SFScon18 - Lorenzo Nicoldi - The insecurity of the free & opensource software
•
0 likes•99 views
This document summarizes some assumptions and challenges around testing the security of open source versus closed source software. It discusses how automated testing through unit tests and fuzzing works in theory but can be limited in practice. Manual testing or "bug hunting" is also explored for both commercial and free open source software, noting it may be easier to find targets in closed source code. The document aims to start a discussion on how security is evaluated differently for open versus closed source programs.
Report
Share
Report
Share
Download to read offline
Recommended
Android testing part i
This document discusses software testing and Android testing. It covers unit testing with JUnit and mock objects in Android. Unit tests isolate classes and replace dependencies with mocks. The document provides examples of writing unit tests for an EmailValidator class. It also discusses instrumented tests and testing asynchronous functions. Best practices like writing testable code and case studies are presented.
Unit Testing (C#)
Unit testing involves writing code to test individual units or components of an application to ensure they operate as expected. Unit tests act as specifications for code and help produce better, more readable and maintainable code. An effective unit test has one test class per code class, runs tests in isolation, has clear and descriptive names from a user perspective, and asserts a single outcome per test. Tools like mocking frameworks can help with unit testing by injecting dependencies and states. Unit tests should focus on testing logic and not user interfaces.
Unit Testing
What needs to consider to write effective unit test cases. Common mistakes developer do and how to overcome those with some basic understanding of unit test case writing.
Unit Tests And Automated Testing
The document discusses unit testing and automated testing. It defines various testing terminology like unit tests, integration tests, system tests, and regression tests. It emphasizes the importance of testing early and often to find bugs quickly, increase quality assurance, and improve code design for testability. Automating tests through continuous integration is recommended to efficiently run tests on new code commits and catch errors early. Test-driven development is introduced as a practice of writing tests before code to ensure all tests initially fail and the code is developed to pass the tests.
UnitTestingBasics
The document discusses unit testing basics and principles. It defines a unit test as an automated piece of code that invokes and checks the logical behavior of a class or method. Well-written unit tests are easy to implement, runnable by anyone with a single button press, and automated/repeatable. The document recommends testing logical code containing decisions and asserts the arrange-act-assert testing pattern. It also discusses removing dependencies through stubs, seams, and mocks to isolate the code under test.
Dagger for android
One of the central difficulties of writing an Android application using Dagger is that many Android framework classes are instantiated by the OS itself, like Activity and Fragment, but Dagger works best if it can create all the injected objects. Instead, you have to perform members injection in a lifecycle method.
Unit tests & TDD
A session I did at Rupin Academic Center.
Part of modern software engineering course for bachelor degree in computer science.
Unit Testing in Android
Unit testing in Android involves testing individual units or components of an Android application to verify their correctness. This is done during development by the developer. The document discusses what unit testing involves, provides examples of unit tests for a number validator class and interval overlapping detector class, and discusses test doubles, constraints of unit testing in Android, where to unit test in an Android app, and test-driven development.
Recommended
Android testing part i
This document discusses software testing and Android testing. It covers unit testing with JUnit and mock objects in Android. Unit tests isolate classes and replace dependencies with mocks. The document provides examples of writing unit tests for an EmailValidator class. It also discusses instrumented tests and testing asynchronous functions. Best practices like writing testable code and case studies are presented.
Unit Testing (C#)
Unit testing involves writing code to test individual units or components of an application to ensure they operate as expected. Unit tests act as specifications for code and help produce better, more readable and maintainable code. An effective unit test has one test class per code class, runs tests in isolation, has clear and descriptive names from a user perspective, and asserts a single outcome per test. Tools like mocking frameworks can help with unit testing by injecting dependencies and states. Unit tests should focus on testing logic and not user interfaces.
Unit Testing
What needs to consider to write effective unit test cases. Common mistakes developer do and how to overcome those with some basic understanding of unit test case writing.
Unit Tests And Automated Testing
The document discusses unit testing and automated testing. It defines various testing terminology like unit tests, integration tests, system tests, and regression tests. It emphasizes the importance of testing early and often to find bugs quickly, increase quality assurance, and improve code design for testability. Automating tests through continuous integration is recommended to efficiently run tests on new code commits and catch errors early. Test-driven development is introduced as a practice of writing tests before code to ensure all tests initially fail and the code is developed to pass the tests.
UnitTestingBasics
The document discusses unit testing basics and principles. It defines a unit test as an automated piece of code that invokes and checks the logical behavior of a class or method. Well-written unit tests are easy to implement, runnable by anyone with a single button press, and automated/repeatable. The document recommends testing logical code containing decisions and asserts the arrange-act-assert testing pattern. It also discusses removing dependencies through stubs, seams, and mocks to isolate the code under test.
Dagger for android
One of the central difficulties of writing an Android application using Dagger is that many Android framework classes are instantiated by the OS itself, like Activity and Fragment, but Dagger works best if it can create all the injected objects. Instead, you have to perform members injection in a lifecycle method.
Unit tests & TDD
A session I did at Rupin Academic Center.
Part of modern software engineering course for bachelor degree in computer science.
Unit Testing in Android
Unit testing in Android involves testing individual units or components of an Android application to verify their correctness. This is done during development by the developer. The document discusses what unit testing involves, provides examples of unit tests for a number validator class and interval overlapping detector class, and discusses test doubles, constraints of unit testing in Android, where to unit test in an Android app, and test-driven development.
Testing And Drupal
Testing code through automated tests is important to ensure security and catch bugs early in the development process. There are different types of tests like unit tests which test individual functions and modules, and functional tests which test overall page behavior and interactions. Writing tests requires considering what to test, test organization, and dealing with limitations of testing tools.
Unit Testing And Mocking
This document provides an introduction to unit testing and mocking. It discusses the benefits of unit testing such as safer refactoring and value that increases over time. It provides a recipe for setting up a unit test project with test classes and methods using AAA syntax. It also covers what mocking is and how to use mocking frameworks to create fake dependencies and check interactions. Resources for learning more about unit testing and related tools are provided.
Unit testing (workshop)
1. Create test classes for each item type (book, food, medical, imported, etc.) and calculate tax amounts
2. Write test methods that pass sample baskets of items to the calculation method and assert the expected tax and total amounts are returned
3. Include test cases that validate tax rounding is performed correctly for different tax rates and item prices
4. Write exception tests to ensure invalid item types or negative prices throw the expected exceptions
Android Automation Using Robotium
This presentation would help give a jump start guide on Robotium for getting started with Android automation should join this Seminar.
Inside Android Testing
Introduction to Android testing explaining existent tools and good practices. Source code examples as well.
An Introduction to Unit Testing
Unit testing involves testing individual components of software to ensure they function as intended when isolated from the full system. It helps identify unintended effects of code changes. While unit tests cannot prove the absence of errors, they act as an executable specification for code behavior. Writing unit tests requires designing code for testability through principles like single responsibility and dependency injection. Tests should focus on public interfaces and state transitions, not implementation details. Test-driven development involves writing tests before code to define requirements and ensure only testable code is written. Mocking frameworks simulate dependencies to isolate the system under test. Well-written unit tests keep behaviors isolated, self-contained, and use the arrange-act-assert structure.
AspectMock
AspectMock is a PHP library that allows mocking of any method call, including static and private methods, without requiring code refactoring. It uses aspect-oriented programming to intercept method calls and return mock values. To use it, install via Composer, create a custom autoloader for tests, and define the class and methods to mock along with their return values. AspectMock makes it easy to mock code as written without dependency injection refactoring required by other mocking tools.
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstalled-Apps.pdf
Software testing
The document discusses various types and levels of software testing. It defines software testing as analyzing a software item to detect differences between existing and required conditions (i.e. defects). The key types discussed are positive and negative testing, white-box and black-box testing. The levels covered are unit testing, integration testing, system testing, and acceptance testing. Various testing tools are also listed for different testing purposes such as source code testing, functional testing, performance testing, and database testing.
Dev fest2015androidunittestingbyoyewaleademolasao
The presentation given on Android unit Testing with Android Testing Library. Presentation given at the GDG DevFest SouthWest Nigerian meetup.
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Introduction to Bug Bounties
How to find bugs hands-on
How to use popular bug bounty programs
Case evaluation: Facebook page takeover bug
Conclusions and surprises
Myths and Misperceptions of Open Source Security
This document discusses myths and misperceptions around open source security. It addresses 6 common misperceptions: 1) that security tools can find all open source vulnerabilities, 2) that scanning is best done at the end of development, 3) that the National Vulnerability Database covers all vulnerabilities, 4) that replacing vulnerable components is always the answer, 5) that the "many eyes" theory ensures open source security, and 6) that open source is less secure than commercial software. The document provides details to counter each misperception and emphasizes that all software can have vulnerabilities, and that visibility into what software is used is key to security.
5-Ways-to-Revolutionize-Your-Software-Testing
This document provides 5 insights to revolutionize software testing: 1) There are two types of code (experience and infrastructure) that require different testing approaches; 2) Testing should focus on capabilities rather than features; 3) Focus on testing techniques rather than individual test cases; 4) Testing should improve development rather than just find bugs; 5) Testing needs innovation to engage talent and avoid repetitive work. The author advocates shifting testing strategy to higher levels of abstraction and partnering with development to build quality in from the start.
Software Security Assurance for DevOps
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Zen and the art of Security Testing
Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.
Key Takeaways:
-Great places in the user journey to inject security tests
- Ways to augment existing test approaches to cover security concerns
- Typical security tools that are free, cheap, and easy for software testers
How penetration testing techniques can help you improve your qa skills
The document discusses how penetration testing techniques can help improve QA skills. It outlines key differences between how penetration testers and QA engineers approach testing. Penetration testers take a more aggressive approach, trying to break systems in unexpected ways by undermining assumptions. They gather extensive information about infrastructure and software, define success narrowly, search for vulnerabilities, and combine use cases. Their testing is more expansive in scope, tools used, and environments tested in than typical QA testing. Adopting some penetration testing techniques like fuzzing inputs and reverse engineering could help QAs broaden their testing approach.
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
c0c0n 2015 Presentation. This talk discussed about the impact of using components with known vulnerabilities along with various tips and tools for software developer or administrator to facilitate identification of vulnerable components.
Why is software testing important
Software testing is primarily done to ascertain whether the software meets the required conditions and is bug-free.
Why is software testing important
Software testing is primarily done to ascertain whether the software meets the required conditions and is bug-free.
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...Agile Testing Alliance
The presentation on Cost-effective Security Testing Approaches for Web, Mobile & Enterprise Application was done during #ATAGTR2017, one of the largest global testing conference. All copyright belongs to the author.
Author and presenter : Varadarajan V. G.nullcon 2011 - Fuzzing with Complexities
Fuzzing is a software testing technique that feeds random data to a program to test for crashes or security vulnerabilities. It can find bugs that other testing methods may miss by exploring unusual code paths. While fuzzing is effective at finding bugs, it only finds issues and does not evaluate the quality or reliability of the software. Code coverage metrics can be used alongside fuzzing to measure how thoroughly the code has been tested, but may still miss some bugs. Fuzzing works best when the tester has knowledge of the program's internal structure and algorithms.
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk Security Essentials provides concise summaries in 3 sentences or less that provide the high level and essential information from the document. The document discusses an introductory presentation on security analytics methods. It includes an agenda that covers an introduction to analytics methods, an example scenario, and next steps. It also discusses common security challenges, different analytics methods and types of use cases, and how analytics can be applied to different stages of an attack.
More Related Content
What's hot
Testing And Drupal
Testing code through automated tests is important to ensure security and catch bugs early in the development process. There are different types of tests like unit tests which test individual functions and modules, and functional tests which test overall page behavior and interactions. Writing tests requires considering what to test, test organization, and dealing with limitations of testing tools.
Unit Testing And Mocking
This document provides an introduction to unit testing and mocking. It discusses the benefits of unit testing such as safer refactoring and value that increases over time. It provides a recipe for setting up a unit test project with test classes and methods using AAA syntax. It also covers what mocking is and how to use mocking frameworks to create fake dependencies and check interactions. Resources for learning more about unit testing and related tools are provided.
Unit testing (workshop)
1. Create test classes for each item type (book, food, medical, imported, etc.) and calculate tax amounts
2. Write test methods that pass sample baskets of items to the calculation method and assert the expected tax and total amounts are returned
3. Include test cases that validate tax rounding is performed correctly for different tax rates and item prices
4. Write exception tests to ensure invalid item types or negative prices throw the expected exceptions
Android Automation Using Robotium
This presentation would help give a jump start guide on Robotium for getting started with Android automation should join this Seminar.
Inside Android Testing
Introduction to Android testing explaining existent tools and good practices. Source code examples as well.
An Introduction to Unit Testing
Unit testing involves testing individual components of software to ensure they function as intended when isolated from the full system. It helps identify unintended effects of code changes. While unit tests cannot prove the absence of errors, they act as an executable specification for code behavior. Writing unit tests requires designing code for testability through principles like single responsibility and dependency injection. Tests should focus on public interfaces and state transitions, not implementation details. Test-driven development involves writing tests before code to define requirements and ensure only testable code is written. Mocking frameworks simulate dependencies to isolate the system under test. Well-written unit tests keep behaviors isolated, self-contained, and use the arrange-act-assert structure.
AspectMock
AspectMock is a PHP library that allows mocking of any method call, including static and private methods, without requiring code refactoring. It uses aspect-oriented programming to intercept method calls and return mock values. To use it, install via Composer, create a custom autoloader for tests, and define the class and methods to mock along with their return values. AspectMock makes it easy to mock code as written without dependency injection refactoring required by other mocking tools.
What's hot (7)
Similar to SFScon18 - Lorenzo Nicoldi - The insecurity of the free & opensource software
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstalled-Apps.pdf
Software testing
The document discusses various types and levels of software testing. It defines software testing as analyzing a software item to detect differences between existing and required conditions (i.e. defects). The key types discussed are positive and negative testing, white-box and black-box testing. The levels covered are unit testing, integration testing, system testing, and acceptance testing. Various testing tools are also listed for different testing purposes such as source code testing, functional testing, performance testing, and database testing.
Dev fest2015androidunittestingbyoyewaleademolasao
The presentation given on Android unit Testing with Android Testing Library. Presentation given at the GDG DevFest SouthWest Nigerian meetup.
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Introduction to Bug Bounties
How to find bugs hands-on
How to use popular bug bounty programs
Case evaluation: Facebook page takeover bug
Conclusions and surprises
Myths and Misperceptions of Open Source Security
This document discusses myths and misperceptions around open source security. It addresses 6 common misperceptions: 1) that security tools can find all open source vulnerabilities, 2) that scanning is best done at the end of development, 3) that the National Vulnerability Database covers all vulnerabilities, 4) that replacing vulnerable components is always the answer, 5) that the "many eyes" theory ensures open source security, and 6) that open source is less secure than commercial software. The document provides details to counter each misperception and emphasizes that all software can have vulnerabilities, and that visibility into what software is used is key to security.
5-Ways-to-Revolutionize-Your-Software-Testing
This document provides 5 insights to revolutionize software testing: 1) There are two types of code (experience and infrastructure) that require different testing approaches; 2) Testing should focus on capabilities rather than features; 3) Focus on testing techniques rather than individual test cases; 4) Testing should improve development rather than just find bugs; 5) Testing needs innovation to engage talent and avoid repetitive work. The author advocates shifting testing strategy to higher levels of abstraction and partnering with development to build quality in from the start.
Software Security Assurance for DevOps
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Zen and the art of Security Testing
Some security experts would tell you that security testing is very different from functional or non-functional software testing. They are wrong. Having worked on both sides, Paco gives 3 specific recommendations for how testers can make significant contributions to the security of their software and applications by making small changes to the way they do their software testing. The first technique has to do with selecting points in the user journey that are ripe for security testing. The second is to leverage some common free tools that enable security tests. The final technique is adjusting old school boundary value testing and equivalence class partitioning to incorporate security tests. The result is a lot of security testing done and issues fixed long before any security specialists arrive.
Key Takeaways:
-Great places in the user journey to inject security tests
- Ways to augment existing test approaches to cover security concerns
- Typical security tools that are free, cheap, and easy for software testers
How penetration testing techniques can help you improve your qa skills
The document discusses how penetration testing techniques can help improve QA skills. It outlines key differences between how penetration testers and QA engineers approach testing. Penetration testers take a more aggressive approach, trying to break systems in unexpected ways by undermining assumptions. They gather extensive information about infrastructure and software, define success narrowly, search for vulnerabilities, and combine use cases. Their testing is more expansive in scope, tools used, and environments tested in than typical QA testing. Adopting some penetration testing techniques like fuzzing inputs and reverse engineering could help QAs broaden their testing approach.
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
c0c0n 2015 Presentation. This talk discussed about the impact of using components with known vulnerabilities along with various tips and tools for software developer or administrator to facilitate identification of vulnerable components.
Why is software testing important
Software testing is primarily done to ascertain whether the software meets the required conditions and is bug-free.
Why is software testing important
Software testing is primarily done to ascertain whether the software meets the required conditions and is bug-free.
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...Agile Testing Alliance
The presentation on Cost-effective Security Testing Approaches for Web, Mobile & Enterprise Application was done during #ATAGTR2017, one of the largest global testing conference. All copyright belongs to the author.
Author and presenter : Varadarajan V. G.nullcon 2011 - Fuzzing with Complexities
Fuzzing is a software testing technique that feeds random data to a program to test for crashes or security vulnerabilities. It can find bugs that other testing methods may miss by exploring unusual code paths. While fuzzing is effective at finding bugs, it only finds issues and does not evaluate the quality or reliability of the software. Code coverage metrics can be used alongside fuzzing to measure how thoroughly the code has been tested, but may still miss some bugs. Fuzzing works best when the tester has knowledge of the program's internal structure and algorithms.
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk Security Essentials provides concise summaries in 3 sentences or less that provide the high level and essential information from the document. The document discusses an introductory presentation on security analytics methods. It includes an agenda that covers an introduction to analytics methods, an example scenario, and next steps. It also discusses common security challenges, different analytics methods and types of use cases, and how analytics can be applied to different stages of an attack.
Improve Security through Continuous Testing
Many companies develop strong software development practices that include ongoing testing throughout the development lifecycle. But they fail to account for the testing of security-related issues. This leads to security controls being tacked on to an application just before it goes to production. With security controls implemented in this manner, more security vulnerabilities are uncovered but there is less time to correct them. As more applications move to cloud-based architectures, this will become an even greater problem as some of the protection enjoyed by applications hosted on-site no longer exists. Jeremy Faircloth discusses a better approach—ensuring that testing throughout the development lifecycle includes the appropriate focus on security controls. Jeremy illustrates this through the establishment of security-related use cases, static code analysis, dynamic analysis, fuzzing, availability testing, and other techniques. Save yourself from last minute security issues by proactively testing the security of your application!
Objects vs. Images: Choosing the Right GUI Test Tool Architecture
This document discusses the differences between object-based and image-based test automation tools for graphical user interfaces (GUIs). Object-based tools interact directly with GUI objects, allowing access to object properties, while image-based tools rely on image recognition and have no access to underlying properties. Both approaches have strengths and weaknesses for different types of applications and platforms. The document provides examples and recommends choosing an approach based on factors like whether the application is browser-based, involves many images, or must be tested on mobile or non-Windows platforms.
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
This presentation was given by Ryan Berg, Sonatype CSO, at the All Things Open conference in Raleigh, NC.
We all know that Open Source brings speed, innovation, cost savings and more to our development efforts. It also brings risk. Bash, Heartbleed, Struts – anyone? Join this session to hear the latest research on the most risky open source component types – the alien invaders hiding in your software. And learn best practices to manage your risk based on the 11,000 people who shared their experiences in the 4 year industry-wide study on open source development and application security. Among the surprising results…
- 1-in-3 organizations had or suspected an open source breach in the last 12 months
- Only 16% of participants must prove they are not using components with known vulnerabilities
- 64% don’t track changes in open source vulnerability data
Security Testing.pptx
SECURITY TESTING is a type of Software Testing that uncovers vulnerabilities, threats, risks in a software application and prevents malicious attacks from intruders. The purpose of Security Tests is to identify all possible loopholes and weaknesses of the software system which might result in a loss of information, revenue, and repute at the hands of the employees or outsiders of the Organization.
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Detect Spikes
Data Source: box_logs
Field to Sum: bytes_downloaded
Group By: user, folder
Time Frame: Last 30 days
Alert on Spikes > 3 Standard Deviations
Schedule Alert: Yes
Custom Splunk Search
Let's Build a Custom Search Together
Click "Build Search"
© 2018 SPLUNK INC.
Here is the search we built:
index=box_logs
| stats sum(bytes_downloaded) as bytes
by user, folder
| timechart span=1d
| anomalydetection direction=both
threshold=3
| where folder="Proposals"
|
Similar to SFScon18 - Lorenzo Nicoldi - The insecurity of the free & opensource software (20)
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
us-19-Stone-Securing-The-System-A-Deep-Dive-Into-Reversing-Android-Preinstall...
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
Squashing bugs: Introduction to Bug Bounties ISSA Dehradun Chapter
How penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skills
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Objects vs. Images: Choosing the Right GUI Test Tool Architecture
Objects vs. Images: Choosing the Right GUI Test Tool Architecture
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
Aliens in Your Apps! Are You Using Components With Known Vulnerabilities?
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
More from South Tyrol Free Software Conference
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...South Tyrol Free Software Conference
The complexity of agricultural droughts requires a consistent, reliable, and systematic method for monitoring and reporting. Amongst the various indices used to monitor this phenomenon, the soil moisture anomaly has been proven to be a more reliable predictor. However, the datasets required for computing this index are often large and computationally demanding. To address this challenge, we have developed SMODEX, a Python package that enables scalable, fast, and open-source standard-compliant computation and visualization of soil moisture anomalies.
SMODEX simplifies the computation and visualization of time-series for soil moisture and soil moisture anomalies from high-dimensional climate datasets. It allows for quick and easy parallelization of the computation on a daily, weekly, and monthly timescale. Additionally, SMODEX implements a straightforward workflow for automating the use of FAIR (Findable, Accessible, Interoperable, and Reusable) principles in producing and sharing outputs by leveraging the open source STAC API. The package is extendible and provides information on how to contribute to the project, test suites, test coverage, and a use case for the South Tyrol region, all provided in the package repository. In the future, additional agricultural drought indices and indicators would be included to serve to even larger community of researchers, policy makers, and individual users.SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...South Tyrol Free Software Conference
The Open Hardware PowerPC Notebook designed around GNU/Linux will be showed at NOI Techpark. We had presented here its motherboard design in 2018. We will updates regarding last developments for u-boot AMD video drivers, re-design of heat pipes, and CE test certification process. We will give future availability milestones of this notebook and details regarding the GNU/Linux distributions or other OS that could runs on it.SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSouth Tyrol Free Software Conference
RMBtec proposes using the Open Data Hub as the real-time data backbone for a start-up creating an aircraft tracking application. The Open Data Hub offers data providers visibility, infrastructure to publish data, documentation, analytics and support. It describes how aircraft position data captured by sensors could be preprocessed and sent to the Open Data Hub via MQTT, then streamed in real-time and stored in a data mart via transformers. The Open Data Hub provides an alternative to cloud services and has capabilities that could support publishing and consuming aircraft tracking data.SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...South Tyrol Free Software Conference
The transition from Web 2.0 to Web 3.0 has fueled the need for a secure and decentralized cloud storage solution for digital assets. Web 2.0 was characterized by centralized platforms where user data was under the control of companies. In contrast, Web 3.0 aims to empower individuals and foster a decentralized web that supports and benefits the Free Software and Open Data Communities.
Blockchain technologies facilitate seamless collaboration and interoperability among diverse stakeholders in the Free Software and Open Data communities. Developers can establish open and transparent ecosystems where data can be shared, verified, and integrated across multiple platforms.
Beez, with its own blockchain infrastructure, offers a secure and transparent platform for digital asset exchanges, bolstering transaction integrity and trust. By distributing data across a network of nodes, Beez ensures security and mitigates the risk of single points of failure. Users retain control over their data, safeguard their privacy, and can take advantage of the incentive mechanisms offered by blockchain networks.
During our presentation, we will explore the role of AI within Beez's ecosystem, facilitating accelerated data processing, correlation, and intelligent automation. AI unlocks valuable insights from blockchain data, and we will touch upon the use of Inductive Logic Programming (ILP) to enhance programming performance.
The integration of Blockchain and AI technologies holds great potential for advancing the safety and efficiency of the Open Data ecosystem. By combining decentralized data storage, trust-building mechanisms, and intelligent data processing, Beez is paving the way for a more secure, transparent, and user-centric digital landscape.SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...South Tyrol Free Software Conference
We are becoming more and more dependent on the Internet for our work, education, communication, personal relations and entertainment. Our digital devices conquered an unprecedented level of importance in our life.
However, we are facing a loss of control over our smartphones, tablets and other devices for internet connection. It's time to resolve monopolies and re-establish democratic control over the technology we most depend upon.
This talk will present the challenges end-users are facing to get more control over their devices and how Free Software is key for a consumer re-empowerement.
The talk will present real-life examples of policy demands against gatekeepers on digital markets, such as the struggle for Router Freedom in the last years and how Device Neutrality can serve as an important instrument for pushing forward end-user-oriented digital policies.SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...South Tyrol Free Software Conference
MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR ( MOSH and MOAH are the abbreviation of two groups of chemical compounds found in mineral oils. “MOSH” stands for Mineral Oil Saturated Hydrocarbons. MOAH stands for Mineral Oil Aromatic Hydrocarbons. Both of them are under European deeply evaluation because there are two food contaminants. According to the current state of scientific knowledge, there is no sufficient toxicological evidence to prove a health risk to humans from saturated mineral oil fractions (MOSH). Meanwhile, MOAH are suspected to be carcinogenic (especially PAH-like compounds with 3-7 ring systems), therefore their levels in food should be reduced according to the ALARA-principle (as low as reasonably achievable). Gruppo FOS with CNR (Consiglio Nazionale delle Ricerche), Santagata 1907 and Enginius are searching the system for finding and trace their presence in the virgin and extra virgin olive oils by using open fingerprints methods, open hardware and open source blockchain and AI technologies.SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSouth Tyrol Free Software Conference
Up-to date measurements of surface meteorological variables are essential to monitor weather conditions, their spatio-temporal variability and the potential effects on a wide range of sectors and applications. Moreover, when included in continuous records of long historical observations spanning several decades, they become essential for assessing long-term climate variability and change locally and on a regional level.
Automated pipelines capable of retrieving and processing near-real time meteorological data satisfy the primary prerequisites towards the development and advancement of effective and operational climate services.
With a public and operational near real-time monitoring web platform in mind, we present automated pipelines to collect and process up-to-date daily temperature and precipitation records for Trentino South Tyrol (Italy) and surrounding areas, and to derive their spatially interpolated fields at sub-km scale. Our pipelines are composed by multiple steps including data download, sanity checks, reconstruction of missing daily records, integration into the historical archive, spatial interpolation and publication onto online FAIR catalogues as (openEO) “datacubes”. The different APIs, data formats and structure across the various data sources, and the need to merge the data onto harmonized meteorological layers, make this a typical case of the so-called Extract, Transform and Load (ETL) pipelines, and, in order to follow the principles of data reproducibility and Open Science, we embraced open-source automated workflow management through GitLab’s Continuous Integration / Continuous Development (CI/CD) capabilities.
CI/CD workflows greatly help the management of the relatively complex graphs of tasks required for our climate application, ensuring seamless orchestration with thorough flow monitoring, application logs, transactions rollbacks, and exception handling in general. Native pipeline-oriented software development also fosters a clean separation of roles among the tasks, and a more modular architecture. This effectively reduces barriers to collaborative development and paves the way for robust operational climate services for researchers and decision makers in the face of the changing climate.SFSCON23 - Christian Busse - Free Software and Open Science
The Open Science movement aims to increase the transparency, reproducibility and inclusiveness of academic research. One of its central goals is therefore to make research outputs broadly available, e.g., manuscripts (Open Access) or research data (Open Data). While software/code created in the course of scientific research is a key artifact of scientific research that is clear distinct from the latter two, it has until recently not received the same attention as manuscripts or data, although it follows its own set of paradigms.
In this talk I will present an overview on how the core concepts of Free Software and the FAIR (findable, accessible, interoperable, reuseable) Principles intersect, what this means for managing code as research output and recent initiatives on the European level that will provide support for these issues.
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSouth Tyrol Free Software Conference
Software freedom can be defined in many ways but in legal terms it is squarely defined by a set of approved FSF and OSI software licenses. Yet everyone realizes that beyond these licenses the goal of software freedom and digital sovereignty cannot be achieved without the ability to master and create hardware components and systems - and beyond that, to rely on open digital infrastructure (servers, datacenters, and resources) . This talk will present the challenges around these topics and what we, collectively in Europe already do and can do to ensure our independence and our freedoms.SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
This document discusses efforts to make environmental data from the Environmental Data Platform (EDP) more FAIR (Findable, Accessible, Interoperable, Reusable) compliant. It describes the components of EDP including data repositories, a metadata catalog, web portal, and tools. It outlines work done to improve metadata quality for humans and interoperability for machines through signposting. This includes adding DOIs, citations, and linked data/linkset JSON files. The document emphasizes that maintaining high quality metadata requires significant ongoing effort.
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...South Tyrol Free Software Conference
The document discusses how artificial intelligence (AI) and the Internet of Things (IoT) are revolutionizing mass customization. Traditional mass customization allows customers to customize products online through selection of options. AI enables more intuitive customization by learning customer preferences and offering dynamic, individual recommendations. IoT connects devices to customize the usage experience based on a person's context and needs. The integration of these technologies has the potential to transform mass customization by enabling mood-based and natural language processing for customization as well as products designed through AI with minimal user input.SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
Since 2020 Stadtwerke Meran have realized 5 Use cases:
- Control of the control cabinets of public lighting.
- Optimizing the service on Waste Press container.
- Bike Boxes
- Just Nature Project , temperature measuring over Lorawan
- Smart Lighting , communication with single light points over Lorwan.
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...South Tyrol Free Software Conference
As open source software becomes the foundation to build digital products, to run the backbones of ICT infrastructure and to ensure digital sovereignty and cyber resilience, both the technology as well as the communities that develop it inevitably move into the focus of regulators. The European Union is advancing a number of policy initiatives that regulate liability, cyber security, data handling and AI applications in digital products, among others. This is a challenge for the still quite decentralised and globally operating open source community. How could the open source community participate in legislative processes, and what may be the potential impacts of the upcoming regulation on the open source development process and community dynamics?SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSouth Tyrol Free Software Conference
The public transport in South Tyrol is going through a huge transformation: new investments, many new green vehicles and a brand new software. Transition will take time and how do we develop a fleet monitoring system to use during the transition without spending a fortune ? maybe with free software!SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...South Tyrol Free Software Conference
AICS is the Italian Agency for Development Cooperation that started operating in 2016 with the ambition of aligning Italy with the main European and international partners in the commitment to development. KNOWAGE Labs are developing for AICS a platform that is probably unique in the world and will allow both the Agency and the public to access all the major indicators on the UN Sustainable Development Goals provided by international sources (World Bank, WTO, ILO..) and easily compare them. The solution will allow analysis to start from 3 different touch points: the infographic of SDG goals, the advanced search criteria, and the virtual assistant. Then, a customized dashboard will be provided to the user, allowing to further expand the analysis by interacting with charts, maps, tables, etc. This talk will show the state of art of the solution, highlighting objectives and expected results of the project, but also the new developments of KNOWAGE related to AI.SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSouth Tyrol Free Software Conference
Interoperability is a core element of the ongoing digitalisation of Europe. With the Interoperable Europe Act, the EU is aiming to create a dedicated legal framework for interoperability and to enhance cross-border digital public services across the European Union. This talk will give an overview of the state of play of this proposed regulation in the ongoing EU legislative process, some of its flaws, and the important role that Free Software and its community can play in it.SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...South Tyrol Free Software Conference
How to sharpen the demand for public code across Europe and monitor progress with TEDective
For six years, the Free Software Foundation Europe has been calling with a broad alliance for publicly funded software to be published as Free Software. This initiative has become a great success: Our demand "Public Money? Public Code!" has found its way into government strategy papers, party programs, as well as coalition treaties, and is being discussed in public administrations across Europe.
At the same time, we see less progress than expected and vendor lock ins remain a crucial issue. Digital sovereignty is redefined bypassing Free Software. There is openwashing in publicly funded companies, and government projects in favour of Free Software remain empty words. Public statistics on the procurement of Free Software are largely unavailable.
It is therefore no longer enough to promote the idea of "Public Money? Public Code!". We as the Free Software community should be even more vigilant than before – continuing to praise small steps in the right direction, but pointing out and criticising omissions and lack of implementation. We should become more like watchdogs.
In the talk we will look at some examples of lack of implementation of Free Software policies. We will discuss how we, as civil society, can identify such shortcomings and how to deal with them. We will present our initiative TEDective – a free-software solution that makes European public procurement data explorable for non-experts, aiming to provide you with a powerful tool to keep an eye on real progress towards "Public Money? Public Code!" across Europe.SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSouth Tyrol Free Software Conference
The Internet today forms the backbone of the digitisation of our society and economy. As connectivity increases, the boundaries between the real and digital world get increasingly blurred. However, there has been an erosion of trust in the Internet following revelations about the exploitation of personal data, large-scale cybersecurity and data breaches, and growing awareness of the proliferation and impacts of online disinformation.
What can be done to improve the Internet as a platform for future generations? What initiatives are currently in place to build key technological blocks of an Internet that supports human-centric values, such as privacy, security, and inclusion, while reflecting the values and norms all citizens should enjoy in Europe?
This talk will explore why the current state of the internet must be re-imagined and re-engineered in order to support healthy societies, the existing European Commission initiative to work towards doing so, and the role of Free Software in accomplishing these goals.SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
2023 saw the launch, after a long and well-structured revision and development process, all based on a fruitful collaboration between several departments of the Autonomous Province of Bolzano, most of the township in South Tyrol, Informatica Alto Adige (SIAG - Technical partner) and the Consortium of Municipalities of the Province of Bolzano, of the new version of the integrated geographic data management system IGis Maps. In use for years in South Tyrol, has in the Consortium one of its most enthusiastic contributors and supporters.
The very first version was released about eight years ago and its implementation was based on the idea of creating a multi-purpose GIS management system that could support different types of users, that was highly customizable, and, above all, that could be widely shared among the various management entities, both public and private, present within our territory.
After years of use and ad-hoc developments, we can finally present the new version of the IGis Maps system, which incorporates all the technical and technological improvements we realized the system needed.
It was not just a major update together with new functionalities combined inside the previous software structure, but a true re-engineering that led, among other things, to a new and more efficient user interface, a major advancement regarding the internal security, an optimization and improvement of the entire editing section as well as an optimization of the section regarding the automatic geo-processes.
A mobile version is currently under development to better support any field activities, for which a very powerful option will be included, the possibility of creating special work sessions in off-line mode so as to be able to operate even in areas without a proper cellular line network coverage.
Other very important peculiarities concern that the system is developed using a totally free software code and infrastructure, that a detailed documentation has been produced to ensure sustainability to any further future evolution, even in case of technical partner turnover, and finally, that by taking advantage of the high standards and levels of security access can be guaranteed to any type of user. From professional users, through dedicated access and qualifications or, using the ordinary SPID, to the private citizen.
We will show examples of how different types of users and stakeholders now permanently use the system for the management of a variety of tasks related to their activities, and how it was possible to customize IGis Maps to create visualization and data management contexts that best meet their needs.
We will also present a related project concerning the updating and the correction of the new technical basal cartography, built upon the new Basic Core specification, achieved through the automatic conversion implemented by the SIAG team starting from the previous National Core cartography. With the new IGis Maps it was possible to create an a
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...South Tyrol Free Software Conference
KNOWAGE is the open source analytics and business intelligence suite made in Italy. KNOWAGE aims to provide company and organizations with analytical capabilities to exploit data to increase their efficiency and sustainability. Also thanks to the open source community support, the suite is constantly evolving combining the reliability of the most popular business intelligence solutions with the security and the transparency guaranteed by open source.
This talk will show the last year advancements and new features towards a more mobile, accessible and user-friendly product, focusing on the newly rewritten dashboarding tool.More from South Tyrol Free Software Conference (20)
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
Recently uploaded
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
CAKE: Sharing Slices of Confidential Data on Blockchain
Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus.
Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain.
Paper: https://doi.org/10.1007/978-3-031-61000-4_16
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Things to Consider When Choosing a Website Developer for your Website | FODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Infrastructure Challenges in Scaling RAG with Custom AI models
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Recently uploaded (20)
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
SFScon18 - Lorenzo Nicoldi - The insecurity of the free & opensource software
- 1. The insecurity of the free & opensource software
- 2. DISCLAIMER › I am not against free / opensource software › While there are different kind of licensing, I will use: “Open source”, if the code is provided “Closed source”, if the code is not provided “Free”, if you don’t pay for it “Commercial”, if you pay for it › For the purpose of this presentation, the licensing is not important
- 3. ASSUMPTIONS
- 4. ASSUMPTIONS 1) “The code is continuously evaluated, through unit tests and automated fuzzers.” 2) “If the code is available, then multiple eyes, in the past, have evaluated its security.” 3) “While looking for vulnerabilities, open source and closed source software tools are the same.”
- 6. UNIT TESTING & FUZZING IN THEORY A = 1 double(A) Test_1(double(A) == 2) ? }input function A = cat.jpg double(A) }input function ????
- 7. FUZZING & UNIT TESTING IN PRACTICE Source: https://greyhathacking.wordpress.com/2013/04/04/exploiting-fuzzing/
- 8. MANUAL TESTING (A.K.A. BUG HUNTING)
- 11. POSSIBLE TARGETS (A.K.A. OWN THE WORLD)
- 13. FIND A POSSIBLE TARGET – 1
- 14. FIND A POSSIBLE TARGET – 2
- 15. SECURITY RESEARCH: OPEN VS CLOSED SOURCE (LIVE)
- 16. WHO AM I › Doing stuffs here and there about security › Spending (too much) time in front of my keyboard › Passionate about information security › Running my own company focused only on high-profile offensive security services Lorenzo «lord» Nicolodi