Watch How The Giants Fall: Learning from Bug Bounty Resultsjtmelton
Security is hard. We all miss things. Attackers find things.
"You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself." -Samuel Levenson
This talk is a fun, fast-moving survey of some of the best recent bug bounty finds against some of the largest and best-known applications in the world. Some of the bugs are really simple, some are super complex, but all are entertaining. As we go through these, we'll take a look at what caused the issue, and how to fix it.
From this talk, you'll walk away with:
* a few minutes of entertainment
* a view of the wide breadth of security issues
* practical ideas on testing and shoring up security in your own applications
* (maybe) a new side gig as a bug bounty hunter!
Keeping your Kubernetes Cluster SecureGene Gotimer
Many organizations are shifting to containers and Kubernetes, and that move means learning new ways to secure their environments. Kubernetes clusters have to be hardened at different levels. We have to consider the nodes where the Kubernetes control plane is running. We also need to secure the Kubernetes workloads and check the files that create them. And we need to inspect the containers we are using for vulnerabilities and unusual behavior.
Gene will show you some open-source tools that can find issues and vulnerabilities at each layer. You will see how they can be used in a pipeline to build your Kubernetes cluster safely and keep it secure.
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
What is Google Cloud Good For at DevFestInspire 2021Robert John
My presentation at DevFestLagos on "What is Google Cloud Good For". It's an overview of the Google Cloud Platform for those unfamiliar with it. You can watch the session here: https://www.youtube.com/watch?v=wi-p8fqFLrU
Introduction to Kubernetes Security (Aqua & Weaveworks)Weaveworks
Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. During this webinar, Aqua Security and Weaveworks will provide an overview of the current state of security-related features in Kubernetes, demonstrate how you can build a secure and reliable Kubernetes deployment pipeline with GitOps best practices, and explore how to best prevent common Git attacks. In addition we will show image scanning and briefly explore how to best prevent common Git attacks.
Practical Approaches to Container SecurityShea Stewart
This presentation was a discussion on how bringing container technology should be addressed with regards to security. It is focused on setting expectations that can achieve success when rolling out a new platform in enterprise environments.
Watch How The Giants Fall: Learning from Bug Bounty Resultsjtmelton
Security is hard. We all miss things. Attackers find things.
"You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself." -Samuel Levenson
This talk is a fun, fast-moving survey of some of the best recent bug bounty finds against some of the largest and best-known applications in the world. Some of the bugs are really simple, some are super complex, but all are entertaining. As we go through these, we'll take a look at what caused the issue, and how to fix it.
From this talk, you'll walk away with:
* a few minutes of entertainment
* a view of the wide breadth of security issues
* practical ideas on testing and shoring up security in your own applications
* (maybe) a new side gig as a bug bounty hunter!
Keeping your Kubernetes Cluster SecureGene Gotimer
Many organizations are shifting to containers and Kubernetes, and that move means learning new ways to secure their environments. Kubernetes clusters have to be hardened at different levels. We have to consider the nodes where the Kubernetes control plane is running. We also need to secure the Kubernetes workloads and check the files that create them. And we need to inspect the containers we are using for vulnerabilities and unusual behavior.
Gene will show you some open-source tools that can find issues and vulnerabilities at each layer. You will see how they can be used in a pipeline to build your Kubernetes cluster safely and keep it secure.
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
What is Google Cloud Good For at DevFestInspire 2021Robert John
My presentation at DevFestLagos on "What is Google Cloud Good For". It's an overview of the Google Cloud Platform for those unfamiliar with it. You can watch the session here: https://www.youtube.com/watch?v=wi-p8fqFLrU
Introduction to Kubernetes Security (Aqua & Weaveworks)Weaveworks
Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. During this webinar, Aqua Security and Weaveworks will provide an overview of the current state of security-related features in Kubernetes, demonstrate how you can build a secure and reliable Kubernetes deployment pipeline with GitOps best practices, and explore how to best prevent common Git attacks. In addition we will show image scanning and briefly explore how to best prevent common Git attacks.
Practical Approaches to Container SecurityShea Stewart
This presentation was a discussion on how bringing container technology should be addressed with regards to security. It is focused on setting expectations that can achieve success when rolling out a new platform in enterprise environments.
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
The continued adoption of containers for deployments has introduced a new path for security issues. In this talk, we will cover the most common areas of vulnerabilities, the challenges in securing your containers, some good practices to help overcome these issues and how to run container security scanning as part of your deployment pipeline.
In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Application Deployment and Management at Scale with 1&1 by Matt BaldwinDocker, Inc.
1&1, Europe’s largest web hosting company, has been automatically deploying and managing multi-tenant server environments for 20 years. These servers support millions of active websites and services around the world. Historically software stacks were pre-installed using estimates of what was considered good, taking a ‘one size fits all’ approach. I am going to show how we are now combining Git, Gitlab, Openshift and Docker to revolutionise our approach to large scale hosting, providing greater power and flexibility without increasing support overhead. This includes showing:
· Transforming the legacy multi-tenant LAMP environment into many single-tenant Docker projects
· Managing thousands of projects on behalf of tenants
· Gitlab CI for testing Docker containers
· Testing container interactions and upgrade cycle
Lc3 beijing-june262018-sahdev zala-guangyaSahdev Zala
Our slides deck, used at the LinuxCon+ContainerCon+CLOUDOPEN China 2018, on Kubernetes cluster design considerations and our journey to 1000+ node single cluster with IBM Cloud.
Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrogDocker, Inc.
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? We will demonstrate how to implement a promotion model for docker images, and then show how to distribute them to any kind of consumer, being it a customer or a data center.
Based on experience with hundreds of customers, here's a set of best practices for monitoring Kubernetes and monitoring your applications running inside docker containers.
Securing Your Resources with Short-Lived Certificates!All Things Open
Presented by: Allen Vailliencourt
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: There is a better way to manage access to servers, Databases, and Kubernetes than using passwords and/or public and private keys. Come and see how this is done with short-lived certificates and see a demo of Teleport!
From Zero to Hero: Continuous Container Security in 4 Simple StepsDevOps.com
Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous security. In this session, Shiri Ivstan, Product Manager at WhiteSource, will discuss:
1) the main security challenges organizations face when using containers;
2) the most common layers in a typical container deployment; and
3) 4 simple steps to build security into each layer.
Csa container-security-in-aws-dw
Video: https://youtu.be/X2Db27sAcyM
This session will touch upon container security constructs and isolation mechanisms like capabilities, syscalls, seccomp and Firecracker before digging into secure container configuration recommendations, third-party tools for build- and run-time analysis and monitoring, and how Kubernetes security mechanisms and AWS security-focussed services interact.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security DevOpsDays Riga
Now that we have passed “peak orchestrator” and as Kubernetes eats the world, we are left wondering: how secure is Kubernetes? Can we really run Google-style multi tenanted infrastructure safely? And how can we be sure what we configured yesterday will be in place tomorrow? In this talk we discuss: - the Kubernetes security landscape - risks, security models, and configuration best-practices - how to configure users and applications with least-privilege - how to isolate and segregate workloads and networks - hard and soft multi-tenancy - Continuous Security approaches to Kubernetes.
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
The continued adoption of containers for deployments has introduced a new path for security issues. In this talk, we will cover the most common areas of vulnerabilities, the challenges in securing your containers, some good practices to help overcome these issues and how to run container security scanning as part of your deployment pipeline.
In this presentation, we talk about:
- Introduction to Containers
- Container Security Overview
You can watch the complete session here:
https://youtu.be/w2-NtdAkrOI?t=1901
Application Deployment and Management at Scale with 1&1 by Matt BaldwinDocker, Inc.
1&1, Europe’s largest web hosting company, has been automatically deploying and managing multi-tenant server environments for 20 years. These servers support millions of active websites and services around the world. Historically software stacks were pre-installed using estimates of what was considered good, taking a ‘one size fits all’ approach. I am going to show how we are now combining Git, Gitlab, Openshift and Docker to revolutionise our approach to large scale hosting, providing greater power and flexibility without increasing support overhead. This includes showing:
· Transforming the legacy multi-tenant LAMP environment into many single-tenant Docker projects
· Managing thousands of projects on behalf of tenants
· Gitlab CI for testing Docker containers
· Testing container interactions and upgrade cycle
Lc3 beijing-june262018-sahdev zala-guangyaSahdev Zala
Our slides deck, used at the LinuxCon+ContainerCon+CLOUDOPEN China 2018, on Kubernetes cluster design considerations and our journey to 1000+ node single cluster with IBM Cloud.
Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrogDocker, Inc.
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? We will demonstrate how to implement a promotion model for docker images, and then show how to distribute them to any kind of consumer, being it a customer or a data center.
Based on experience with hundreds of customers, here's a set of best practices for monitoring Kubernetes and monitoring your applications running inside docker containers.
Securing Your Resources with Short-Lived Certificates!All Things Open
Presented by: Allen Vailliencourt
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: There is a better way to manage access to servers, Databases, and Kubernetes than using passwords and/or public and private keys. Come and see how this is done with short-lived certificates and see a demo of Teleport!
From Zero to Hero: Continuous Container Security in 4 Simple StepsDevOps.com
Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous security. In this session, Shiri Ivstan, Product Manager at WhiteSource, will discuss:
1) the main security challenges organizations face when using containers;
2) the most common layers in a typical container deployment; and
3) 4 simple steps to build security into each layer.
Csa container-security-in-aws-dw
Video: https://youtu.be/X2Db27sAcyM
This session will touch upon container security constructs and isolation mechanisms like capabilities, syscalls, seccomp and Firecracker before digging into secure container configuration recommendations, third-party tools for build- and run-time analysis and monitoring, and how Kubernetes security mechanisms and AWS security-focussed services interact.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
12 Ways Not to get 'Hacked' your Kubernetes ClusterSuman Chakraborty
Kubernetes enable enterprises to automate many aspects of application deployment, providing tremendous business benefits. This talk aims to discuss best practices around Kubernetes security and how threats and exploits can be mitigated, minimizing service disruption on Kubernetes platform.
Kubernetes can be complex to manage at enterprise scale! Cloud provider services like Amazon EKS solves the challenge of bringing up a Kubernetes control plane. However, production Kubernetes requires multi-layer security, access controls, load-balancing, monitoring, logging, governance, secrets management, policy management, and several other considerations. In this fast paced talk, we will cover how enterprises can address each of these areas and discuss best practices to fast track deployments.
Self-healing does not equal self-healing. There are multiple layers
to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
In this presentation we discuss aspects of reliability and self-healing in the different layers of a comprehensive container management stack; what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications.
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityKublr
Self-healing does not equal self-healing. There are multiple layers to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
This presentation covers the different self-healing layers, what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications. Hint: infrastructure provisioning plays a key role.
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
Simplify Your Way To Expert Kubernetes ManagementDevOps.com
Kubernetes is a deep and complex technology that is evolving fast with new functionality and a growing ecosystem of cloud-native solutions. While the public cloud delivers an almost frictionless user experience, configuring and managing a production Kubernetes environment is an enormous technical challenge for the majority of enterprises that choose to do so on premises. Without the right approach, operationalizing Kubernetes in the data center can take upwards of 6 months, jeopardizing developer productivity and speed-to-market.
In this webinar, you’ll learn from Nutanix cloud native experts on how to fast-track your way to operationalizing a production-ready Kubernetes environment on-prem.
Specifically, we’ll talk about:
How containerized applications use IT resources (and why legacy infrastructure isn’t built for Kubernetes);
The main advantages of running Kubernetes on prem (as part of a multi-cloud strategy);
Key aspects of Kubernetes lifecycle management that greatly benefit from automation.
Container security Familiar problems in new technologyFrank Victory
Container adoption is on the rise across companies of every size and industry. While containerization is a new and exciting paradigm, it brings with it some of the same technical and organizational issues that security teams have always faced. This presentation will dive into a selection of these familiar issues and suggested solutions to help security teams get a better handle on containers and keep up with the deployment pace that DevOps requires.
Check out the Denver Chapter of OWASP!
meetup.com/denver-owasp and our annual conference
www.snowfroc.com
Overview of kubernetes and its use as a DevOps cluster management framework.
Problems with deployment via kube-up.sh and improving kubernetes on AWS via custom cloud formation template.
In the last few years, the popularity of DevSecOps and rich cloud services have been driving the adoption of containers in the software industry. Container architectures become increasingly complex, and organizations cannot escape using them. At the same time, attackers are finding new ways of exploiting containers and container architectures.
Are you still new to containerization and infrastructure as code? Do you feel that your knowledge of application security suddenly doesn’t apply to the way applications are built and deployed using containers? Do you get lost in the IaC and container terminology soup? If so, this talk will help clear things up and answer your questions.
We start with an introduction into container technologies, briefly go through the key terminology, explain the value that containers bring today, and why they are so popular. Then we will talk about the challenges that DevSecOps engineers have when using contains and the security aspects that they face. This presentation includes descriptions of common container threats and real-world examples of recent attacks. These threats will guide our discussion of the typical vulnerabilities and attack vectors. We will touch on well-known standards and resources for container security, such as OWASP Docker Top 10 project, Container Security Verification Standard, NIST Application Container Security Guide, and CIS Benchmarks. And we conclude with guidelines on how to secure containers and listing best practices that most organizations follow today.
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Containers and workload security an overview Krishna-Kumar
Beginner Level Talk - Presented at Bangalore container conf 2018 - Containers and workload security an overview. Hope it get starts your container security journey :-)
Who is afraid of privileged containers ?Marko Bevc
This talk will focus on a possible privilege escalation to bypass RBAC rules when running privileged containers without any security policies in place. We will also do a live demo and show how this can be achieved in AWS EKS cluster. Afterwards we will show how to remediate this using PodSecurityPolicies and what to watch for when implementing those in an active cluster.
Who is afraid of privileged containers ?Marko Bevc
This talk will focus on a possible privilege escalation to bypass RBAC rules when running privileged containers without any security policies in place. We will also do a live demo and show how this can be achieved in AWS EKS cluster. Afterwards we will show how to remediate this using PodSecurityPolicies and what to watch for when implementing those in an active cluster.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
28. Kubernetes Threat Model
28
User Compromise and Insider Threats
• Cluster admin account compromise
• Rogue Employee
• Build system compromised
Application Vulnerabilities
• Lack of authentication and authorization, both k8s internal and external
• Weak or incorrect usage of cryptography
• Application and API vulnerabilities - remote code execution (RCE), web
vulnerabilities (XSS, CSRF, SSRF, SQL Injection etc.)
• Insecure third-party components
29. Kubernetes Threat Model
29
Network and Infrastructure
• Network snooping, ARP spoof attacks
• Compromising infrastructure services (etc. NTP, DNS, SSH)
• Kernel and other operating system vulnerabilities
Application Containers
• Container breakout and unauthorized access control plane and other
containers
• Denial of Service - resource hogging, eating up CPU/Mem/Disk/IO to
impact or even crash other containers
• Compromised or malicious image or pipeline
30. Kubernetes Threat Model
30
Misconfiguration
• Insecure default configurations - unused open ports,
services, not enforcing system/application limits, failing to
implement security features
• Misuse of passwords, passphrases, TLS private keys
(*cough* checking them into git *cough*. Bad handling
include key reuse, insecure handling of keys, no key
rotation, weak passwords, not using MFA etc.
• Lack of network segmentation - exposing critical systems to
various network attacks
42. Dynamic Admission Control allows
teams to build custom security
checks by intercepting requests to
the Kubernetes API server prior to
scheduling the object.
46. Gatekeeper Examples
46
Require Specific Labels upon object creation
Audit Cluster for violations of policy
Namespace must have “Owner” label
Containers must have resource limits defined
47. Always ensure images come
from a known-good source
and the integrity has been
verified.
48. Tools such as gVisor and Kata
Containers can help further isolate
and sandbox containers that are
running untrusted workloads
inside of Kubernetes.
49. Remember, Kubernetes is just
running servers under the hood.
Our regular old OS hardening and
network protections apply.
52. 52
• Can containers run as root?
• Can containers mount sensitive volumes / directories? Read or Read / Write?
• Can Pods run in “Privileged” mode?
• What policies (PSP, custom, OPA) are in place and for who?
• How is authentication handled?
• Is RBAC enforcing the principle of least privilege?
• How are secrets being stored and retrieved? Rotated? Revoked?
• Where do container images come from? Are images being validated?
• How is network security being enforced? Can you audit these rules?
• Are your hosts hardened? Monitoring in place?
• Are you using Kubernetes Audit? Where are logs sent?
• Ingress / LB inventory in place? What external IP addresses are available?
• What happens if / when your application has an SSRF bug?
• Have you performed a proper threat model of Kubernetes environments?
• Third party products, tools, helpers? Are they secure?
58. 58
• Flexibility > Security will be our reality
• Choose your Own Security Adventure
• More tooling
• Tighter Cloud integrations
• Overall Kubernetes maturity
• Increasing target for attack
The Future?
From the fallout 4 video game
This game is published by the Don't Be Bored Games Company in the years before the Great War and is for ages 5 to 29. A text blurb describes the game as "an exciting new board game that brings friends, family, and nuclear explosions together. The first player to make it to a safe distance will survive. The rest will perish. Do you have what it takes?"