Этой презентацией мы с вами открываем цикл заметок по Spree Сommerce, в которых мы раскроем все возможные проблемные моменты с точки зрения разработки и кастомизации (на базовой сборке мы не будем останавливаться, в официальной документации все довольно подробно описано).
This presentation was given at the CIISF Conference - "Cyber threat to opportunity: protecting your business in a changing world" held in jersey on 30th May 2014
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
The focus is on physical and logical security vulnerabilities. Yes, locks and malware sandboxes are important. BUT, the biggest potential risk comes from inside. From the people who can - intentionally or unintentionally - expose the organization to the greatest risks. This presentation is about automating the process to control those risks.
WHY WE FAIL TO DETECT HACKERS ON THE INTERNETnetmonastery
Detecting hacker attempting to break-in to your web site is a constant challenge. Large enterprises and online platforms have failed to protect their infrastructure, in spite of the best engineering. This presentation explores the issues that exist in the real-time cyber defnense and the challenges customers face in deploying tools like intrusion detection systems, SIEM, anomaly engines and threat intelligence.
This presentation was given at the CIISF Conference - "Cyber threat to opportunity: protecting your business in a changing world" held in jersey on 30th May 2014
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
The focus is on physical and logical security vulnerabilities. Yes, locks and malware sandboxes are important. BUT, the biggest potential risk comes from inside. From the people who can - intentionally or unintentionally - expose the organization to the greatest risks. This presentation is about automating the process to control those risks.
WHY WE FAIL TO DETECT HACKERS ON THE INTERNETnetmonastery
Detecting hacker attempting to break-in to your web site is a constant challenge. Large enterprises and online platforms have failed to protect their infrastructure, in spite of the best engineering. This presentation explores the issues that exist in the real-time cyber defnense and the challenges customers face in deploying tools like intrusion detection systems, SIEM, anomaly engines and threat intelligence.
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
Just like soldiers have literal rules of engagement for warfare, cyber warfare can operate on policy-based methodologies and countermeasures which can empower and improve the efficiency of incident response.
The first quarter of 2016 was a big one for new open source security vulnerabilities. The Glibc vulnerability was by far the biggest. It impacts nearly 900K of the 1 million different open source projects. In this webinar, we’ll dive into Glibc and the Q1 data to help you:
- Understand latest trends in open source security threats and what it means to your organization in 2016
- Simple steps to quickly find and protect yourself from newly reported threats
- Prepare your organization to respond to new vulnerabilities in open source projects
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.
The world we live in right now is getting more and more digital. All possible things we were reading in sci-fi books or watching in fantasy movies are becoming a reality. Internet of things, drones, e-world, mobility, applications, cloud, digital prototyping, e-voting, quantum computing, 3D printing like in Terminator movies and much more is a reality. On average auditory of this room can agree that it is ok to say that we live in the future. As what has happened to technology for personal use and business in last 25 years is impressive. And we can experience that. We are unique generation and live in unique times.
The digital world gives huge opportunities to any business entering it. There are soon close to 4 billion of potential customers out there in 2015 that are. Digital world introduces new products every day and technology creators are extremely working on to get new products to market as soon as possible.
But like in every book, movie, story, historical reality when there are good forces also there are bad forces. Cyber crime is growing and various things are happening everywhere. New technologies also introduce new risks and those risks are with different configuration. Countries attack countries and we call that a cyber wars, citizens are attacking countries and we call that hacktivism, professionals are attacking everyone for financial gains and we call that organized digital crime. And the methods are getting more and more sophisticated so in the end doesn’t matter how great are technologies of defense every day we have new articles of new indicents, data breeches, companies who have huge financial loses and damages of reputation, lost marketplace, stock market positions, customers, employees or even lives. I won’t touch each different method of attacks but I will simply try to share how we as a system integrator of complex cyber security protection technology solutions look at things and protect our customers.
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
Just like soldiers have literal rules of engagement for warfare, cyber warfare can operate on policy-based methodologies and countermeasures which can empower and improve the efficiency of incident response.
The first quarter of 2016 was a big one for new open source security vulnerabilities. The Glibc vulnerability was by far the biggest. It impacts nearly 900K of the 1 million different open source projects. In this webinar, we’ll dive into Glibc and the Q1 data to help you:
- Understand latest trends in open source security threats and what it means to your organization in 2016
- Simple steps to quickly find and protect yourself from newly reported threats
- Prepare your organization to respond to new vulnerabilities in open source projects
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
Co Speaker: Cheryl Biswas
Talk Description:
How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.
We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies.
We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.
The world we live in right now is getting more and more digital. All possible things we were reading in sci-fi books or watching in fantasy movies are becoming a reality. Internet of things, drones, e-world, mobility, applications, cloud, digital prototyping, e-voting, quantum computing, 3D printing like in Terminator movies and much more is a reality. On average auditory of this room can agree that it is ok to say that we live in the future. As what has happened to technology for personal use and business in last 25 years is impressive. And we can experience that. We are unique generation and live in unique times.
The digital world gives huge opportunities to any business entering it. There are soon close to 4 billion of potential customers out there in 2015 that are. Digital world introduces new products every day and technology creators are extremely working on to get new products to market as soon as possible.
But like in every book, movie, story, historical reality when there are good forces also there are bad forces. Cyber crime is growing and various things are happening everywhere. New technologies also introduce new risks and those risks are with different configuration. Countries attack countries and we call that a cyber wars, citizens are attacking countries and we call that hacktivism, professionals are attacking everyone for financial gains and we call that organized digital crime. And the methods are getting more and more sophisticated so in the end doesn’t matter how great are technologies of defense every day we have new articles of new indicents, data breeches, companies who have huge financial loses and damages of reputation, lost marketplace, stock market positions, customers, employees or even lives. I won’t touch each different method of attacks but I will simply try to share how we as a system integrator of complex cyber security protection technology solutions look at things and protect our customers.
2. Spree Today
Создано Шоном Шофилдом ещё 2007 году
и с тех пор уже получило более
500 последователей, по всему миру.
Количество загрузок растет с каждым днем
по состоянию на 1 апреля 2015 года их
около 350 тыс и более 45 тыс
реализованных проектов.
3. Localization from a box - spree_i18n
Для установки добавим указанный гем в Gemfile
gem 'spree_i18n', github: 'spree-contrib/spree_i18n', branch: 'master'
На практике, лучше в название ветки прописывать стабильную версию
Spree ядро которой Вы используете
gem 'spree_i18n', github: 'spree-contrib/spree_i18n', branch: '3-0-stable'
bundle install
Вы можете использовать генератор для установки миграции и
добавление ассетов spree_i18n.
rails g spree_i18n:install
Для применения локализаций из коробки достаточно в файле
config/application.rb прописать и перезапустить Ваш сервер.
config.i18n.default_locale = :ru
4. I18n of validation messages
Модель Spree::Review имеет всего три валидатора:
:name - ActiveRecord::Validations::PresenceValidator
:review - ActiveRecord::Validations::PresenceValidator
:rating - ActiveModel::Validations::NumericalityValidator
:rating - у него есть @options
{:only_integer=>true,
:greater_than_or_equal_to=>1,
:less_than_or_equal_to=>5,
:message=> "<span class="translation_missing" title="translation
missing: ru.spree.you_must_enter_value_for_rating">You Must Enter Value
For Rating</span>"}
SPREE CALLBACKS
5. I18n of validation messages
Удаляем валидацию:
_validators.delete(:rating)
Чистим колбэки Spree:
_validate_callbacks.each do |callback|
callback.raw_filter.attributes.reject! { |key| key == :rating } if callback.raw_filter.respond_to?(:
attributes)
end
Перезаписываем новую валидацию и завернем вызов перевода в
лямбду так как наши внешние переводы (переменные) не видны внутри
обычного вызова Spree.t('you_must_enter_value_for_rating'):
validates :rating, numericality: {
only_integer: true,
greater_than_or_equal_to: 1,
less_than_or_equal_to: 5,
message: ->(*args) { Spree.t('you_must_enter_value_for_rating') } }
6. I18n of validation messages
Но вместе с тем!!!
Не всегда требуется лямбда, к примеру
для обработки ошибки в валидации будет
достаточно прописать
message: :invalid_phone_number
если в ru.yml прописано так
ru:
errors:
messages:
invalid_phone_number: в неправильном
формате