The SDACK architecture stands for Spark, Docker, Akka, Cassandra, and Kafka. At TrendMicro, we adopted the SDACK architecture to implement a security event inspection platform for APT attack analysis. In this talk, we will introduce SDACK stack with Spark lambda architecture, Akka and Kafka for streaming data pipeline, Cassandra for time series data, and Docker for microservices. Specifically, we will show you how we Dockerize each SDACK component to facilitate the RD team of algorithms development, help the QA team test the product easily, and use the Docker as a Service strategy to ship our products to customers. Next, we will show you how we monitor each Docker container and adjust the resource usage based on monitoring metrics. And then, we will share our Docker security policy which ensures our products are safety before shipping to customers. After that, we'll show you how we develop an all-in-one Docker based data product and scale it out to multi-host Docker cluster to solve the big data problem. Finally, we will share some challenges we faced during the product development and some lesson learned.
Gradle is an open-source build automation tool focused on flexibility, build reproducibility and performance. Over the years, this tool has evolved and introduced new concepts and features around dependency management, publication and other aspects on build and release of artifacts for the Java platform.
Keeping up to date with all these features across several projects can be challenging. How do you make sure that all your projects can be upgraded to the latest version of Gradle? What if you have thousands of projects and hundreds of engineers? How can you abstract common tasks for them and make sure that new releases work as expected?
At Netflix, we built Nebula, a collection of Gradle plugins that helps engineers remove boilerplate in Gradle build files, and makes building software the Netflix way easy. This reduces the cognitive load on developers, allowing them to focus on writing code.
In this talk, I’ll share with you our philosophy on how to build JVM artifacts and the pieces that help us boost the productivity of engineers at Netflix. I’ll talk about:
- What is Nebula
- What are the common problems we face and try to solve
- How we distribute it to every JVM engineer
- How we ensure that Nebula/Gradle changes do not break builds so we can ship new features with confidence at Netflix.
---
About Roberto: Roberto Perez Alcolea is a Senior Software Engineer at Netflix. He is a member of the Java Platform team providing the core language and framework components that enable the Java community at Netflix. He's an active maintainer of Netflix Nebula Plugins (https://nebula-plugins.github.io/) and passionate about Gradle. Prior to that, he spent several years building high performant APIs with Ratpack and web applications using Grails.
Cloud Native Engineering with SRE and GitOpsWeaveworks
Site reliability engineering (SRE), a model championed by Google, is a software engineering approach to IT operations. For companies striving to become cloud native and adopting modern tools such as Kubernetes, SRE best practices are crucial for success.
In this webinar, Brice, one of our seasoned Customer Reliability Engineers will show how to design a fail-proof Kubernetes platform using tried and tested SRE and GitOps methods.
He will share best practices on:
Increasing performance and ensuring scalability
Managing incident responses through disaster recovery
Designing for High Availability in Kubernetes
Achieving 360 visibility and alerts for your platform
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
Join us for a webinar on how to secure your CI/CD pipeline for Kubernetes with GitOps best practices and continuous runtime protection. As modern developers and DevOps teams are embarking on a quest for speed and reliability through automated CI/CD pipelines for Kubernetes, enterprises still need to ensure security and regulatory compliance.
Together with Deepfence, the Weaveworks team will explain and demonstrate how GitOps continuous delivery pipelines, combined with continuous security observability, improves the overall security of your development workflow - from Git to production.
In this webinar we will demonstrate:
Deepfence container scanning
Git-to-Kubernetes using FluxCD
Deepfence continuous runtime security
Enterprise DevOps Series: Using VS Code & ZoweDevOps.com
Imagine onboarding a next-generation developer with no mainframe experience who successfully debugs COBOL code on their first day. By equipping them with mainframe-specific extensions to common tools like Visual Studio Code combined with the Zowe framework, new talent can be productive immediately - all without disrupting colleagues using traditional tools.
Join this session to learn how mainframe application development is merging with enterprise IT toolchains and processes, including CI/CD pipelines. The presentation will include a demonstration of a mainframe developer cockpit designed for productivity and ready for shift-left automation. Make “Day 1 Debug” a reality.
Open Source Applied - Real World Use Cases
Justin Reock
Rogue Wave Software - Lead Architect of OSS Support and Services
To find more by Rogue Wave Software: https://www.slideshare.net/RogueWaveSoftware
Gradle is an open-source build automation tool focused on flexibility, build reproducibility and performance. Over the years, this tool has evolved and introduced new concepts and features around dependency management, publication and other aspects on build and release of artifacts for the Java platform.
Keeping up to date with all these features across several projects can be challenging. How do you make sure that all your projects can be upgraded to the latest version of Gradle? What if you have thousands of projects and hundreds of engineers? How can you abstract common tasks for them and make sure that new releases work as expected?
At Netflix, we built Nebula, a collection of Gradle plugins that helps engineers remove boilerplate in Gradle build files, and makes building software the Netflix way easy. This reduces the cognitive load on developers, allowing them to focus on writing code.
In this talk, I’ll share with you our philosophy on how to build JVM artifacts and the pieces that help us boost the productivity of engineers at Netflix. I’ll talk about:
- What is Nebula
- What are the common problems we face and try to solve
- How we distribute it to every JVM engineer
- How we ensure that Nebula/Gradle changes do not break builds so we can ship new features with confidence at Netflix.
---
About Roberto: Roberto Perez Alcolea is a Senior Software Engineer at Netflix. He is a member of the Java Platform team providing the core language and framework components that enable the Java community at Netflix. He's an active maintainer of Netflix Nebula Plugins (https://nebula-plugins.github.io/) and passionate about Gradle. Prior to that, he spent several years building high performant APIs with Ratpack and web applications using Grails.
Cloud Native Engineering with SRE and GitOpsWeaveworks
Site reliability engineering (SRE), a model championed by Google, is a software engineering approach to IT operations. For companies striving to become cloud native and adopting modern tools such as Kubernetes, SRE best practices are crucial for success.
In this webinar, Brice, one of our seasoned Customer Reliability Engineers will show how to design a fail-proof Kubernetes platform using tried and tested SRE and GitOps methods.
He will share best practices on:
Increasing performance and ensuring scalability
Managing incident responses through disaster recovery
Designing for High Availability in Kubernetes
Achieving 360 visibility and alerts for your platform
Hardening Your CI/CD Pipelines with GitOps and Continuous SecurityWeaveworks
Join us for a webinar on how to secure your CI/CD pipeline for Kubernetes with GitOps best practices and continuous runtime protection. As modern developers and DevOps teams are embarking on a quest for speed and reliability through automated CI/CD pipelines for Kubernetes, enterprises still need to ensure security and regulatory compliance.
Together with Deepfence, the Weaveworks team will explain and demonstrate how GitOps continuous delivery pipelines, combined with continuous security observability, improves the overall security of your development workflow - from Git to production.
In this webinar we will demonstrate:
Deepfence container scanning
Git-to-Kubernetes using FluxCD
Deepfence continuous runtime security
Enterprise DevOps Series: Using VS Code & ZoweDevOps.com
Imagine onboarding a next-generation developer with no mainframe experience who successfully debugs COBOL code on their first day. By equipping them with mainframe-specific extensions to common tools like Visual Studio Code combined with the Zowe framework, new talent can be productive immediately - all without disrupting colleagues using traditional tools.
Join this session to learn how mainframe application development is merging with enterprise IT toolchains and processes, including CI/CD pipelines. The presentation will include a demonstration of a mainframe developer cockpit designed for productivity and ready for shift-left automation. Make “Day 1 Debug” a reality.
Open Source Applied - Real World Use Cases
Justin Reock
Rogue Wave Software - Lead Architect of OSS Support and Services
To find more by Rogue Wave Software: https://www.slideshare.net/RogueWaveSoftware
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyRandy Bias
Keynote at OpenStackSV's inaugural event. Essentially a call to arms to fix the missing "product leadership gap" that is clearly causing drag on the project(s).
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
Open-source machine learning can be transformative, but without the proper tools in place, enterprises struggle to balance the IT security and governance requirements with the need to deliver these powerpoint tools into the hands of their developers and modelers.
How can organizations get the latest technology from the open-source brain trust, while ensuring enterprise-grade management and security? In this webinar, we will discuss how Anaconda Team Edition, available on RedHat Marketplace, enables IT departments to mirror a curated set of packages into their organization in a safe and governed way.
Join Michael Grant, VP of services at Anaconda, to discuss:
How IT organizations are using Anaconda Team Edition to curate, govern and secure Python and R packages
Tips for how development and data science teams can get the most out of Team Edition, from uploading your own packages to building custom channels for groups or projects
How to distribute conda environments to desktops, servers and clusters:
GUI-based installers for desktop users
“Conda packs” for automated delivery to remote servers and distributed computing clusters
Conda-enabled Docker containers for application deployment
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Richard Bullington-McGuire
Have you ever needed to wrestle a legacy application onto a modern, scalable cloud platform, while increasing security test coverage? Sometimes real applications are not easily stuffed into a Docker container and deployed in a container orchestration system. In this talk, Modus Create Principal Architect Richard Bullington-McGuire will show how to compose Jenkins, Docker, Terraform, Packer, Ansible, Packer, Vagrant, Gauntlt, OpenSCAP, the CIS Benchmark for Linux, AWS CodeDeploy, Auto Scaling Groups, Application Load Balancers, and other AWS services to create a performant and scalable solution for deploying applications. A local development environment using Vagrant mirrors the cloud deployment environment to minimize surprises upon deployment.
Open source-in-security-critical-environmentsDESMOND YUEN
Open Source is here to stay in security critical environments and every place software is used
Creating Applications these days is like making a sandwich
In the Melbourne edition of a 4-city Technology Radar roadshow, ThoughtWorks Australia's Head of Technology Scott Shaw and senior consultant Jen Smith cover topics from all 4 quadrants of the latest edition of the ThoughtWorks Technology Radar. This presentation covers Reactive Architectures, Hamms, Spring Boot vs. Nancy, and Impala.
In this session you will learn how BNY Mellon is tackling the challenges of DevSecOps at scale by unifying static/dynamic source code scanning, audit and risk analysis tools into a unified workflow by utilizing JIRA. BNY Mellon’s ability to generate reports from multiple sources had become a time consuming manual process. JIRA, having demonstrated the ability to deliver efficiency at reporting, was an ideal solution for tracking the security aspects of the SDLC process.
Software Supply Chains for DevOps @ InfoQ Live 2021Aysylu Greenberg
Several recent high-profile security incidents were due to compromised software supply chains. Software Supply Chain is a collective term used to describe the stages of software lifecycle from source to deployment through CI/CD pipelines, and all the static and dynamic analyses in between. In the world of microservices and cloud computing, trust in your company’s supply chain is critical, as most of the tooling and dependencies are from open source and vendor projects.
When the code hits production, it’s essential to have enough observability to detect and investigate the problem and get to the root cause and mitigation as quickly as possible. With software supply chain attacks, not only is the newly deployed code under suspicion, but also all the tooling used to produce it becomes a potential attack vector, so an efficient and effective way to verify the integrity of the supply chain is paramount.
This talk will discuss what information needs to be collected to allow DevOps to inspect and verify the integrity of the supply chain, the challenges of having the right level of detail to reduce mean-time-to-detection and mean-time-to-understanding, some of the existing solutions and open problems in this space.
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence.
Fully automate secure app delivery and deployment, without the need for extra security scans or processes.
Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
What are DevOps Application Patterns on AWS…and why do I need them?DevOps.com
What are application patterns on AWS and how does DevOps play a key role in their creation? DevOps covers a diverse set of behaviors, practices, tools and topics.
This webinar will discuss DevOps as an enabler of a new approach to the AWS cloud that reduces time to deploy, lowers cost, improves workload visibility, and simplifies the cloud journey. We’ll discuss: Building applications in AWS and how DevOps engineers adjust their approach for AWS, how Application Patterns are becoming common place in DevOps teams, which Application Patterns are trending right now, how to manage Application Patterns after deployment, and we’ll introduce CXOS, a new platform for AWS that that simplifies the deployment and management of production ready Application Patterns.
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...Docker, Inc.
The SDACK architecture stands for Spark, Docker, Akka, Cassandra, and Kafka. At TrendMicro, we adopted the SDACK architecture to implement a security event inspection platform for APT attack analysis. In this talk, we will introduce SDACK stack with Spark lambda architecture, Akka and Kafka for streaming data pipeline, Cassandra for time series data, and Docker for microservices. Specifically, we will show you how we Dockerize each SDACK component to facilitate the RD team of algorithms development, help the QA team test the product easily, and use the Docker as a Service strategy to ship our products to customers. Next, we will show you how we monitor each Docker container and adjust the resource usage based on monitoring metrics. And then, we will share our Docker security policy which ensures our products are safety before shipping to customers. After that, we'll show you how we develop an all-in-one Docker based data product and scale it out to multi-host Docker cluster to solve the big data problem. Finally, we will share some challenges we faced during the product development and some lesson learned.
Recording here: https://www.youtube.com/watch?v=5W4n9K3PIVg
Since Docker was open sourced in 2013, the community and adoption around Docker containers has grown to over 6 billion downloads and over 1000 contributors. Learn about why this is, and why you should start using containers for your own applications.
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyRandy Bias
Keynote at OpenStackSV's inaugural event. Essentially a call to arms to fix the missing "product leadership gap" that is clearly causing drag on the project(s).
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
Open-source machine learning can be transformative, but without the proper tools in place, enterprises struggle to balance the IT security and governance requirements with the need to deliver these powerpoint tools into the hands of their developers and modelers.
How can organizations get the latest technology from the open-source brain trust, while ensuring enterprise-grade management and security? In this webinar, we will discuss how Anaconda Team Edition, available on RedHat Marketplace, enables IT departments to mirror a curated set of packages into their organization in a safe and governed way.
Join Michael Grant, VP of services at Anaconda, to discuss:
How IT organizations are using Anaconda Team Edition to curate, govern and secure Python and R packages
Tips for how development and data science teams can get the most out of Team Edition, from uploading your own packages to building custom channels for groups or projects
How to distribute conda environments to desktops, servers and clusters:
GUI-based installers for desktop users
“Conda packs” for automated delivery to remote servers and distributed computing clusters
Conda-enabled Docker containers for application deployment
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Richard Bullington-McGuire
Have you ever needed to wrestle a legacy application onto a modern, scalable cloud platform, while increasing security test coverage? Sometimes real applications are not easily stuffed into a Docker container and deployed in a container orchestration system. In this talk, Modus Create Principal Architect Richard Bullington-McGuire will show how to compose Jenkins, Docker, Terraform, Packer, Ansible, Packer, Vagrant, Gauntlt, OpenSCAP, the CIS Benchmark for Linux, AWS CodeDeploy, Auto Scaling Groups, Application Load Balancers, and other AWS services to create a performant and scalable solution for deploying applications. A local development environment using Vagrant mirrors the cloud deployment environment to minimize surprises upon deployment.
Open source-in-security-critical-environmentsDESMOND YUEN
Open Source is here to stay in security critical environments and every place software is used
Creating Applications these days is like making a sandwich
In the Melbourne edition of a 4-city Technology Radar roadshow, ThoughtWorks Australia's Head of Technology Scott Shaw and senior consultant Jen Smith cover topics from all 4 quadrants of the latest edition of the ThoughtWorks Technology Radar. This presentation covers Reactive Architectures, Hamms, Spring Boot vs. Nancy, and Impala.
In this session you will learn how BNY Mellon is tackling the challenges of DevSecOps at scale by unifying static/dynamic source code scanning, audit and risk analysis tools into a unified workflow by utilizing JIRA. BNY Mellon’s ability to generate reports from multiple sources had become a time consuming manual process. JIRA, having demonstrated the ability to deliver efficiency at reporting, was an ideal solution for tracking the security aspects of the SDLC process.
Software Supply Chains for DevOps @ InfoQ Live 2021Aysylu Greenberg
Several recent high-profile security incidents were due to compromised software supply chains. Software Supply Chain is a collective term used to describe the stages of software lifecycle from source to deployment through CI/CD pipelines, and all the static and dynamic analyses in between. In the world of microservices and cloud computing, trust in your company’s supply chain is critical, as most of the tooling and dependencies are from open source and vendor projects.
When the code hits production, it’s essential to have enough observability to detect and investigate the problem and get to the root cause and mitigation as quickly as possible. With software supply chain attacks, not only is the newly deployed code under suspicion, but also all the tooling used to produce it becomes a potential attack vector, so an efficient and effective way to verify the integrity of the supply chain is paramount.
This talk will discuss what information needs to be collected to allow DevOps to inspect and verify the integrity of the supply chain, the challenges of having the right level of detail to reduce mean-time-to-detection and mean-time-to-understanding, some of the existing solutions and open problems in this space.
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence.
Fully automate secure app delivery and deployment, without the need for extra security scans or processes.
Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
What are DevOps Application Patterns on AWS…and why do I need them?DevOps.com
What are application patterns on AWS and how does DevOps play a key role in their creation? DevOps covers a diverse set of behaviors, practices, tools and topics.
This webinar will discuss DevOps as an enabler of a new approach to the AWS cloud that reduces time to deploy, lowers cost, improves workload visibility, and simplifies the cloud journey. We’ll discuss: Building applications in AWS and how DevOps engineers adjust their approach for AWS, how Application Patterns are becoming common place in DevOps teams, which Application Patterns are trending right now, how to manage Application Patterns after deployment, and we’ll introduce CXOS, a new platform for AWS that that simplifies the deployment and management of production ready Application Patterns.
Using the SDACK Architecture on Security Event Inspection by Yu-Lun Chen and ...Docker, Inc.
The SDACK architecture stands for Spark, Docker, Akka, Cassandra, and Kafka. At TrendMicro, we adopted the SDACK architecture to implement a security event inspection platform for APT attack analysis. In this talk, we will introduce SDACK stack with Spark lambda architecture, Akka and Kafka for streaming data pipeline, Cassandra for time series data, and Docker for microservices. Specifically, we will show you how we Dockerize each SDACK component to facilitate the RD team of algorithms development, help the QA team test the product easily, and use the Docker as a Service strategy to ship our products to customers. Next, we will show you how we monitor each Docker container and adjust the resource usage based on monitoring metrics. And then, we will share our Docker security policy which ensures our products are safety before shipping to customers. After that, we'll show you how we develop an all-in-one Docker based data product and scale it out to multi-host Docker cluster to solve the big data problem. Finally, we will share some challenges we faced during the product development and some lesson learned.
Recording here: https://www.youtube.com/watch?v=5W4n9K3PIVg
Since Docker was open sourced in 2013, the community and adoption around Docker containers has grown to over 6 billion downloads and over 1000 contributors. Learn about why this is, and why you should start using containers for your own applications.
Tampere Docker meetup - Happy 5th Birthday DockerSakari Hoisko
Part of official docker meetup events by Docker Inc.
https://events.docker.com/events/docker-bday-5/
Meetup event:
https://www.meetup.com/Docker-Tampere/events/248566945/
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016Amazon Web Services
The concept of DevOps is a powerful one for federal agencies, promising to provide the responsiveness and speed needed to keep pace with rapidly changing mission requirements. In terms of cloud adoption, DevOps accelerates the development of new, cloud-native applications while building the operational capabilities needed to manage more dynamic environments. During this session, we will review specific options for implementing DevOps using Amazon Web Services (AWS), including development of new Platform-as-a-Service capabilities and rapid migration of enterprise systems.
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
In celebration of Docker's 5th birthday in March, user groups all around the world hosted birthday events with an introduction to Docker presentation and hands-on-labs. We invited Docker users to recognize where they were on their Docker journey and the goal was to help them take the next step of their journey with the help of mentors. This presentation was done at the beginning of the events (this one is from the San Francisco event in HQ) and gives a run down of the birthday event series, Docker's momentum, a basic explanation of containers, the benefits of using the Docker platform, Docker + Kubernetes and more.
Bahrain ch9 introduction to docker 5th birthday Walid Shaari
A hands-on workshop will go over the foundations of the containers platform, including an overview of the platform system components: images, containers, repositories, clustering, and orchestration. The strategy is to demonstrate through "live demo, and hands-on exercises." The reuse case of containers in building a portable distributed application cluster running a variety of workloads including HPC workload.
Adrian Cockcroft on his top predictions for the cloud computing industry in 2015 and beyond, as well as how cloud-native applications, continuous-delivery and DevOps techniques, will speed the pace of innovation and disruption.
For more about Adrian be sure to check out his page on Battery Ventures:
https://www.battery.com/our-team/member/adrian-cockcroft/
Follow Adrian on Twitter: @adrianco
Webinar by ZNetLive & Plesk- Winning the Game for WebOps and DevOps ZNetLive
This webinar presentation illustrates everything that the experts of Plesk & ZNetLive discussed about the opportunities in WebOps and DevOps market along with new features of ZNetLive's Managed WordPress hosting and Cloud VPS, both powered by Plesk Onyx.
To know more, visit- https://www.znetlive.com/
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
High level overview of Docker + Birthday #3 overview (app and challenge portion)!
Learn more about Docker Birthday #3 celebrations here: https://www.docker.com/community/docker-birthday-3
Sydney Identity Summit: Addressing the New Threat Landscape with Continuous S...ForgeRock
Sydney Identity Summit presentation by Andrew Latham, Director, Customer Engineering, ForgeRock and Warren Strange, Director, Customer Engineering, ForgeRock
Keynote at Dockercon Europe Amsterdam Dec 4th, 2014.
Speeding up development with Docker.
Summary of some interesting web scale microservice architectures.
Please send me updates and corrections to the architecture summaries @adrianco
Thanks Adrian
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/29ZQmIx.
Adrian Cockcroft discusses success/failure stories of adopting microservices, overviews what’s next with microservices and presents some of the techniques that have led to successful deployments. Filmed at qconnewyork.com.
Adrian Cockcroft works at Battery where he advises the firm and its portfolio companies about technology issues and also assists with deal sourcing and due diligence. He was a founding member of eBay Research Labs, developing advanced mobile applications and even building his own homebrew phone, years before iPhone and Android launched.
Docker & aPaaS: Enterprise Innovation and Trends for 2015WaveMaker, Inc.
WaveMaker Webinar: Cloud-based App Development and Docker: Trends to watch out for in 2015 - http://www.wavemaker.com/news/webinar-cloud-app-development-and-docker-trends/
CIOs, IT planners and developers at a growing number of organizations are taking advantage of the simplicity and productivity benefits of cloud application development. With Docker technology, cloud-based app development or aPaaS (Application Platform as a Service) is only becoming more disruptive − forcing organizations to rethink how they handle innovation, time-to-market pressures, and IT workloads.
Similar to Using the SDACK Architecture on Security Event Inspection (20)
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps