Secure your app user data with end-to-end encryption

•Download as PPTX, PDF•

0 likes•23 views

The document discusses end-to-end encryption for apps and databases. It describes generating encryption keys for users, encrypting data in the app using those keys so that only intended users can decrypt it, and storing the encrypted data in a database. The document also mentions generating backup keys from a username and password to prevent key loss.

Technology

App
REST
Frontend Backend Database
1. Login (OAuth)
2. Database query AuthorizeAuthorizeAuthorize
if (!user.hasAccess(resource))
throw “Access denied”;

Until somebody comes in a
way that you don’t expect

Process 1
memory
Process 2
memory
Process 3
memoryUser mode
Process 1
memory
Process 2
memory
Process 3
memoryKernel mode
if (!user.hasAccess(resource))
throw “Access denied”;

Your end-to-end encrypted app
Only end-users can decrypt data. Your cloud doesn’t have the keys.
?
?
??
?
?
MIICSQIBADCC
AkIGCSqGSIb3
DQEHA6CCAjMw
ggIvAgECMYIC
ADCB/QIBAqAK
BAhQZz8w9dMf

https at-reste2ee
Steve
Maria Mark
Eiffel
Crys
web api
frontend
database
Crys

Steve
Mark
CrysSteve
Maria Mark
Eiffel
Crys
Crys
Thread123
Thread123
Thread123

Step 1: create keys for your users
key = virgil.generateKey()
virgil.createCard(“Bob@yourapp.io”, key)
Bob@yourapp.io
Gru@yourapp.io
Steve@yourapp.io

Step 2: encrypt stuff in the app. Store encrypted data in your db.
encrSelfie = virgil.encrypt(selfie, [“Bob@yourapp.io”, me])
db.collection(“photos”).doc(“Selfie17”).set({encrSelfie})
Bob@yourapp.io
Gru@yourapp.io
Steve@yourapp.io

Step 3: make sure that user keys aren’t lost
// key = virgil.generateKey()
key = virgil.generateBrainKey(username, password)
Bob@yourapp.io
Gru@yourapp.io
Steve@yourapp.io

Secure your app user data with end-to-end encryption

DevOps toolchains are transforming modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps tools. Chris Gates and Ken Johnson will share their collaborative attack research into the technology driving DevOps. They will share an attacker's perspective on exploiting DevOps organizations and the countermeasures these organizations should employ. RSAC 2017 Ken Johnson & Chris Gates

REST API Pentester's perspective

SecuRing

Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker. I will show: how to find hidden API interfaces ways to detect available methods and parameters fuzzing and pentesting techniques for API calls typical problems I will share several interesting cases from public bug bounty reports and personal experience, for example: * how I got various credentials with one API call * how to cause DoS by running Garbage Collector from API

My tryst with sourcecode review

Anant Shrivastava

- The author discusses their journey doing source code reviews to find bugs in WordPress plugins and themes. They started with just two people manually reviewing code but then automated the process and expanded their team. - Through their Phase 1 efforts analyzing over 250 plugins, they found over 250 issues. They are now focusing on authenticated vulnerabilities in Phase 2 like SQL injection, XSS, and CSRF. - They have created some open source tools to help with the process and are seeking volunteers to help make open source software more secure by joining their Codevigilant platform.

Open Canary - novahackers

Chris Gates

This document discusses Canary and OpenCanary honeypot tools. Canary is a commercial tool that mimics operating systems and services to detect interactions from attackers. It has a graphical user interface and integrates with services like Slack. OpenCanary is an open source alternative that is less feature-rich but free to use. It requires configuring via text files rather than a GUI. The document also explores using Vagrant to automatically deploy OpenCanary virtual machines.

Startup Safary | Fight against robots with enbrite.ly data platform

Mészáros József

Enbrite.ly provides data platforms to revolutionize online advertisement metrics like fraud detection, brand safety, and viewability. They analyze vast amounts of data using Amazon Web Services, Apache Hadoop, Apache Spark and their own data platform. Their platform processes 0.5-4 TB of data daily from over 100 TB stored on AWS S3, using a 20+ node Hadoop cluster running 16 services on 110 servers. They provide an example of how their platform can detect bot traffic by analyzing session data to find those with too many clicks in a short time period.

AWS Survival Guide

Ken Johnson

This document is a presentation on AWS security best practices given by the CTO of a security company. It covers monitoring AWS resources using CloudWatch alarms and events to detect unauthorized access. It then discusses hardening AWS security by not using root credentials, auditing IAM policies, enabling multi-factor authentication, using IAM roles, and other techniques. The presentation provides examples of setting up CloudWatch alarms and events to send unauthorized access alerts to Slack. It also demonstrates enabling MFA on IAM user accounts. The goal is to help users learn how to monitor and secure their AWS infrastructure.

Meet Jack & Jill

Mateusz Grzechociński

Jack and Jill are new tools from Google that comprise an alternative compiler for Android. Jack compiles Java code to Dalvik bytecode faster than the traditional dx tool. Jill acts as an interface between Jack and Java bytecode. The tools aim to speed up the Android build process for developers. Jack handles tasks like compilation, minification, repackaging and multidexing in one step. Certain limitations currently exist around Java 8 support, annotation processors, and bytecode manipulation.

"TotallyNotAVirus.app" would like to access the camera and spy on you. To protect your privacy, Apple introduced Transparency, Consent, and Control (TCC) framework that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent. In this talk, we will share multiple techniques that allowed us to bypass this prompt, and as a malicious application, get access to protected resources without any additional privileges or user's consent. Together, we submitted over 40 vulnerabilities just to Apple through the past year, which allowed us to bypass some parts or the entire TCC. We also found numerous vulnerabilities in third-party apps (including Firefox, Signal, and others), which allowed us to avoid the OS restrictions by leveraging the targeted apps' privileges. In the first part of the talk, we will give you an overview of the TCC framework, its building blocks, and how it limits application access to private data. We will explore the various databases it uses and discuss the difference between user consent and user intent. Next, we will go through various techniques and specific vulnerabilities that we used to bypass TCC. We will cover how we can use techniques like process injection, mounting, application behavior, or simple file searches to find vulnerabilities and gain access to the protected resources. The audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. We believe there is a need to raise awareness on why OS protections are not 100% effective, and in the end, users have to be careful with installing software on their machines. Moreover - as we're going to publish several exploits - red teams will also benefit from the talk.

Sonatype DevSecOps Leadership forum 2020

Daniel Garcia (a.k.a cr0hn)

This document discusses how hackers can break CI/CD infrastructure by exploiting vulnerabilities at different stages of the software development process. It outlines attacks such as inserting malware in source code or libraries, exploiting privileged access in build pipelines to achieve remote code execution, deploying zip bombs or memory bombs to crash systems, and compromising shared infrastructure between development and production environments. The document emphasizes the importance of limiting permissions, isolating networks, monitoring for anomalies, and hardening CI/CD systems with the same care as production servers.

Android Tamer BH USA 2016 : Arsenal Presentation

Anant Shrivastava

Android Tamer is a virtual machine that contains tools for Android security professionals. It includes a Debian-based tools repository, custom emulator, and documentation. The VM aims to save users time by bundling and pre-configuring popular Android analysis tools like adb, apktool, and drozer. It supports VirtualBox, VMWare, and Vagrant/Ansible. The presenter demonstrates features like application decompiling, automated assessment with drozer, and managing multiple devices. Users are encouraged to contribute by testing, promoting, adding tools, or reporting issues on GitHub.

Rust (Ginzarb 20161114)

Kevin Toyoda

Attacker Ghost Stories - ShmooCon 2014

Rob Fuller

This document discusses various free or low-cost security measures organizations can implement, including: using EMET to help prevent exploits; blocking Java user agents at the proxy to prevent Java-based exploits; implementing internal bug bounty programs; deploying port-forwarding honeypots; disabling WPAD; restricting internal DNS lookups; and using "evil canary" decoys to detect intruders. It also emphasizes the importance of monitoring for unusual traffic patterns and authentication events.

DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...

DevSecCon

This document provides an agenda and overview for a DevSecCon 2017 workshop on taking apart Mac malware and hardening Mac security. The workshop covers the history of Mac OS security, reversing malware, discovering security problems, and hardening techniques. It discusses extracting and analyzing the components of MacKeeper malware, including pre/post install scripts and payloads. It also covers tools and techniques for blocking domains, detecting malware using extended attributes and Xprotect, and finding malware using host-based intrusion detection systems and forensic tools.

Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)

Rob Fuller

This document provides suggestions for free or low-cost defenses that can frustrate attackers, including enabling EMET, blocking Java user agents at the proxy, port forwarding honeypots, authenticated splash proxies, and deploying "evil canaries" to detect intruders on the network. It emphasizes logging, vulnerability scanning, and getting penetration testers and the help desk involved in security efforts. The document aims to demonstrate mostly free techniques that can significantly improve the security of an organization.

Secure Software: Action, Comedy or Drama? (2017 edition)

Peter Sabev

Scaling Instagram

iammutex

This document summarizes Mike Krieger's talk on scaling Instagram from its early days with 2 engineers to supporting over 30 million users. Some key points include: starting simply with Django and PostgreSQL; adopting Redis for caching and queuing; implementing database sharding in PostgreSQL as user growth increased database size; focusing on simplicity, monitoring, and nimble iteration; and scaling components individually while maintaining a minimal overall architecture. Krieger emphasizes optimizing for operational simplicity and solving problems with existing tools before building custom solutions.

89025069 mike-krieger-instagram-at-the-airbnb-tech-talk-on-scaling-instagram

ferreroroche11

This document summarizes Mike Krieger's talk on scaling Instagram from its early days with 2 engineers to supporting over 30 million users. Some key points include: starting simply with Django and PostgreSQL; adopting Redis for caching and queuing; implementing database sharding in PostgreSQL as user growth increased database size; using a variety of tools like Nginx, HAProxy, Memcached and monitoring with Munin and StatsD; and focusing on simplicity, instrumentation, and nimble iteration to adapt as needs changed.

Beware the potholes on the road to serverless

Yan Cui

Positive Technologies - S4 - Scada under x-rays

qqlan

This document summarizes a presentation given by Sergey Gordeychik, Gleb Gritsai, and Denis Baranov on analyzing the security of WinCC SCADA software. It introduces the presenters and their backgrounds in industrial control system security research. They discuss common vulnerabilities found in WinCC like SQL injection, XSS, and password disclosure. The researchers provide an overview of the WinCC architecture and its various components. They analyze vulnerabilities in the WinCC project files and communication protocols. The presentation aims to bring more attention to automating security assessments of industrial control systems.

Columbus WordCamp 2015

Jason Packer

The document provides steps to clean up a WordPress site after it has been hacked. It begins by advising to stay calm and then outlines options to hire an expert service to clean up the site, reinstall WordPress from scratch, or conduct a forensic investigation yourself. Next, it describes how attackers typically find vulnerable sites, assess what exploits might work, run scripts to gain access, and implant backdoors or scripts. The rest of the document details the 10 comprehensive steps to fully clean up a hacked site, including shutting down access, finding compromised files, determining how the site was hacked, removing malware, restoring clean files and the database, resetting keys and passwords, hardening the site, and monitoring going forward.

FPC for the Masses (SANSFire Edition)

Xavier Mertens

Live Memory Forensics on Android devices

Nikos Gkogkos

Attack Chaining: Advanced Maneuvers for Hack Fu

Rob Ragan

Just as a good chess player thinks five moves ahead, a great penetration tester should be able to visualize their attack in order to compromise high-value targets. This presentation will explore how a penetration tester can learn to leverage attack chaining for maximum impact. A penetration test is supposed to be a simulation of a real-world attack. Real-world attackers do not use expensive automated tools or a checklist. Nor do they use a single technique or exploit to compromise a target. More commonly they combine several techniques, vulnerabilities, and exploits to create a “chained” attack that achieves a malicious goal. Chained attacks are far more complex and far more difficult to defend against. We want to explore how application vulnerabilities relate to one another and build a mind map that guides penetration testers through various attack scenarios. Prepare to be blown away on this roller coaster ride with real-world examples of massive compromises. If you are not a thrill seeker, this presentation may leave you a bit queasy.

Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin

reconvillage

This document discusses various techniques for analyzing mobile applications, including jailbreaking, dynamic instrumentation with Frida and Cycript, objective-C tracing, man-in-the-middle proxying, fuzzing, and automation of user interactions using a Lua-based tool called CHAOTICMARCH. The goal is to gain a deeper understanding of how applications work under the hood by observing runtime behavior, API calls, file access, and inter-process communication. Automation is advocated to facilitate repeatable testing and maximize code coverage.

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions

Yevgeniy Brikman

"All happy cloud deployments are alike; each unhappy cloud deployment is unhappy in its own way." — Leo Tolstoy, Site Reliability Engineer At Gruntwork, I've had the chance to see the cloud adoption journeys of hundreds of companies, from tiny startups to Fortune 50 giants. I've seen those journeys go well. I've seen those journeys go poorly. In this talk, I discuss a few of the ways cloud adoption can go horribly wrong (massive cost overruns, endless death marches, security disasters), and more importantly, how you can get it right. To help you get it right, we looked at the cloud journeys that were successful and extracted from them the patterns they had in common. We distilled all this experience down into something called the Gruntwork Production Framework, which defines five concrete steps you can follow to adopt the cloud at your own company—and hopefully, to end up with your very own happy cloud deployment.

Fix me if you can - DrupalCon prague

hernanibf

The document provides information about a Drupal training session on fixing a broken Drupal site. It includes an agenda for the lab session which involves fixing issues related to site building, security, performance, and content architecture through exercises. Participants will be split into teams and each given a broken Drupal site to work on fixing. Automated tools and techniques for profiling site performance will be demonstrated.

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik

CODE BLUE

The boom of AI brought to the market a set of impressive solutions both on the hardware and software side. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In this talk we will present results of hands-on vulnerability research of different components of AI infrastructure including NVIDIA DGX GPU servers, ML frameworks such as Pytorch, Keras and Tensorflow, data processing pipelines and specific applications, including Medical Imaging and face recognition powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.

Easy logins for Ruby web applications

Francois Marier

Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of users, not a for-profit gatekeeper. It’s just four easy steps to add it to your Ruby site/app from scratch and there are already plugins for Devise, Omniauth, Rails, Sinatra, and Warden.

Hacking Exposed: The Mac Attack

Priyanka Aash

What's hot

20+ ways to bypass your mac os privacy mechanisms

Csaba Fitzl

Sonatype DevSecOps Leadership forum 2020

Daniel Garcia (a.k.a cr0hn)

Android Tamer BH USA 2016 : Arsenal Presentation

Anant Shrivastava

Rust (Ginzarb 20161114)

Kevin Toyoda

Attacker Ghost Stories - ShmooCon 2014

Rob Fuller

DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...

DevSecCon

Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)

Rob Fuller

What's hot (7)

20+ ways to bypass your mac os privacy mechanisms

Sonatype DevSecOps Leadership forum 2020

Android Tamer BH USA 2016 : Arsenal Presentation

Rust (Ginzarb 20161114)

Attacker Ghost Stories - ShmooCon 2014

DevSecCon London 2017 - MacOS security, hardening and forensics 101 by Ben Hu...

Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)

Similar to Secure your app user data with end-to-end encryption

Secure Software: Action, Comedy or Drama? (2017 edition)

Peter Sabev

Scaling Instagram

iammutex

89025069 mike-krieger-instagram-at-the-airbnb-tech-talk-on-scaling-instagram

ferreroroche11

This document summarizes Mike Krieger's talk on scaling Instagram from its early days with 2 engineers to supporting over 30 million users. Some key points include: starting simply with Django and PostgreSQL; adopting Redis for caching and queuing; implementing database sharding in PostgreSQL as user growth increased database size; using a variety of tools like Nginx, HAProxy, Memcached and monitoring with Munin and StatsD; and focusing on simplicity, instrumentation, and nimble iteration to adapt as needs changed.

Beware the potholes on the road to serverless

Yan Cui

Positive Technologies - S4 - Scada under x-rays

qqlan

Columbus WordCamp 2015

Jason Packer

FPC for the Masses (SANSFire Edition)

Xavier Mertens

Live Memory Forensics on Android devices

Nikos Gkogkos

Attack Chaining: Advanced Maneuvers for Hack Fu

Rob Ragan

Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin

reconvillage

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions

Yevgeniy Brikman

Fix me if you can - DrupalCon prague

hernanibf

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik

CODE BLUE

Easy logins for Ruby web applications

Francois Marier

Hacking Exposed: The Mac Attack

Priyanka Aash

Hacking Exposed: The Mac Attack

Priyanka Aash

SecTor '09 - When Web 2.0 Attacks!

Rafal Los

Joxean Koret - Database Security Paradise [Rooted CON 2011]

RootedCON

The document discusses vulnerabilities found in various database software products through analyzing their code and installation directories. Local privilege escalation bugs were found in IBM DB2 and Informix by exploiting how environment variables and shared libraries were handled. Remote code execution bugs were also discovered in UniData and Informix through fuzzing protocols and by exploiting unsafe functions. The document encourages searching for more bugs in database software.

Building Top-Notch Androids SDKs

relayr

The document discusses best practices for building top-notch Android SDKs. It recommends making SDKs open source to improve quality through community contributions. It provides guidance on project structure, ensuring SDKs are available, easy to use, flexible, testable, performant, reliable and lightweight. Specific tips include using README files, continuous integration, static analysis, documentation generation, testing, and distributing through package managers. The goal is to create SDKs that minimize requirements and permissions while supporting different Android versions and contexts.

[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...

OWASP Russia

This document summarizes techniques for detecting XXE and SSRF vulnerabilities using DNS records. It describes how an attacker can configure their own DNS server to return their IP address instead of the actual domain, allowing them to detect if the application makes external requests. It also discusses challenges of detecting these vulnerabilities, and provides examples of how to test for them including checking web server access logs for requests to domains controlled by the attacker. The document then covers additional techniques like bypassing content security policies, detecting real users behind Cloudflare, and exploiting URL encoding to bypass input filtering.

Similar to Secure your app user data with end-to-end encryption (20)

Secure Software: Action, Comedy or Drama? (2017 edition)

Scaling Instagram

89025069 mike-krieger-instagram-at-the-airbnb-tech-talk-on-scaling-instagram

Beware the potholes on the road to serverless

Positive Technologies - S4 - Scada under x-rays

Columbus WordCamp 2015

FPC for the Masses (SANSFire Edition)

Live Memory Forensics on Android devices

Attack Chaining: Advanced Maneuvers for Hack Fu

Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin

Cloud adoption fails - 5 ways deployments go wrong and 5 solutions

Fix me if you can - DrupalCon prague

[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik

Easy logins for Ruby web applications

Hacking Exposed: The Mac Attack

SecTor '09 - When Web 2.0 Attacks!

Joxean Koret - Database Security Paradise [Rooted CON 2011]

Building Top-Notch Androids SDKs

[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...

Recently uploaded

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

akankshawande

WeTestAthens: Postman's AI & Automation Techniques

Postman

Operating System Used by Users in day-to-day life.pptx

Pravash Chandra Das

Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes. Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions. Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻 The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️ Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution. The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟

5th LF Energy Power Grid Model Meet-up Slides

DanBrown980551

5th Power Grid Model Meet-up It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology. Power Grid Model The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services. Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability. Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization. What to expect For the upcoming meetup we are organizing, we have an exciting lineup of activities planned: -Insightful presentations covering two practical applications of the Power Grid Model. -An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024. -An interactive brainstorming session to discuss and propose new feature requests. -An opportunity to connect with fellow Power Grid Model enthusiasts and users.

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on integration of Salesforce with Bonterra Impact Management. Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...

Tatiana Kojar

Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI. With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.

Monitoring and Managing Anomaly Detection on OpenShift.pdf

Tosin Akinosho

Monitoring and Managing Anomaly Detection on OpenShift Overview Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices. Key Topics Covered 1. Introduction to Anomaly Detection - Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems. 2. Understanding Edge (IoT) - Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source. 3. What is ArgoCD? - Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices. 4. Deployment Using ArgoCD for Edge Devices - Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD. 5. Introduction to Apache Kafka and S3 - Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions. 6. Viewing Kafka Messages in the Data Lake - Learn how to view and analyze Kafka messages stored in a data lake for better insights. 7. What is Prometheus? - Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices. 8. Monitoring Application Metrics with Prometheus - Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system. 9. What is Camel K? - Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes. 10. Configuring Camel K Integrations for Data Pipelines - Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow. 11. What is a Jupyter Notebook? - Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text. 12. Jupyter Notebooks with Code Examples - Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.

A Comprehensive Guide to DeFi Development Services in 2024

Intelisync

DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum. In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance. In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape. At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology. Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!

Letter and Document Automation for Bonterra Impact Management (fka Social Sol...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365. Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Skybuffer SAM4U tool for SAP license adoption

Tatiana Kojar

Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool. SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.

Building Production Ready Search Pipelines with Spark and Milvus

Zilliz

Recommendation System using RAG Architecture

fredae14

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

saastr

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Chart Kalyan

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Trusted Execution Environment for Decentralized Process Mining

LucaBarbaro3

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

saastr

Azure API Management to expose backend services securely

Dinusha Kumarasiri

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

Recently uploaded (20)

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

WeTestAthens: Postman's AI & Automation Techniques

Operating System Used by Users in day-to-day life.pptx

5th LF Energy Power Grid Model Meet-up Slides

Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...

Artificial Intelligence for XMLDevelopment

Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...

Monitoring and Managing Anomaly Detection on OpenShift.pdf

A Comprehensive Guide to DeFi Development Services in 2024

Letter and Document Automation for Bonterra Impact Management (fka Social Sol...

Skybuffer SAM4U tool for SAP license adoption

Building Production Ready Search Pipelines with Spark and Milvus

Recommendation System using RAG Architecture

Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...

How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Trusted Execution Environment for Decentralized Process Mining

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...

Azure API Management to expose backend services securely

Presentation of the OECD Artificial Intelligence Review of Germany

Secure your app user data with end-to-end encryption

1. David Szabo – VP of Developer Platform

4. App REST Frontend Backend Database 1. Login (OAuth) 2. Database query AuthorizeAuthorizeAuthorize if (!user.hasAccess(resource)) throw “Access denied”;

5. Until somebody comes in a way that you don’t expect

6. Process 1 memory Process 2 memory Process 3 memoryUser mode Process 1 memory Process 2 memory Process 3 memoryKernel mode if (!user.hasAccess(resource)) throw “Access denied”;

7. ? ? ?

8. Your end-to-end encrypted app Only end-users can decrypt data. Your cloud doesn’t have the keys. ? ? ?? ? ? MIICSQIBADCC AkIGCSqGSIb3 DQEHA6CCAjMw ggIvAgECMYIC ADCB/QIBAqAK BAhQZz8w9dMf

9. https + at-rest end-to-end encryption

10. https at-reste2ee Steve Maria Mark Eiffel Crys web api frontend database Crys

11. Steve Mark CrysSteve Maria Mark Eiffel Crys Crys Thread123 Thread123 Thread123

12.

13.

14.

15. let’s see it in action

16. Step 1: create keys for your users key = virgil.generateKey() virgil.createCard(“Bob@yourapp.io”, key) Bob@yourapp.io Gru@yourapp.io Steve@yourapp.io

17. Step 2: encrypt stuff in the app. Store encrypted data in your db. encrSelfie = virgil.encrypt(selfie, [“Bob@yourapp.io”, me]) db.collection(“photos”).doc(“Selfie17”).set({encrSelfie}) Bob@yourapp.io Gru@yourapp.io Steve@yourapp.io

18. Step 3: make sure that user keys aren’t lost // key = virgil.generateKey() key = virgil.generateBrainKey(username, password) Bob@yourapp.io Gru@yourapp.io Steve@yourapp.io

Editor's Notes

Today, I’m here to announce that End-to-End Encryption is not a fad anymore: it’s here to say. It’s official. And I tell you why…
We like trusting people, trusting companies But the forced trust in IT today is this interesting dynamic where the developer/service provider has to ask trust from their customers, because there isn’t any other way. And the developer/service provider isn’t able to fulfill the trust, because of the nature of today’s standard internet security: HTTPS and at-rest encryption, hasn’t changed in the last 20 years. So, it’s not about trust, but it’s about the inability to keep that promise. We’re building a world where trust doesn’t have to be asked by developers. Where developers can choose not to see their customers’ data. And when they can’t see the data, their hackers can’t see it either! That’s End-to-End Encryption: the cheapest way to be data breach-proof. The cheapest way to be HIPAA compliant. The Gordius knot of data security.
In the beginning, there was nothing. Then God invented chat But chat alone was boring, so he invented the frontend server to talk to the chat app over the internet, and the database to store all chats between users And then https was invented to keep one’s chats private! But the messages terminated on the frontends, letting curious individuals peeking into their brothers’ and sisters’ messages. It was a pain and God decided to address that later. So, when data arrived to the database, the database stored it and the database file was encrypted, which God named “at-rest” encryption. But it was a fail again, as a single key encrypted the entire database and in order for that to operate, the key had to be stored somewhere where the database server could read it up. So, God concluded that it’s a joke, like when somebody stores the door key under the pot by the door!  The God took a rest and thought through all the mess he created… Data breaches all over: on frontend servers, in databases. So, the next morning when God woke up, he decided to redo this whole thing. He decided to create a key for every user. He used to encrypt the sent chat message with this key. He then kept the key on the device and transmitted the encrypted message through servers that had no idea what they transmit, they just dumbly did. Well, I’m just a messenger – they thought… and they were right! In the last day, God decided to create the sky and send all the public keys up there, so that brothers and sisters can download each others’ public keys and encrypt stuff for each other! This way, making the system perfectly end-to-end encrypted, secrets kept and sealed.
Then God looked at the happy people chatting and learned that brothers and sisters like to do chats in groups and so, he introduced a dedicated key to encrypt each chat thread and encrypted this thread key with the brothers and sisters’ keys, like previously he did the chat messages. Then God realized that sometimes, people do silly things and they’ll be fired from chat threads.
There’s a whole new breed of apps that are based on this new phenomena. Powering democracy, privacy Open source With contributors from all around the world
Lots of chat apps, but other apps as well, such as HPI’s HealthCloud for example. GesundheitsCloud uses E2EE to protect the health records of Germany citizens shared across healthcare apps.
SORAA puts intelligent sensors and CPUs into their lightbulbs to hear you, see you, learn you. They use our open source SDK to e2ee all data that this curious little bulb captures from you. They also use our SDK to protect the device’s firmware from being tampered with.

Secure your app user data with end-to-end encryption

Recommended

Recommended

More Related Content

What's hot

What's hot (7)

Similar to Secure your app user data with end-to-end encryption

Similar to Secure your app user data with end-to-end encryption (20)

Recently uploaded

Recently uploaded (20)

Secure your app user data with end-to-end encryption

Editor's Notes