Hands-on workshop on information security basics:
- how to think about security
- threat modelling / risk assessment
- authentication
- device security
Handouts:
https://drive.google.com/file/d/13FZBhEY2kSsThkq7-5fTXf8eqGaSI5pg/view?usp=sharing
CreativeMornings FieldTrip: information security for creative folksPaul Schreiber
Lots of important information is on your computer and in the cloud. Keeping it private and secure is really important.
Security doesn’t have to be overwhelming and scary!
In this hands-on session, you’ll learn about what’s important and what’s not, risk assessment (security folks call this “threat modeling”), and we’ll help you set up good password practices, two-factor authentication and use a security key.
https://creativemornings.com/talks/information-security-for-creative-folks
جلسه ۱۸۶ تهران لاگ
By: Mohammad reza Kamalifard
این ارائه در خصوص انواع حمله کنندگان آنلاین ، حملات دولت ها حریم شخصی کاربران و راه حل ها آن محصولی از DSME است
http://datasec.ir
ارائه شده توسط: محمد رضا کمالی فرد
The life of breached data and the attack lifecycleJarrod Overson
OWASP RTP Presentation on Data breaches, credential spills, the lifespan of data, credential stuffing, the attack lifecycle, and what you can do to protect yourself or your users.
http://tony-ridley.com/webinars/social-media-technologies-for-business-intelligence-security-crisis-travel-and-risk-management-webinar
How to use social media technologies for for business intelligence, including security, crisis, emergency management and travel.
Presented by Tony Ridley, a leading international consultant, speaker, author and advisor to companies of all sizes.
In this presentation (click above to attend the webinar) Tony will identify the tools, tactics, solutions and reasons behind the growing use of social media for business intelligence.
CreativeMornings FieldTrip: information security for creative folksPaul Schreiber
Lots of important information is on your computer and in the cloud. Keeping it private and secure is really important.
Security doesn’t have to be overwhelming and scary!
In this hands-on session, you’ll learn about what’s important and what’s not, risk assessment (security folks call this “threat modeling”), and we’ll help you set up good password practices, two-factor authentication and use a security key.
https://creativemornings.com/talks/information-security-for-creative-folks
جلسه ۱۸۶ تهران لاگ
By: Mohammad reza Kamalifard
این ارائه در خصوص انواع حمله کنندگان آنلاین ، حملات دولت ها حریم شخصی کاربران و راه حل ها آن محصولی از DSME است
http://datasec.ir
ارائه شده توسط: محمد رضا کمالی فرد
The life of breached data and the attack lifecycleJarrod Overson
OWASP RTP Presentation on Data breaches, credential spills, the lifespan of data, credential stuffing, the attack lifecycle, and what you can do to protect yourself or your users.
http://tony-ridley.com/webinars/social-media-technologies-for-business-intelligence-security-crisis-travel-and-risk-management-webinar
How to use social media technologies for for business intelligence, including security, crisis, emergency management and travel.
Presented by Tony Ridley, a leading international consultant, speaker, author and advisor to companies of all sizes.
In this presentation (click above to attend the webinar) Tony will identify the tools, tactics, solutions and reasons behind the growing use of social media for business intelligence.
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Speak in Private aims to make secure communication simple yet affordable. We're working to enhance the state of secure communication making it easy for not only the military and government agencies but everyone to use.
Resource[s] : http://www.speakinprivate.com/
Passwords are Costly" - a post on MojoAuth explains why relying solely on passwords for online security can be costly. Learn about the risks of password-based authentication and why adopting multi-factor authentication is crucial to protect your personal information.
Cybersecurity Interview Questions Part -2.pdfInfosec Train
It is a hacking method that makes use of trial and error to
break encryption keys, passwords, and login credentials.
It is a straightforward but effective strategy for
unauthorized access to user accounts, company
systems, and networks.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
The advent of AI is revolutionizing both the world and cybersecurity, yet significant challenges remain. The Cyber Express has consulted with leading industry experts to uncover insights that will illuminate the AI transformation.
The latest issue of The Cyber Express explores the role of AI in securing digital assets, followed by its benefits and challenges. Stay ahead on this important topic and don’t miss out on valuable insights. https://thecyberexpress.com/
VIP Workshop: Effective Habits of Development TeamsPaul Schreiber
There’s so many tools out there, but what are the best for managing development teams? Paul Schreiber, Developer at FiveThirtyEight, will walk through best practices and tools for workflow, automation and testing, along with good practices for managing development teams.
More Related Content
Similar to WordCamp for Publishers: Security for Newsrooms
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Speak in Private aims to make secure communication simple yet affordable. We're working to enhance the state of secure communication making it easy for not only the military and government agencies but everyone to use.
Resource[s] : http://www.speakinprivate.com/
Passwords are Costly" - a post on MojoAuth explains why relying solely on passwords for online security can be costly. Learn about the risks of password-based authentication and why adopting multi-factor authentication is crucial to protect your personal information.
Cybersecurity Interview Questions Part -2.pdfInfosec Train
It is a hacking method that makes use of trial and error to
break encryption keys, passwords, and login credentials.
It is a straightforward but effective strategy for
unauthorized access to user accounts, company
systems, and networks.
The basic fundamental of cybersecurity and how can it be used for unethical purposes.
For this type of presentations (customised), you can contact me here : rishav.sadhu11@gmail.com
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
The advent of AI is revolutionizing both the world and cybersecurity, yet significant challenges remain. The Cyber Express has consulted with leading industry experts to uncover insights that will illuminate the AI transformation.
The latest issue of The Cyber Express explores the role of AI in securing digital assets, followed by its benefits and challenges. Stay ahead on this important topic and don’t miss out on valuable insights. https://thecyberexpress.com/
VIP Workshop: Effective Habits of Development TeamsPaul Schreiber
There’s so many tools out there, but what are the best for managing development teams? Paul Schreiber, Developer at FiveThirtyEight, will walk through best practices and tools for workflow, automation and testing, along with good practices for managing development teams.
Many websites — from Wikipedia to Reddit to the Washington Post — are encrypting all of their web traffic to protect their readers' privacy by using SSL certificates are directing their traffic over HTTPS.
Besides the obvious security advantages, webmasters have another reason: Google is using HTTPS as a ranking signal.
At this meetup, we'll talk about what this all means (benefits, downsides) and problems encountered moving to HTTPS (and how they solved them).
Lots of websites — from Wikipedia to Reddit to the Washington Post — are moving towards encrypting all of their web traffic to protect their readers' privacy. We'll talk about what this all means (benefits, downsides) and problems we've encountered moving to HTTPS (and how we solved them).
WordCamp US: Delivering the news over HTTPSPaul Schreiber
HTTP is dead. Here’s why, and what you need to know to migrate to HTTPS.
Delivered to WordCamp US in Philadelphia on December 5, 2015.
Detailed guide: https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-OME/edit
HTTP is dead. Here’s why, and what you need to know to migrate to HTTPS.
Delivered to the BigWP Meetup NYC on September 15, 2015.
Detailed guide: https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-OME/edit
Last November, The New York Times challenged news sites to fully support HTTPS in 2015. What does it mean to meet that challenge? This session will discuss the problems we encountered moving to HTTPS (and how we solved them). We'll then give you hands-on help with anything you need: server configuration, certificates, mixed-content warnings, CDNs — even ads, analytics and A/B tests.
Handout: https://docs.google.com/document/d/1EJKAoa4Hxc4AyH0znuA_AAplcNeNejEhATFptFX-OME/edit#
From SXSW 2007: Making software predictable and consistent makes it much easier to use. This session will explain UI consistency and point out examples of failures and their consequences. We’ll discuss when it’s appropriate to break consistency, and how to build tools and process to ensure applications are consistent with human interface guidelines and real-world practices.
The story of (paper) junk mail. Why I care; where it comes from; how to stop it.
Services mentioned:
DMA Opt Out <http: />
Catalog Choice <http: />
41 Pounds <http: />
ProQuo (ceased operations 2 July 2009)
Tonic Mailstopper <http: />
Red Dot Campaign <http: />
Credit Card Opt Out <https: />
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
44. § 5.1.1.2
Verifiers SHALL require subscriber-chosen memorized secrets
to be at least 8 characters in length. Verifiers SHOULD permit
subscriber-chosen memorized secrets at least 64 characters in
length.
length
45. composition
§ 5.1.1.2
All printing ASCII [RFC 20] characters as well as the space
character SHOULD be acceptable in memorized secrets.
Unicode [ISO/ISC 10646] characters SHOULD be accepted as
well.
Verifiers SHOULD NOT impose other composition rules (e.g.,
requiring mixtures of different character types or prohibiting
consecutively repeated characters) for memorized secrets.
46. § 5.1.1.2
Verifiers SHOULD NOT require memorized secrets to be
changed arbitrarily (e.g., periodically).
rotation
93. Many graphics from The Noun Project
Bear by Gan Khoon Lay; Computer Fire by Ian Ransley; Computer by Azis; Credit
card Gonzalo Bravo; Fingerprint by Ben Davis; Lock with keyhole by Brennan
Novak; Marker by Jeff Seevers; Nokia 3310 by Stan Fisher; Notification by vijay
sekhar; Shield by Wayne Thayer; Spy by Alen Krummenacher; iPhone by Ross
Sokolovski.