Lightning talk based on the 10 P's of Testability by Robert Meaney, talk designed by Ash Winter. Make your testing life better by embrace testability as a team.
APIs are everywhere today and can be a great building block of modern applications. But all too often APIs are not truly great. Rather than love your API, developers curse it. How can you avoid that fate? In this session we'll look at the most common mistakes API providers make and you can avoid making them too. Do you offer a bad developer experience (DX)? Poor, inconsistent API design? Unreliable services? This talk is a deep dive on not just what to avoid but what to do instead. And you'll leave knowing how to get developers to love your API, not hate it.
Product Led Growth (PLG) is a go-to-market strategy that relies on product usage as the primary driver of acquisition, conversion and expansion. Learn why we're now in the end user era and how your org can adapt.
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...Matt Tesauro
You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real world companies to do real security work. Beyond a stand alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started.
The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of two AppSec professionals with nearly 20 years of experience between them. If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.
Implement API Gateway using Azure API ManagementAlexander Laysha
API-centric architecture is very popular in IT world because of their value in achievement of new business goals, extending of trade channels and business offerings. But as usual nothing is free and this kind of architecture requires solid instrument for management of APIs in terms of limits & quotas, combining of APIs to business offerings, security, usage analytics, etc.
During this presentation you’ll learn production experience on implementation of API Gateway using Azure API Management.
API Developer Experience: Why it Matters, and How Documenting Your API with S...SmartBear
Whether you’re new to Swagger, or have already been using the framework for API design, there’s a good chance you still have questions about how to improve your API documentation. Creating API documentation your consumers will love can take some work, but the investment will have a significant payoff in the form of a great developer experience, easier implementation, and improved adoption of your API.
This presentation covers good developer experience in detail, focusing on why and how to provide an optimal experience for developers using your API. We will also cover how Swagger has changed the API design and documentation landscape, and finally show some good practices for API documentation using Swagger in SwaggerHub’s integrated API development platform.
Things to expect in this webinar:
What is Developer Experience (DX)?
What does it mean for an API to have good DX?
API documentation in the context of good DX?
An introduction to the Swagger framework
Designing APIs from a usability perspective using Swagger and SwaggerHub
Lightning talk based on the 10 P's of Testability by Robert Meaney, talk designed by Ash Winter. Make your testing life better by embrace testability as a team.
APIs are everywhere today and can be a great building block of modern applications. But all too often APIs are not truly great. Rather than love your API, developers curse it. How can you avoid that fate? In this session we'll look at the most common mistakes API providers make and you can avoid making them too. Do you offer a bad developer experience (DX)? Poor, inconsistent API design? Unreliable services? This talk is a deep dive on not just what to avoid but what to do instead. And you'll leave knowing how to get developers to love your API, not hate it.
Product Led Growth (PLG) is a go-to-market strategy that relies on product usage as the primary driver of acquisition, conversion and expansion. Learn why we're now in the end user era and how your org can adapt.
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...Matt Tesauro
You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real world companies to do real security work. Beyond a stand alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started.
The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of two AppSec professionals with nearly 20 years of experience between them. If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.
Implement API Gateway using Azure API ManagementAlexander Laysha
API-centric architecture is very popular in IT world because of their value in achievement of new business goals, extending of trade channels and business offerings. But as usual nothing is free and this kind of architecture requires solid instrument for management of APIs in terms of limits & quotas, combining of APIs to business offerings, security, usage analytics, etc.
During this presentation you’ll learn production experience on implementation of API Gateway using Azure API Management.
API Developer Experience: Why it Matters, and How Documenting Your API with S...SmartBear
Whether you’re new to Swagger, or have already been using the framework for API design, there’s a good chance you still have questions about how to improve your API documentation. Creating API documentation your consumers will love can take some work, but the investment will have a significant payoff in the form of a great developer experience, easier implementation, and improved adoption of your API.
This presentation covers good developer experience in detail, focusing on why and how to provide an optimal experience for developers using your API. We will also cover how Swagger has changed the API design and documentation landscape, and finally show some good practices for API documentation using Swagger in SwaggerHub’s integrated API development platform.
Things to expect in this webinar:
What is Developer Experience (DX)?
What does it mean for an API to have good DX?
API documentation in the context of good DX?
An introduction to the Swagger framework
Designing APIs from a usability perspective using Swagger and SwaggerHub
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
Developer Experience (DX) for UX ProfessionalsIan Jennings
Ian Jennings presents at the Austin UXPA meetup on November 12, 2019 at Visa.
Developer Experience (DX) is the equivalent to User Experience (UX) when the user of the software or system is a developer. Sure, the science is the same, but this talk will teach you why developer experience is gaining traction as a new field. Between APIs, SDKs, code, documentation, demos, CLIs, tutorials, and developer portals, DX is a whole new beast. Learn about the emergence of Developer Experience, the similarities and differences between UX an DX, and the tools you need to apply your UX experience toward the field of DX.
Speaker Bio:
Ian Jennings is the founder of Haxor, a developer experience testing platform based in Austin TX. Haxor tests and measures APIs, SDKs, and developer products with on-demand feedback from real developers. Previously Ian co-founded developer meetup platform Hacker League (acquired by Mashery and Intel) before spending 6 years at PubNub establishing their developer experience strategy. He also operates DevPort, a developer portfolio site populated by thousands of developers.
API as-a-Product with Azure API Management (APIM)Bishoy Demian
Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform.
Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.
Tips for Building a Compelling Product Vision by Amazon Sr PMProduct School
- The key elements of a compelling product vision, what’s important and what’s not
- How to come up with a compelling product vision without relying on luck or magic
- How to use a product vision as a mechanism to guide your team
Not just another buzzword…product-led growth is an important go-to-market strategy that underpins some of today’s most successful businesses. Think Dropbox, Slack, Intercom, Expensify and Datadog.
At OpenView, we define product-led growth (PLG) as a strategy that puts the product front and center when it comes to how a company acquires, expands and retains customers. Relying on a product-led strategy yields rapid, extremely efficient growth.
Although similar to a freemium approach, a product-led growth strategy doesn’t actually require that you offer your product for free. It does however necessitate an amazing product and customer experience. In fact, PLG companies make it frictionless for users to start using their products. They deliver value extremely quickly and target users rather than buyers.
In this Heavybit Speaker Series, Brian Balfour, VP of Growth at HubSpot, covers the key documents to building a growth process, tactics for generating growth ideas, and what you need to generate a minimum viable test.
Lessons from DevOps: Taking DevOps practices into your AppSec LifeMatt Tesauro
Bruce Lee once said “Don’t get set into one form, adapt it and build your own, and let it grow, be like water“.
AppSec needs to look beyond itself for answers to solving problems since we live in a world of every increasing numbers of apps. Technology and apps have invaded our lives, so how to you lead a security counter-insurgency? One way is to look at the key tenants of DevOps and apply those that make sense to your approach to AppSec. Something has to change as the application landscape is already changing around us.
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5
With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs.
A robust API Security posture can be broken down into several areas including:
Proper design and coding during the development process
API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other.
General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS
An always-updating understanding of your user behaviors regarding your APIs.
You won’t have comprehensive API security without solutions in each of these areas.
We will also discuss:
The roles of API developers, infosec, support, and enterprise architects as it relates to API security
Microservices role in making it difficult to secure your APIs
The importance of inventorying your APIs
How technologies like Traceable can help protect your APIs against advanced attacks
Key takeaways:
Why your API's are a key attack surface for modern bad actors
Why APi's are so much harder to secure than traditional web traffic
What's necessary to secure your APIs
Why yesterday's solutions can't solve today's new API security challenges
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/08/wso2-api-platform-vision-and-roadmap/
WSO2 API platform adopters are driving digital business and creating innovative business models. API platforms create a secure, self-service, managed, and monetized environment that increases safe connected business interactions.
In this presentation, Chris and Shiro will describe:
Key goals and challenges driving API platform adoption
WSO2 API Platform capabilities and advantages
Visionary platform use cases
Innovative customer success stories
Five Ways to Automate API Testing with PostmanPostman
You know it’s the right thing to automate testing, workflows, and tedious processes. Automation saves you time, reduces errors, and allows your team to work more quickly. But where do you get started? This talk covers five ways to automate API testing, which can then be applied to any API workflows. Learn about testing as part of your CI/CD pipeline, uptime monitoring, and other APIOps practices.
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Shift Left API Security- The right Way
Sanjay Nagaraj, CTO and Co-Founder at Traceable
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
Developer Experience (DX) for UX ProfessionalsIan Jennings
Ian Jennings presents at the Austin UXPA meetup on November 12, 2019 at Visa.
Developer Experience (DX) is the equivalent to User Experience (UX) when the user of the software or system is a developer. Sure, the science is the same, but this talk will teach you why developer experience is gaining traction as a new field. Between APIs, SDKs, code, documentation, demos, CLIs, tutorials, and developer portals, DX is a whole new beast. Learn about the emergence of Developer Experience, the similarities and differences between UX an DX, and the tools you need to apply your UX experience toward the field of DX.
Speaker Bio:
Ian Jennings is the founder of Haxor, a developer experience testing platform based in Austin TX. Haxor tests and measures APIs, SDKs, and developer products with on-demand feedback from real developers. Previously Ian co-founded developer meetup platform Hacker League (acquired by Mashery and Intel) before spending 6 years at PubNub establishing their developer experience strategy. He also operates DevPort, a developer portfolio site populated by thousands of developers.
API as-a-Product with Azure API Management (APIM)Bishoy Demian
Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform.
Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.
Tips for Building a Compelling Product Vision by Amazon Sr PMProduct School
- The key elements of a compelling product vision, what’s important and what’s not
- How to come up with a compelling product vision without relying on luck or magic
- How to use a product vision as a mechanism to guide your team
Not just another buzzword…product-led growth is an important go-to-market strategy that underpins some of today’s most successful businesses. Think Dropbox, Slack, Intercom, Expensify and Datadog.
At OpenView, we define product-led growth (PLG) as a strategy that puts the product front and center when it comes to how a company acquires, expands and retains customers. Relying on a product-led strategy yields rapid, extremely efficient growth.
Although similar to a freemium approach, a product-led growth strategy doesn’t actually require that you offer your product for free. It does however necessitate an amazing product and customer experience. In fact, PLG companies make it frictionless for users to start using their products. They deliver value extremely quickly and target users rather than buyers.
In this Heavybit Speaker Series, Brian Balfour, VP of Growth at HubSpot, covers the key documents to building a growth process, tactics for generating growth ideas, and what you need to generate a minimum viable test.
Lessons from DevOps: Taking DevOps practices into your AppSec LifeMatt Tesauro
Bruce Lee once said “Don’t get set into one form, adapt it and build your own, and let it grow, be like water“.
AppSec needs to look beyond itself for answers to solving problems since we live in a world of every increasing numbers of apps. Technology and apps have invaded our lives, so how to you lead a security counter-insurgency? One way is to look at the key tenants of DevOps and apply those that make sense to your approach to AppSec. Something has to change as the application landscape is already changing around us.
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5
With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs.
A robust API Security posture can be broken down into several areas including:
Proper design and coding during the development process
API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other.
General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS
An always-updating understanding of your user behaviors regarding your APIs.
You won’t have comprehensive API security without solutions in each of these areas.
We will also discuss:
The roles of API developers, infosec, support, and enterprise architects as it relates to API security
Microservices role in making it difficult to secure your APIs
The importance of inventorying your APIs
How technologies like Traceable can help protect your APIs against advanced attacks
Key takeaways:
Why your API's are a key attack surface for modern bad actors
Why APi's are so much harder to secure than traditional web traffic
What's necessary to secure your APIs
Why yesterday's solutions can't solve today's new API security challenges
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/08/wso2-api-platform-vision-and-roadmap/
WSO2 API platform adopters are driving digital business and creating innovative business models. API platforms create a secure, self-service, managed, and monetized environment that increases safe connected business interactions.
In this presentation, Chris and Shiro will describe:
Key goals and challenges driving API platform adoption
WSO2 API Platform capabilities and advantages
Visionary platform use cases
Innovative customer success stories
Five Ways to Automate API Testing with PostmanPostman
You know it’s the right thing to automate testing, workflows, and tedious processes. Automation saves you time, reduces errors, and allows your team to work more quickly. But where do you get started? This talk covers five ways to automate API testing, which can then be applied to any API workflows. Learn about testing as part of your CI/CD pipeline, uptime monitoring, and other APIOps practices.
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Shift Left API Security- The right Way
Sanjay Nagaraj, CTO and Co-Founder at Traceable
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...WSO2
This deck will illustrate why IAM should be top of mind for your enterprise’s success, and how you can leverage it in your transformation journey.
Join us at a city near you to learn how to achieve API-driven integration agility - https://wso2.com/integration-summits-2019/
[WSO2 Integration Summit Stuttgart 2019] Identity and Access Management in an...WSO2
This deck will illustrate why IAM should be top of mind for your enterprise’s success, and how you can leverage it in your transformation journey.
Join us at a city near you to learn how to achieve API-driven integration agility - https://wso2.com/integration-summits-2019/
[WSO2 API Day Chicago 2019] Sustainable Competitive Advantage WSO2
Sustainable competitive advantage, while once a necessary part of any strategy, is now increasingly obsolete for most firms. The new path to winning means capturing opportunities quickly and exploiting them decisively. It's all about learning to thrive in a transient advantage economy. Transient advantage is the central thesis of Rita McGrath's recent book on competitive advantage. These principles are especially relevant for agile companies that pursue digital-first business models. Quinnox has adopted this philosophy for its clients and its own business where we believe enterprise integration driven by API's is the bridge to digital transformation, speed to market, and frequency to market.
Examining today's biggest API breaches to mitigate API security vulnerabilities
Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position?
This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure.
You Will Learn
-Recent breaches in the news involving APIs
-Top attacks that compromise your business
-Mitigating steps to protect your business from attacks and unauthorized access
-API Management solutions that both enable and protect your business
Learn about API Security at http://www.ca.com/api
How to avoid Java and .Net Application Performance Issues using Business Tran...eG Innovations
Most APM tools offer user experience monitoring and transaction tracing capabilities, however APM by itself may not enable you to isolate performance issues across an entire digital business service ecosystem.
View this webinar by John Worthington, Director of Product Marketing with eG Innovations, as he describes how real user monitoring and transaction tracing can be part of a unified monitoring strategy that leverages converged application (APM) and infrastructure (IPM) performance monitoring.
In this informative session, you will learn how:
- Business transaction tracing works to deliver code-level visibility, and why it is important for diagnosing web application slowdowns
- The convergence of APM and IPM can provide holistic visibility and performance analysis of end-user experience, business transactions, application code, and infrastructure dependencies – all from a single pane of glass
- A unified view of the application environment allows line of business owners and IT admins to easily isolate the root cause of issues
You can learn how to ensure peak performance of your business-critical applications through development, testing, pre-production, and production roll out.
Continuous Testing vs Test Automation Share on Facebook Share on LinkedIn Sha...DevOps.com
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can the DevTest community keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in.
Watch this webinar to discover why and how continuous testing is different from traditional test automation. You will learn:
The three main differences between continuous testing and test automation
Where traditional test automation falls short in modern development and delivery processes
What’s needed to address each of the three key elements of continuous testing
Going from a hypothesis to a working machine learning model that infers answers in production requires a lot of time and effort. Moreover, the ability to answer questions related to specific results—such as, “what version of the code and data produced a particular inference?”—is paramount in highly regulated industries such as Financial Services. Modern development practices like continuous integration and deployment can accelerate the machine learning development process and provide a way to answer questions about data lineage. During this talk, you will learn how to combine Amazon SageMaker (a fully managed service that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale) with Amazon CodeCommit, CodeBuild, and CodePipeline to create a pipeline that automatically triggers changes when either your model code or training data changes.
Presenter: Felix Candelario, Principal Global Account Solutions Architect, AWS
Fraud detection using machine learning with Amazon SageMaker - AIM306 - New Y...Amazon Web Services
Fraud is a serious problem that can cost businesses billions of dollars annually and damage customer trust. Machine learning (ML) can provide flexible approach to fraud detection. ML models do not use pre-defined rules to determine whether activity is fraudulent. Instead, they are trained to recognize fraud patterns in datasets, and the models are self-learning, which enables them to adapt to new, unknown fraud patterns. In this session, we dive deep into a solution that automates the detection of potentially fraudulent activity and flags that activity for review. We discuss the architecture of the solution using Amazon SageMaker and other AWS services to provide an easy-to-deploy, end-to-end solution for fraud detection.
Navigating Identity and Access Management in the Modern EnterpriseWSO2
Key topics covered:
- Understanding the basics of IAM and its significance in the modern enterprise.
IAM in a platformless environment
- Tackling real-world issues like prioritizing frictionless yet secure user access, securing high-value APIs, integrating to business, compliance, and adapting to cloud native environments with scalable solutions
- Practical demonstrations of how WSO2 products can be instrumental in deploying efficient IAM solutions
- Preparing for upcoming trends and innovations in identity management
Data Driven Competitive Differentiation
"Why would customers choose you?" We all need to answer this critical question for our businesses as in today’s digital economy customers have endless choices. User Experience is one of the key pillars of competitive differentiation and brand recognition to enable you to acquire new customers and retain the existing ones as they all turn to business who make it fast, seamless and engaging for them. "Real time Data" plays a crucial role in understanding what your user's are experiencing in real time and using it to drive positive business outcomes. But more often than not we are buried under piles of siloed data but hardly any actionable information. Join us as we share how our customers are achieving their goals by understanding the relationship between Performance and Business.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In this talk I am going to explore two questions:
How do we know if a check is valuable
How do we identify and implement valuable checks
So let’s start by working out whether a check is valuable or not. To demonstrate this we’re going to look at an End-to-end, full stack, UI driven, whatever you call it, check. So let’s take a look at our check in action…
To demonstrate how we can use Trims to analyse a check, I’ve created an automated check that follows a typical pattern. It’s designed to check that a user can log into an application so let’s see it in action
Demo and run End-to-End check
So let’s analyse that E2E check
Is it targeted? Not really. The check is doing everything on the UI layer, meaning if the intention is to check behavior in the backend it’s using the furthest layer from that implementations
Is it reliable? Perhaps. This will be heavily influenced by the state of the application under test BUT this check is working against a complex system with many moving parts of which any one could fail on us. Although that maybe desirable.
Is it informative? Let’s say something in the backend breaks causing our check to fail because it cannot find a specific element. That information is shallow at best and misleading at worst, meaning that it’s going to take considerable time to debug and react to. A risk can have many ways to impact a user
Is it maintainable? Depends on how it was developed, if we are to assume that this check uses page object models, data builder patterns and DRY practices then we could say we’re happy that it’s maintanable
Is it Speedy? Remember speed isn’t just time to run, but time to react to as well. Given that it’s not targeted and not very informative, then it’s fair to say that the feedback loop is going to be slow as we wade through the application and test code to work out what is exactly going on.
We cannot rely on the scope of information from a check, but we can rely on checks if they are:
Targeted
Reliable
Informative
Maintainable
Or have Speed
Speed is not just how fast it runs, but how quickly we can process information and act upon it
Lots of small checks that follow those valuable attributes will help us build a picture differently to how we test as humans but hopefully bring us to the same conclusion
So it’s fair to say that that check isn’t up to muster. One of the main issues is that it’s trying to check multiple impacts
What is task analysis?
AiT is influenced by Rob Sabourin’s work on Task Analysis
Breaking down a task into it’s component parts for analysis
Cup of tea example
Let’s see an example
Show task analysis model and highlight
Left hand side requires some knowledge of the system, but it can vary based on your knowledge
Your first iteration could literally be frontend – backend
We use task analysis to break down the different events that make up feature that our original risk is focused on
So we have points on our model that represent each activity the system does
Each action is an opportunity for a targeted check on that section
And each action has it’s own inherent risks that may matter to us
Finally the lines that cross boundaries between systems are integration risks to check for
So it’s fair to say that that check isn’t up to muster. One of the main issues is that it’s trying to check multiple impacts
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login.
We can use that knowledge to identify targeted checks
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login.
We can use that knowledge to identify targeted checks
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login.
We can use that knowledge to identify targeted checks
This flow successfully captures the areas that could impact our application and realise the risk that a user can’t login.
We can use that knowledge to identify targeted checks
So it’s fair to say that that check isn’t up to muster. One of the main issues is that it’s trying to check multiple impacts
In summary
Review checks and ask yourself are they TRIMS
Break down unwieldy checks by applying task analysis to the system flow that is being covered
Use the results of task analysis to determine checks that are more TRIMS
Once you have checks in many different points build a ‘chain of trust’ by running them in a pipeline
Task analysis can help identify dependencies for mocking