This talk was given at DEF CON 2010 by Kuon Ding and Wayne Huang
https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Huang
NOSQL == NO SQL INJECTIONS?
This is a short talk on NoSQL technologies and their impacts on traditional injection threats such as SQL injection. This talk surveys existing NoSQL technologies, and then demos proof-of-concept threats found with CouchDB. We then discuss impacts of NoSQL technologies to existing security technologies such as blackbox scanning, static analysis, and web application firewalls.
A method of communicating between two devices
A software function provided at a network address over the web with the service always on
It has an interface described in a machine-processable format
http://www.qualitestgroup.com/
This talk was given at DEF CON 2010 by Kuon Ding and Wayne Huang
https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Huang
NOSQL == NO SQL INJECTIONS?
This is a short talk on NoSQL technologies and their impacts on traditional injection threats such as SQL injection. This talk surveys existing NoSQL technologies, and then demos proof-of-concept threats found with CouchDB. We then discuss impacts of NoSQL technologies to existing security technologies such as blackbox scanning, static analysis, and web application firewalls.
A method of communicating between two devices
A software function provided at a network address over the web with the service always on
It has an interface described in a machine-processable format
http://www.qualitestgroup.com/
A method of communicating between two devices
A software function provided at a network address over the web with the service always on
It has an interface described in a machine-processable format
http://www.qualitestgroup.com/
A method of communicating between two devices
A software function provided at a network address over the web with the service always on
It has an interface described in a machine-processable format
http://www.qualitestgroup.com/
At Noon – The Social Learning Platform, on a daily basis we process close to 100M audio, sketch samples from more than 80K students to help measure the voice & sketch quality of our online classrooms. This talk explores the need for real time analytics in EdTech, how we built a real time analytics platform on Apache Druid & Apache Flink to provide realtime feedback on classroom quality & engagement metrics. We will also share some of the lessons we learnt along the way.
Xin Wang(Apache Storm Committer/PMC member)'s topic covered the relations between streaming and messaging platform, and the challenges and tips in Storm usage.
Zabbix is enterprise open source monitoring software for networks and applications, created by Alexei Vladishev. It is designed to monitor and track the status of various network services, servers, and other network hardware. Zabbix uses MySQL, PostgreSQL, SQLite, Oracle or IBM DB2 to store data.
Kafka Connect: Operational Lessons Learned from the Trenches (Elizabeth Benne...confluent
At Stitch Fix, we maintain a distributed Kafka Connect cluster running several hundred connectors. Over the years, we've learned invaluable lessons for keeping our connectors going 24/7. As many conference goers probably know, event driven applications require a new way of thinking. With this new paradigm comes unique operational considerations, which I will delve into. Specifically, this talk will be an overview of: 1) Our deployment model and use case (we have a large distributed Kafka Connect cluster that powers a self-service data integration platform tailored to the needs of our Data Scientists). 2) Our favorite operational tools that we have built for making things run smoothly (the jobs, alerts and dashboards we find most useful. A quick run down of the admin service we wrote that sits on top of Kafka Connect). 3) Our approach to end-to-end integrity monitoring (our tracer bullet system that we built to constantly monitor all our sources and sinks). 4) Lessons learned from production issues and painful migrations (why, oh why did we not use schemas from the beginning?? Pausing connectors doesn't do what you think it does... rebalancing is tricky... jar hell problems are a thing of the past, upgrade and use plugin.path!). 5) Future areas of improvement. The target audience member is an engineer who is curious about Kafka Connect or currently maintains a small to medium sized Kafka Connect cluster. They should walk away from the talk with increased confidence in using and maintaining a large Kafka Connect cluster, and should be armed with the hard won experiences of our team. For the most part, we've been very happy with our Kafka Connect powered data integration platform, and we'd love to share our lessons learned with the community in order to drive adoption.
Benchmarking NGINX for Accuracy and ResultsNGINX, Inc.
View full webinar on demand at http://bit.ly/nginxbenchmarking
Whether you’re doing performance testing or planning for infrastructure needs, benchmarking can be a big deal. Join us for this webinar where we cover NGINX benchmarking best practices, including:
- the test environment
- configuring NGINX
- using benchmarking tools
- and more!
You’ll learn how to approach doing benchmarks so that you obtain results that are more accurate, better understood, and do a better job of addressing the needs of your project.
Oleksandr Khotemskyi - Serverless architecture and how to apply it in Automa...Web Tech Fun
- Different Functions as a Service (e.g. AWS Lambda) - new approach in software architecture.
- Serverless architecture and what is it; options of its usage in different kinds and levels of Testing. We’ll see practices I’ve got during the experiments of AWS Lambda webdriverjs running.
Why test automation is getting more difficult, and what can be done about it. This slides are from a presentation by Group Director, Product Management at TestPlant, Gordon McKeown, which was presented at the Northern Lights conference in Manchester in April 2016.
A method of communicating between two devices
A software function provided at a network address over the web with the service always on
It has an interface described in a machine-processable format
http://www.qualitestgroup.com/
A method of communicating between two devices
A software function provided at a network address over the web with the service always on
It has an interface described in a machine-processable format
http://www.qualitestgroup.com/
At Noon – The Social Learning Platform, on a daily basis we process close to 100M audio, sketch samples from more than 80K students to help measure the voice & sketch quality of our online classrooms. This talk explores the need for real time analytics in EdTech, how we built a real time analytics platform on Apache Druid & Apache Flink to provide realtime feedback on classroom quality & engagement metrics. We will also share some of the lessons we learnt along the way.
Xin Wang(Apache Storm Committer/PMC member)'s topic covered the relations between streaming and messaging platform, and the challenges and tips in Storm usage.
Zabbix is enterprise open source monitoring software for networks and applications, created by Alexei Vladishev. It is designed to monitor and track the status of various network services, servers, and other network hardware. Zabbix uses MySQL, PostgreSQL, SQLite, Oracle or IBM DB2 to store data.
Kafka Connect: Operational Lessons Learned from the Trenches (Elizabeth Benne...confluent
At Stitch Fix, we maintain a distributed Kafka Connect cluster running several hundred connectors. Over the years, we've learned invaluable lessons for keeping our connectors going 24/7. As many conference goers probably know, event driven applications require a new way of thinking. With this new paradigm comes unique operational considerations, which I will delve into. Specifically, this talk will be an overview of: 1) Our deployment model and use case (we have a large distributed Kafka Connect cluster that powers a self-service data integration platform tailored to the needs of our Data Scientists). 2) Our favorite operational tools that we have built for making things run smoothly (the jobs, alerts and dashboards we find most useful. A quick run down of the admin service we wrote that sits on top of Kafka Connect). 3) Our approach to end-to-end integrity monitoring (our tracer bullet system that we built to constantly monitor all our sources and sinks). 4) Lessons learned from production issues and painful migrations (why, oh why did we not use schemas from the beginning?? Pausing connectors doesn't do what you think it does... rebalancing is tricky... jar hell problems are a thing of the past, upgrade and use plugin.path!). 5) Future areas of improvement. The target audience member is an engineer who is curious about Kafka Connect or currently maintains a small to medium sized Kafka Connect cluster. They should walk away from the talk with increased confidence in using and maintaining a large Kafka Connect cluster, and should be armed with the hard won experiences of our team. For the most part, we've been very happy with our Kafka Connect powered data integration platform, and we'd love to share our lessons learned with the community in order to drive adoption.
Benchmarking NGINX for Accuracy and ResultsNGINX, Inc.
View full webinar on demand at http://bit.ly/nginxbenchmarking
Whether you’re doing performance testing or planning for infrastructure needs, benchmarking can be a big deal. Join us for this webinar where we cover NGINX benchmarking best practices, including:
- the test environment
- configuring NGINX
- using benchmarking tools
- and more!
You’ll learn how to approach doing benchmarks so that you obtain results that are more accurate, better understood, and do a better job of addressing the needs of your project.
Oleksandr Khotemskyi - Serverless architecture and how to apply it in Automa...Web Tech Fun
- Different Functions as a Service (e.g. AWS Lambda) - new approach in software architecture.
- Serverless architecture and what is it; options of its usage in different kinds and levels of Testing. We’ll see practices I’ve got during the experiments of AWS Lambda webdriverjs running.
Why test automation is getting more difficult, and what can be done about it. This slides are from a presentation by Group Director, Product Management at TestPlant, Gordon McKeown, which was presented at the Northern Lights conference in Manchester in April 2016.
Adding Value in the Cloud with Performance TestRodolfo Kohn
System quality attributes such performance, scalability, and availability are among the main concerns for cloud application developers and product managers. There are many examples of notable system failures that show how a company business can be affected during key events like a Cyber Monday. However, many difficulties come up when a team intends to consciously manage these type of quality attributes during development and operations. It is possible to group these difficulties in two main aspects: human aspects and technical aspects. During this presentation, I will share main technical difficulties we had to deal with in the last seven years working with different cloud services as well as key technical performance, scalability, and availability issues we were able to find and solve. It is about cases that are relevant through different products, technologies, and teams.
Quality of software code for a given product shipped effectively translates not only to its functional quality but as well to its non functional aspects say security. Many of the issues in code can be addressed much before they reach SCM.
The venerable Servlet Container still has some performance tricks up its sleeve - this talk will demonstrate Apache Tomcat's stability under high load, describe some do's (and some don'ts!), explain how to performance test a Servlet-based application, troubleshoot and tune the container and your application and compare the performance characteristics of the different Tomcat connectors. The presenters will share their combined experience supporting real Tomcat applications for over 20 years and show how a few small changes can make a big, big difference.
(APP307) Leverage the Cloud with a Blue/Green Deployment Architecture | AWS r...Amazon Web Services
Minimizing customer impact is a key feature in successfully rolling out frequent code updates. Learn how to leverage the AWS cloud so you can minimize bug impacts, test your services in isolation with canary data, and easily roll back changes. Learn to love deployments, not fear them, with a blue/green architecture model. This talk walks you through the reasons it works for us and how we set up our AWS infrastructure, including package repositories, Elastic Load Balancing load balancers, Auto Scaling groups, internal tools, and more to help orchestrate the process. Learn to view thousands of servers as resources at your command to help improve your engineering environment, take bigger risks, and not spend weekends firefighting bad deployments.
Dive deep into specific OSS packages to examine the top issues in the enterprise with two of our most qualified OSS architects, Bill Crowell and Vince Cox walkthrough: Their day-to-day work in OSS packages; ways to fix reported issues; why you can’t expect in-house developers to handle issues in OSS packages.
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
In this series of 15-minute technical flash talks you will learn directly from Amazon CloudFront engineers and their best practices on debugging caching issues, measuring performance using Real User Monitoring (RUM), and stopping malicious viewers using CloudFront and AWS WAF.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Ssl Accelerator Test Bench
1. SSL Accelerating Test Bench
SSL accelerating Test Method
Stefan Deelen & Maurits van der Schee (master
students SNE at the UvA)
Supervised by: Jan Meijer (Surfnet)
4. Our successful test approach:
Comparative testing
Performance with accelerator X vs. performance with
accelerator Y
Web server performance with accelerator vs. without
accelerator
SSL performance metric =
Max. number of unique SSL handshakes per second
(TPS)
5. Dual Xeon 3,8 Ghz server
–FreeBSD 6.2RELEASE
–Apache/2.2.4 (FreeBSD)
–OpenSSL 0.9.7ep1
–Broadcom 5820 PCI crypto
accelerator
Three clients running linux
– Ab, Httperf and autobench software
– Connected through switched gigabit
12. Research Scope
• Open source operating system
• OpenSSL
• SSL handshake (RSA cipher)
• Apache 2.2
• Benchmark tools “Autobench and Httperf”
13. Types of testing
• Black box
– Testing focused on software’s external
attributes and behavior.
– From a user’s point of view.
• White box
– Testing with full knowledge of the algorithms,
internal states, architectures, etc.
– From a developers point of view.
14. Gray box testing
• “Tests designed based on the knowledge of
algorithms, internal states, architectures, or
other high level descriptions of program
behavior”. – Doug Hoffman
• Needed because black and white box testing
do not allow for balanced testing
• Integral to the effective testing of Web
applications
17. Algorithm
• Accelerators may be optimized for certain
algorithms and block sizes
• Algorithm balance can influence
preformance
– RSA vs DSA balance
– Rebalanced RSA
• Driver may not be implemented optimal
– CRT parameters used or not
18.
19.
20. OpenSSL speed conclusions
• Results show the actual encrypting
performance of a system.
• Results may be heavily influenced by
algorithm, driver and operating system
• Results are easy to compare
• But, you are not measuring the “added
value” of the accelerator (it is white box)
21. Single session
• Httperf results are equal to Ab (Apache
bench) results
• We measured a 2 ms difference between the
situation with and without accelerator
• The handshake takes 7 ms longer
(calculated value)
• We are not able to explain the difference
23. Autobench
• …is a Perl script (OS indepent)
• …automates doing series of Httperf tests
• …has a client/server architecture
• …enables you to do distributed tests
• …produces its results in a graph
24. Conclusions
• We developed a method that enables easy
and comparable tests for SSL accelerators
• Gray box testing is needed to find the actual
added value of an accelerator
• Choices in algorithm, operating system and
drivers may multiply (!) performance
• Future work may prove this method useful
for a wider scope
25. Future work
• Throughput testing
• Virtual users: script that emulates site visit
• Automated searching for saturation point
• Other (maybe better) testing software
• High performance accelerators and/or other
algorithms may require an easy scalable
client pool