Many SAP systems are connected to the Internet, and exposing sensitive services beyond Web applications. Furthermore, the internal network is usually not properly segmented.
Practical SAP pentesting (B-Sides San Paulo)ERPScan
Â
All business processes are generally contained in ERP systems. Any information an attacker might want is stored in a companyâs ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. And SAP is the most popular business application vendor with more than 250000 customers worldwide.
The workshop conducted by Alexander Polyakov, CTO of ERPScan, at B-Sides Conference 2014 (San Paulo) is a practical SAP pentesting guide.
Decentralized storage systems like IPFS and Swarm allow users to store and access files in a decentralized peer-to-peer manner without relying on centralized servers. IPFS in particular aims to build a better web by making files addressable through content hashes rather than locations and improving availability, security, and cost efficiency compared to HTTP. It works by breaking files into chunks that are distributed across the network and retrieved by hash rather than location. Basic IPFS commands demonstrated include adding files, pinning for local access, and downloading content from the decentralized network.
The document describes a proposed Presence Cloud solution for providing on-demand data to wireless computing devices. The key points are:
1) Existing centralized presence server architectures have scalability issues as the number of presence updates increases. Presence Cloud proposes a peer-to-peer architecture using a quorum-based server overlay to improve efficiency and scalability.
2) Presence Cloud implements caching of presence data across servers, directed buddy searches to minimize response times, and maintenance algorithms to periodically verify server connections.
3) Analysis shows Presence Cloud achieves major performance gains over centralized architectures in terms of reducing messages without sacrificing search satisfaction. The communication cost is reduced to O(n).
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
Â
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
The document provides step-by-step instructions for installing VMware ESXi 6.0 on a server. It first lists the minimum hardware requirements including supported server hardware, CPUs, RAM, network adapters and storage. It then outlines the interactive installation process using a CD/DVD including selecting options, providing passwords, configuring networking and applying changes. Once complete, the vSphere client can be used to manage the new ESXi host.
Every app needs to navigate from page to page and pass data around too! That is where Xamarin.Forms Shell can help by simplifying the your application structure, provide URL navigation, passing parameters, and even deep linking! Join in for a full session with James Montemagno on how to setup your app and get navigating.
Salesforce is a cloud-based CRM platform founded in 1999 by Marc Benioff. It allows companies to manage customer relationships and data through software accessed online. Salesforce offers various cloud products including Sales Cloud, Service Cloud, and Marketing Cloud that allow companies to sell products, provide customer service, and engage customers through marketing. It provides benefits such as low cost, scalability, and integration with other apps.
Many SAP systems are connected to the Internet, and exposing sensitive services beyond Web applications. Furthermore, the internal network is usually not properly segmented.
Practical SAP pentesting (B-Sides San Paulo)ERPScan
Â
All business processes are generally contained in ERP systems. Any information an attacker might want is stored in a companyâs ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. And SAP is the most popular business application vendor with more than 250000 customers worldwide.
The workshop conducted by Alexander Polyakov, CTO of ERPScan, at B-Sides Conference 2014 (San Paulo) is a practical SAP pentesting guide.
Decentralized storage systems like IPFS and Swarm allow users to store and access files in a decentralized peer-to-peer manner without relying on centralized servers. IPFS in particular aims to build a better web by making files addressable through content hashes rather than locations and improving availability, security, and cost efficiency compared to HTTP. It works by breaking files into chunks that are distributed across the network and retrieved by hash rather than location. Basic IPFS commands demonstrated include adding files, pinning for local access, and downloading content from the decentralized network.
The document describes a proposed Presence Cloud solution for providing on-demand data to wireless computing devices. The key points are:
1) Existing centralized presence server architectures have scalability issues as the number of presence updates increases. Presence Cloud proposes a peer-to-peer architecture using a quorum-based server overlay to improve efficiency and scalability.
2) Presence Cloud implements caching of presence data across servers, directed buddy searches to minimize response times, and maintenance algorithms to periodically verify server connections.
3) Analysis shows Presence Cloud achieves major performance gains over centralized architectures in terms of reducing messages without sacrificing search satisfaction. The communication cost is reduced to O(n).
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
Â
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
(Source: RSA USA 2016-San Francisco)
The document provides step-by-step instructions for installing VMware ESXi 6.0 on a server. It first lists the minimum hardware requirements including supported server hardware, CPUs, RAM, network adapters and storage. It then outlines the interactive installation process using a CD/DVD including selecting options, providing passwords, configuring networking and applying changes. Once complete, the vSphere client can be used to manage the new ESXi host.
Every app needs to navigate from page to page and pass data around too! That is where Xamarin.Forms Shell can help by simplifying the your application structure, provide URL navigation, passing parameters, and even deep linking! Join in for a full session with James Montemagno on how to setup your app and get navigating.
Salesforce is a cloud-based CRM platform founded in 1999 by Marc Benioff. It allows companies to manage customer relationships and data through software accessed online. Salesforce offers various cloud products including Sales Cloud, Service Cloud, and Marketing Cloud that allow companies to sell products, provide customer service, and engage customers through marketing. It provides benefits such as low cost, scalability, and integration with other apps.
This document provides an overview of change and release management for a Salesforce implementation. It discusses collecting change requests, tracking requests, prioritizing requests, development architecture, QA/UAT, approvals, communications, and training. It also covers change management processes, different types of changes, who should be involved, and steps for effective change management. Additionally, it outlines considerations for release management including deployment cadence, environment strategy, training/communications, and ongoing support models.
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
Â
The document discusses the use of use cases to define the goals and metrics for a security operations center (SOC) program. It suggests developing use cases around monitoring specific threat vectors like the perimeter, infrastructure, and privileged accounts. Use cases should also align the SOC's capabilities with the threats the organization cares most about, such as script kiddies, insider threats, or nation-state actors. Properly defining use cases allows an organization to justify SOC expenditures and determine if it is achieving success.
The SAP SuccessFactors Recruiting solution helps companies source, engage, and hire top talent globally. It allows companies to post jobs across many sources, utilize search engine optimization, and analyze sourcing data. The solution also helps nurture candidate relationships through engagement tools and a mobile experience. Additionally, it streamlines the hiring process through automation, improved interview management, and faster offer handling.
Security operations center 5 security controlsAlienVault
Â
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Are you new to Nutanix? Jump into this introductory product session to learn the fundamentals of Nutanix Enterprise Cloud software and its key capabilities. A couple Nutanix experts will demonstrate how Nutanix delivers a complete cloud âstackâ with the server, storage virtualization and network resources to run any application. Learn the basics of hyperconverged infrastructure, and understand how to deploy Nutanix in your datacenter or branch/remote office.
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentHuy Pham
Â
Desktop virtualization allows users to access virtual desktops and applications from any device. It provides Windows desktops, apps, and data as a service for every user through a high-definition user experience across any network. The solution includes application migration and lifecycle management tools. Citrix XenDesktop is an open, scalable platform that uses FlexCast to deliver virtual desktops and applications through various models depending on use cases.
Synapse India is an IT solutions provider that offers software development and marketing services. It is CMMI level-3 certified and works with over 2000 clients worldwide. Single sign-on (SSO) allows a user to log in once and gain access to multiple independent systems without re-authenticating, saving time. SAML is a protocol that implements SSO in enterprises by defining identity providers, service providers, and the transfer of authentication data between the two using XML messages. Implementing SSO involves configuring servers as identity providers or service providers and exchanging metadata between the two to enable single sign-on access across systems.
CyberArk Training is Privileged Account Security Solutions across the global organizations. Best CyberArk Online Training and corporate Training by experts
This document discusses performance monitoring and testing in the Salesforce cloud. It describes how Salesforce uses a scalable, multi-tenant architecture to support over 60 billion transactions per quarter with an average response time of under 275ms. It also outlines how Salesforce's performance engineering team conducts internal testing to benchmark and monitor the platform, using both playback of production logs and synthetic workloads. The document provides guidance for customers on when and how to conduct their own performance tests, including identifying key transactions to test, using tools to capture metrics, and engaging Salesforce support for assistance.
SOC presentation- Building a Security Operations CenterMichael Nickle
Â
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Implementing an Application Security Pipeline in JenkinsSuman Sourav
Â
Performing continuous security testing in a DevOps environment with short release cycles and a continuous delivery pipeline is a big challenge and the traditional secure SDLC model fails to deliver the desired results. DevOps understand the process of built, test and deploy. They have largely automated this process in a delivery pipeline, they deploy to production multiple times per day but the big challenge is how can they do this securely?
This session will focus on a strategy to build an application security pipeline in Jenkins, challenges and possible solutions, also how existing application security solutions (SAST, DAST, IAST, OpenSource Libraries Analysis) are playing a key role in growing the relationship between security and DevOps.
CCNA Security 02- fundamentals of network securityAhmed Habib
Â
This document provides an overview of network security. It discusses what network security is, the rationale for it including increases in cybercrime and threats. It covers types of attacks, vulnerabilities, and countermeasures. It also discusses security policies, standards, risk assessment, and careers in network security such as network security administrator and chief information security officer.
For more info: http://scn.sap.com/community/sso.
SAP Single Sign-On enables companies to eliminate the need for multiple passwords and user IDs. Centralize and simplify the way users log on to systems and applications. Lower the risks of unsecured login information, reduce help desk calls, and help ensure the confidentiality and security of personal and company data.
The CISO is presenting to the board of directors to introduce cyber risk management at the company. The presentation covers three key areas: introducing cyber risk and the company's framework for managing it, the strategic roadmap and metrics for the information security function, and establishing information security as a board-level topic. The goal is to help the board understand cybersecurity risks, provide oversight of risk management, and introduce the CISO's vision and plans to improve the security posture.
Default accounts are commonly exploited to gain unauthorized access to SAP systems. The presentation identifies several new default accounts in SAP Solution Manager with the password "init1234" that can be used to retrieve passwords, execute operating system commands, and fully compromise associated SAP systems. It provides examples of how these accounts can be exploited and advises customers to use available tools to detect and remediate exposed default accounts.
Attacks Based on Security ConfigurationsOnapsis Inc.
Â
Many large companies, as well as large government and defense organizations, have something in common: they rely on SAP platforms to process their business critical processes and information. Because of the sensitive nature of the information stored in these complex implementations, they are quickly becoming an attractive target for cyber-criminals looking to perform espionage, sabotage or financial fraud attacks by gaining access to the organizationsâ crown jewels.
Securing these large and complex SAP implementations can be an ongoing, complicated and pain-staking task which requires specialized SAP security knowledge. This task encompasses managing the SoD process, patch (Security Note) management and implementation, analyzing interfaces and configuring the systems properly and securely (among many other things). One of the first and most important steps in starting the process of securing SAP implementations is the need to configure SAP application servers in a secure way. This task is not easy, as a SAP system has hundreds of different configurations which can be modified and a wrong setting or combination of settings can introduce large amounts of risk.
During this presentation, Onapsis CTO, Juan Perez-Etchegoyen explained some of the risks a default or insecure setting could introduce to the whole SAP infrastructure. You will see real life examples of these misconfigurations, and the threats introduced by them through several live demos. He will also explain how organizations can begin a process of securely configuring these systems.
This document provides an overview of change and release management for a Salesforce implementation. It discusses collecting change requests, tracking requests, prioritizing requests, development architecture, QA/UAT, approvals, communications, and training. It also covers change management processes, different types of changes, who should be involved, and steps for effective change management. Additionally, it outlines considerations for release management including deployment cadence, environment strategy, training/communications, and ongoing support models.
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
Â
The document discusses the use of use cases to define the goals and metrics for a security operations center (SOC) program. It suggests developing use cases around monitoring specific threat vectors like the perimeter, infrastructure, and privileged accounts. Use cases should also align the SOC's capabilities with the threats the organization cares most about, such as script kiddies, insider threats, or nation-state actors. Properly defining use cases allows an organization to justify SOC expenditures and determine if it is achieving success.
The SAP SuccessFactors Recruiting solution helps companies source, engage, and hire top talent globally. It allows companies to post jobs across many sources, utilize search engine optimization, and analyze sourcing data. The solution also helps nurture candidate relationships through engagement tools and a mobile experience. Additionally, it streamlines the hiring process through automation, improved interview management, and faster offer handling.
Security operations center 5 security controlsAlienVault
Â
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Are you new to Nutanix? Jump into this introductory product session to learn the fundamentals of Nutanix Enterprise Cloud software and its key capabilities. A couple Nutanix experts will demonstrate how Nutanix delivers a complete cloud âstackâ with the server, storage virtualization and network resources to run any application. Learn the basics of hyperconverged infrastructure, and understand how to deploy Nutanix in your datacenter or branch/remote office.
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentHuy Pham
Â
Desktop virtualization allows users to access virtual desktops and applications from any device. It provides Windows desktops, apps, and data as a service for every user through a high-definition user experience across any network. The solution includes application migration and lifecycle management tools. Citrix XenDesktop is an open, scalable platform that uses FlexCast to deliver virtual desktops and applications through various models depending on use cases.
Synapse India is an IT solutions provider that offers software development and marketing services. It is CMMI level-3 certified and works with over 2000 clients worldwide. Single sign-on (SSO) allows a user to log in once and gain access to multiple independent systems without re-authenticating, saving time. SAML is a protocol that implements SSO in enterprises by defining identity providers, service providers, and the transfer of authentication data between the two using XML messages. Implementing SSO involves configuring servers as identity providers or service providers and exchanging metadata between the two to enable single sign-on access across systems.
CyberArk Training is Privileged Account Security Solutions across the global organizations. Best CyberArk Online Training and corporate Training by experts
This document discusses performance monitoring and testing in the Salesforce cloud. It describes how Salesforce uses a scalable, multi-tenant architecture to support over 60 billion transactions per quarter with an average response time of under 275ms. It also outlines how Salesforce's performance engineering team conducts internal testing to benchmark and monitor the platform, using both playback of production logs and synthetic workloads. The document provides guidance for customers on when and how to conduct their own performance tests, including identifying key transactions to test, using tools to capture metrics, and engaging Salesforce support for assistance.
SOC presentation- Building a Security Operations CenterMichael Nickle
Â
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Implementing an Application Security Pipeline in JenkinsSuman Sourav
Â
Performing continuous security testing in a DevOps environment with short release cycles and a continuous delivery pipeline is a big challenge and the traditional secure SDLC model fails to deliver the desired results. DevOps understand the process of built, test and deploy. They have largely automated this process in a delivery pipeline, they deploy to production multiple times per day but the big challenge is how can they do this securely?
This session will focus on a strategy to build an application security pipeline in Jenkins, challenges and possible solutions, also how existing application security solutions (SAST, DAST, IAST, OpenSource Libraries Analysis) are playing a key role in growing the relationship between security and DevOps.
CCNA Security 02- fundamentals of network securityAhmed Habib
Â
This document provides an overview of network security. It discusses what network security is, the rationale for it including increases in cybercrime and threats. It covers types of attacks, vulnerabilities, and countermeasures. It also discusses security policies, standards, risk assessment, and careers in network security such as network security administrator and chief information security officer.
For more info: http://scn.sap.com/community/sso.
SAP Single Sign-On enables companies to eliminate the need for multiple passwords and user IDs. Centralize and simplify the way users log on to systems and applications. Lower the risks of unsecured login information, reduce help desk calls, and help ensure the confidentiality and security of personal and company data.
The CISO is presenting to the board of directors to introduce cyber risk management at the company. The presentation covers three key areas: introducing cyber risk and the company's framework for managing it, the strategic roadmap and metrics for the information security function, and establishing information security as a board-level topic. The goal is to help the board understand cybersecurity risks, provide oversight of risk management, and introduce the CISO's vision and plans to improve the security posture.
Default accounts are commonly exploited to gain unauthorized access to SAP systems. The presentation identifies several new default accounts in SAP Solution Manager with the password "init1234" that can be used to retrieve passwords, execute operating system commands, and fully compromise associated SAP systems. It provides examples of how these accounts can be exploited and advises customers to use available tools to detect and remediate exposed default accounts.
Attacks Based on Security ConfigurationsOnapsis Inc.
Â
Many large companies, as well as large government and defense organizations, have something in common: they rely on SAP platforms to process their business critical processes and information. Because of the sensitive nature of the information stored in these complex implementations, they are quickly becoming an attractive target for cyber-criminals looking to perform espionage, sabotage or financial fraud attacks by gaining access to the organizationsâ crown jewels.
Securing these large and complex SAP implementations can be an ongoing, complicated and pain-staking task which requires specialized SAP security knowledge. This task encompasses managing the SoD process, patch (Security Note) management and implementation, analyzing interfaces and configuring the systems properly and securely (among many other things). One of the first and most important steps in starting the process of securing SAP implementations is the need to configure SAP application servers in a secure way. This task is not easy, as a SAP system has hundreds of different configurations which can be modified and a wrong setting or combination of settings can introduce large amounts of risk.
During this presentation, Onapsis CTO, Juan Perez-Etchegoyen explained some of the risks a default or insecure setting could introduce to the whole SAP infrastructure. You will see real life examples of these misconfigurations, and the threats introduced by them through several live demos. He will also explain how organizations can begin a process of securely configuring these systems.
SAP HANA Security: New Technology, New RisksVirtual Forge
Â
Dr. Markus Schumacher, Virtual Forge CEO, presented at this year's SAP TechEd security risks that may arise with the introduction of new technologies based on SAP HANA. He points to 5 rules to optimally protect SAP HANA environments.
Practical SAP pentesting workshop (NullCon Goa)ERPScan
Â
All business processes are generally contained in ERP systems. Any information an attacker might want is stored in a companyâs ERP. This information can include financial, customer or public relations, intellectual property, personally identifiable information and more. And SAP is the most popular business application vendor with more than 250000 customers worldwide.
The workshop conducted by Alexander Polyakov, CTO of ERPScan, at NullCon Goa Conference is a practical SAP pentesting guide.
Static Analysis Security Testing for Dummies... and YouKevin Fealey
Â
Most enterprise application security teams have at least one Static Analysis Security Testing (SAST) tool in their tool-belt; but for many, the tool never leaves the belt. SAST tools have gotten a reputation for being slow, error-prone, and difficult to use; and out of the box, many of them are â but with a little more knowledge behind how these tools are designed, a SAST tool can be a valuable part of any security program.
In this talk, weâll help you understand the strengths and weaknesses of SAST tools by illustrating how they trace your code for vulnerabilities. Youâll see out-of-the-box rules for commercial and open-source SAST tools, and learn how to write custom rules for the widely-used open source SAST tool, PMD. Weâll explain the value of customizing tools for your organization; and youâll learn how to integrate SAST technologies into your existing build and deployment pipelines. Lastly, weâll describe many of the common challenges organizations face when deploying a new security tool to security or development teams, as well as some helpful hints to resolve these issues
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp
Â
This document contains the agenda and slides for a presentation on SQL Server security. The presentation covers security foundations for database administrators (DBAs), well-known risk factors from OSSTMM and OWASP, SQL Server security best practices, security enhancements in SQL Server 2014, 2016, and 2017, SQL Server security in the cloud, DBA security, and risk management for DBAs. The slides define key security concepts, categorize security realms, outline the OSSTMM and OWASP top 10 risks, and describe various SQL Server security features and configurations.
Locking down server and workstation operating systemsBen Rothke
Â
The document discusses approaches to securing systems when rapid patching is not possible. It recommends implementing network segmentation, monitoring technologies, and user access controls to shield vulnerable systems that cannot be patched quickly. While patching is important, it is not a panacea, and targeted attacks use other vectors beyond exploiting unpatched vulnerabilities. A proactive application security program integrated into the development lifecycle can help mitigate issues before exploits are found. When patching is truly not possible, additional defenses like host-based IPS, firewalls, and encryption should be used to minimize risk.
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
Â
This document discusses continuous monitoring of industrial networks to detect problems. It describes what aspects of the network should be monitored, including servers, operating systems, processes, protocols, and controllers. It outlines how a test monitoring environment was prepared with a PLC, simulator, monitoring server, and traffic sniffer. Several attacks were performed, like DoS, ARP poisoning, malware infection. The results of monitoring detected these attacks by observing unusual traffic and system behaviors. The conclusion is that establishing a baseline and configuring triggers can help detect anomalies indicating network compromise.
Protect4S - Seguridad total en sus sistemas SAPTomas Martinez
Â
Protect4S is an SAP security solution that automates many complex and manual SAP security processes through continuous scanning, analysis, and mitigation of vulnerabilities. It uses over 1600 security checks to harden SAP systems on operating system, database, and application layers. Protect4S provides automated alerts, reports, heatmaps, and integration with SIEM solutions. It is designed to simplify SAP security and switch processes from reactive to preventive through repeated scanning and improvement of security issues.
ТокŃĐžŃиаН пО ŃоПаŃико инŃĐžŃПаŃиОннОК йоСОпаŃнОŃŃи Cisco Russia
Â
The document discusses best practices for deploying and optimizing Cisco Identity Services Engine (ISE). It provides an overview of key ISE features in version 1.4, including enhancements to guest access, profiling, and load balancing. The presentation aims to help engineers implement ISE using best practices to ensure scalability, performance, and redundancy.
EAS-SEC: Framework for securing business applicationsERPScan
Â
For a quite long time, ERP Security was only the synonym of segregation of duties. But nowadays this situation has changed. There are 3 areas of Business Application Security such as SOD, Custom Code security and Application platform security. SAP customers are now aware of problems with SAP installations, but they still donât know, where should they start to solve them.
The aim of EAS-SEC (http://eas-sec.org/) is to aware people about enterprise application security problems and create guidelines and tools for enterprise application security assessment.
This document discusses how hackers compromise SAP S/4HANA systems and how to protect yourself. It outlines 5 common ways that hackers attack S/4HANA, including social engineering, exploiting known vulnerabilities, phishing, exploiting custom development, and compromising basic security. It then provides 5 rules for protecting S/4HANA, which are hardening systems, managing users and roles, securing application development, establishing monitoring, and applying security patches. The document promotes a SAST security suite for comprehensively securing S/4HANA systems.
A presentation to Computer Engineering 4th year undergraduate students at Makerere University, Faculty of Technology, College of Design, Art and TechnologyÂ
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
Â
We are expecting more and more from our IBM z Systems. Our critical data and applications are nested in our IBM z Systems infrastructure, and more than ever it positions itself as the security hub. It now exports services to secure distributed environment thanks to its security as a services capabilities. During this lecture, Mr DarĂŠes talks about z Systems Roles for security in most of todayâs hot topics (compliance, Database encryption, Tokenization, Digital Certificates, ...).
IBM Power Systems servers (AS/400, iSeries) enjoy a reputation as one of the most secure platforms in the data center, and this is reinforced each time IBM enhances the already impressive set of built-in security features.
Unfortunately, many organizations are surprised to learn that IBM i ships in a completely open default state. Addressing this starts with understanding and configuring the supplied operating system controls.
Jeff Uehling of IBM outlines new security functions incorporated into recent editions of IBM i, including:
⢠New password policy controls
⢠Encryption
⢠User profile enhancements
⢠Field procedures (FieldProc)
⢠Row and column access control (RCAC)
Business applications like ERP, CRM, SRM, and others are one of the major topics in the field of computer security as these applications store business data and any vulnerabilities in these applications can cause a significant monetary and reputational loss or even stoppage of business.
Nonetheless, people still do not pay much attention to the technical side of SAP security.
As for SAP, we saw different vulnerabilities at all levels (architecture, software vulnerabilities and implementation).
ciso-platform-annual-summit-2013-New Framework for ERP SecurityPriyanka Aash
Â
The document discusses various guidelines for assessing security in SAP systems. It describes the EAS-SEC standard developed by ERPScan, which includes 33 critical checks across 9 areas. This is proposed as a first step for rapid security assessments. The document also mentions other guidelines from SAP, ISACA, and DSAG that can be used for more comprehensive assessments. It highlights some limitations of existing guidelines and the need to develop standards that cover all applications and aspects of security, including source code reviews. The author proposes expanding the EAS-SEC framework to address these gaps.
Information Security Lesson 4 - Baselines - Eric VanderburgEric Vanderburg
Â
The document discusses security baselines and hardening systems and networks. It covers topics like disabling unused services, using security templates to configure Windows settings, implementing group policy for domain configurations, and applying patches and filters to harden applications, operating systems, databases, and network devices. The document also defines several common acronyms related to information security.
Runecast Analyzer uses the VMware Knowledge Base to analyze the vSphere configuration and logs. It exposes potential issues before they cause major outages. Runecast also uses the vSphere Security Hardening guides and Best Practices to scan your VMware infrastructure for compliance.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
đ Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
đť Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
Â
đ Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
đ Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
đť Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
đ Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
Â
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energyâs Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
Â
An English đŹđ§ translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech đ¨đż version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
From Natural Language to Structured Solr Queries using LLMsSease
Â
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or âcognitiveâ gap) remains between the data user needs and the data producer constraints.
That is where AI â and most importantly, Natural Language Processing and Large Language Model techniques â could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr indexâs metadata.
This approach leverages the LLMâs ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Â
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
What is an RPA CoE? Session 2 â CoE RolesDianaGray10
Â
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
⢠What roles are essential?
⢠What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
Â
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
"Choosing proper type of scaling", Olena SyrotaFwdays
Â
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Â
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Â
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
Weâll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
3. About Me
⢠Ertunga Arsal <e.arsal @ esnc.de>
âSecurity Researcher with focus on Enterprise Systems
âFounder of ESNC GmbH, a company specialized in SAP Security
⢠OďŹcially acknowledged for the following Security Patches :
⢠SAP Note 1484692 - Protect read access to password hash tables
⢠SAP Note 1497104 - Protect access to PSE
⢠SAP Note 1421005 - Secure conďŹgura.on of the message server
⢠SAP Note 1483525 - New security center in SAP GUI 7.20
⢠SAP Note 1485029 - Protect read access to key tables
⢠SAP Note 1488406 - Handling the generated user TMSADM
⢠SAP Note 1511107 - Execu.ng freely determined code using transac.on SE37
⢠SAP Note 1510704 - Missing Authoriza.on Check in AFX Workbench report
3
6. SAP Systems
⢠Business speciďŹc
â HR, Finances, Logis.csâŚ
⢠Industry solu.ons
â Defense & Aerospace, Oil & Gas, Banking,
Chemicals...
⢠Hold the Crown Jewels
â Hence âBusinessâ
⢠Are usually extensively customized
â SAP consultants on-site
â Long running implementa.on projects
⢠Less exposure to typical hackers
â Who would learn ABAP for hacking?
â How would someone try it at home?
6
36. The Threat Agent: ABAP Developer
⢠Writes code that runs at the heart of the system
⢠The user rights and permissions donât apply to him
⢠He can assign god rights to itself via code
âAudit logs are typically disabled on development systems
⢠If enabled, most probably developers will be able to disable/tamper them
⢠remember to always log to an external system.
⢠You need to trust the developers more than your security
team
âWould you hire an ABAP developer who recently worked at a compe.tor?
⢠IF answer EQUALS âHELL, YEAHâ, think again now.
âHow about the contracted ones that also provide services to other
companies at the same .me?
36