Séminaire e-Xpert Solutions : Que sont les Web Services et comment les sécuriser ?
Que sont les Web Services ?
Comment sécuriser les Web Services ?
Rappels sur Bee-Ware V5
i-Suite XML Firewall module
Démonstration de manipulation des flux XML
Démonstration d’attaque sur un Web Service
HTML5 and CSS3 – exploring mobile possibilities - Frontend Conference ZürichRobert Nyman
The document discusses HTML5 and CSS3 features for mobile development, including CSS media queries, flexbox, transitions, animations, and new HTML5 form elements. It also covers JavaScript techniques like geolocation, web storage, offline applications, and the history API. Additional topics include mobile performance optimization, debugging with Weinre, and link protocols.
This document provides an overview and agenda for a jQuery training session. It introduces jQuery as a JavaScript library that simplifies tasks like HTML document manipulation. It then covers various jQuery basics like selectors and events. The document also summarizes how jQuery can be used for animations, scrolling, forms, images, and more. Examples are given throughout to illustrate jQuery concepts and APIs.
HTML5 and CSS3: Exploring Mobile Possibilities - London Ajax Mobile EventRobert Nyman
This document summarizes key HTML5 and CSS3 features for mobile development, including CSS media queries for responsive design, CSS flexbox for layout, CSS transitions and animations, HTML5 forms, and APIs for offline web apps, geolocation, and more. It provides code examples for implementing these features and techniques.
Secure WordPress Development PracticesBrandon Dove
Keep user data secure by sanitizing all input and output, using nonces to verify requests, and whitelisting/blacklisting known safe data formats. Common attacks like XSS, CSRF and viruses can be prevented by escaping output, validating referrers, and using antivirus software. The document provides links to WordPress resources on data validation and security best practices.
This document contains the CSS stylesheet code for customizing the layout and design of a Blogger blog template called "CarsWp". It includes CSS rules for styling various page elements like the header, sidebar, posts, footer, and other common blog elements. The code also contains variable definitions that can be used to customize colors, fonts and other design aspects of the template.
WordPress Admin UI - Future Proofing Your Admin PagesBrandon Dove
The document provides instructions for future-proofing WordPress admin pages by following best practices for creating, styling, and extending them. It demonstrates how to create an admin menu item and page callback function, add basic HTML markup and form elements, display tabular data using list tables, and customize the page icon. The document recommends using the Settings API to build settings pages and enqueueing custom styles to add styling and high-DPI icons.
Marc Grabanski gave a whirlwind tour of Scalable Vector Graphics (SVG), covering the basics of SVG including elements, embedding SVG, features like DOM structure and filters, demos of transformations and animation, and tools like RaphaelJS. The presentation provided an overview of SVG and highlighted its advantages like scalability, accessibility, and use of HTML and CSS. Examples of various SVG elements, embedding methods, and features like filters and transformations were demonstrated.
This is a discussion about the User Interface patterns used by Nuxeo. There is additional information on HTML5 and future directions.
see www.data4USA.com for details
HTML5 and CSS3 – exploring mobile possibilities - Frontend Conference ZürichRobert Nyman
The document discusses HTML5 and CSS3 features for mobile development, including CSS media queries, flexbox, transitions, animations, and new HTML5 form elements. It also covers JavaScript techniques like geolocation, web storage, offline applications, and the history API. Additional topics include mobile performance optimization, debugging with Weinre, and link protocols.
This document provides an overview and agenda for a jQuery training session. It introduces jQuery as a JavaScript library that simplifies tasks like HTML document manipulation. It then covers various jQuery basics like selectors and events. The document also summarizes how jQuery can be used for animations, scrolling, forms, images, and more. Examples are given throughout to illustrate jQuery concepts and APIs.
HTML5 and CSS3: Exploring Mobile Possibilities - London Ajax Mobile EventRobert Nyman
This document summarizes key HTML5 and CSS3 features for mobile development, including CSS media queries for responsive design, CSS flexbox for layout, CSS transitions and animations, HTML5 forms, and APIs for offline web apps, geolocation, and more. It provides code examples for implementing these features and techniques.
Secure WordPress Development PracticesBrandon Dove
Keep user data secure by sanitizing all input and output, using nonces to verify requests, and whitelisting/blacklisting known safe data formats. Common attacks like XSS, CSRF and viruses can be prevented by escaping output, validating referrers, and using antivirus software. The document provides links to WordPress resources on data validation and security best practices.
This document contains the CSS stylesheet code for customizing the layout and design of a Blogger blog template called "CarsWp". It includes CSS rules for styling various page elements like the header, sidebar, posts, footer, and other common blog elements. The code also contains variable definitions that can be used to customize colors, fonts and other design aspects of the template.
WordPress Admin UI - Future Proofing Your Admin PagesBrandon Dove
The document provides instructions for future-proofing WordPress admin pages by following best practices for creating, styling, and extending them. It demonstrates how to create an admin menu item and page callback function, add basic HTML markup and form elements, display tabular data using list tables, and customize the page icon. The document recommends using the Settings API to build settings pages and enqueueing custom styles to add styling and high-DPI icons.
Marc Grabanski gave a whirlwind tour of Scalable Vector Graphics (SVG), covering the basics of SVG including elements, embedding SVG, features like DOM structure and filters, demos of transformations and animation, and tools like RaphaelJS. The presentation provided an overview of SVG and highlighted its advantages like scalability, accessibility, and use of HTML and CSS. Examples of various SVG elements, embedding methods, and features like filters and transformations were demonstrated.
This is a discussion about the User Interface patterns used by Nuxeo. There is additional information on HTML5 and future directions.
see www.data4USA.com for details
The document discusses scraping banking websites using Selenium to access transaction and account information. It describes how the scraping was done in the past using direct POST requests, but has evolved to use Selenium due to changing security measures on banking sites. The author also discusses techniques for dealing with changing page structures, such as using multiple element locators and pattern matching.
SOAP is a messaging protocol for accessing web services and communicating between systems. It uses XML messages transmitted via HTTP and has an envelope, header, and body structure. SOAP aims to be simple, extensible, neutral to transport protocols and programming languages. The document then describes SOAP architecture, message format, messaging models, security issues, advantages, disadvantages, and provides an overview of WSDL and an example SOAP implementation in PHP.
The top 10 security issues in web applicationsDevnology
The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
This document discusses key concepts related to web services including SOAP, WSDL, and UDDI. It defines a web service as a service available on the web that enables communication between applications. It explains that SOAP is a standard protocol for communication and WSDL provides an XML interface that describes a web service's location, methods, and data types. UDDI allows service providers to publish their WSDL files so consumers can discover and access available web services.
Devbeat Conference - Developer First SecurityMichael Coates
Topics include:
- Sample and Demo of Top Application Risks — Cross Site Scripting, SQL Injection, Access Control
- Who’s Monitoring Your Traffic? — Encrypting in Transit
Secure Data Storage & Protection — Correct Password
-Storage & Data Protection
-Growing Threats Plaguing Applications
Web services use SOAP, WSDL, and UDDI. SOAP defines an envelope structure for messages. WSDL describes a service's operations, messages, and location. UDDI allows services to publish themselves so they can be discovered. The document discusses these technologies and how they enable interoperable machine-to-machine communication over the web.
The document discusses security issues related to web services and cloud applications. It covers various attacks like SQL injection over APIs, XSS, authorization bypass, information leaks through JSON fuzzing, CSRF, and virtual sandbox bypasses on mobile interfaces. It also discusses vulnerabilities like side-channel attacks that could allow extracting information from targeted VMs in the cloud. The document emphasizes that web services security is very relevant for cloud applications given technologies like APIs, OAuth, SAML, and SOAP used commonly in both domains.
The document discusses hypermedia APIs and the Richardson Maturity Model. It describes three levels of maturity for RESTful APIs:
1) Resources are identified through URIs but operations are not standardized.
2) Standard HTTP methods like GET, POST, PUT, DELETE are used to operate on resources.
3) Hypermedia is used to control state transitions and link resources together. The document advocates designing APIs to the third level to gain the full benefits of REST. It also discusses design considerations for hypermedia types like JSON and XML.
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
The document provides an introduction to web application security and the Damn Vulnerable Web Application (DVWA). It discusses common web vulnerabilities like cross-site scripting (XSS), SQL injection, and information leakage. It demonstrates how to find and exploit these vulnerabilities in DVWA, including stealing cookies, extracting database information, and creating a backdoor PHP shell. The document is intended to educate users about web security risks and show how hackers can compromise applications.
XMPP is a real-time messaging protocol that allows clients to exchange messages and presence information over XML streams. It provides a bidirectional communication channel that servers can use to push updates to clients, avoiding the need for polling. XMPP defines core semantics for establishing streams, authenticating users, and sending message and presence stanzas. These can be extended through XMPP Extension Proposals to support new use cases like voice calls, file sharing, and building web services that communicate in real-time. Popular applications of XMPP include instant messaging, chat applications, and Comet-style web APIs.
- Securing web services involves ensuring end-to-end confidentiality, integrity, authentication, and non-repudiation of messages through standards like XML Encryption, XML Signature, WS-Security, WS-Trust, and WS-Security Policy.
- WS-Security provides message-level security through username tokens, X.509 tokens, and XML signatures and encryption. WS-Trust allows delegating authentication to external domains.
- Sign & encrypt and encrypt & sign are two approaches to securing messages with XML Signature and Encryption, with tradeoffs in terms of integrity and confidentiality.
- Securing web services involves ensuring confidentiality, integrity, authentication, and non-repudiation of messages. This can be achieved through transport security (HTTPS), message security (XML Encryption and Signature), and security tokens (UsernameToken, X.509).
- WS-Security provides standards for applying security to SOAP messages using XML Signature and Encryption. It supports security tokens like UsernameToken and X.509 profiles.
- WS-Trust allows delegating authentication of external users to their external domains through requesting and issuing security tokens.
- WS-Security Policy allows communicating security requirements like algorithms, key sizes, signed/encrypted elements to external services in a standard way.
The document discusses various communication APIs including Twilio and OpenTok that allow adding voice, video, and SMS capabilities to applications. Twilio is a web service API that enables building voice and SMS applications using existing web languages with minimal coding. OpenTok is a cloud-based API for adding video chat. Both APIs have simple JavaScript libraries. The document also provides code examples for making phone calls and handling call flows using Twilio, and for building a basic video chat application with OpenTok.
The document discusses various web application security issues like SQL injection, input validation, cross-site scripting and provides recommendations to prevent these vulnerabilities when developing PHP applications. It emphasizes the importance of validating all user inputs, using prepared statements and output encoding to prevent code injection attacks and ensuring session security. The document also covers other attacks like cross-site request forgery and provides mitigation techniques.
HTML5 is a language for structuring and presenting content for the World Wide Web. it is the fifth revision of the HTML standard (created in 1990 and standardized as HTML4 as of 1997) and as of February 2012 is still under development. Its core aims have been to improve the language with support for the latest multimedia while keeping it easily readable by humans and consistently understood by computers and devices (web browsers, parsers, etc.). It improves interoperability and reduces development costs by making precise rules on how to handle all HTML elements, and how to recover from errors
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
A document about queues discusses what queues are, why they are used, common use cases, implementation patterns, protocols, considerations when implementing queues, and how to handle issues that may arise. Queues act as buffers that allow different applications or systems to communicate asynchronously by passing messages. They help decouple components, distribute load, and improve reliability and user experience. Common examples of messages that may be queued include emails, images, videos, and IoT data.
Rails security best practices involve defending at multiple layers including the network, operating system, web server, web application, and database. The document outlines numerous vulnerabilities at the web application layer such as information leaks, session hijacking, SQL injection, mass assignment, unscoped finds, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service attacks. It provides recommendations to address each vulnerability through secure coding practices and configuration in Rails.
The document discusses scraping banking websites using Selenium to access transaction and account information. It describes how the scraping was done in the past using direct POST requests, but has evolved to use Selenium due to changing security measures on banking sites. The author also discusses techniques for dealing with changing page structures, such as using multiple element locators and pattern matching.
SOAP is a messaging protocol for accessing web services and communicating between systems. It uses XML messages transmitted via HTTP and has an envelope, header, and body structure. SOAP aims to be simple, extensible, neutral to transport protocols and programming languages. The document then describes SOAP architecture, message format, messaging models, security issues, advantages, disadvantages, and provides an overview of WSDL and an example SOAP implementation in PHP.
The top 10 security issues in web applicationsDevnology
The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
This document discusses key concepts related to web services including SOAP, WSDL, and UDDI. It defines a web service as a service available on the web that enables communication between applications. It explains that SOAP is a standard protocol for communication and WSDL provides an XML interface that describes a web service's location, methods, and data types. UDDI allows service providers to publish their WSDL files so consumers can discover and access available web services.
Devbeat Conference - Developer First SecurityMichael Coates
Topics include:
- Sample and Demo of Top Application Risks — Cross Site Scripting, SQL Injection, Access Control
- Who’s Monitoring Your Traffic? — Encrypting in Transit
Secure Data Storage & Protection — Correct Password
-Storage & Data Protection
-Growing Threats Plaguing Applications
Web services use SOAP, WSDL, and UDDI. SOAP defines an envelope structure for messages. WSDL describes a service's operations, messages, and location. UDDI allows services to publish themselves so they can be discovered. The document discusses these technologies and how they enable interoperable machine-to-machine communication over the web.
The document discusses security issues related to web services and cloud applications. It covers various attacks like SQL injection over APIs, XSS, authorization bypass, information leaks through JSON fuzzing, CSRF, and virtual sandbox bypasses on mobile interfaces. It also discusses vulnerabilities like side-channel attacks that could allow extracting information from targeted VMs in the cloud. The document emphasizes that web services security is very relevant for cloud applications given technologies like APIs, OAuth, SAML, and SOAP used commonly in both domains.
The document discusses hypermedia APIs and the Richardson Maturity Model. It describes three levels of maturity for RESTful APIs:
1) Resources are identified through URIs but operations are not standardized.
2) Standard HTTP methods like GET, POST, PUT, DELETE are used to operate on resources.
3) Hypermedia is used to control state transitions and link resources together. The document advocates designing APIs to the third level to gain the full benefits of REST. It also discusses design considerations for hypermedia types like JSON and XML.
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
The document provides an introduction to web application security and the Damn Vulnerable Web Application (DVWA). It discusses common web vulnerabilities like cross-site scripting (XSS), SQL injection, and information leakage. It demonstrates how to find and exploit these vulnerabilities in DVWA, including stealing cookies, extracting database information, and creating a backdoor PHP shell. The document is intended to educate users about web security risks and show how hackers can compromise applications.
XMPP is a real-time messaging protocol that allows clients to exchange messages and presence information over XML streams. It provides a bidirectional communication channel that servers can use to push updates to clients, avoiding the need for polling. XMPP defines core semantics for establishing streams, authenticating users, and sending message and presence stanzas. These can be extended through XMPP Extension Proposals to support new use cases like voice calls, file sharing, and building web services that communicate in real-time. Popular applications of XMPP include instant messaging, chat applications, and Comet-style web APIs.
- Securing web services involves ensuring end-to-end confidentiality, integrity, authentication, and non-repudiation of messages through standards like XML Encryption, XML Signature, WS-Security, WS-Trust, and WS-Security Policy.
- WS-Security provides message-level security through username tokens, X.509 tokens, and XML signatures and encryption. WS-Trust allows delegating authentication to external domains.
- Sign & encrypt and encrypt & sign are two approaches to securing messages with XML Signature and Encryption, with tradeoffs in terms of integrity and confidentiality.
- Securing web services involves ensuring confidentiality, integrity, authentication, and non-repudiation of messages. This can be achieved through transport security (HTTPS), message security (XML Encryption and Signature), and security tokens (UsernameToken, X.509).
- WS-Security provides standards for applying security to SOAP messages using XML Signature and Encryption. It supports security tokens like UsernameToken and X.509 profiles.
- WS-Trust allows delegating authentication of external users to their external domains through requesting and issuing security tokens.
- WS-Security Policy allows communicating security requirements like algorithms, key sizes, signed/encrypted elements to external services in a standard way.
The document discusses various communication APIs including Twilio and OpenTok that allow adding voice, video, and SMS capabilities to applications. Twilio is a web service API that enables building voice and SMS applications using existing web languages with minimal coding. OpenTok is a cloud-based API for adding video chat. Both APIs have simple JavaScript libraries. The document also provides code examples for making phone calls and handling call flows using Twilio, and for building a basic video chat application with OpenTok.
The document discusses various web application security issues like SQL injection, input validation, cross-site scripting and provides recommendations to prevent these vulnerabilities when developing PHP applications. It emphasizes the importance of validating all user inputs, using prepared statements and output encoding to prevent code injection attacks and ensuring session security. The document also covers other attacks like cross-site request forgery and provides mitigation techniques.
HTML5 is a language for structuring and presenting content for the World Wide Web. it is the fifth revision of the HTML standard (created in 1990 and standardized as HTML4 as of 1997) and as of February 2012 is still under development. Its core aims have been to improve the language with support for the latest multimedia while keeping it easily readable by humans and consistently understood by computers and devices (web browsers, parsers, etc.). It improves interoperability and reduces development costs by making precise rules on how to handle all HTML elements, and how to recover from errors
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
A document about queues discusses what queues are, why they are used, common use cases, implementation patterns, protocols, considerations when implementing queues, and how to handle issues that may arise. Queues act as buffers that allow different applications or systems to communicate asynchronously by passing messages. They help decouple components, distribute load, and improve reliability and user experience. Common examples of messages that may be queued include emails, images, videos, and IoT data.
Rails security best practices involve defending at multiple layers including the network, operating system, web server, web application, and database. The document outlines numerous vulnerabilities at the web application layer such as information leaks, session hijacking, SQL injection, mass assignment, unscoped finds, cross-site scripting (XSS), cross-site request forgery (CSRF), and denial-of-service attacks. It provides recommendations to address each vulnerability through secure coding practices and configuration in Rails.
Mise en place d'un Use Case d'Adaptive Authentication avec F5 APM et Insight ...e-Xpert Solutions SA
Afin d'éviter que l'utilisateur doit saisir son Multi-facteur (MFA) à chaque nouvelle authentification sur une application web, nous proposons une solution qui permet de vérifier la légitimé de la connexion. C'est seulement en cas de connexion potentiellement non légitime que l'utilisateur doit saisir son multi-facteur.
Les différents types de contenu de la présentation :
- Articles by the Jedi Masters
- A monsterstash of API documentation
- Q&A for everything
- Downloads galore
- Videos by geeks and for geeks
- Upcoming events
This document discusses Check Point's CloudGuard solution for securing cloud environments. It begins by noting concerns about cloud security from IT leaders and the need for new security models for the cloud. It then outlines CloudGuard's advanced threat prevention capabilities for cloud environments. The following sections describe how CloudGuard provides security across private, public, hybrid, and multi-cloud deployments using automation, orchestration, and a hub and spoke architecture. Check Point's cloud security blueprint aims to deliver agile, automatic, efficient, and controlled security that enables innovation across cloud platforms.
Check Point CloudGuard SaaS is a security solution that provides superior threat prevention for SaaS applications. It protects against the biggest threats to SaaS apps like account takeover and malware delivery. The solution prevents account takeovers through identity protection techniques like device verification and blocking unauthorized access attempts. It also protects against zero-day threats by scanning files and blocking malicious content from being accessed or shared through SaaS apps. The solution offers other capabilities like data leakage prevention, shadow IT discovery, threat intelligence, and simplified management.
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...e-Xpert Solutions SA
The document discusses implementing a federated identity solution for a company to securely provide access to its B2B applications to 100,000 users including employees, business partners, and contractors. It covers the business needs and challenges, concepts of federated identity and single sign-on (SSO), the proposed technical architecture using standards like SAML, and strategies around user provisioning, access management and auditing for partners of different trust levels.
La mobilité s'impose et nous expose. Faut-il subir ou gérer ? L'évolution de la mobilité en entreprise présentée et agrémentée par des démonstrations d'attaque et par les moyens de ...
La fuite de données est un fléau pour les entreprises. De plus, l’émergence de la mobilité et du cloud augmentent les risques de perte ou vol de données confidentielles. Les approches traditionnelles ont montré leurs limites et laissent place à des solutions beaucoup plus pragmatiques.
Avoir sous la main à tout moment ses e-mails, documents professionnels, contacts devient une exigence universelle. Les Smartphones et tablettes numériques, plus « mobiles », prennent petit à petit le pas sur les ordinateurs traditionnels, non sans risques pour les entreprises.
Le déni de service existe depuis des années. Cependant, cette attaque retrouve un nouveau souffle avec son évolution, le DDoS (Distributed Denial of Service). Plus difficile à contrer, cette attaque cause également beaucoup plus de dégâts.
Sandboxing, une nouvelle défense contre les menaces intelligentese-Xpert Solutions SA
Les APT (Advanced Persistent Threats) sont des menaces réputées subtiles, intelligentes et dangereuses. Des protections standards utilisant la reconnaissance par signatures ne sont plus suffisantes. Des techniques comme le sandboxing sont alors nécessaires.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
12. COMPOSANTS
•Extensible Markup Language
XML •A uniform data representation and exchange
mechanism.
•Universal Description, Discovery, and Integration
UDDI •A mechanism to register and locate WS based
application.
•Web Services Description Language
WSDL •A standard meta language to described the services
offered.
SOAP •Simple Object Access Protocol
•A standard way for communication.
SAML
•XML-based open standard for exchanging
authentication and authorization data between
security domains
35. LES TYPES D’ATTAQUE
XML-Based • Utilise les faiblesses du langage XML (ex: entity expansion)
Bugs in back- • Beaucoup de technologies utilisées impliquent un risque de
bug élevé.
end systems
Code • Les attaques XML injection sont simples à entreprendre. Ce
sont les attaques les plus répandues.
Injection
Denial of • Flux important de messages, envoi de centaines d’éléments
encryptés peuvent mettre à mal un système complet et
Service affecter les SLAs.
Man in the • Les messages peuvent être interceptés. Ceci pose des soucis
de routage des messages et également d’intégrité.
Middle
36. ATTAQUE XML : ENTITY EXPANSION
<!DOCTYPE foo [
<!ENTITY a "1234567890" >
<!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;" >
<!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;" >
<!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;" >
<!ENTITY e "&d;&d;&d;&d;&d;&d;&d;&d;" >
<!ENTITY f "&e;&e;&e;&e;&e;&e;&e;&e;" >
<!ENTITY g "&f;&f;&f;&f;&f;&f;&f;&f;" >
<!ENTITY h "&g;&g;&g;&g;&g;&g;&g;&g;" >
<!ENTITY i "&h;&h;&h;&h;&h;&h;&h;&h;" >
<!ENTITY j "&i;&i;&i;&i;&i;&i;&i;&i;" >
<!ENTITY k "&j;&j;&j;&j;&j;&j;&j;&j;" >
<!ENTITY l "&k;&k;&k;&k;&k;&k;&k;&k;" >
<!ENTITY m "&l;&l;&l;&l;&l;&l;&l;&l;" >
]>
<foo>&m;</foo>
37. ATTAQUE XML : XML ATTRIBUTE BLOWUP
<?xml version="1.0"?>
<foo
a1=""
a2=""
...
a10000=""
/>
38. DENI DE SERVICE
Directement sur le Service
SOAP
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:Login>
<tem:loginID>
John Doe<a1>….</a1>
</tem:loginID>
<tem:password>
muahahah
</tem:password>
</tem:Login>
</soapenv:Body>
</soapenv:Envelope>
Via le Portail
HTML Frontal Web WS de gestion des comptes
Login: John Doe <a1>…</a1>
Password: ********
39. ATTAQUE XML : XML INJETION
<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<user>
<uname>joepublic</uname>
<pwd>r3g</pwd>
<uid>10<uid/>
<mail>joepublic@example1.com</mail>
</user>
<user>
<uname>janedoe</uname>
<pwd>an0n</pwd>
<uid>500<uid/> <mail>janedoe@example2.com</mail>
</user>
</users>
Username: alice
Password: iluvbob
E-mail: alice@example3.com</mail></user><user><uname>Hacker</uname>
<pwd>l33tist</pwd><uid>0</uid><mail>hacker@exmaple_evil.net</mail>
41. INJETION Xpath
• Authentification basée sur l’expression:
//user[name='$login' and pass='$pass']/account/text()
• Injection
$login = whatever' or '1'='1' or 'a'='b
$pass = whatever
• Exploitation de la précédence de l’opérateur AND
• L’expression devient
//user[name='whatever' or '1'='1' or 'a'='b' and pass=‘whatever']/account/text()
= TRUE
TRUE OR FALSE
44. COMMENT SE PROTÉGER ?
Message integrity (signature)
• Ensure message integrity. Support for XML Signature.
Message confidentiality (encryption)
• Ensure end-to-end data privacy. Support for both SSL and XML. Encryption are essential.
Authentication (SAML)
• Verifying the identity of the requestor.
Access Control (SAML)
• Ensuring that the requestor has appropriate access to the resource.
Schema Validation (WSDL)
• Ensuring intergrity of the structure and content of the message.
Security Standards (WS-Security)
• Supporting standards based security functions such as WS-Security.
Malicious attack protection (Black List)
• Supporting protection against the lastest Web Services and XML-Based attacks.
45. WS-SECURITY
WS-Trust WS-Federation LibertyAlliance
Trust
relationships XKMS SAML
WS-Policy
SOAP WS-Security WS-Reliability Access
XACML SAML
XML Encryption Implémentations les plus
XML courantes
XML Signature
HTTP HTTP Auth
Sécurité habituelle des
applications Web
TCP SSL / TLS
IP IPSec
48. FIREWALL APPLICATIF VS FIREWALL XML
PARE-FEU APPLICATIF
Détection PARE-FEU XML
d’attaques Détection
propres aux d’attaques Détection
applications communes : d’attaques
propres aux
SQL injection, services web
XSS, etc. (WSDL, …)
L’architecture des Web Services est basée sur l’intéraction de trois rôles:Service providerService registryService requestorCes rôles produisent les actions suivantes :Publish operationsFind operationBind operations.
UDDI: Si l’@ du service change pas de souci si on s’appuie sur un annuaire (analogie avec le resto)