaces?
38:08 Q: Can I encrypt data for a particular column?
40:26 How Zettaset fits into a security strategy
41:21 Q: What is the performance impact on queries by encrypting the entire database?
43:28 How Zettaset helps Greenplum meet IT compliance requirements
45:12 Q: How authentication for keys is obtained
48:50 Q: How can Greenplum users try out Zettaset?
50:53 Q: What is a ‘Zettaset Security Coach’?
Have I Been Pwned and Cloudflare
This document summarizes a presentation about how the Have I Been Pwned service checks if email addresses and passwords have been involved in data breaches. It discusses how the service originally faced high costs for its API usage, but was able to reduce costs by over 99% by caching requests through Cloudflare. The presentation provides details on how the Pwned Passwords API works, how it integrates with services like 1Password, and how its open source backend is implemented with Azure Functions and Blob Storage. It also describes a related open source coding challenge to benchmark password checking performance.
Password Policies in Oracle Access Manager. How to improve user authenticatio...
This presentation is about how System Administrators and/or Oracle Apps DBAs can improve and meet user authentication security standards in Oracle E-Business Suite by using Oracle Access Manager integration and it's password policy management.
We will talk about:
- Current Oracle E-Business Suite password security limitations.
- Implementation of password policy management in Oracle Access Manager releases. Comparing the capabilities and why you should upgrade your OAM to the latest 11gR2.
- A use case example of most common configuration.
- Demo.
AllDayDevOps Security Chaos Engineering 2019
This document discusses using chaos engineering and security chaos engineering techniques to proactively test systems and security controls. It notes that as software systems increase in complexity, it becomes difficult for teams to mentally model how their systems work. Rather than waiting for security incidents to discover failures, chaos engineering experiments intentionally induce failures to build confidence in a system's resilience. The document provides examples of security chaos engineering use cases like validating security controls and improving incident response processes. It argues this approach reduces uncertainty and helps teams continuously harden their systems and security.
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD given at RSA Conference 2018 in San Francisco.
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Learning Objectives:
1: Learn the emerging patterns for security in CI/CD pipelines.
2: Receive a pragmatic security toolchain for CI/CD to use in your organization.
3: Understand the real meaning of DevSecOps is without all the hype.
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
Webinar on Cloudera Enterprise 6.0 where we will discuss how to build new applications on the modern platform for machine learning and analytics. This webinar will take a look at the latest software enhancements and how they’ll help you improve your productivity and innovate new analytics applications.
Big data at AWS Chicago User Group - 2014
Big data at AWS Chicago User Group
Most of the slides from the Sept 23rd 2014 AWS User Group in Chicago.
Talks:
"AWS Storage Options" Ben Blair, CTO at MarkITx @stochastic_code
"APIs and Big Data in AWS" - Kin Lane, API Evangelist @kinlane
[coming soon] "Democratizing Data Analysis with Amazon Redshift" - Bill Wanjohi @billwanjohi and Michelangelo D'Agostino @MichelangeloDA, Civis Analytics
Sponsored by Cohesive and CivisAnalytics.
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works. Security Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
Keepler | Full-Stack Serverless Applications on GCP
Title: Full-Stack Serverless Applications on GCP
Author: Sergio Gordillo, Cloud Architect at Keepler Data Tech
HDInsight Interactive Query
Azure HDInsight provides a fully managed Hadoop and Spark service on the Microsoft Azure cloud. Recent updates include price reductions, new interactive query capabilities for fast SQL queries on large datasets, integration with Azure Log Analytics for cluster monitoring, and security features like Active Directory integration. HDInsight aims to simplify big data analytics by reducing complexity, improving performance, enabling better monitoring, and enhancing security for open source analytics workloads.
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Presented at the Chef NYC meetup on April 20, 2017, this presentation reviews how to automate compliance scanning and reporting with InSpec by Chef and wrapped up with a hands-on workshop.
Serverless Architectures: Ein Survival Guide
Man nehme ein bisschen BaaS (Backend as a Service), dazu noch ein wenig FaaS (Function as a Service) und fertig ist die Serverless Cloud Application. Was sich in der Theorie so einfach anhört, bringt in der Praxis die eine oder andere Herausforderung mit sich. Die versprochenen Benefits, wie Time-to-Market, Auto-Scaling, automatisches Failover oder Kostenreduzierung via „Pay per Use“ gibt es leider nicht umsonst. Eine passende Architektur muss her. Im Rahmen des Workshops werden wir uns verschiedene Anwendungsszenarien anschauen und für passende Architekturansätze für diese entwerfen. Wir werden dabei natürlich auch dem einen oder anderen Stolperstein begegnen. Aber das kann uns nicht aufhalten.
OWASP AppSec Global 2019 Security & Chaos Engineering
Security today is customarily a reactive and chaotic exercise.
In this session, we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.
DevOops & How I hacked you DevopsDays DC June 2015
In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment.
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Vault is a tool for centrally managing secrets like passwords, API keys, and certificates. It addresses the problem of "secrets sprawl" where credentials are stored insecurely in multiple places like source code, emails, and configuration files. Vault centralizes secrets management, provides access control and auditing, and generates unique short-lived credentials to reduce risk if a secret is compromised. It also supports encrypting sensitive data for additional protection. Implementing Vault involves deciding where it will run, who will manage encryption keys, which secrets it will store, where audit logs will go, and who will operate and configure the system on an ongoing basis.
ADDO - Navigating the DevSecOps App-ocalypse 2020
The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to.
As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture ‘accidents’ or ‘mistakes’ as opportunities to proactively strengthen system resilience. Chaos Engineering allows us to proactively expose the failures, build resilient systems, and develop an "Applied Security" model to minimize the impact of failures.
Chaos Engineering allows for security teams to proactively experiment and derive new information about underlying factors that were previously unknown. This is done by developing live fire exercises that can be measured, managed, and automated. Contrary to Red/Purple Team exercises, chaos engineering does not use threat actor or adversarial tactics, techniques and procedures. As far as we know it Chaos Engineering is the only proactive mechanism for detecting availability and security incidents before they happen. We proactively introduce turbulent conditions, faults, and failures into our systems to determine the conditions by which our security will fail before it actually does.
In this session we will introduce a new concept known as Security Chaos Engineering and how it can be applied to create highly secure, performant, and resilient distributed systems.
Quality code in wordpress
How to create quality code in WordPress plugins and themes using static code analysis, automatic unit testing, E2E testing, TravisCI\Jenkins and other tools.
Similar to Rotating Passwords With Ansible and HashiVault (20)
All Change! How the new economics of Cloud will make you think differently ab...
All Change! How the new economics of Cloud will make you think differently ab...
User Credential handling in Web Applications done right
User Credential handling in Web Applications done right
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Zettaset Elastic Big Data Security for Greenplum Database
Zettaset Elastic Big Data Security for Greenplum Database
Password Policies in Oracle Access Manager. How to improve user authenticatio...
Password Policies in Oracle Access Manager. How to improve user authenticatio...
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
What’s New in Cloudera Enterprise 6.0: The Inside Scoop 6.14.18
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
RSA Conference APJ 2019 DevSecOps Days Security Chaos Engineering
Keepler | Full-Stack Serverless Applications on GCP
Keepler | Full-Stack Serverless Applications on GCP
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
OWASP AppSec Global 2019 Security & Chaos Engineering
OWASP AppSec Global 2019 Security & Chaos Engineering
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
More from Keith Resar
Simple Tips and Tricks with Ansible
Ansible can solve almost any automation challenge, but we will focus on how simply this can be done. The talk will cover one-liners and other tricks that can be added to your virtual toolbox. There will also be a discussion so come with your own favorite tip or trick for the group that leverage Ansible.
presented by... Mike Dahlgren.. "Almost two decades he bought a simple red fedora from the back of a 'Teach Yourself Linux' book, now he lives that dream at Red Hat as a Senior Cloud Solution Architect. His passion for evangelizing the benefits Open Source has never wavered through a career in private, public, and government agencies."
Ansible Automation Best Practices From Startups to Enterprises - Minnebar 12
This document provides an introduction to Ansible, describing it as an automation tool capable of handling many powerful automation tasks. It discusses how Ansible works using Playbooks written in YAML to execute tasks sequentially on managed nodes. Playbooks allow describing an entire infrastructure and orchestrating application deployment, configuration management, and workflow tasks in an agentless manner using OpenSSH and WinRM.
Hosting For Your Startup, Side Project, or Big Dollar App - Minnebar 12
This document discusses different hosting options for startups and applications, including infrastructure as a service (IaaS) and platform as a service (PaaS). It analyzes considerations for choosing between IaaS vendors like public clouds, virtual private servers, and physical hosting. It also evaluates criteria for selecting PaaS vendors and public clouds. Several use cases are presented to demonstrate how the hosting needs and costs can vary depending on the type of application and its requirements.
Advanced Use of jinja2 for Templates
Take a practical dive into advanced use of the Jinja2 templating language as implemented in the Ansible core template module.
DevFestMN 2017 - Learning Docker and Kubernetes with Openshift
Hands-on lab discovering containers (through docker), the need for container orchestration (using Kubernetes), and the place for a container PaaS (via OpenShift)
Container Storage Best Practices in 2017
Docker Storage Drivers are a rapidly moving target. Considering the addition of new graphdrivers and continued maturing of the existing set, we evaluate how each works, performance implications from their implementation architecture, and ideal use cases for each.
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
This document is a bio for Keith Resar who wears many hats as a coder, open source contributor, and infrastructure architect at RedHat. It discusses his work with containers in development and production using Docker and Kubernetes as well as networking, registries, build automation, CI/CD pipelines, and how OpenShift fits into this landscape.
More from Keith Resar (7)
Ansible Automation Best Practices From Startups to Enterprises - Minnebar 12
Ansible Automation Best Practices From Startups to Enterprises - Minnebar 12
Hosting For Your Startup, Side Project, or Big Dollar App - Minnebar 12
Hosting For Your Startup, Side Project, or Big Dollar App - Minnebar 12
DevFestMN 2017 - Learning Docker and Kubernetes with Openshift
DevFestMN 2017 - Learning Docker and Kubernetes with Openshift
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
Recently uploaded
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
This case study explores designing a scalable e-commerce platform, covering key requirements, system components, and best practices.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Fueling AI with Great Data with Airbyte Webinar
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Public CyberSecurity Awareness Presentation 2024.pptx
Cyber security awareness slides for a busisness by TreeTop Security
Best 20 SEO Techniques To Improve Website Visibility In SERP
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Digital Marketing Trends in 2024 | Guide for Staying Ahead
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
A Comprehensive Guide to DeFi Development Services in 2024
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
AWS Cloud Cost Optimization Presentation.pptx
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Recently uploaded (20)
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Rotating Passwords With Ansible and HashiVault
- 1. ROTATING PASSWORDS WITH ANSIBLE AND HASHIVAULT OUR PRACTICAL OVERVIEW OF SECRET MANAGEMENT BY INTEGRATING HASHICORP'S VAULT WITH ANSIBLE Keith Resar @KeithResar
- 2. @KeithResar Keith Resar: Bio Wear many hats @KeithResar Keith.Resar@RedHat.com Coder Open Source Contributor and Advocate Infrastructure Architect
- 3. 7 PRINCIPLES OF DEVSECOPS ● Humans create poor quality passwords, let’s generate them automatically ● An automated task would allow increased password rotation frequency ● Continuous deployment of password rotations would be ideal ● An automated task can be tested, and will never go beyond its scope ● Storing the password in a shared-secret vault is our break glass ● Integrating with AD would be great, allowing seamless runtime access control ● Passwords should not be stored in Git, deploy scripts, etc
- 5. ANSIBLE VAULT ENABLES STORING SENSITIVE DATA SUCH AS PASSWORDS OR KEYS IN ENCRYPTED FILES, RATHER THAN AS PLAINTEXT IN YOUR PLAYBOOKS OR ROLES.
- 6. ANSIBLE VAULT ● No External dependencies ● Encrypt entire files or individual secrets ● Version control, commit alongside playbooks
- 7. ANSIBLE VAULT USAGE > ansible-vault {create,rekey,edit,encrypt} foo.yml > ansible-playbook foo.yml --ask-vault-pass
- 8. MOVING BEYOND ANSIBLE VAULT ● Storing static information vs. Dynamic database ● Separation of automation from secrets ● Supporting password leases
- 11. HASHICORP VAULT VIA ANSIBLE
- 12. DEMO APPLICATION KEY ROTATION
- 14. WHAT’S NEXT ● Application Support ● Notifications ● Tests ● External verification of secret inventory and change date
- 15. RESOURCES ROTATE PASSWORDS WITH ANSIBLE AND HASHIVAULT http://far-oeuf.com/.../...ansible-hashivault ANSIBLE LOOKUP PLUGIN FOR HV SECRETS https://github.com/jhaals/ansible-vault ANSIBLE MINNEAPOLIS MEETUP https://www.meetup.com/Ansible-Minneapolis/