This talk explains how microservices (Restfull Endpoint) could be secured using a Policy based approach to intercept the HTTP request. A less intrusive pattern is proposed at the level of the Web Container using Contrants mapping the Web Resources with JAAS API & Roles. Finally we will investigate how such Security design can be developed using an external API Management platform which reenforce the Security and Governance aspect.
Develop a Mobile Application coonected to a REST backendCharles Moulliard
This talk will guide you through the process to design a Hybrid HTML5 Mobile application to interconnect it with your REST backend system using the project Ionic, Apache Cordova & Feedhenry.
Apiman - Open Source API Management @ JBCNConf 2016Marc Savy
My API Management talk's slides at JBCNConf 2016:
Exploring API management and apiman; with an open source twist, and a hint of microservices.
Interacting with, developing, and deploying RESTful APIs forms a key part of many modern applications; this is especially true of microservices architectures. However, there are also an increasing number of ancillary requirements that need fulfilling, amongst which are:
- Security; such as authentication and authorisation
- Request tracking; for metrics, logging, and billing
- Access limits; such as rate limiting and quotas
- Service registry, discovery, user management, custom logic, ...
As developers it's clearly preferable to focus on perfecting the business logic of our applications rather than spending time focussing on the common and prone-to-change requirements found in every of our applications. Centralising these functions enables us not only to reduce time spent in development and maintenance, but also reduces the surface area for bugs and inconsistencies.
API Management endeavours to solve these problems.In this talk, we'll explore API management broadly, then dive into the specifics of apiman: a free and open source API management solution.
Examining both design time and runtime aspects, we'll examine benefits, detractions and technical approaches taken to achieve a flexible, scalable and high-performance solution.
Presentation of the MicroService Architecture concept and how Apache Camel can be used into a MicroContainer and service loadbalanced using Kubernetes Service
API as-a-Product with Azure API Management (APIM)Bishoy Demian
Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform.
Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.
Build 2017 - P4034 - Agile app development with Azure API ManagementWindows Developer
Customers use Azure API Management to catalog, publish, protect, and monitor their APIs; managing their API lifecycle from design to deprecation. In this fast-paced, hands-on presentation we demonstrate how API Management can be used to accelerate your app development. We show how you can decouple front-end and back-end development and allow both sides to work at their own speed. Learn how Azure API Management helps API developers design and evolve an API; easily implement it using a microservices approach; ensure app developers stay abreast of API changes and upgrade to new releases when ready; and enable operators to secure, protect and monitor the APIs in production.
Develop a Mobile Application coonected to a REST backendCharles Moulliard
This talk will guide you through the process to design a Hybrid HTML5 Mobile application to interconnect it with your REST backend system using the project Ionic, Apache Cordova & Feedhenry.
Apiman - Open Source API Management @ JBCNConf 2016Marc Savy
My API Management talk's slides at JBCNConf 2016:
Exploring API management and apiman; with an open source twist, and a hint of microservices.
Interacting with, developing, and deploying RESTful APIs forms a key part of many modern applications; this is especially true of microservices architectures. However, there are also an increasing number of ancillary requirements that need fulfilling, amongst which are:
- Security; such as authentication and authorisation
- Request tracking; for metrics, logging, and billing
- Access limits; such as rate limiting and quotas
- Service registry, discovery, user management, custom logic, ...
As developers it's clearly preferable to focus on perfecting the business logic of our applications rather than spending time focussing on the common and prone-to-change requirements found in every of our applications. Centralising these functions enables us not only to reduce time spent in development and maintenance, but also reduces the surface area for bugs and inconsistencies.
API Management endeavours to solve these problems.In this talk, we'll explore API management broadly, then dive into the specifics of apiman: a free and open source API management solution.
Examining both design time and runtime aspects, we'll examine benefits, detractions and technical approaches taken to achieve a flexible, scalable and high-performance solution.
Presentation of the MicroService Architecture concept and how Apache Camel can be used into a MicroContainer and service loadbalanced using Kubernetes Service
API as-a-Product with Azure API Management (APIM)Bishoy Demian
Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform.
Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.
Build 2017 - P4034 - Agile app development with Azure API ManagementWindows Developer
Customers use Azure API Management to catalog, publish, protect, and monitor their APIs; managing their API lifecycle from design to deprecation. In this fast-paced, hands-on presentation we demonstrate how API Management can be used to accelerate your app development. We show how you can decouple front-end and back-end development and allow both sides to work at their own speed. Learn how Azure API Management helps API developers design and evolve an API; easily implement it using a microservices approach; ensure app developers stay abreast of API changes and upgrade to new releases when ready; and enable operators to secure, protect and monitor the APIs in production.
In this session we are joined by Miao Jiang who is a Program Manager on the API Management Team. Miao will share with us some of the latest things that the Azure API Management Team have been working on and how we can use this to build great API solutions.
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security.
In this SlideShare, you'll learn:
-The top API security concerns
-How the IT industry is dealing with those concerns
-How Anypoint Platform ensures the three qualifications needed to keep APIs secure
Getting Started with the Node.js LoopBack APi FrameworkJimmy Guerrero
These slides are from the May 22, 2015 webinar with Shubhra Kar where he gave an overview of the architecture and features of the Node.js LoopBack framework for building APIs.
Estamos vivendo o mundo de API Economy onde empresas estão vendo serviços e dados através de API.
Pensando nesse cenário a Microsoft incluiu no Microsoft Azure o API Management.
In this session Tomasso will explain what Web APIs are, why do we need them and how to implement them in Azure with API Apps. He is going to show in several demos how you can create a custom API App, test and deploy it, but also more advanced topics like how to add authentication to an API App.
Application Server-less Web Applications - Serverless Toronto Meetup Daniel Zivkovic
We touched a taboo subject – questioned the usefulness of Application Servers in the Cloud Native Era (besides introducing latency & increasing your cloud bill ;) and Toronto’s own Serverless gurus Frank & Jay showed how to build a secure Application Server-less Web App in the AWS cloud.
More info at https://www.meetup.com/Serverless-Toronto/events/253011233/
How APIs Can Be Secured in Mobile EnvironmentsWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/how-apis-can-be-secured-in-mobile-environments/
In this session, Shan, director of mobile architecture at WSO2 will discuss:
What makes mobile API authentication different from traditional API authentication
Best practices for implementing mobile API security
What WSO2 API Manager provides for mobile developers
What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?
Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can
- provide visibility for all security threats targeting their backend services
- control access to sensitive data - end-to-end
- enable developers to build secure apps with secure APIs
- facilitate secure access with partners and developers
A Tour of Different API Management ArchitecturesNordic APIs
APIs are fueling innovation and digital transformation initiatives. With the explosive growth in APIs, developers and architects are employing different kinds of architectures to process API traffic. Attend this session to learn about commonly deployed API Management architectures.
Approach 1: Centralized API Lifecycle management where the data plane and control plane are tightly coupled .
Approach 2: “Hybrid” architectural approach that involves some processing at the edge by microgateways to process API calls between microservices.
Approach 3: Decoupled data plane and control plane resulting in no need for microgateways or databases to process API calls.
In this session we are joined by Miao Jiang who is a Program Manager on the API Management Team. Miao will share with us some of the latest things that the Azure API Management Team have been working on and how we can use this to build great API solutions.
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security.
In this SlideShare, you'll learn:
-The top API security concerns
-How the IT industry is dealing with those concerns
-How Anypoint Platform ensures the three qualifications needed to keep APIs secure
Getting Started with the Node.js LoopBack APi FrameworkJimmy Guerrero
These slides are from the May 22, 2015 webinar with Shubhra Kar where he gave an overview of the architecture and features of the Node.js LoopBack framework for building APIs.
Estamos vivendo o mundo de API Economy onde empresas estão vendo serviços e dados através de API.
Pensando nesse cenário a Microsoft incluiu no Microsoft Azure o API Management.
In this session Tomasso will explain what Web APIs are, why do we need them and how to implement them in Azure with API Apps. He is going to show in several demos how you can create a custom API App, test and deploy it, but also more advanced topics like how to add authentication to an API App.
Application Server-less Web Applications - Serverless Toronto Meetup Daniel Zivkovic
We touched a taboo subject – questioned the usefulness of Application Servers in the Cloud Native Era (besides introducing latency & increasing your cloud bill ;) and Toronto’s own Serverless gurus Frank & Jay showed how to build a secure Application Server-less Web App in the AWS cloud.
More info at https://www.meetup.com/Serverless-Toronto/events/253011233/
How APIs Can Be Secured in Mobile EnvironmentsWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/how-apis-can-be-secured-in-mobile-environments/
In this session, Shan, director of mobile architecture at WSO2 will discuss:
What makes mobile API authentication different from traditional API authentication
Best practices for implementing mobile API security
What WSO2 API Manager provides for mobile developers
What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?
Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can
- provide visibility for all security threats targeting their backend services
- control access to sensitive data - end-to-end
- enable developers to build secure apps with secure APIs
- facilitate secure access with partners and developers
A Tour of Different API Management ArchitecturesNordic APIs
APIs are fueling innovation and digital transformation initiatives. With the explosive growth in APIs, developers and architects are employing different kinds of architectures to process API traffic. Attend this session to learn about commonly deployed API Management architectures.
Approach 1: Centralized API Lifecycle management where the data plane and control plane are tightly coupled .
Approach 2: “Hybrid” architectural approach that involves some processing at the edge by microgateways to process API calls between microservices.
Approach 3: Decoupled data plane and control plane resulting in no need for microgateways or databases to process API calls.
Authentication and authorization to the AWS management console using your on-premise Active Directory isn't all that straightforward, at first. This deck covers the easily adaptable and scalable methodology we created and have been following over the past year, leveraging our existing IdP and adhering to strict conventions.
This presentation explains the new challenges to be resolved with a Microservices Architecture and how the WildFly Swarm container & OpenShift/Kubernetes can address some of the patterns like running a lightweight JavaEE container, discover and load balance the services, inject the configuration of the services.
From git to blockchain ! This talk is about git, immutability, bitcoin, blockchain and links between the two.
Is git a blockchain ? Is bitcoin a git repository ?
Find more inside...
Designing a good Web API is an exercise in decision-making and cost-benefit analysis. The best API designers are the ones who can design highly usable interfaces by considering the right choices and understanding the tradeoffs. During this presentation, Ronnie Mitra, Director of API Design, API Academy, will cover five principles of API design that will help shape your decision making process and become a great designer: The flexibility-usability tradeoff, 80/20 rule, feedback-loop, signal-to-noise ratio and hierarchy of needs. Seating is limited and available first come-first served.
For more information, please visit http://cainc.to/Nv2VOe
How do we learn about our various group identities like female, African American, Buddhist, homosexual, middle class, etc.? From whom do we learn the meaning of these terms? What messages have we internalized about ourselves and others? What are the differences that result in one person having a healthy self identity and another person experiencing own-group shame and hatred? Learn how we can instill positive self identity in our children and coach them to be positive influences on others' identities. Together, we can co-create inclusive communities that work toward success for all.
Check out the talk to the slides:
http://bit.ly/1ReY8uJ
Talk Abstract:
Using Swarm, you can select “just enough app server” to support each of your microservices.
In this session, we’ll outline how WildFly Swarm works and get you started writing your first microservices using Java EE technologies you’re already familiar with.
You’ll learn how to setup your build system (Maven, Gradle, or your IDE of choice) to run and test WildFly Swarm-based services and produce runnable jars. We will walk from the simple case of wrapping a normal WAR application to the more advanced case of configuring the container using your own main(…) method.
WildFly Swarm: Criando Microservices com Java EE 7George Gastaldi
Apresentado no TDC 2016 - Florianópolis
Microservices é a arquitetura do momento. Todos estão falando sobre Spring Boot, NodeJS, DropWizard e outros frameworks, mas nenhum deles é tão completa quanto a oferecida pela especificação Java EE. Nesta sessão live-coding você vai aprender sobre o WildFly Swarm, e como transformar um projeto Java EE 7 qualquer em um microservice.
Free Project Management Templates for Microsoft SharePointDavid J Rosenthal
Project Management Templates for Microsoft SharePoint - Free from BrightWork and Atidan
Best Practice Templates to Initiate, Plan, Track, Manage and Close a Project
Atidan and our partner BrightWork, are pleased to release the latest free templates for Microsoft SharePoint that give you just enough project management to create and track a project with the greatest of ease.
Our Lite template provides a small amount of project management enabling you to manage tasks and issues while quickly seeing what work has been assigned and what actions need to be taken. Our Structured template provides additional features such as goals, discussions and risks to help you manage larger projects. Our completely free templates work with all versions of SharePoint including Office 365/SharePoint online and SharePoint 2016.
• Initiate, Plan, Track, Manage and Close a Project
• Manage and Track Project Deliverables including Goals, Tasks, Risks, Issues and Documents
• Collaborate utilizing Discussions, Lessons Learned, Email and Team Calendars
• Create Project status reports, My work, Metrics, Gantt Charts and Resource Reports
These slides focus on documentation for REST APIs. See http://idratherbewriting.com for more detail. For the video recording, see http://youtu.be/0yfNd7tzH2Q. This deep dive is the second slide deck I used in the presentation.
Threat protection and application access controls are key security mechanisms that protect APIs when exposed to internal or external users and developers.
In this technical deep-dive webcast, Apigee's security team, led by Subra Kumaraswamy, will discuss API threats and the protection mechanisms that every API and app developer must implement for safe and secure API management.
This webcast will cover:
- the API threat model
- how to design and implement appropriate guardrails for API security using build-in policies and configuration
- a demo of Apigee Edge threat protection features, including TLS encryption, XML/JSON/SQL injection attacks, and rate limiting
Whether you're an IT security architect or an API or app developer, this webcast will help you understand secure API management.
Download Podcast: http://bit.ly/1biiJQS
Watch Video: http://youtu.be/ffs35w1RYRI
LF_APIStrat17_OWASP’s Latest Category: API UnderprotectionLF_APIStrat
OWASP’s 2017 top ten adds a new category called 'underprotected APIs', reflecting the growth of RESTful Web APIs and richer front-end clients which stress current security and access authorization approaches. You’ll learn about potential threats resulting from undersecured Web APIs and techniques to strengthen your API security posture. You'll gain a clear understanding of user authorization via OAuth2, software authorization via static API keys and the critical interplay between them. Of particular concern are mobile API consumers whose code is statically published with secrets which are often poorly concealed. Practical advice with code examples will show how to improve mobile API security. TLS is necessary but insufficient to fully secure client-server communications. Certificate pinning is explained with code examples to show how to strengthen channel communications. Some advanced techniques will be discussed such as app hardening, white box cryptography and mobile app attestation. You should gain a good understanding of the underprotected API problem, with some immediately practical tips to improve your API security posture and a sense of emerging tools and technologies that enable a significant step change in API security.
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.
When SaaS companies use Blendr.io – an embedded integration platform – to boost their native integrations offering, we often receive the question – “What is a good API”? At Blendr.io, we have been working with hundreds of API’s and compiled an API Checklist for SaaS companies.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
This presentation teach how to design a real-world and pragmatic web API. It draws from the experience Mario Cardinal have gained over the years being involved architecting many Web API. This presentation begins by differencing between a Web and a REST API, and then continue with the design process. We conclude with the core learnings of the session which is a review of the best practices when designing a web API. Armed with skills acquired, you can expect to see significant improvements in your ability to design a pragmatic web API.
How to implement authorization in your backend with AWS IAMProvectus
AWS Dev Day Kyiv 2019
Track: Backend & Architecture
Session: ""How to implement authorization in your backend with AWS IAM""
Speaker: Stas Ivaschenko, AWS solutions architect at Provectus
Level: 400
Video: https://www.youtube.com/watch?v=4Jje_WJ4V7Q
AWS Dev Day is a free, full-day technical event where new developers will learn about some of the hottest topics in cloud computing, and experienced developers can dive deep on newer AWS services.
Provectus has organized AWS Dev Day Kyiv in close collaboration with Amazon Web Services: 800+ participants, 18 sessions, 3 tracks, a really AWSome Day!
Now, together with Zeo Alliance, we're building and nurturing AWS User Group Ukraine — join us on Facebook to stay updated about cloud technologies and AWS services: https://www.facebook.com/groups/AWSUserGroupUkraine
"
Applying Domain-Driven Design to APIs and Microservices - Austin API MeetupLaunchAny
A look at the stories our APIs tell, the importance of API design, and how systems design and domain-driven design can be used to build a long-lasting API design
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Cu...apidays
Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023
Securing Microservice-based APIs
Michal Trojanowski, Product Marketing Engineer at Curity
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
XSS / HTML Injection
Authorization and Authentication
Sensitive information disclosure
CORS Misconfiguration
API's over HTTP
CSRF
HTTP Verb tampering
Fuzzing / Boundary Checks
API Rate limiting
API Key Compromise
Architect's Guide to Building an API Programclatimer
This talk explores the motivation for creating APIs, common approaches organizations take when building an API program, the types of standards that architects should strive to put in place, and common pitfalls that organizations encounter.
This covers security with APIc/gateway. It goes over high-level concepts and what IBM APIc can offer, this covers 2018, and v10 of the product
Note: this is from a presentation from a year or so ago, with some updates to the link
How Netflix Is Solving Authorization Across Their CloudTorin Sandall
Since 2008, Netflix has been on the cutting edge of cloud-based microservices deployments. In 2017, Netflix is recognized as one of the industry leaders at building and operating “cloud native” systems at scale. Like many organizations, Netflix has unique security requirements for many of their workloads. This variety requires a holistic approach to authorization to address “who can do what” across a range of resources, enforcement points, and execution environments.
In this talk, Manish Mehta (Senior Security Software Engineer at Netflix) and Torin Sandall (Technical Lead of the Open Policy Agent project) will present how Netflix is solving authorization across the stack in cloud native environments. The presentation shows how Netflix enforces authorization decisions at scale across various kinds of resources (e.g., HTTP APIs, gRPC methods, SSH), enforcement points (e.g., microservices, proxies, host-level daemons), and execution environments (e.g., VMs, containers) without introducing unreasonable latency. The presentation includes a deep dive into the architecture of the cloud native authorization system at Netflix as well as how authorization decisions can be offloaded to an open source, general-purpose policy engine (Open Policy Agent).
This talk is targeted at engineers building and operating cloud native systems who are interested in security and authorization. The audience can expect to take away fresh ideas about how to enforce fine-grained authorization policies across stackthe cloud environment.
Similar to Security enforcement of Microservices with API Management (20)
Continuous Delivery & Integration with JBoss Fuse on OpenshiftCharles Moulliard
This talk presented by myself and Christian Posta present the technology developed around JBoss Fuse and opensource Fabric8 project to simplify the setup/creation of a DevOps environment supporting continuous delivery and integration strategy using Jenkins DSL Jobs, Gerrit and Gogs as Git Reviewing and Management platform like also Nexus to publish the code compiled.
Development of social media projects with Apache Camel, Fabric8 & HawtioCharles Moulliard
This talk presented at Devnation 2014 - San Francisco let's you to discover how to develop social media projects with Apache Camel, Fabric8 & Hawtio and more precisely how to handle your data/metrics to inquiry them using Full Text features of Lucene/ElasticSearch with Kibana3, how to design dashboard, monitor your activities and create plugins for your business based on Hawtio Web Console. The code f the 3 demos is available here : https://github.com/cmoulliard/devnation-2014-camel and cover use cases :
- Real Time application (apache camel, twitter and websocket)
- Collect and store metrics to query them (elasticsearch, lucene & kibana3)
- Design dashboard, plugin to measure activities
Build a Cloud Day presentation about Fuse Fabric technology in the cloud and how integration projects / architectures can be designed top of cloudstack, openstack, amazon, ...
Second part of my webinar about Transaction Management with Camel on Fuse ESB / Apache ServiceMix. Include also persistence with Idempotent consumer and aggregator EIP patterns
Presentation about Apache projects used for Integration (Apache Camel, CXF, ActiveMQ, ServiceMix) and new strategy about Cloud, Provisioning and Elastic Services (Fuse Fabric)
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
2. Who
Committer, Coder, Architect
Work on Apache Camel, Karaf, Fabric8, Hawtio, Apiman, Drools
Mountain Biker, Belgian Beer Fan
Blog:
Twitter:
Email:
http://cmoulliard.github.io
@cmoulliard
cmoulliard@redhat.com
15. Camel Endpoint
Goal Extract from the HTTP request the info needed to authenticate a
user
How Use a Camel Policy to wrap the Route / Pipeline with a new
processor
Camel Example
publicclassShiroSecurityPolicyimplementsAuthorizationPolicy{
publicProcessorwrap(RouteContextrouteContext,finalProcessorprocessor){
returnnewShiroSecurityProcessor(processor,this);
}
...
@Override
publicbooleanprocess(Exchangeexchange,AsyncCallbackcallback){
try{
applySecurityPolicy(exchange);
16. CXF Endpoint
How Using the ContainerRequestFilter JAXRS Interface
Rely on CXF Intercept
CXF Example
@Provider
@PreMatching
publicclassSecurityRequestFilterimplementsContainerRequestFilter{
@Override
publicvoidfilter(finalContainerRequestContextrequestContext)
throwsIOException{
...
19. HTTP Handler
How Apply Constraints on Web Resources path(s)
GET/rest/accountservice/accountforUser
POST/webservices/customerservices/customerforAdmin
Designed using JAAS JDBC, LDAP, Properties
Could use Roles
20. Jetty Example
Goal restrict or allow access to resources
How URL requested matched with one the rule(s)
Example
Constraintconstraint=newConstraint();
constraint.setRoles(newString[]{"user","admin"});
ConstraintMappingmapping=newConstraintMapping();
mapping.setPathSpec("/say/hello/*");
mapping.setMethod("GET");
mapping.setConstraint(constraint);
28. Api Man
Goal Externalize/Delegate security endpoint to Api
How Api acts as a Proxy/Gateway matching :
Incoming request against 1 Many policies
Delivering requests to target endpoint if validation succeeds
33. Api Man - Basic Auth
How : Associate a Policy using the Basic Auth Plugin to an endpoint
"contracts":[
{
"apiOrgId":"Policy_BasicAuthStatic",
"apiId":"echo",
"apiVersion":"1.0.0",
"policies":[
{
"policyImpl":"class:io.apiman.gateway.engine.policies.BasicAuthenticationPol
"policyJsonConfig":"{"realm":"Test","forwardIdentityHttpHeader":
}
]
}
]
34. Api Man - OpenId connect
Goal Authenticate a user using an Identity provider to get a token used
for SSO purposes
Authentication between Client and Identity Provider: public, secret or PKI
JSon Web Token :
Compact token format,
Encode claims to be transmitted,
Base64url encoded and digitally signed and/or encrypted
36. Role Mapping
Goal Restrict/allow access to an application based on an Authorization
Rule
How Define a collection of Authorization rules as such & Combined with
Auth Plugin (Keycloak, Basic, …)
Path Verb Role required
.* PUT Writer
.* GET Reader
39. Conclusions
Pros
Centralized governance policy configuration
Loose coupling
Tracking of APIs and consumers of those APIs
Gathering statistics/metrics
Service Discovery
Simplify security audit
Cons
Performance
New Architecture Brick
Features = plugins available