Sept 2019 - DSO-LG Tooling Examples
•Download as PPTX, PDF•
0 likes•324 views
This is obviously not everything in the industry. The slide gives you a taster of what's out there. Disclaimer: DevSecOps - London Gathering is not endorsing any of these products. Michael Man may have experience with some of them and is happy to share his view.
Report
Share
Report
Share
Recommended
Intrusion Detection Systems By Anamoly-Based Using Neural Network
To improve network security different steps has been taken as size and importance of the network has
increases day by day. Then chances of a network attacks increases Network is mainly attacked by some
intrusions that are identified by network intrusion detection system. These intrusions are mainly present in data
packets and each packet has to scan for its detection. This paper works to develop a intrusion detection system
which utilizes the identity and signature of the intrusion for identifying different kinds of intrusions. As network
intrusion detection system need to be efficient enough that chance of false alarm generation should be less,
which means identifying as a intrusion but actually it is not an intrusion. Result obtained after analyzing this
system is quite good enough that nearly 90% of true alarms are generated. It detect intrusion for various
services like Dos, SSH, etc by neural network
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Presented by Alastair Williams, Technical Director, EMEA
The Intersection of Security and DevOps
THE INTERSECTION OF SECURITY & DEVOPS
Ryan Holland, Senior Director of Cloud Architecture, Alert Logic
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
While graph databases are primarily known as the backbone of the modern social networks, we have found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries.
This talk will bring together two well-known but previously unrelated topics: static program analysis and graph databases. After briefly covering the "emerging graph landscape" and why it may be interesting for hackers, a graph representation of programs exposing syntax, control-flow, data-dependencies and type information is presented, designed specifically with bug/backdoors/business logic flaws hunting in mind.
Capabilities of the system will then be demonstrated live with Joern, an open source code exploration tool, as we craft queries for RCE exploits, insider attacks, data leak detection.
Devops security-An Insight into Secure-SDLC
The integration of Security into DevOps is already happening out of necessity. DevOps is a powerful paradigm shift and companies often don’t understand how security fits. Aim of this session is to give an overview of DevOps security and How security can be integrated and automated into each phases of software development life-cycle.
What Questions Do Programmers Ask About Configuration as Code?
Presented at RCoSE2018. Summary: When working with tools like Puppet, programmers ask a lot of questions related to syntax, feasibility, and security. Despite advancements in Puppet, some fundamental challenges such as feasibility, installation, and security persist. Preprint: https://akondrahman.github.io/papers/rcose2018_cac.pdf.
Recommended
Intrusion Detection Systems By Anamoly-Based Using Neural Network
To improve network security different steps has been taken as size and importance of the network has
increases day by day. Then chances of a network attacks increases Network is mainly attacked by some
intrusions that are identified by network intrusion detection system. These intrusions are mainly present in data
packets and each packet has to scan for its detection. This paper works to develop a intrusion detection system
which utilizes the identity and signature of the intrusion for identifying different kinds of intrusions. As network
intrusion detection system need to be efficient enough that chance of false alarm generation should be less,
which means identifying as a intrusion but actually it is not an intrusion. Result obtained after analyzing this
system is quite good enough that nearly 90% of true alarms are generated. It detect intrusion for various
services like Dos, SSH, etc by neural network
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Presented by Alastair Williams, Technical Director, EMEA
The Intersection of Security and DevOps
THE INTERSECTION OF SECURITY & DEVOPS
Ryan Holland, Senior Director of Cloud Architecture, Alert Logic
How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code
While graph databases are primarily known as the backbone of the modern social networks, we have found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries.
This talk will bring together two well-known but previously unrelated topics: static program analysis and graph databases. After briefly covering the "emerging graph landscape" and why it may be interesting for hackers, a graph representation of programs exposing syntax, control-flow, data-dependencies and type information is presented, designed specifically with bug/backdoors/business logic flaws hunting in mind.
Capabilities of the system will then be demonstrated live with Joern, an open source code exploration tool, as we craft queries for RCE exploits, insider attacks, data leak detection.
Devops security-An Insight into Secure-SDLC
The integration of Security into DevOps is already happening out of necessity. DevOps is a powerful paradigm shift and companies often don’t understand how security fits. Aim of this session is to give an overview of DevOps security and How security can be integrated and automated into each phases of software development life-cycle.
What Questions Do Programmers Ask About Configuration as Code?
Presented at RCoSE2018. Summary: When working with tools like Puppet, programmers ask a lot of questions related to syntax, feasibility, and security. Despite advancements in Puppet, some fundamental challenges such as feasibility, installation, and security persist. Preprint: https://akondrahman.github.io/papers/rcose2018_cac.pdf.
Under-reported Security Defects in Kubernetes Manifests
This presentation discusses how frequently security defects are reported in Kubernetes manifests. The paper was presented at the ICSE EnCycris workshop in 2021.
The Intersection of Security & DevOps
The Intersection of Security & DevOps - Presented by Misha Govshteyn
Open Source Libraries - Managing Risk in Cloud
In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat Modeling is critical for Product Engineering Team. Yet, even in the rare event that it’s performed, its performed without actionable outputs emerging from the exercise. It is relegated to the status of what a “Policy/Best Practice Document”, which it shouldn’t be. I believe that Threat Models are playbooks of Product Security Engineering. I feel that the best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). In addition, I believe that Threat Models should produce actionable outputs that can be acted up on by various teams within the organization. To address this lacuna, I have developed “Automaton” - An Open Source “Threat Modeling as Code” framework, that allows product teams to capture User Stories, Abuser Stories, Threat Models and Security Test Cases in YAML Files (like Ansible). With the help of Test Automation Frameworks (in this case, Robot Framework) Automaton allows the product engineering team to not only capture Threat Models as code, but also trigger specific security test cases with tools like OWASP ZAP, BurpSuite, WFuzz, Sublist3r, Nmap and so on. The benefits are three-fold. One - For teams to use Threat Modeling as a first-class citizen(with code). Facilitating Iterative and Updated Threat Models and Security Test Cases, as the product evolves (not a stationary document). Two - For Threat Modeling to become actionable. Product Teams can use this Framework to compose “Recipes” where User Stories (Functionality) leads to Abuser Stories (Threat Profiles) which lead to Threat Models (scenarios), that are used to create Security Test Cases (which kick off certain tools) based on the Recipes written for the Test Cases. Three - This approach leads to a convergence of Threat Modeling and Security Testing, allowing teams to improve both security testing and threat modeling based on results produced through this framework.
Application Security Logging with Splunk using Java
How to code application security logs for Splunk in Java.
In-work draft, please check back later for final.
Proactive Security AppSec Case Study
Automating your way to Proactive Application Security
Andy Hoernecke
AppSec Engineer
Netflix
OWASP Atlanta
4/21/2016
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
DevOps and Continuous Delivery has changed how technology operates and how business is run, but security continues to struggle to catch-up with the velocity of change in this new world : it’s almost a cat-and-mouse game when it comes to spot security holes into code before delivering to production, and traditional manual security assessment just continue to be untenable as a way of working with modern agile teams.
The concept of DevSecOps can be the ultimate answer, but unfortunately most articles and vendor pitches about this subject are incredibly superficial, and it’s all about dumping existing/traditional security tools on developers, which adds more complexity and frustration without solving the real problem.
“Modern problems require modern solutions” : this talk explains the evolution of security tooling over the last years, and how they must change (or has changed) to match the macro trends and keep up with the shifting threat.
As an example, this talk demonstrates how modern “lightweight” code analysis techniques, when combined with secure-by-default frameworks/patterns, can be used to easily detect potential holes within a code base, and provide accurate/fast feedbacks to developers.
Dependency-Check Ecosystem - OWASP Summit 2017
This is a presentation I gave at OWASP Summit 2017 talking about the Dependency-Check ecosystem, including Jenkins, SonarQube, and Dependency-Track. The presentation focused on the progress made over the course of the projects life, demos of currently unreleased features, and the future of the platform.
Code Quality - Security
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
The benefits of using third-party and open source components are often negated by the inherent risks that come with them. Systematically reducing risk while allowing the benefits to prevail can be challenging. Organizations often rely on methods of identification that provide instant gratification, but fall short on delivering a simple, coherent strategy for long-term risk identification and remediation. This deck covers current best practices, explores how they've evolved over time, and provides concrete examples which can put into practice with minimal effort.
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleBlack Duck by Synopsys
Presented September 15, 2016 by John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck
Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security.
Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code.
In this webinar by Cigital and Black Duck security experts, you’ll learn:
- The current state of application security management within the Software Development Lifecycle (SDLC)
- New security considerations organizations face in testing applications that combine open source and in-house written software.
- Steps you can take to automate and manage open source security as part of application developmentMyths and Misperceptions of Open Source Security
You need to establish clear operational and security processes around your app and container usage. Join this session to see how enterprise IT can use accelerate business agility, implement DevOps processes, and achieve greater security and control.
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Slides for presentation delivered at OWASP London Chapter Jan 2018 meeting about the recruitment workflow that we have implemented for https://pbx-group-security.com/
Shhh!: Secret Management Practices for Infrastructure as Code
We use grey literature review to identify 12 secret management practice for infrastructure as code (IaC). This paper was presented at the IEEE SecDev conference.
Secure Application Development in the Age of Continuous Delivery
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Continuous and Visible Security Testing with BDD-Security
This presentation makes the case for adapting security requirements and processes to those used by developers. Specifically, it advocates the use of BDD (Given/When/Then) specifications to create self-verifying security requirements.
You've heard of infrastructure as code, with the BDD-Security framework, we can now write security-processes-as-code.
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...North Texas Chapter of the ISSA
Managing Security Requirements in Software Projects
Security requirements, and more broadly Non-Functional Requirements (NFRs), are often critical to the development of software. Unfortunately, many traditional and agile development methodologies tend to focus on features with little attention paid to NFRs. As a result, most organizations do not rigorously track NFRs alongside functional requirements, which leads to increased costs and – in the case of security – significant risk down the road.
This presentation focuses on how to practically build systematic security and NFRs into the development process. We will address the following:
- How do people currently address NFRs
- Challenges with current approaches
- Addressing recurring issues with an NFR library
- Defining library goals
- Selecting a repository for re-usable requirements
- Selecting information sources
- Add requirements to the repository
- Using the library in development projects
Learning objectives:
- Understand shortcomings in current development processes for addressing NFRs
- Be able to build a simple library of re-usable non-functional requirements
- Be able to use the library in development projectWhy Security Engineer Need Shift-Left to DevSecOps?
In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers.
Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.
I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.
DevSecOps - London Gathering : June 2018
Just my thoughts on the subject. This naturally will change over time as we learn and grow in this field.
More Related Content
What's hot
Under-reported Security Defects in Kubernetes Manifests
This presentation discusses how frequently security defects are reported in Kubernetes manifests. The paper was presented at the ICSE EnCycris workshop in 2021.
The Intersection of Security & DevOps
The Intersection of Security & DevOps - Presented by Misha Govshteyn
Open Source Libraries - Managing Risk in Cloud
In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat Modeling is critical for Product Engineering Team. Yet, even in the rare event that it’s performed, its performed without actionable outputs emerging from the exercise. It is relegated to the status of what a “Policy/Best Practice Document”, which it shouldn’t be. I believe that Threat Models are playbooks of Product Security Engineering. I feel that the best way to do threat modeling is to integrate it into the Software Development Lifecycle (SDL). In addition, I believe that Threat Models should produce actionable outputs that can be acted up on by various teams within the organization. To address this lacuna, I have developed “Automaton” - An Open Source “Threat Modeling as Code” framework, that allows product teams to capture User Stories, Abuser Stories, Threat Models and Security Test Cases in YAML Files (like Ansible). With the help of Test Automation Frameworks (in this case, Robot Framework) Automaton allows the product engineering team to not only capture Threat Models as code, but also trigger specific security test cases with tools like OWASP ZAP, BurpSuite, WFuzz, Sublist3r, Nmap and so on. The benefits are three-fold. One - For teams to use Threat Modeling as a first-class citizen(with code). Facilitating Iterative and Updated Threat Models and Security Test Cases, as the product evolves (not a stationary document). Two - For Threat Modeling to become actionable. Product Teams can use this Framework to compose “Recipes” where User Stories (Functionality) leads to Abuser Stories (Threat Profiles) which lead to Threat Models (scenarios), that are used to create Security Test Cases (which kick off certain tools) based on the Recipes written for the Test Cases. Three - This approach leads to a convergence of Threat Modeling and Security Testing, allowing teams to improve both security testing and threat modeling based on results produced through this framework.
Application Security Logging with Splunk using Java
How to code application security logs for Splunk in Java.
In-work draft, please check back later for final.
Proactive Security AppSec Case Study
Automating your way to Proactive Application Security
Andy Hoernecke
AppSec Engineer
Netflix
OWASP Atlanta
4/21/2016
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
DevOps and Continuous Delivery has changed how technology operates and how business is run, but security continues to struggle to catch-up with the velocity of change in this new world : it’s almost a cat-and-mouse game when it comes to spot security holes into code before delivering to production, and traditional manual security assessment just continue to be untenable as a way of working with modern agile teams.
The concept of DevSecOps can be the ultimate answer, but unfortunately most articles and vendor pitches about this subject are incredibly superficial, and it’s all about dumping existing/traditional security tools on developers, which adds more complexity and frustration without solving the real problem.
“Modern problems require modern solutions” : this talk explains the evolution of security tooling over the last years, and how they must change (or has changed) to match the macro trends and keep up with the shifting threat.
As an example, this talk demonstrates how modern “lightweight” code analysis techniques, when combined with secure-by-default frameworks/patterns, can be used to easily detect potential holes within a code base, and provide accurate/fast feedbacks to developers.
Dependency-Check Ecosystem - OWASP Summit 2017
This is a presentation I gave at OWASP Summit 2017 talking about the Dependency-Check ecosystem, including Jenkins, SonarQube, and Dependency-Track. The presentation focused on the progress made over the course of the projects life, demos of currently unreleased features, and the future of the platform.
Code Quality - Security
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
The benefits of using third-party and open source components are often negated by the inherent risks that come with them. Systematically reducing risk while allowing the benefits to prevail can be challenging. Organizations often rely on methods of identification that provide instant gratification, but fall short on delivering a simple, coherent strategy for long-term risk identification and remediation. This deck covers current best practices, explores how they've evolved over time, and provides concrete examples which can put into practice with minimal effort.
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleBlack Duck by Synopsys
Presented September 15, 2016 by John Steven, CTO, Cigital; Mike Pittenger, VP Security Strategy, Black Duck
Today, open source comprises a critical component of software code in the average application, yet most organizations lack the visibility into and control of the open source they’re using. A 2016 analysis of 200 commercial applications showed that 67% contained known open source vulnerabilities. Whether it’s a SaaS solution you deliver to millions of customers, or an internal application developed for employees, addressing the open source visibility and control challenges is vital to ensuring proper software security.
Open source use is ubiquitous worldwide. It powers your mobile phone and your company’s most important cloud application. Securing mission critical applications must evolve to address open source as part of software security, complementing and extending the testing of in-house written code.
In this webinar by Cigital and Black Duck security experts, you’ll learn:
- The current state of application security management within the Software Development Lifecycle (SDLC)
- New security considerations organizations face in testing applications that combine open source and in-house written software.
- Steps you can take to automate and manage open source security as part of application developmentMyths and Misperceptions of Open Source Security
You need to establish clear operational and security processes around your app and container usage. Join this session to see how enterprise IT can use accelerate business agility, implement DevOps processes, and achieve greater security and control.
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Slides for presentation delivered at OWASP London Chapter Jan 2018 meeting about the recruitment workflow that we have implemented for https://pbx-group-security.com/
Shhh!: Secret Management Practices for Infrastructure as Code
We use grey literature review to identify 12 secret management practice for infrastructure as code (IaC). This paper was presented at the IEEE SecDev conference.
Secure Application Development in the Age of Continuous Delivery
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Continuous and Visible Security Testing with BDD-Security
This presentation makes the case for adapting security requirements and processes to those used by developers. Specifically, it advocates the use of BDD (Given/When/Then) specifications to create self-verifying security requirements.
You've heard of infrastructure as code, with the BDD-Security framework, we can now write security-processes-as-code.
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...North Texas Chapter of the ISSA
Managing Security Requirements in Software Projects
Security requirements, and more broadly Non-Functional Requirements (NFRs), are often critical to the development of software. Unfortunately, many traditional and agile development methodologies tend to focus on features with little attention paid to NFRs. As a result, most organizations do not rigorously track NFRs alongside functional requirements, which leads to increased costs and – in the case of security – significant risk down the road.
This presentation focuses on how to practically build systematic security and NFRs into the development process. We will address the following:
- How do people currently address NFRs
- Challenges with current approaches
- Addressing recurring issues with an NFR library
- Defining library goals
- Selecting a repository for re-usable requirements
- Selecting information sources
- Add requirements to the repository
- Using the library in development projects
Learning objectives:
- Understand shortcomings in current development processes for addressing NFRs
- Be able to build a simple library of re-usable non-functional requirements
- Be able to use the library in development projectWhy Security Engineer Need Shift-Left to DevSecOps?
In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers.
Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow.
I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.
What's hot (20)
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes Manifests
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Application Security Logging with Splunk using Java
Application Security Logging with Splunk using Java
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security Assurance
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
BOMs Away - Why everyone needs a BOM (AppSec Cali 2019)
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development Lifecycle
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Improving the quality of Cyber Security Hires via Pre-Interview Challenges
Shhh!: Secret Management Practices for Infrastructure as Code
Shhh!: Secret Management Practices for Infrastructure as Code
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Similar to Sept 2019 - DSO-LG Tooling Examples
DevSecOps - London Gathering : June 2018
Just my thoughts on the subject. This naturally will change over time as we learn and grow in this field.
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
According to SAP 85% of cybersecurity attacks target the application layer. To be successful in defending against these attacks you need to use a variety of tools. In session we'll go into the various types application security tools and approaches, including SAST, DAST, RASP, PEN, as well as Open Source Vulnerability Management. We'll help you understand the differences between these tools and help you develop a plan for filling your application security toolbox.
Cyber Security Conference - Praktiske erfaringer med Implementering af Cyber ...
Cyber Security Conference - Praktiske erfaringer med Implementering af Cyber Defense, v/ Seniorkonsulent Martin Kiær, Security & Infrastructure Business Lead
Shift Left Security
The presentation focuses on the responsibilities, practices, processes, tools, and techniques that systematically increase security in the software development lifecycle (SSDLC). Software should be provisioned uniformly declarative regardless of whether software artifacts are produced in-house or purchased. This is the foundation for effective quality and security standardization, which are key facilitators of reliability engineering.
The automated (ethical) hacker in you - test automation day nl 2018
How to integrate security testing in your automated functional tests. Why, how and what is discussed in this presentation.
Some examples of how security requirements should be defined.
Demo is not recorded. If you want, I can do the demo for you :-)
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...DevOps for Enterprise Systems
Leverage DevOps & Agile Development to Transform Your Application Testing Program: Client Case StudyLeverage DevOps & Agile Development to Transform Your Application Testing Pro...
Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Discover how Sona Srinivasan, Senior Architect of Cisco IT’s Global Architecture and Technology Services group, helps transform an IT DevOps strategy to a Security DevOps strategy, with IBM Security's assistance. Cisco is presently implementing continuous security and agile methods throughout the software development lifecycle (SDLC), and specific examples of current initiatives will be reviewed in this session.
Security assessment with a hint of CISSP Prep
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
Security Process in DevSecOps
DevSecOps is a word that combines development, security, and operations. DevSecOps deals with software development, operations, security, and services. It emphasizes communication, collaboration, and integration between software developers, security teams, and information technology operations personnel.
In this session, you will learn how to integrate security techniques into the DevOps process.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/mi8Zo9O6OUY
TechTalkThai Conference: Enterprise Cybersecurity 2021
October 5, 2021
Agile software security assurance
A short presentation covering the important aspects of an software security assurance effort in agile development environments. Towards the end we provide tips of how it can work in the real-world...
Automating your AWS Security Operations
You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next?
Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages.
It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations.
In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies.
This slide deck covers:
- How security will be integrated into the overall processes of development and deployment.
- How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed.
- How to be successful with API-enabled, continuous security tools in the cloud.
- How to operationalize security alarms, enabling world-class incident response and remediation capabilities.
Automating your AWS Security Operations
You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next?
Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages. It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations. In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies.
Join us to learn:
• How security will be integrated into the overall processes of development and deployment.
• How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed.
• How to be successful with API-enabled, continuous security tools in the cloud.
• How to operationalize security alarms, enabling world-class incident response and remediation capabilities.
Application Security Testing for Software Engineers ,Developers and testers
Gustavo Nieves Arreaza
1. Application Security Testing for Software Engineers ,Developers and testers.
2. Who Am I? • Software Engineer based in Chile • OWASP Viña del mar Chapter Leader • Recurrent Speaker on Application Security conferences • Head of Software Development
https://www.appsec.cl
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Abstract: SAST, DAST, and WAF have been around for almost 15 years — they’re almost impossible to use, can’t protect modern applications, and aren’t compatible with modern software development. Recent studies have demonstrated that these tools miss the majority of real vulnerabilities and attacks while generating staggering numbers of false positives. To compensate, these tools require huge teams of application security experts that can’t possibly keep up with the size of modern application portfolios. Fortunately, the next generation of application security technology uses dynamic software instrumentation to solve these challenges. Gartner calls these products “Interactive Application Security Testing (IAST)” and “Runtime Application Self-Protection (RASP).” In this talk, you’ll learn how IAST and RASP have revolutionized vulnerability assessment and attack prevention in a massively scalable way.
Bio: A pioneer in application security, Jeff Williams is the founder and CTO of Contrast Security, a revolutionary application security product. Contrast is an application agent that enables software to both report vulnerabilities and prevent attacks. Jeff has over 25 years of security experience, speaks frequently on cutting-edge application security, and has helped secure code at hundreds of major enterprises. Jeff served as the Global Chairman of the OWASP Foundation for eight years, where he created many open-source standards, tools, libraries, and guidelines - including the OWASP Top Ten.
Similar to Sept 2019 - DSO-LG Tooling Examples (20)
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Cyber Security Conference - Praktiske erfaringer med Implementering af Cyber ...
Cyber Security Conference - Praktiske erfaringer med Implementering af Cyber ...
The automated (ethical) hacker in you - test automation day nl 2018
The automated (ethical) hacker in you - test automation day nl 2018
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
Application Security Testing for Software Engineers ,Developers and testers
Application Security Testing for Software Engineers ,Developers and testers
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
More from Michael Man
5 things i wish i knew about sast (DSO-LG July 2021)
In this talk Florin Coada, who's been dealing with SAST over the last 7 years, will share some of his top tips to achieve more SASTisfaction from your tooling. Each tip will come with a little story that shows why this tip made it to the top 5 list.
K8S Certifications - Exam Cram
We have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) exams.
https://www.twitch.tv/clust3rf8ck
https://www.cncf.io/certification/cka/
https://www.cncf.io/certification/cks/
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
In just a few years, Open Policy Agent (OPA) has established itself as the de-facto standard for policy based guard rails around kubernetes clusters - now it's moving into our microservices! In this talk we'll explore the benefits of decoupling policy from application logic, and how OPA can help bring order to an increasingly distributed, heterogeneous and complex tech stack.
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
A good defense against insecure code requires understanding the mechanics behind how attackers exploit simple programming mistakes. Developers today face a massive onslaught of new and old attack vectors in both the code they write and the open source they use.
So, to explore this, I am very pleased that Bruce Mayhew - Head of Data Research at Sonatype and the OWASP WebGoat Project lead - will be flying into the UK and speaking at our Gathering.
This will be an interactive and informative discussion to learn the most basic, but common, application security problems and mitigation strategies in the OWASP Top 10 and relating this to the DevSecOps initiative.
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Presentation slides used by Chris Wysopal (@WeldPond) during the Oct 2019 DevSecOps - London Gathering evening.
Extract Oct 2019: DSO-LG Rolling Slides
Latest version of the basic rolling slides used at DevSecOps - London Gathering evenings.
Ideas for 2020 - please provide input/feedback back to Michael Man.
DevSecOps Manchester - May 2019
*** Michael Man ***
Sharing the journey of starting and running a meetup.
Chris Rutter: Avoiding The Security Brick
DevSecOps - London Gathering (March 2019)
This is a continuation of Chris Rutter's security talks (typically focused around Threat Modelling). In this talk Chris will explore real techniques, both technical and organisational, to introduce security into DevOps without hitting people with bricks [Not literally].
Extract: DevSecOps - London Gathering (March 2019)
DevSecOps - London Gathering
- Ways to keep in touch
- Links to past talks
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Security Rationale For Istio
An introduction to Istio security, looking at how Istio helps to keeps your security team happy by satisfying Kubernetes security requirements for multi-tenancy, and your developers happy by reducing implementation effort. Istio is still an evolving technology, and outstanding issues and impending improvements will be discussed.
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Introduction to Istio
I’ll show what Istio is, and how it does what it does. We’ll explore that from the point of view of one packet travelling in from the internet and back out again, to show us all the major data and control plane components.
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
A look at historical Kubernetes breaches, the high level security primitives, and an overview of multi-tenancy models in Kubernetes.
August 2018: DevSecOps - London Gathering
Rolling slides to kick of the event.
*** Description of the main talk ***
Threat Modelling can be a laborious and time-consuming exercise, which is not a happy marriage with CI and DevOps methodologies. In this talk, I shall outline my Rapid Threat Model Prototyping paradigm, which I have successfully been using both at Visa and Photobox. My method enables automation and inclusion into fast-moving development cycles and is well-suited for today's IT environments.
Continuous Security: From tins to containers - now what!
Information Security departments often view containers as challenging to manage (code moves too fast for risk analysis, thousands of containers with limited visibility or control). Government organizations such as NIST have come out with guidelines for Application Container Security, while serverless technologies such as Azure Container Instances or AWS Fargate create additional challenges regarding how security risks are managed.
The mechanics behind how attackers exploit simple programming mistakes ...
A good defense against insecure code requires understanding the mechanics behind how attackers exploit simple programming mistakes. Developers today face a massive onslaught of new and old attack vectors in both the code they write and the open source they use.
Secret Management Journey - Here Be Dragons aka Secret Dragons
Secret Management Journey - In the beginning there was a file and it contained all the passwords in the plain text, but then someone stole all the passwords, so we don't do that anymore. In this talk I will explore how secret management has evolved over the years, what is the common path to maturity, what good looks like and why "Just use HashiCorp Vault" is a good heuristic. Explore with me the perils of storing secrets in Jenkins, how ansible-vault leads to disasters and where does CyberArk Conjur sit in all of this.
DevSecOps The Evolution of DevOps
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
Dynaminet -DevSecOps
There are many techniques that help introduce security into the DevOps lifecycle, each has its own set of benefits and constraints. Therefore, it is important to evaluate each technique and associated tools to ensure they match the organisation’s security testing strategy, languages and risk appetite.
DevSecOps: Test Automation
Different types of Security Testing which should be considered as part of a DevSecOps pipeline.
More from Michael Man (20)
5 things i wish i knew about sast (DSO-LG July 2021)
5 things i wish i knew about sast (DSO-LG July 2021)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Extract: DevSecOps - London Gathering (March 2019)
Extract: DevSecOps - London Gathering (March 2019)
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
The mechanics behind how attackers exploit simple programming mistakes ...
The mechanics behind how attackers exploit simple programming mistakes ...
Secret Management Journey - Here Be Dragons aka Secret Dragons
Secret Management Journey - Here Be Dragons aka Secret Dragons
Recently uploaded
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
DevOps and Testing slides at DASA Connect
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Recently uploaded (20)
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Sept 2019 - DSO-LG Tooling Examples
- 1. IDE Static Code Analysis SCM Dynamic Analysis Open Source Software Security Security Testing Framework Binary Repository Define Security Test CasesThreat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (Sept 2019) curl nmap sslyze sqlmap Interactive Testing Threat Modeling Container Security Infrastructure Assurance
- 2. Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Updated: May 2019 Container Security Infrastructure Scanning