Présentation sur les web services et implémentation d'un service web en Ruby et Sinatra. Le code source se trouve sur Github https://github.com/fenicks/joke_server.
This talk intends to demonstrate how to improve web application security testing by combining browser automation framework and web proxy API.
The goal of this research is to bring a web proxy as close as possible to a browser to achieve a better security testing coverage, especially when dealing with complex client-side technology.
The presentation includes a montage of real case scenarios, showing how this approach can lead to the discovery of vulnerabilities which might otherwise go unnoticed.
Slides for a one hour talk I did for Mozilla event in Nablus. It is about the effort Mozilla has been doing to bring the immersive realities to the web to make the XR content available and accessible to all.
Présentation sur les web services et implémentation d'un service web en Ruby et Sinatra. Le code source se trouve sur Github https://github.com/fenicks/joke_server.
This talk intends to demonstrate how to improve web application security testing by combining browser automation framework and web proxy API.
The goal of this research is to bring a web proxy as close as possible to a browser to achieve a better security testing coverage, especially when dealing with complex client-side technology.
The presentation includes a montage of real case scenarios, showing how this approach can lead to the discovery of vulnerabilities which might otherwise go unnoticed.
Slides for a one hour talk I did for Mozilla event in Nablus. It is about the effort Mozilla has been doing to bring the immersive realities to the web to make the XR content available and accessible to all.
SQL/JavaScript Hybrid Worms As Two-stage Quines José Ignacio
Delving into present trends and anticipating future malware
trends, a hybrid, SQL on the server-side, JavaScript on the client-side,
self-replicating worm based on two-stage quines was designed and im-
plemented on an ad-hoc scenario instantiating a very common software
pattern. The proof of concept code combines techniques seen in the wild,
in the form of SQL injections leading to cross-site scripting JavaScript
inclusion, and seen in the laboratory, in the form of SQL quines propa-
gated via RFIDs, resulting in a hybrid code injection. General features
of hybrid worms are also discussed.
Building a full-stack app with Golang and Google Cloud Platform in one weekDr. Felix Raab
The talk will cover how to effectively build a production-ready, full-stack app with Golang and GCP under time constraints. I'll discuss how to approach making quick and sound technical decisions and how to apply modern software engineering practices for end-to-end apps. The presentation shows, in an opinionated and "meme-ful" way, various lessons learned, tools, and key takeaways for cloud environments.
Application security is often an afterthought for developers, as we concentrate on the next shiny new feature for our projects. In this talk, we’ll highlight the importance of application security and explore some simple and practical ways that we as developers can defend our services from intrusion.
We’ll look at how my team at the BBC approached security concerns when creating the new BBC ID applications, and dive into some code examples to explore the best practices for Node.js server security.
Talk originally given at JavaScript North West meetup. https://www.meetup.com/JavaScript-North-West/events/239152184/
Microservices architecture has changed how companies develop, deploy and release applications. Some technologies such as Docker and Kubernetes has emerged to simplify how to put applications into production, increasing the release velocity from months to N times per day.
If you are into DevOps bandwagon, come to this session to learn how Kubernetes and Istio (the new Crown jewel) can help you on reducing the lead time (time to business value from idea too production) and start releasing at unicorn speed.
Some of the very things that make JavaScript awesome can also leave it exposed. Guy Podjarny and Danny Grander walk through some sample security flaws unique to Node’s async nature and surrounding ecosystem (or especially relevant to it)—e.g., memory leaks via the buffer object, ReDoS and other algorithmic DoS attacks (which impact Node due to its single-threaded nature), and timing attacks leveraging the EventLoop—and show how these could occur in your own code or in npm dependencies.
Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability ScannersAdam Doupe
Presentation at DIMVA 2010 of the paper "Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners"
Full paper:
http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
- Owasp AppSec Research 2010 -
Over the past year, clickjacking received extensive media coverage. News portals and security forums have been overloaded by posts claiming clickjacking to be the upcoming security threat.
In a clickjacking attack, a malicious page is constructed (or a benign page is hijacked) to trick the user into performing unintended clicks that are advantageous for the attacker, such as propagating a web worm, stealing confidential information or abusing of the user session.
This presentation introduces a novel solution we designed and implemented for an automated detection of clickjacking attacks on web-pages. The presentation details the architecture of our detection and testing system and it presents the results we obtained from the analysis of over a million "possibly malicious" Internet pages.
CloudNativeTurkey - Lines of Defence.pdfKoray Oksay
Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment.
In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.
The future will be Serverless - JSDay Verona 2018Luciano Mammino
Software development is on the verge of a new revolution that will change the rules of the Cloud Computing game... again! The new wind of change is called "Serverless" and you should definitely get ready for it! In this talk I will illustrate why I believe Serverless will be a game changer in the industry, how did we get to have Serverless and how to get started with it to build real products.
SQL/JavaScript Hybrid Worms As Two-stage Quines José Ignacio
Delving into present trends and anticipating future malware
trends, a hybrid, SQL on the server-side, JavaScript on the client-side,
self-replicating worm based on two-stage quines was designed and im-
plemented on an ad-hoc scenario instantiating a very common software
pattern. The proof of concept code combines techniques seen in the wild,
in the form of SQL injections leading to cross-site scripting JavaScript
inclusion, and seen in the laboratory, in the form of SQL quines propa-
gated via RFIDs, resulting in a hybrid code injection. General features
of hybrid worms are also discussed.
Building a full-stack app with Golang and Google Cloud Platform in one weekDr. Felix Raab
The talk will cover how to effectively build a production-ready, full-stack app with Golang and GCP under time constraints. I'll discuss how to approach making quick and sound technical decisions and how to apply modern software engineering practices for end-to-end apps. The presentation shows, in an opinionated and "meme-ful" way, various lessons learned, tools, and key takeaways for cloud environments.
Application security is often an afterthought for developers, as we concentrate on the next shiny new feature for our projects. In this talk, we’ll highlight the importance of application security and explore some simple and practical ways that we as developers can defend our services from intrusion.
We’ll look at how my team at the BBC approached security concerns when creating the new BBC ID applications, and dive into some code examples to explore the best practices for Node.js server security.
Talk originally given at JavaScript North West meetup. https://www.meetup.com/JavaScript-North-West/events/239152184/
Microservices architecture has changed how companies develop, deploy and release applications. Some technologies such as Docker and Kubernetes has emerged to simplify how to put applications into production, increasing the release velocity from months to N times per day.
If you are into DevOps bandwagon, come to this session to learn how Kubernetes and Istio (the new Crown jewel) can help you on reducing the lead time (time to business value from idea too production) and start releasing at unicorn speed.
Some of the very things that make JavaScript awesome can also leave it exposed. Guy Podjarny and Danny Grander walk through some sample security flaws unique to Node’s async nature and surrounding ecosystem (or especially relevant to it)—e.g., memory leaks via the buffer object, ReDoS and other algorithmic DoS attacks (which impact Node due to its single-threaded nature), and timing attacks leveraging the EventLoop—and show how these could occur in your own code or in npm dependencies.
Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability ScannersAdam Doupe
Presentation at DIMVA 2010 of the paper "Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners"
Full paper:
http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
Automated Malware Analysis and Cyber Security IntelligenceJason Choi
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
- Owasp AppSec Research 2010 -
Over the past year, clickjacking received extensive media coverage. News portals and security forums have been overloaded by posts claiming clickjacking to be the upcoming security threat.
In a clickjacking attack, a malicious page is constructed (or a benign page is hijacked) to trick the user into performing unintended clicks that are advantageous for the attacker, such as propagating a web worm, stealing confidential information or abusing of the user session.
This presentation introduces a novel solution we designed and implemented for an automated detection of clickjacking attacks on web-pages. The presentation details the architecture of our detection and testing system and it presents the results we obtained from the analysis of over a million "possibly malicious" Internet pages.
CloudNativeTurkey - Lines of Defence.pdfKoray Oksay
Kubernetes has become the de facto standard for container orchestration, and it is being widely adopted by organizations of all sizes. However, as with any complex system, there are a number of security challenges that need to be addressed in order to properly secure a Kubernetes deployment.
In his talk, Koray will first show you some security problem areas in Kubernetes and then give an overview of various security tools such as image screening and auditing. You will learn how to run Kubernetes clusters securely and how to proactively counteract security challenges.
The future will be Serverless - JSDay Verona 2018Luciano Mammino
Software development is on the verge of a new revolution that will change the rules of the Cloud Computing game... again! The new wind of change is called "Serverless" and you should definitely get ready for it! In this talk I will illustrate why I believe Serverless will be a game changer in the industry, how did we get to have Serverless and how to get started with it to build real products.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.