Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
PHP Experience 2016 - [Palestra] Json Web Token (JWT)iMasters
Ivan Rosolen, Head de Inovação na Arizona, fez a palestra "Json Web Token (JWT)", no PHP Experience 2016.
O iMasters PHP Experience 2016 aconteceu nos dias 21 e 22 de Março de 2015, no Hotel Tivoli em São Paulo-SP
http://phpexperience2016.imasters.com.br/
Top 10 Web Hacks
Every year the number and creativity of Web hacks increases, and the damage from these attacks rises exponentially, costing organizations millions every year.
Join this webinar to learn about the latest and most insidious Web-based attacks. The much anticipated list, now in its seventh year, represents exhaustive research conducted by a panel of experienced security industry professionals. Learn the latest of the worst in Web hacks, and how to protect your organization.
"Json Web Token with digital signature. Modern authentication or authorization. Cookies are bad. Avoid Man-in-the-middle-attack. No need to protect against CSRF. Stateless.
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
PHP Experience 2016 - [Palestra] Json Web Token (JWT)iMasters
Ivan Rosolen, Head de Inovação na Arizona, fez a palestra "Json Web Token (JWT)", no PHP Experience 2016.
O iMasters PHP Experience 2016 aconteceu nos dias 21 e 22 de Março de 2015, no Hotel Tivoli em São Paulo-SP
http://phpexperience2016.imasters.com.br/
Top 10 Web Hacks
Every year the number and creativity of Web hacks increases, and the damage from these attacks rises exponentially, costing organizations millions every year.
Join this webinar to learn about the latest and most insidious Web-based attacks. The much anticipated list, now in its seventh year, represents exhaustive research conducted by a panel of experienced security industry professionals. Learn the latest of the worst in Web hacks, and how to protect your organization.
"Json Web Token with digital signature. Modern authentication or authorization. Cookies are bad. Avoid Man-in-the-middle-attack. No need to protect against CSRF. Stateless.
REST Service Authetication with TLS & JWTsJon Todd
Many companies are adopting micro-services architectures to promote decoupling and separation of concerns in their applications. One inherent challenge with breaking applications up into small services is that now each service needs to deal with authenticating and authorizing requests made to it. We present a clean way to solve this problem Json Web Tokens (JWT) and TLS using Java.
Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs.
In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
OAuth 2.0 is an open authentication and authorization protocol which enables applications to access each others data. This talk will presents how to implement the OAuth2 definitions to secure RESTful resources developed using JAX-RS in the Java EE platform.
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
Using JSON Web Tokens for REST Authentication Mediacurrent
This session will provide an introduction to JSON Web Tokens (JWT) (https://jwt.io/introduction/), advantages over other authentication methods, and how to use it to authenticate requests to Drupal REST resources. After this session, attendees will have a better understanding of how JWTs work and will be able to set up and use JWT for authenticating REST requests in Drupal.
This presentation shows what are JSON Web Tokens, explaining about the structure, signature, encryption and how we can integrate this with Authentication/Authorization together with Spring Security.
The link for the project in Github is:
https://github.com/BHRother/spring-boot-security-jwt
The example implements JWT + Spring Security in a Spring-Boot project.
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
Adding Identity Management and Access Control to your Application, Authorization using the FIWARE components: Identity Management, PEP Proxy, Access Control (PDP/PAP).
InterCon 2016 - BioHacking: criando dispositivos de biotecnologia OpenSource/...iMasters
Eduardo Padilha, Criador e Organizador da Biohack Academy fala sobre BioHacking: criando dispositivos de biotecnologia OpenSource/OpenHardware no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
InterCon 2016 - Performance, anti-patterns e stacks para desenvolvimento ágiliMasters
Fabio Akita, Co-Founder daCodeminer 42 fala sobre Performance, anti-patterns e stacks para desenvolvimento ágil no InterCon 2016.
Saiba mais http://intercon2016.imasters.com.br/
InterCon 2016 - Desafios de conectividade de dispositivos em realtimeiMasters
Nagib Nassif Filho, Founder/CEO da Bolha fala sobre Desafios de conectividade de dispositivos em realtime no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
REST Service Authetication with TLS & JWTsJon Todd
Many companies are adopting micro-services architectures to promote decoupling and separation of concerns in their applications. One inherent challenge with breaking applications up into small services is that now each service needs to deal with authenticating and authorizing requests made to it. We present a clean way to solve this problem Json Web Tokens (JWT) and TLS using Java.
Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs.
In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
OAuth 2.0 is an open authentication and authorization protocol which enables applications to access each others data. This talk will presents how to implement the OAuth2 definitions to secure RESTful resources developed using JAX-RS in the Java EE platform.
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
Using JSON Web Tokens for REST Authentication Mediacurrent
This session will provide an introduction to JSON Web Tokens (JWT) (https://jwt.io/introduction/), advantages over other authentication methods, and how to use it to authenticate requests to Drupal REST resources. After this session, attendees will have a better understanding of how JWTs work and will be able to set up and use JWT for authenticating REST requests in Drupal.
This presentation shows what are JSON Web Tokens, explaining about the structure, signature, encryption and how we can integrate this with Authentication/Authorization together with Spring Security.
The link for the project in Github is:
https://github.com/BHRother/spring-boot-security-jwt
The example implements JWT + Spring Security in a Spring-Boot project.
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
Adding Identity Management and Access Control to your Application, Authorization using the FIWARE components: Identity Management, PEP Proxy, Access Control (PDP/PAP).
InterCon 2016 - BioHacking: criando dispositivos de biotecnologia OpenSource/...iMasters
Eduardo Padilha, Criador e Organizador da Biohack Academy fala sobre BioHacking: criando dispositivos de biotecnologia OpenSource/OpenHardware no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
InterCon 2016 - Performance, anti-patterns e stacks para desenvolvimento ágiliMasters
Fabio Akita, Co-Founder daCodeminer 42 fala sobre Performance, anti-patterns e stacks para desenvolvimento ágil no InterCon 2016.
Saiba mais http://intercon2016.imasters.com.br/
InterCon 2016 - Desafios de conectividade de dispositivos em realtimeiMasters
Nagib Nassif Filho, Founder/CEO da Bolha fala sobre Desafios de conectividade de dispositivos em realtime no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
15 Práticas para você aplicar hoje em Search Marketing e Melhorar o seu ROITomás Händel Trojan
Tomás Trojan, Diretor de Planejamento da Cadastra, mostra 15 práticas em Links Patrocinados e SEO para melhorar os seus resultados. Essa palestra foi dada na sala da ESPM no ProXXIma 2014.
Android DevConference - Firebase para desenvolvedoresiMasters
Rodrigo Sicarelli e Isabela Terribili, Elo7, falam sobre Firebase para desenvolvedores no Android DevConference 2016. Saiba mais em: http://androidconference.com.br/
Android DevConference - Indo além com automação de testes de apps AndroidiMasters
Eduardo Carrara, fala sobre Indo além com automação de testes de apps Android no Android DevConference 2016. Saiba mais em: http://androidconference.com.br/
InterCon 2016 - Internet of “Thinking” – IoT sem BS com ESP8266iMasters
Eduardo “Oda”, Sócio-Fundador da Garoa Hacker Clube fala sobre Internet of “Thinking” – IoT sem BS com ESP8266 no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
Cauê Ferreira, Android Developer do Moip Pagamentos, sala sobre Android Clean Architecture no Android DevConference 2016.
Saiba mais em http://androidconference2016.imasters.com.br/
InterCon 2016 - Gerenciando deploy e atualização de 450 apps sem enlouqueceriMasters
Heloisa Simon, Web and Android Developer da mobLee fala sobre Gerenciando deploy e atualização de 450 apps sem enlouquecer no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
InterCon 2016 - Backend do IoT com RethinkDB e PythoniMasters
Afonso Coutinho, Makerspace Monitor da Red Bull Basement fala sobre Backend do IoT com RethinkDB e Python no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this talk, you will get a concise introduction into OAuth 2.0 and OIDC.
We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group.
So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
DEMYSTIFYING REST
Kirsten Jones
REST web services are everywhere! It seems like everything you want is available via a web service, but getting started with one of these web services can be overwhelming – and debugging the interactions bewilders some of the smartest developers I know. In this talk, I will talk about HTTP, how it works, and how to watch and understand the traffic between your system and the server. From there I’ll proceed to REST – how REST web services layer on top of HTTP and how you can expect a REST web service to behave. We’ll go over how to monitor and understand requests and responses for these services. Once we’ve covered that, I’ll talk about how OAuth is used for authentication in the framework of a REST application. PHP code samples will be shown for interacting with an OAuth REST web service, and I will cover http monitoring tools for multiple OS’s. When you’re done with this talk you’ll understand enough about REST web services to be able to get started confidently, and debug many of the common issues you may encounter.
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
OpenID Connect is a new Single Sign On protocol, built on top of OAuth 2.0. Led by OpenID foundation, he very different form OpenID 1.0 and OpenID 2.0, now marked as obsoletes.
This paper will let you discover this new standard, by first explaining what is OAuth 2.0 and why it is not an identity protocol. Then the OpenID Connect protocol will be described, and to conclude, we will do a comparison with the other main SSO standard which is SAML.
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
Les Hazlewood, Stormpath CTO, already showed you how to build a Beautiful REST+JSON API, but how do you secure your API? At Stormpath, we spent 18 months researching best practices. Join Les as he explains how to secure your REST API, the right way. We'll also host a live Q&A session at the end.
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...HostedbyConfluent
Saxo Bank is on a growth journey and Kafka is a critical component to that success. Securing our financial event streams is a top priority for us and initially we started with an on-prem Kafka cluster secured with (the de-facto) Kerberos. However, as we modernize and scale, the demands of hybrid cloud, multiple domains, polyglot computing and Data Mesh require us to also modernize our approach to security. In this talk, we will describe how we took the default (non-production ready) Kafka OAuth implementation and productionized it to work with Kafka in Azure Cloud, including the Kafka stack and clients. By enabling both Kerberos and OAuth running on-prem and in the cloud, we now plan to gracefully retire Kerberos from our estate.
Profesia, Lynx Group, presenta la quinta puntata della serie di master class sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Il webinar, con la partecipazione straordinaria di WSO2, descrive come implementare nei client l'autorizzazione OAUTH2.
Scrivi a contact@profesia.it se stai pensando a una trasformazione digitale per evolvere verso un business agile
Enterprise API adoption has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. This talk focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question – and you need to deal with it quite carefully to identify and isolate the tradeoffs.
Security is not an afterthought. It has to be an integral part of any development project – so as for APIs. API security has evolved a lot in last five years. The growth of standards, out there, has been exponential. The talk will elaborate how to build an ecosystem for API security around OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML.
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
This talk will show esoteric web application vulnerabilities in detail, these vulnerabilities would be missed in a quick review by most security consultants, but could lead to remote code execution, authentication bypass and purchasing items in merchants using Paypal as their payment gateway without actually paying. SQL injections are dead, and I don’t care: let's explore the world of null, nil and NULL; noSQL injections; host header injections that lead to phone call audio interception; paypal’s double spent and Rails’ MessageVerifier remote code execution.
--- Andres Riancho
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like BlackHat (USA and Europe), SEC-T (Sweden),DeepSec (Austria), PHDays (Moscow), SecTor (Toronto), OWASP (Poland),CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada),PacSecWest (Japan), T2 (Finland) and Ekoparty (Buenos Aires).
Andrés founded Bonsai Information Security, a web security focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
Have you ever wondered how single-sign-on on sites like Google and Facebook works? Are you a fan of stateless application architectures? Do you want to learn how to put together a modern security approach for your next Spring Boot project? If the answer is yes, to anything above, then this session is for you. Dmitry will explain what is OAuth 2.0 and JWT, why are they popular, and how to integrate them in Java project.
O que você precisa saber para modelar bancos de dados NoSQL - Dani MonteiroiMasters
Banco de dados sem schema não precisa de modelo de dados!” Se você acredita nisso, seu projeto começou a falhar antes de começar! Vamos conversar sobre como modelar seu banco de dados NoSQL sem perder a flexibilidade e sem perder o controle sobre seus dados.
Postgres: wanted, beloved or dreaded? - Fabio TellesiMasters
O PostgreSQL começou a ser desenvolvido em 1986 e tem ganhado bastante destaque nos últimos anos, como o banco de dados que mais cresce no mercado. Conheça as vantagens e desvantagens em se utilizar o banco de dados Open Source mais avançado do mundo.
Por que minha query esta lenta? - Suellen MoraesiMasters
Durante os anos de experiencia percebi que grande parte dos desenvolvedores possuem dificuldade em iniciar o troubleshooting de suas queries, muitas vezes sobrecarregando o DBA em muitos dos casos com queries simples. O intuito desta palestrar é mostrar o "caminho das pedras" para despertar nos desenvolvedores a necessidade de se conhecer o funcionamento da ferramenta utilizada e visando os desenvolvimentos futuros tendo como foco o pensamento em performance do código escrito e dicas de melhores códigos.
Relato das trincheiras: o dia a dia de uma consultoria de banco de dados - Ig...iMasters
"essa sessão iremos abordar os principais problemas arquiteturais, e suas soluções, que encontro nas mais diversas corporações brasileiras. Desde bancos de dados recebendo 100% de querys Adhoc, CPDs inundados, até servidores que foram metralhados e não possuiam backup.
Falaremos sobre arquitetura de dados, boas práticas de backup, alta disponibilidade, disaster recovery, performance, boas práticas de configuraçao e etc."
ORMs heróis ou vilões dentro da arquitetura de dados? - Otávio gonçalvesiMasters
Com a evolução dos aplicativos nascem novas técnicas, frameworks, linguagens de programação, porém, existe um fato consolidado dentro da arquitetura de software corporativo que é a integração com alguma tecnologia necessária para armazenar as informações inerentes ao sistema. Seja SQL ou NoSQL um ponto importante é que o paradigma das linguagens difere da tecnologia do banco de dados. Com o intuito de facilitar o desenvolvimento surgem as ferramentas que realizam a interpretação entre a camada da aplicação e os bancos. Assim, aparecem grandes desafios: como lidar com essa lacuna multiparadigma? Como favorecer o desenvolvimento sem impactar a performance e a modelagem no banco de dados? O objetivo dessa palestra é falar um pouco desses pontos para que, finalmente, os programadores e os DBAs conseguam viver em paz e harmonia.
SQL e NoSQL trabalhando juntos: uma comparação para obter o melhor de ambos -...iMasters
Neste bate papo vamos discutir quais as vantagens de cada banco de dados no mundo real. Quando devemos utilizar o NoSQL ao invés do SQL ou vice-versa comparando os principais bancos de dados open source de cada segmento, o MongoDB e o MySQL
Arquitetando seus dados na prática para a LGPD - Alessandra MartinsiMasters
Diante das novas regulamentações externas (GDPR), e a nova legislação Brasileira sobre Proteção de Dados Pessoais (LGPD), o que fazer para se adequar? Por Onde começar? O que Fazer? E o que não fazer? Para que serve a Governança de Dados e como ela pode ajudar sua empresa no processo de adequação/conformidade a padrões internacionais de Privacidade e Segurança da Informação? Diante de tantos caminhos e desafios, um overview do que se trata, por onde começar o caminho, algumas armadilhas a evitar, e algumas boas práticas para não apenas se proteger, mas evitar futuros problemas.
O papel do DBA no mundo de ciência de dados e machine learning - Mauro Pichil...iMasters
Esta palestra vai abordar qual é o papel do DBA no cenário atual onde processos de machine learning estão cada vez mais presentes nas empresas. O conteúdo discutirá tópicos que tocam em temas como o relacionamento entre o DBA e o cientistas de dados, a gestão dos dados, integração de tecnologias, reciclagem de profissionais e outros fatores que devem ser levados em consideração pelo DBA atual, uma vez que as empresas cada vez mais investem em projetos de machine learning.
Desenvolvimento Mobile Híbrido, Nativo ou Web: Quando usá-los - Juliana ChahoudiMasters
Juliana Chahoud - Consultora, ThoughtWorks
Com tantas empresas adotando a estratégia "Mobile-First" (dispositivos móveis em primeiro), uma das grandes decisões que um time de desenvolvimento precisa tomar é: qual tech stack usar para mobile?
Diversas tecnologias e linguagens podem ser adotadas, como Swift, Java, Kotlin, React Native, Flutter, Progressive Web App, criação de sites responsivos, etc...
No entanto, com tantas variáveis a serem consideradas, essa decisão passou a ser não trivial e que pode trazer grandes consequências a longo prazo e até mesmo inviabilizar um projeto.
Nessa palestra serão discutidos os prós e contras de diversas abordagens, para que você possa ter um guia para tomar decisões mais corretas no uso dessas tecnologias
Palestra apresentada no InterCon 2018 - https://eventos.imasters.com.br/intercon
Use MDD e faça as máquinas trabalharem para você - Andreza LeiteiMasters
Andrêza Leite - Professora - UFRPE
Model Driven Development(MDD) está se tornando um tópico quente (novamente!). Mas por que MDD?
Quais são as vantagens de MDD, MDE, MDA e outros acrônimos relacionados a model-driven?
Nesta palestra tentarei responder essa questão listando algumas vantagens e perigos do desenvolvimento orientado a modelos, alinhados ao uso prático destas técnicas para geração de código e esquemas de bancos de dados.
Palestra realizada no InterCon 2018 - https://eventos.imasters.com.br/intercon
Backend performático além do "coloca mais máquina lá" - Diana ArnosiMasters
Trabalhar a performance no backend vai muito além de simplesmente ""colocar mais máquinas atrás do loadbalancer""
. Vamos apontar alguns gargalos comuns que podem ser tratados ou evitados desde o começo do desenvolvimento, já que não dependem da tecnologia utilizada.
Dicas para uma maior performance em APIs REST - Renato GroffeiMasters
Renato Groffe - Engenheiro de Software, Canal .NET
O que posso fazer em termos de bancos de dados para obter APIs que executem seu trabalho de forma otimizada e com maior velocidade?
Que soluções para cache podem ser empregadas? E que tal tratar os retornos destas APIs, reduzindo o volume dos dados trafegados?
E quanto a problemas de performance, o que utilizar para facilitar a detecção destes tipos de ocorrências? Acompanhe esta apresentação para obter respostas a estas questões durante o desenvolvimento de APIs REST.
Palestra realizada no InterCon 2018 - https://eventos.imasters.com.br/intercon
7 dicas de desempenho que equivalem por 21 - Danielle MonteiroiMasters
Danielle Monteiro - Arquiteta de Dados, WDB Consulting
"Não pisque, respire somente se necessário...
1 dica por minuto e seus bancos de dados serão muito melhores "
Palestra apresentada no InterCon 2018 - https://eventos.imasters.com.br/intercon
Quem se importa com acessibilidade Web? - Mauricio MaujoriMasters
Maurício Maujor - Divulgador dos Padrões Web, Maujor.com
A acessibilidade é essencial para desenvolvedores e organizações que desejam criar websites e aplicações web de alta qualidade e não excluir pessoas do uso de seus produtos e serviços. Nesta palestra Maujor aborda alguns conceitos de acessibilidade com o objetivo de motivar e conscientizar para a importância de se projetar web com foco em acessibilidade.
Palestra apresentada no InterCon 2018 - https://eventos.imasters.com.br/intercon
Service Mesh com Istio e Kubernetes - Wellington Figueira da SilvaiMasters
Wellington Figueira da Silva - Sysadmin de Códigos, Easy
Com a popularidade dos contêineres ficou mais fácil criar microserviços e mais ágil construir aplicações distribuídas, porém a gerência desses serviços fica muito mais complicada.
Mostraremos a ferramenta chamada Istio que nos ajuda com service discovery, com a distribuição de carga, com as rotas, com a detecção e tratamento de falhas, com controle de acesso entre aplicações dentre muitas outras funcionalidades disponíveis.
Apresentado no InterCon 2018 - https://eventos.imasters.com.br/intercon
Erros: Como eles vivem, se alimentam e se reproduzem? - Augusto PascuttiiMasters
Augusto Pascutti - Developer, Creditas
Para o quê eles servem e como usá-los de forma mais eficiente, seja através de integrações com outras ferramentas ou só seguindo receitas de como as mensagens de erro devem ser geradas e compostas.
Apresentado no InterCon 2018: https://eventos.imasters.com.br/intercon
Elasticidade e engenharia de banco de dados para alta performance - Rubens G...iMasters
Rubens Guimarães - CEO, e-Seth
Como projetar e colocar em prática bancos de dados inteligentes SQL e NoSQL em ambientes de alto consumo de dados.
Técnicas de sharding, tunning, elasticidade automatizada em ambientes cloud e outros recursos.
Apresentado no InterCon 2018 - https://eventos.imasters.com.br/intercon
Construindo aplicações mais confiantes - Carolina KarklisiMasters
Carolina Karklis - Software developer, Magnetis
O hype da orientação a objetos passou e com ele precisamos rever algumas práticas.
Até mesmo o codebase mais limpo pode ter mensagens de erro precárias, checagens de tipo de dado em excesso, e uso dispensável de variáveis nulas.
Nessa talk vou refatorar um sistema frágil e mostrar estratégias dentro do paradigma de orientação a objetos para escrever código de forma mais simples e confiante.
No processo, vamos ver padrões de arquitetura de software que podemos usar, como melhorar mensagens para cenários de input inesperado e remover todas as variáveis nulas possíveis do nosso código.
Monitoramento de Aplicações - Felipe RegalgoiMasters
Felipe Regalgo - Especialista em Desenvolvimento de Software, Mercado Livre
Mostraremos como o Mercado Livre monitora suas aplicações para identificar Bugs, Anomalias e comportamentos fora de padrão esperado.
Falaremos sobre sistemas como NewRelic, DataDog, Kibana, OpsGenie e demais ferramentas internas que temos para facilitar e identificar problemas nas centenas de micro-serviços que temos antes mesmo deles chegarem até o usuário final.
Apresentado no InterCon 2018 - https://eventos.imasters.com.br/intercon
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
2. Who?
• PHP
Developer
since
2003
• Application
Security
since
2007
• Biker
• Maker
• Help
devs delivery
Secure
Applications
• Help
business
to
keep
clients
data
secure
3. Agenda
• Microservice architecture
Version
1
• About
Tokens
• OAuth
2.0
• OpenID
Connect
• Authorization
Code
Flow
Example
• Microservice architecture
NG!!!
4. Microservice Architecture
V1
API
GatewayOAuth
Server*
Account
GET
/my/{user_id}
Transfer
POST
/transferto/{src_account}/{dst_account}
Receipt
GET
/receipts/{user_id}
End-‐User
Bank
API
(Public)
GET
/my
POST
/transferto/{dst_account}
GET
/receipts
/token
/authorize
Basic
auth
Basic
auth
No
auth
5. Microservice Architecture
V1
API
GatewayOAuth
Server*
Account
GET
/my/{user_id}
Transfer
POST
/transferto/{src_account}/{dst_account}
Receipt
GET
/receipts/{user_id}
End-‐User
Bank
API
(Public)
GET
/my
POST
/transferto/{dst_account}
GET
/receipts
/token
/authorize
Basic
auth
Basic
auth
No
auth
• Poor
logging
(audit
trail)
• Poor
identification
on
microservices (X-‐User-‐Logged
L)
• Authorization
centralized
on
API
Gateway
• Microservices are
more
like
CRUDs
APIs
• Microservices have
”micro
user
repositories”
or
don’t
have
authentication/authorization
• API
Gateway
have
more
responsibility
than
necessary
6. Now,
let’s
take
a
look
at
the:
Token
• A
piece
of stamped metal used
as
a substitute for money;
a voucher that
can
be
exchanged
for
goods
or
services
(https://en.wiktionary.org/wiki/token)
• Token
By
Reference
• An
opaque
string
generated
randomly
• Ex.:
2YotnFZFEjr1zCsicMWpAA
• Token
By
Value
• A
JWT
that
contains
claims
about
the
context
of
the
token
• Ex.:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL215LnNlcnZpY2UuY29tIiwiaWF0IjoxNDM1MTc5NjAzLCJleHA
iOjE0MzUxODE0MjEsImF1ZCI6Ind3dy5zZXJ2aWNlLmNvbSIsInN1YiI6ImpvaG5kb2VAZ21haWwuY29tIiwiUm9sZSI6WyJhcHByb
3ZlciIsInZpZXdlciJdfQ.91GLvtMhhnICmqlf_RVONGw5IM9i8eeAPx2s_WpMObU
8. The
OAuth
2.0
Authorization
Framework
The
OAuth
2.0
enables
a
third-‐party
application
to
obtain
limited
access
to
an
HTTP
service
on
behalf
of
a
resource
owner...
16. A
complete
Authorization
Server
• /authorize
• /token
• /introspection
(check
access_token)
• /token_info (get
more
information
about
identity)
• /revocation
17. Let’s
see
how
to
get
both
access_token and
id_token using
Authorization
Code
Flow
30. Microservice Architecture
NG!!!
API
Gateway
Authorization
Server
Account
GET
/my
GET
/pvt/{account}
Transfer
POST
/transferto/{dst_account}
Receipt
GET
/receipts
OAuth
Filter
OAuth
Filter
OAuth
Filter
OAuth
Filter
Resource
Owner
Introspection/validation
Bank
API
(Public)
GET
/my
POST
/transferto/{dst_account}
GET
/receipts
/token
/authorize
/introspect
/revoke
/token_info
”offline
introspection/validation”
”offline
introspection/validation”
31. Microservice Architecture
NG!!!
API
Gateway
Authorization
Server
Account
GET
/my
GET
/pvt/{account}
Transfer
POST
/transferto/{dst_account}
Receipt
GET
/receipts
OAuth
Filter
OAuth
Filter
OAuth
Filter
OAuth
Filter
Resource
Owner
Introspection/validation
Bank
API
(Public)
GET
/my
POST
/transferto/{dst_account}
GET
/receipts
/token
/authorize
/introspect
/revoke
/token_info
”offline
introspection/validation”
”offline
introspection/validation”
• Audit
Trail
Improved
• Microservices can
make
decision
based
on
the
end-‐user
identity
• Fine
grained
authorization
across
the
services
• The
whole
environment
have
a
central
user
identity
repository
(OAuth+OpenID Connect
Server)
• API
Gateway
is
clean/slim