In the token transfer, the risk of replay attack cannot be completely avoided when the sender's signatures are abused, which can bring the loss to users. And the reason is that the applying scope of the signatures is not properly designed in the smart contracts. To test and verify this loophole, we selected two similar smart contracts for our experiment, at the same time, we used our own accounts in these two contracts to carry out the experiment. Because the same signatures of the two contracts were used in the experiment, we got a double income from sender successfully.
The experiment verified that the replay attack is really exist. Besides, the replay attack may exist in multiple smart contracts. We calculated the number of smart contracts with this loophole, as well as the corresponding transaction activities, which find some Ethereum smart contracts are risked for this loophole. According to the vulnerability of the contract signature, the risk level is calibrated and depicted. Furthermore, the replay attack pattern is extended to within contract, cross contract and cross chain, which provide the pertinence and well reference for protection. Finally, the countermeasures are proposed to fix this vulnerability.
Speakers:
Zhenxuan Bai , Freelance Security Researcher
Yuwei Zheng , Senior security researcher at Radio Security Department of 360 Technology
Kunzhe Chai , Leader of PegasusTeam at 360 Radio Security Research Department in 360 Technology
Senhua Wang , Freelance Security Researcher
Emerging application and data protection for multi cloudUlf Mattsson
Emerging Application and Data Protection for Multi-Cloud
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them.
This talk will provide food for thought in 3 areas:
Security of AI systems
Use of AI in cybersecurity
Malicious use of AI
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
E-commerce has presented a new way of doing transactions all over the world using internet. The success of ecommerce depends greatly on how its information technology is used. Over the years the rate at which ecommerce sensitive information is sent over the internet and network has increased drastically. It is for this reason that every company wants to ensure that its ecommerce information is secured. There is need for ecommerce information transmitted via the internet and computer networks to be protected. There is substantial growth in the areas of credit card fraud and identity theft because the internet is a public network with thousands of millions of users. Amongst users are crackers or hackers that carry out the credit card fraud and identity theft in numerous ways facilitated by poor internet security; a concern regarding the exchange of money securely and conveniently over the internet increases. The criticality, danger, and higher priority importance of any e-commerce money transfer makes it a hot area of research interest in modern computer science and informatics. E-commerce industry is slowly addressing security issues on their internal networks but security protection for the consumers is still in its infancy, thus posing a barrier to the development of e-commerce. There is a growing need for technological solutions to globally secure ecommerce transaction information by using appropriate data security technology. The technology solution proposed for solving this security problem is the RSA cryptosystem. This research paper focuses on securing ecommerce information sent through the computer network and internet using RSA cryptography. It elucidates the implementation of RSA algorithm and shows that ecommerce security powered with RSA cryptography is very important in ecommerce transaction. While many attacks exist, the system has proven to be very secure
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...Peter Waher
The presentation on Architectural Requirements for Smart Cities on the second day of the "IEEE Standards Impact in IoT and 5G" conference in Bangalore, India, describes the vision of a Smart City and shows that there are two paths to building a Smart City. Either Top/Down or Bottom/Up. The presentation describes Open Societies, and how to create Digital equivalents of Open Societies, or Open Smart Societies. It shows how standards, interoperability, monetization, privacy and security are key factors, and how IEEE 1451.99 can help lay a strong foundation for a Smart City.
Secure Sharing of Design Information with BlockchainsSven Wohlgemuth
To defend against evolving cyberattacks, defenders alone have limitations to prevent attacks from multiple and powerful attackers. We show a new way for defenders to collaborate closely and to make the necessary security by design. Blockchains are used, and accountability occurs in such a way for incentive so that participants will comply with the rules. Intellectual property rights of individual defenders are protected, and unnecessary leakage of trade secrets and personal information can be avoided. In the mutual interaction between humans and computer, information is shared in such a way that humans correctly benefit from AI-supported machines as intelligent amplifiers.
Talks @ 2018 IEICE Society Conference
Practical risk management for the multi cloudUlf Mattsson
This session will take a practical approach to IT risk management and discuss multi cloud, Verizon Data Breach Investigations Report (DBIR) and how Enterprises are losing ground in the fight against persistent cyber-attacks. We simply cannot catch the bad guys until it is too late. This picture is not improving. Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools.
We will review the JP Morgan Chase data breach were hackers were in the bank’s network for months undetected. Network configuration errors are inevitable, even at the largest banks as Capital One that recently had a data breach where a hacker gained access to 100 million credit card applications and accounts.
Viewers will also learn about:
- Macro trends in Cloud security and Micro trends in Cloud security
- Risks from Quantum Computing and when we should move to alternate forms of encryption
- Review “Kill Chains” from Lockhead Martin in relation to APT and DDoS Attacks
- Risk Management methods from ISACA and other organizations
Speaker: Ulf Mattsson, Head of Innovation, TokenEx
Emerging application and data protection for multi cloudUlf Mattsson
Emerging Application and Data Protection for Multi-Cloud
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
“AI is the new electricity” proclaims Andrew Ng, co-founder of Google Brain. Just as we need to know how to safely harness electricity, we also need to know how to securely employ AI to power our businesses. In some scenarios, the security of AI systems can impact human safety. On the flip side, AI can also be misused by cyber-adversaries and so we need to understand how to counter them.
This talk will provide food for thought in 3 areas:
Security of AI systems
Use of AI in cybersecurity
Malicious use of AI
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
E-commerce has presented a new way of doing transactions all over the world using internet. The success of ecommerce depends greatly on how its information technology is used. Over the years the rate at which ecommerce sensitive information is sent over the internet and network has increased drastically. It is for this reason that every company wants to ensure that its ecommerce information is secured. There is need for ecommerce information transmitted via the internet and computer networks to be protected. There is substantial growth in the areas of credit card fraud and identity theft because the internet is a public network with thousands of millions of users. Amongst users are crackers or hackers that carry out the credit card fraud and identity theft in numerous ways facilitated by poor internet security; a concern regarding the exchange of money securely and conveniently over the internet increases. The criticality, danger, and higher priority importance of any e-commerce money transfer makes it a hot area of research interest in modern computer science and informatics. E-commerce industry is slowly addressing security issues on their internal networks but security protection for the consumers is still in its infancy, thus posing a barrier to the development of e-commerce. There is a growing need for technological solutions to globally secure ecommerce transaction information by using appropriate data security technology. The technology solution proposed for solving this security problem is the RSA cryptosystem. This research paper focuses on securing ecommerce information sent through the computer network and internet using RSA cryptography. It elucidates the implementation of RSA algorithm and shows that ecommerce security powered with RSA cryptography is very important in ecommerce transaction. While many attacks exist, the system has proven to be very secure
IEEE Standards Impact in IoT and 5G, Day 2 - Architectural Requirements for S...Peter Waher
The presentation on Architectural Requirements for Smart Cities on the second day of the "IEEE Standards Impact in IoT and 5G" conference in Bangalore, India, describes the vision of a Smart City and shows that there are two paths to building a Smart City. Either Top/Down or Bottom/Up. The presentation describes Open Societies, and how to create Digital equivalents of Open Societies, or Open Smart Societies. It shows how standards, interoperability, monetization, privacy and security are key factors, and how IEEE 1451.99 can help lay a strong foundation for a Smart City.
Secure Sharing of Design Information with BlockchainsSven Wohlgemuth
To defend against evolving cyberattacks, defenders alone have limitations to prevent attacks from multiple and powerful attackers. We show a new way for defenders to collaborate closely and to make the necessary security by design. Blockchains are used, and accountability occurs in such a way for incentive so that participants will comply with the rules. Intellectual property rights of individual defenders are protected, and unnecessary leakage of trade secrets and personal information can be avoided. In the mutual interaction between humans and computer, information is shared in such a way that humans correctly benefit from AI-supported machines as intelligent amplifiers.
Talks @ 2018 IEICE Society Conference
Practical risk management for the multi cloudUlf Mattsson
This session will take a practical approach to IT risk management and discuss multi cloud, Verizon Data Breach Investigations Report (DBIR) and how Enterprises are losing ground in the fight against persistent cyber-attacks. We simply cannot catch the bad guys until it is too late. This picture is not improving. Verizon reports concluded that less than 14% of breaches are detected by internal monitoring tools.
We will review the JP Morgan Chase data breach were hackers were in the bank’s network for months undetected. Network configuration errors are inevitable, even at the largest banks as Capital One that recently had a data breach where a hacker gained access to 100 million credit card applications and accounts.
Viewers will also learn about:
- Macro trends in Cloud security and Micro trends in Cloud security
- Risks from Quantum Computing and when we should move to alternate forms of encryption
- Review “Kill Chains” from Lockhead Martin in relation to APT and DDoS Attacks
- Risk Management methods from ISACA and other organizations
Speaker: Ulf Mattsson, Head of Innovation, TokenEx
Product security by Blockchain, AI and Security CertsLabSharegroup
Three themes You need to think about Product Security — and some tips for How to Do It
I have been working with software security laboratories and IT security firms for years. I have talked with clients, read and watched dozens of articles/videos and talked with several experts about product security themes, future, technologies.
The three themes are:
Is the blockchain the new technology of trust?
Blockchain has the potential to transform industries. However, some security experts raised questions: If blockchain is broadly used in technology solutions will security standards be adopted? How to protect the cryptographic keys that allow access to the blockchain applications? Although it is true that the potential is huge such as securing IoT nodes, edge devices with authentication, improved confidentiality and data integrity, disrupting current PKI systems, reducing DDoS attacks etc.
AI (Machine Learning, Deep Learning, Reinforcement Learning algorithm) potential in Product Security
Machine learning can help in creating products that analyse threats and respond to attacks and security incidents. There are several repositories on GitHub or open-source codes by IBM available for developers. Deep learning networks are rapidly growing due to cheap cloud GPU services and after Reinforcement learning algorithm’s last success nobody knows the upper limit.
Product Security by International security standards and practices
The present, future, and developmental orientations of independent third party certificates Industry. How can the international standards answer the rapid growth of new technologies and maintain secure applications in IoT, Blockchain or AI-driven industries?
Are IT products reliable, secure and will they stay that way?
I would like to explain Product Security in a simple way. My goal is the introduction of product security for Tech startups, fast-growing Tech firms. Furthermore, I would like to emphasize the benefits of product security certification.
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
What is a secure enterprise architecture roadmap?Ulf Mattsson
Webcast title : What is a Secure Enterprise Architecture Roadmap?
Description : This session will cover the following topics:
* What is a Secure Enterprise Architecture roadmap (SEA)?
* Are there different Roadmaps for different industries?
* How does compliance fit in with a SEA?
* Does blockchain, GDPR, Cloud, and IoT conflict with compliance regulations complicating your SEA?
* How will quantum computing impact SEA roadmap?
Presenters : Juanita Koilpillai, Bob Flores, Mark Rasch, Ulf Mattsson, David Morris
Duration : 68 min
Date & Time : Sep 20 2018 8:00 am
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webinar/what-is-a-secure-enterprise-architecture-roadmap
Cyber Threat Intelligence - La rilevanza del dato per il businessFrancesco Faenzi
Scenario delle Cyber Threat
Cyber Threat Intelligence
CTI come fase della Cyber Defense
Intelligence & Cleverness
"In real life"
Rilevanza della CTI per il Business
Punti di attenzione per il CISO in un CTI Program
Securing data today and in the future - Oracle NYCUlf Mattsson
NYOUG - New York Oracle Users Group:
- Risks Associated with Cloud Computing
- Data Tokens in a Cloud Environment
- Data Tokenization at the Gateway Layer
- Data Tokenization at the Database Layer
- Risk Management and PCI
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
As the cyber threat landscape continues to evolve, organizations worldwide are increasing their spend on cybersecurity technology. We have a transition from 3rd party security providers into native cloud security services. The challenge of securing enterprise data assets is increasing. What’s needed to control Cyber Risk and stay Compliant in this evolving landscape?
We will discuss evolving industry standards, how to keep track of your data assets, protect your sensitive data and maintain compliance to new regulations.
Tokenization on Blockchain is a steady trend of 2018. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization on Blockchain is a steady trend of 2018. Blockchain guarantees that the ownership information is immutable. Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token. The tokenization system can be implemented local to the data that is tokenized or offloaded to cloud. Tokenization in cloud can provide a lower total cost of ownership by sharing resources implementation and administration. A high level of security can be achieved by separating the tokenization system into a container that can be run on-prem (for larger banks) or isolated in a remote private cloud.
Please join my session that will discuss tokenization, blockchain and tokenization in blockchain.
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Public Blockchain technology like Ethereum is gaining interest and growing use case among startup and fintechs.
Apart from scalability issues which are going to be solved with new consensus and mining techniques (Ethereum Metropolis and Bitcoin SegWit2x with Lightning network), the privacy of transactions is still an issue which is not yet fully addressed. Due to the public nature of Ethereum, many businesses are reluctant to deploy Smart-contract or Dapps solutions for fear of exposing confidential or sensitive information.
The use of zk-SNARKs (zk-SNARK stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”) essentially solves this blocker. Moreover, the next Ethereum Improvement Proposal called 'Byzantium' includes zk-SNARKS.
zk-SNARKs allows verification of the correctness of computations, without a verifier having to execute those computations or even learn what was actually executed. Using zk-SNARKs, a verifier can confirm that a computation happened correctly, with ‘zero-knowledge’ of the computation itself.
During this talk, we present a brief overview of cryptography and the theory around the zero-knowledge proof algorithm. Then we showcase the benefits of zk-SNARKS and other privacy-preserving techniques (like zcash) on the public blockchain ecosystem.
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Providing managed services to your customers is more than just a proven method to retaining your existing customer base. By providing managed services, you create a recurring revenue stream that allows you to proactively plan for the growth of your business. Higher margins and a better business valuation are two of the additional benefits of providing managed services to your customer base.
Not just for IT shops anymore, copier companies, Telco’s and VoIP companies are securing their place in their market by adding managed services to their business profile.
This session will highlight how VoIP companies all over the world have followed N-able’s systematic approach to cross and up sell existing customers and execute on a new clients acquisition strategy to increase services revenue.
An extensive research survey on data integrity and deduplication towards priv...IJECEIAES
Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems.
EOS Smart Contract Audit (https://www.somish.com/blockchain/smart-contract-au...Somish Blockchain Labs
Smart contract built on the top of EOSIO blockchain allow for a lot of features to be covered by tests, but the turing completeness of C++ programming language and it’s flexibility leaves some space for unexpected runtime exceptions.
Smart City Lecture 2 - Privacy in the Smart CityPeter Waher
Privacy is a basic human right that has been heavily eroded on the point of extinction in the current digital age, as the constant reports on security breaches tell us. With the help of the General Data Protection Regulation (GDPR), privacy has been brought back from the dead, and is at least discussed in most enterprises in Europe, and perhaps a large part of the world. This lecture introduces the GDPR and Privacy, as it relates to the Smart City. It presents concepts such as “Data Protection by design and by default”, “Consent”, “Legal Basis”, etc. It also presents technologies that make protecting Privacy more difficult, and why.
These technologies work against the basic principles of privacy by default, so you need to know the details of how they work, to avoid serious pitfalls. There are also technologies that are more Privacy neutral. While not making data protection easier, at least the technology does not work against the basic principles of privacy. Finally, technologies that intrinsically help you protect Privacy are presented. These technologies make it easier to protect Privacy and sensitive data in general.
Product security by Blockchain, AI and Security CertsLabSharegroup
Three themes You need to think about Product Security — and some tips for How to Do It
I have been working with software security laboratories and IT security firms for years. I have talked with clients, read and watched dozens of articles/videos and talked with several experts about product security themes, future, technologies.
The three themes are:
Is the blockchain the new technology of trust?
Blockchain has the potential to transform industries. However, some security experts raised questions: If blockchain is broadly used in technology solutions will security standards be adopted? How to protect the cryptographic keys that allow access to the blockchain applications? Although it is true that the potential is huge such as securing IoT nodes, edge devices with authentication, improved confidentiality and data integrity, disrupting current PKI systems, reducing DDoS attacks etc.
AI (Machine Learning, Deep Learning, Reinforcement Learning algorithm) potential in Product Security
Machine learning can help in creating products that analyse threats and respond to attacks and security incidents. There are several repositories on GitHub or open-source codes by IBM available for developers. Deep learning networks are rapidly growing due to cheap cloud GPU services and after Reinforcement learning algorithm’s last success nobody knows the upper limit.
Product Security by International security standards and practices
The present, future, and developmental orientations of independent third party certificates Industry. How can the international standards answer the rapid growth of new technologies and maintain secure applications in IoT, Blockchain or AI-driven industries?
Are IT products reliable, secure and will they stay that way?
I would like to explain Product Security in a simple way. My goal is the introduction of product security for Tech startups, fast-growing Tech firms. Furthermore, I would like to emphasize the benefits of product security certification.
An important part of RSAC 2020 focused on Business-Critical Application Security and we're seeing a transformational shift in technology. The enterprise architecture we used to know is changing. Cloud application development is accelerating and diversifying where many organizations have virtual machines, containers, and now serverless applications running in the cloud, transforming code into infrastructure. Microservices make a lot of sense for scale and development agility, but if everything is talking to everything else via APIs, it’s likely that there are many (and I mean many) application vulnerabilities. Additionally, API security is new, so processes are likely immature, and API security sits somewhere between application developers, DevOps, and cybersecurity, leading to organizational and skills challenges. We will organize this chaos from RSAC and discuss Security in The API Ecosystem.
Security is morphing to a hybrid model for distributed policy enforcement across cloud-based environments. At the same time, organizations want central policy management for the whole environment.
You will learn more about what I found interesting at RSAC:
1. “Emerging Privacy Issues”
2. “The Human Factor”
3. “Cloud Security”
4. “Advancements in Machine Learning”
5. “Security in App Development”
6. “Trends from the Innovation Sandbox”
7. “New Standards and Regulations”
8. “Security for The API Economy”
What is a secure enterprise architecture roadmap?Ulf Mattsson
Webcast title : What is a Secure Enterprise Architecture Roadmap?
Description : This session will cover the following topics:
* What is a Secure Enterprise Architecture roadmap (SEA)?
* Are there different Roadmaps for different industries?
* How does compliance fit in with a SEA?
* Does blockchain, GDPR, Cloud, and IoT conflict with compliance regulations complicating your SEA?
* How will quantum computing impact SEA roadmap?
Presenters : Juanita Koilpillai, Bob Flores, Mark Rasch, Ulf Mattsson, David Morris
Duration : 68 min
Date & Time : Sep 20 2018 8:00 am
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webinar/what-is-a-secure-enterprise-architecture-roadmap
Cyber Threat Intelligence - La rilevanza del dato per il businessFrancesco Faenzi
Scenario delle Cyber Threat
Cyber Threat Intelligence
CTI come fase della Cyber Defense
Intelligence & Cleverness
"In real life"
Rilevanza della CTI per il Business
Punti di attenzione per il CISO in un CTI Program
Securing data today and in the future - Oracle NYCUlf Mattsson
NYOUG - New York Oracle Users Group:
- Risks Associated with Cloud Computing
- Data Tokens in a Cloud Environment
- Data Tokenization at the Gateway Layer
- Data Tokenization at the Database Layer
- Risk Management and PCI
New regulations and the evolving cybersecurity technology landscapeUlf Mattsson
As the cyber threat landscape continues to evolve, organizations worldwide are increasing their spend on cybersecurity technology. We have a transition from 3rd party security providers into native cloud security services. The challenge of securing enterprise data assets is increasing. What’s needed to control Cyber Risk and stay Compliant in this evolving landscape?
We will discuss evolving industry standards, how to keep track of your data assets, protect your sensitive data and maintain compliance to new regulations.
Tokenization on Blockchain is a steady trend of 2018. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization on Blockchain is a steady trend of 2018. Blockchain guarantees that the ownership information is immutable. Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token. The tokenization system can be implemented local to the data that is tokenized or offloaded to cloud. Tokenization in cloud can provide a lower total cost of ownership by sharing resources implementation and administration. A high level of security can be achieved by separating the tokenization system into a container that can be run on-prem (for larger banks) or isolated in a remote private cloud.
Please join my session that will discuss tokenization, blockchain and tokenization in blockchain.
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Public Blockchain technology like Ethereum is gaining interest and growing use case among startup and fintechs.
Apart from scalability issues which are going to be solved with new consensus and mining techniques (Ethereum Metropolis and Bitcoin SegWit2x with Lightning network), the privacy of transactions is still an issue which is not yet fully addressed. Due to the public nature of Ethereum, many businesses are reluctant to deploy Smart-contract or Dapps solutions for fear of exposing confidential or sensitive information.
The use of zk-SNARKs (zk-SNARK stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”) essentially solves this blocker. Moreover, the next Ethereum Improvement Proposal called 'Byzantium' includes zk-SNARKS.
zk-SNARKs allows verification of the correctness of computations, without a verifier having to execute those computations or even learn what was actually executed. Using zk-SNARKs, a verifier can confirm that a computation happened correctly, with ‘zero-knowledge’ of the computation itself.
During this talk, we present a brief overview of cryptography and the theory around the zero-knowledge proof algorithm. Then we showcase the benefits of zk-SNARKS and other privacy-preserving techniques (like zcash) on the public blockchain ecosystem.
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Providing managed services to your customers is more than just a proven method to retaining your existing customer base. By providing managed services, you create a recurring revenue stream that allows you to proactively plan for the growth of your business. Higher margins and a better business valuation are two of the additional benefits of providing managed services to your customer base.
Not just for IT shops anymore, copier companies, Telco’s and VoIP companies are securing their place in their market by adding managed services to their business profile.
This session will highlight how VoIP companies all over the world have followed N-able’s systematic approach to cross and up sell existing customers and execute on a new clients acquisition strategy to increase services revenue.
An extensive research survey on data integrity and deduplication towards priv...IJECEIAES
Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems.
EOS Smart Contract Audit (https://www.somish.com/blockchain/smart-contract-au...Somish Blockchain Labs
Smart contract built on the top of EOSIO blockchain allow for a lot of features to be covered by tests, but the turing completeness of C++ programming language and it’s flexibility leaves some space for unexpected runtime exceptions.
Smart City Lecture 2 - Privacy in the Smart CityPeter Waher
Privacy is a basic human right that has been heavily eroded on the point of extinction in the current digital age, as the constant reports on security breaches tell us. With the help of the General Data Protection Regulation (GDPR), privacy has been brought back from the dead, and is at least discussed in most enterprises in Europe, and perhaps a large part of the world. This lecture introduces the GDPR and Privacy, as it relates to the Smart City. It presents concepts such as “Data Protection by design and by default”, “Consent”, “Legal Basis”, etc. It also presents technologies that make protecting Privacy more difficult, and why.
These technologies work against the basic principles of privacy by default, so you need to know the details of how they work, to avoid serious pitfalls. There are also technologies that are more Privacy neutral. While not making data protection easier, at least the technology does not work against the basic principles of privacy. Finally, technologies that intrinsically help you protect Privacy are presented. These technologies make it easier to protect Privacy and sensitive data in general.
Tokenization on Blockchain is a steady trend. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token.
The tokenization system can be implemented local to the data that is tokenized or in a centralized model. We will discuss tokenization implementations that can provide scalability across hybrid cloud models. This session will position different data protection techniques, use cases for blockchain, and protecting blockchain.
When consumer products get switched on, brands will be able to deploy new IoT-based applications and services throughout the full product lifecycle. But what role will blockchains play in this, and is the hype about its potential justified?
This white paper will show you which use cases are best suited to blockchains and how to assess whether a blockchain-based solution is really needed.
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Simone Onofri
After web 1.0 and web 2.0, web3 has arrived! After a brief introduction, where we will look at the evolution of the web and what has changed as far as security is concerned, we will dive into blockchain to understand how to attack Smart Contracts on Ethereum, how these intersect with more classic vulnerabilities, and what are the main vulnerabilities we can find in contracts written in Solidity.
Impact of Blockchain on IT AuditBlockchain Techn.docxsheronlewthwaite
Impact of Blockchain on IT Audit
Blockchain Technology Overview
Three Levels of Blockchain, Tokens
Alliances and Industry Adoption
Smart Contracts
Identity Management
Criticism and Challenges
Impact on the IT Audit Function
Learning and Engagement
Agenda
*
Blockchain technology is a digital innovation that is poised to significantly alter financial markets within the next few years, within a cryptographic ecosystem that has the potential to also significantly impact trusted computing activities and therefore cybersecurity concerns as a whole.
Blockchain Overview
.
*
How many of you:
Have heard of bitcoins?
Own cryptocurrency?
Feel you understand the underlying blockchain technology?
Feel you can summarize for us the benefits of the “trust economy”?
Are involved in projects that involve blockchain technology implementation or related activities?
Student Exposure
*
Where It All Started
Blockchain technology was first introduced in a whitepaper entitled: “Bitcoin: A Peer-to-Peer Electronic Cash System,” by Satoshi Nakamoto in 2008.
No reliance on trust
Digital signatures
Peer-to-peer network
Proof-of-work
Public history of transactions
Honest, independent nodes control majority of CPU computing power
Nodes vote with CPU computing power
Rules and incentives enforced through consensus mechanism
https://bitcoin.org/bitcoin.pdf
*
Cryptocurrency Summarized
Bitcoin was the first digital, i.e., cryptocurrency
A maximum of 21 million Bitcoins can be generated
Just as with real world mining, energy must be invested to solve complex mathematical problems by which systems earn Bitcoins
https://www.cryptocoincharts.info/coins/info claims to be indexing 4,220 cryptocurrencies
Most circulated: Bitcoin, Ethereum, Litecoin
*
The Technology Behind Bitcoin
Think of Bitcoin as an electronic asset (as well as a digital currency)
A network of computers keeps track of Bitcoin payments, and adds them to an ever-growing list of all the Bitcoin payments that have been made, called “The Bitcoin Blockchain”
The file that contains data about all the Bitcoin transactions is often called a “ledger”
Bitcoin value is created through transaction processing, referred to as “mining,” which is performed by distributed processors called “nodes” of the peer-to-peer network
A Gentle Introduction to Bitcoin by Antony Lewis, https://bravenewcoin.com/assets/Reference-Papers/A-Gentle-Introduction/A-Gentle-Introduction-To-Bitcoin-WEB.pdf
*
Mining Evolution
Mining is the process whereby value is created through transaction processing that occurs on nodes of the network.
In 2009, one could mine 200 Bitcoins with a personal, home computer. In 2015, it would take about 98 years to mine just 1 Bitcoin.
Today there is almost no money to be made through traditional home mining.
ASIC (Application Specific Integrated Circuit) has been designed strictly for mining Bitcoins.
Groups of miners have formed mining pools, with each being paid their relati ...
What is an IDO How can IDO be attacked.pdfcoingabbar
The IDO is portrayed as the replacement for fundraising models like ICO, STO, and IEO as it provides greater liquidity for crypto assets and more fast, transparent, and equitable trading. IDO is one of many inventive ways for raising funds. However,the Initial Coin Offering (ICO), was the first method of raising funds in the cryptocurrency industry and it caused a lot of controversy in 2017.
Just about any ICO project could offer huge returns, and many did. Many ICO ventures turned out to be illusions or, worse, scams in an effort to make easy money. They also damaged the reputation of the cryptocurrency market and discouraged many potential new investors from joining.
To know more about ICO read-Evaluating ICOs: Importance of Soft Cap and Hard Cap
Decentralized finance (DeFi) uses several fundraising strategies to try to solve this issue. The IDO model is one such example. Crypto investors now have access to a different, more inclusive crowdfunding model due to DEXs.
However, hacking assaults can cause significant financial and reputational harm during the Initial Dex Offerings (IDOs). This is why token issuers should prioritise protection against these sorts of assaults. Preventative interventions allow for the reduction of the hazards associated with these assaults.
In order to understand how these hacking attacks pose a risk to an IDO's reputation, we must first understand how an IDO works.
How does an IDO work?
The decentralized exchange is used by an IDO to carry out the token sale. The DEX receives tokens from a cryptocurrency project, customers deposit money through the platform, and DEX handles the ultimate distribution and transfer. The blockchain's smart contracts enable this automated operation.
The IDO regulations follow these standard methods.
After the screening process, they approve a project to run on an IDO, and after they issue a supply of tokens for a fixed price, the users can lock their money in exchange for these tokens.
To be included in the investor whitelist, you must do marketing activities, or you can provide your wallet address.
The remainder of the funds are handed to the team, and some are utilized to build a liquidity pool. After the TGE(Token Generation Event), investors trade the token, and typically, the liquidity is locked for a specific amount of time.
Tokens are given to users at the TGE, after which the liquidity provider is made available for trading.
Types of Attacks
Smart Contract Manipulation
Given that the rules for carrying out agreements are entirely automated and hard-coded into algorithms, smart contracts provide a creative way to promote trustless exchanges. Smart contracts are like digital programs that can operate independently and according to a set of instructions.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
5. What is Blockchain?
Blockchain is:
A Large-scale globally decentralized computer
network
A system that users can interact with by sending
transactions
— Transactions are guaranteed by
Consensus Mechanism
6. Advantages of Blockchain
• having the unified database with rapid consensus
• With large-scale fault-tolerant mechanism
• Not relying on trust, not controlled by any single administrator or
organization (not for private/consortium blockchain)
• Audit-able: external observers can verify transaction history.
• Automation: operating without human involvement.
7. What on-earth can Blockchain do?
Cryptocurrency: digital assets on the Blockchain
There are tokens in the public blockchains used to limit the rates of updating
transactions & power the maintenance of Blockchain.
Record Registration (such as the Domain Name System based on Blockchain.
Timestamp to track high value data
Financial Contracts
General Computation
Non-monetary Characteristics
Support Functionalities
8. Ethereum
About 2013, the public realized that Blockchain can be used in hundreds
of applications besides cryptocurrency, such as asset issuance,
crowdfunding, domain-name registration, ownership registration, market
forecasting, Internet of things, voting and so on.
9. How to realize?
Smart contracts are pieces of code that live on the Blockchain
and execute commands exactly how the were told to.
“smart contract" - a computer program running in a secure environment
that automatically transfers digital assets according to previously arbitrary
rules.
business people
Developer
Smart Contract
10. How to build one?
■ Blockchain with built-in programming language
■ maximum abstraction and versatility
■ it is very ideal to process smart contracts
Ethereum
11. Ethereum
EVM: It is the operating environment for smart contract in
the Ethereum. It is not only encapsulated by a sandbox, but
in fact it is completely isolated, that is, the code that runs
inside the EVM does not have access to the network, file
system, or other processes. Even smart contracts have
limited contact with other smart contracts.
Operating System
14. The Ecology of the Ethereum
On average, there are 100 thousand of new users join the
Ethereum ecosystem every day. The users are very
active, with an average daily transactions of more than 1
million times on Ethereum.
15. The safety issue of the Ethereum
attack and token steal
exchange
probable to be hijacked
wallet
overflow attack
smart contract
main
parts
16. The security problem of smart contract
April 2018,
BEC contract
May 2018,
EDU contract June 2018,
SNC contract
Directly affects the major
exchanges, including the
issue, recharge or cash
withdrawal of the tokens.
17. Vulnerability in Smart Contracts
According to < Finding The Greedy , Prodigal , and Suicidal Contracts at Scale>, In
March 2018, nearly 1 million smart contracts were analyzed , among which there are
34200 smart contracts can be easily attacked by hackers.
18. How to lower the probability of loss ?
A complete and objective audit is required for smart contracts.
The emergency response can be made when the vulnerability was found in Smart
Contracts
Reward can be provided when someone detect any bug .
20. What are we care about - Replay attack
Replay attack: If a transaction is legitimate on one Blockchain, it is also
legitimate on another block chain.
When you transfer BTC1, your BTC2/BTC3 may be transferred at the same time.
23. we found the replay attack problem exists in 52 smart contracts.
We analyzed the smart contract example to verify the replay
attack.
We analyzed the source and process of replay attack to expound
the feasibility of replay attack in principle.
We verified the replay attack based on the signature
vulnerability.
We proposed defense strategy to prevent this problem.
Our Contribution
24. • Judging whether the contract is accord with the
ERC20 standard.
we set three scanning standards to discovery the
smart contracts which have the VULNERABILITY.
require ( totalsupply>0)
Vulnerability Scanning
25. • Get the name of the contract to determine
whether the name is valid.
Vulnerability Scanning
28. ● It has been confirmed(proved) that there are two smart
contracts allow proxy transactions..
● If the two smart contracts use a similar mechanism and share
the same transaction format.
● When a transaction happens in one contract, this transaction
will be also legal in another contract, and the replay attack
will be successfully executed.
Why does the replay attack occur?
29. The issue lies in this line: bytes32 h = keccak256(_from,_to,_value,_fee,nonce);
Example
32. Step one: transaction records on the Ethereum were
scanned to find out accounts which had both UGT tokens
and MTC tokens(we use two accounts, Alice and Bob) .
Verification of the replay attack process
34. Step three: Bob take out the input data of this transaction on the
blockchain. The parameters “from, to, value, fee, v, r, s” were extracted
from [0]- [6] in step two. The following is the implementation of the
transfer function.
Verification of the replay attack process
38. Select contract
Account setting
genesis.json
the UGT contract and the MTC contract
• Alice and Bob
• Alice(the sender): 0x8e65d5349ab0833cd76d336d380144294417249e
• Bob(the receiver): 0x5967613d024a1ed052c8f9687dc74897dc7968d6
• Both own some tokens for transferring.
UGT Token :0x43eE79e379e7b78D871100ed696e803E7893b644
MTC Token:0xdfdc0D82d96F8fd40ca0CFB4A288955bECEc2088
42. l Replay in the same contract (5/52)
MiracleTele RoyalForkToken FirstBlood KarmaToken KarmaToken2
l Cross-contracts replay (45/52)
Besides, we divided these 45 contracts into 3 groups, for the specific prefix
data used in the signatures. Cross-contracts replays may happen among any
contracts as long as they are in a same group.
According to feasible replay attack approaches:
Statistics and Analysis
43. ü Group 1 the specific prefix data 1 used in the signatures (28/52)
ARCCoin,BAF, Claes Cash Claes Cash2 CNF,CWC,DET, Developeo,
Envion, FiCoin, GoldCub JaroCoin metax, metax2 NODE, NODE2, NPLAY,
SIGMA, solomex, Solomon Exchange, Solomon Exchange2, Trump Full Term
Token, Trump Impeachment Token, X, ZEUS TOKEN ZEUS TOKEN2 ,cpay.
ü Group2 the specific prefix data 2 used in the signatures (7/52)
"x19Ethereum Signed Message:n32"
Acore CLC CLOUT CNYToken, CNYTokenPlus, GigBit The 4th
Pillar Token,
Statistics and Analysis
According to feasible replay attack approaches:
44. ü Group3 no specific prefix data used in the signatures (10/52)
BlockchainCuties First(smt), GG Token M2C Mesh Network M2C
Mesh Network2 MJ comeback, MJ comeback2, MTC Mesh Network,
SmartMesh Token, UG Token
l Replay between test chain and main chain (2/52)
MeshBox MeshBox2
l Replay between different main chain (0/52)
According to feasible replay attack approaches:
Statistics and Analysis
46. According to the trading frequency of above-mentioned
contracts
By 9:00 April 30th, 2018,
• 16 contracts were found which have the transaction records beyond
one month, The proportion is 30.77% of the total number of contracts.
• 3 contracts Only have the records for deployment. The proportion is
5.77% of the total number of contracts.
According to the comprehensive analysis, 63.46% of the
contract transactions are still active.
Statistics and Analysis
47. Ø The designers of smart contract should always confirm the
suitable range of digital signature when designing smart
contracts.
Ø The smart contracts deployed on public chain should add in
the specific information of the public chain such as the
chainID and the name of the public chain.
Ø The users of smart contracts need to pay attention to news
and reports concerning the loophole disclosures.
Countermeasures
48. p The security problems of smart contracts have been
widely concerned.
p As long as the signature was not limited by the smart
contracts, there is possibility of replay attack.
p We believe that loopholes on the Ethereum smart
contracts have not totally come to light.
Conclusion