Automating Content Protection at the Edge

•

1 j'aime•664 vues

For this session, we showcase some real-world use cases where you can use Amazon CloudFront logs, AWS WAF, and AWS Lambda to identify bad actors and block them. We also show tutorials and code samples that can help you analyze traffic patterns, and deploy new WAF rules.

Technologie

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Nathan Dye
AWS WAF Software Development Manager
June 23, 2016
Automating Content Protection at the Edge

Agenda
• Brief WAF Overview
• Demos
• Conclusion

Why use a WAF?
Application Vulnerabilities
Good users
Bad guys
Web server Database
Exploit
code

Use case for a WAF
Content Abuse
Good users
Bad guys
Web server Database

Another use case for a WAF
Application DDoS
Good users
Bad guys
Web server Database

What is AWS WAF?
Edge
Location
AWS WAF
Amazon
CloudFront
Elastic Load
Balancing
Amazon
EC2
Amazon
RDS

Customer case study
Customer: Magazine Luiza
• Large eCommerce platform in Brazil > than 700 stores
Requirements:
• Wanted protection days before Black Friday
• Needed APIs for automation
• Needed fast rule updates
• Needed high-scale blocking

Customer categories for AWS WAF
Ready-to-use Protection
 SQLi
 XSS
Customizable Protection
 Flexible Rules Engine
 Size Constraint Rules,
Body Inspection

Customer categories for AWS WAF
Ready-to-use Protection
 SQLi
 XSS
 Easy Automated Setup with Cloud
Formation Templates
 Setup Time: ~1 min
Customizable Protection
 Flexible Rules Engine
 Size Constraint Rules, Body
Inspection
 Lambda Based Protection
 Open Source GitHub Repository
Automated Protections

Demo 1: Easy automated setup
Protection Against Common Attacks
 SQL injection attacks
 Cross-site scripting attacks
 IP Blacklist Edge
Location
Amazon
CloudFront
Elastic Load
Balancing
Amazon
RDS
Amazon
EC2
AWS
CloudFormationAWS WAF

Demo 2: Lambda based automated protection
• Problem: HTTP Requesters Overwhelm Web Servers or Database
Servers
• Solution: Count Number of requests in CloudFront access logs and
block offenders
Attackers
HTTP Floods (Rate Based Blacklisting)

Demo 2: Lambda based automated protection
HTTP Floods (Rate Based Blacklisting)
Good users
(allowed on src
ip)
Bad users
(blocked on src ip)
Amazon
CloudFront
Elastic Load
Balancing
Amazon
EC2
Amazon
RDS
AWS WAF CloudFront
Logs in S3
AWS
Lambda
Amazon
CloudWatch
1
3
2 4
AWS
CloudFormation
Stack

Demo 2: Lambda Based Automated Protection

More Lambda based automated protection
HTTP floods Scans & probesIP reputation lists Bots & scrapers
Attackers
• Ready to use as-is
• And Customizable

Session Takeaways
CloudFront In Front of your
Websites and APIs
 TLS/SSL Acceleration
 Improve Application
performance without caching
 Inherent DDoS Protection
AWS WAF for Automated
Protection
 Easy Setup. Get started within
minutes
https://aws.amazon.com/waf/pr
econfiguredrules/
 Customizable Automated
Protection.
https://github.com/awslabs/aws
-waf-sample

Thank you!
@cloudfront
https://aws.amazon.com/waf/
CloudFront.com

Contenu connexe

En vedette

AWS launched in 2006, and since then we have released more than 530 services, features, and major announcements. Every year, we outpace the previous year in launches and are continuously accelerating the pace of innovation across the organization. Ever wonder how we formulate customer-centric ideas, turn them into features and services, and get them to market quickly? This session dives deep into how an idea becomes a service at AWS and how we continue to evolve the service after release through innovation at every level. We even spill the beans on how we manage operational excellence across our services to ensure the highest possible availability. Come learn about the rapid pace of innovation at AWS, and the culture that formulates magic behind the scenes.

AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...

Amazon Web Services

Scmp aws digitalmedia_2013

Amazon Web Services

AWS Summit Auckland 2014 | Black Belt Tips on AWS

Amazon Web Services

Customer Sharing: HTC - What is in AWS Cloud for me?

Amazon Web Services

Many companies recognize the use of data analytics as an opportunity to better understand their customers and gain a lead on their competition. The ability to get better insight from vast amounts of unstructured data, coming from a multitude of sources, can give businesses the advantage in an industry where even the smallest improvement can mean a big difference. Amazon Web Services offers a range of big data, analytics and storage solutions that are used by companies such as NASDAQ, Bankinter and S&P Capital to deliver a highly secure and agile platform. Join this session and learn how it allows customers to start on a small scale but grow as their business requires, giving them the agility they need to deliver cutting edge solutions to their customers without any upfront CAPEX investment.

AWS Big Data Analytics IP Expo 2013

Amazon Web Services

In the event of a disaster, you need to be able to recover lost data quickly to ensure business continuity. For critical applications, keeping your time to recover and data loss to a minimum as well as optimizing your overall capital expense can be challenging. This session presents AWS features and services along with Disaster Recovery architectures that you can leverage when building highly available and disaster resilient applications. We will provide recommendations on how to improve your Disaster Recovery plan and discuss example scenarios showing how to recover from a disaster.

Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency

Amazon Web Services

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Getting Started with AWS Security

Amazon Web Services

Intended for customers who have (or will have) thousands of instances on AWS, this session is about reducing the complexity of managing costs for these large fleets so they run efficiently. Attendees will learn about common roadblocks that prevent large customers from cost optimizing, tools they can use to efficiently remove those roadblocks, and techniques to monitor their rate of cost optimization. The session will include a case study that will talk in detail about the millions of dollars saved using these techniques. Customers will learn about a range of templates they can use to quickly implement these techniques, and also partners who can help them implement these templates.

Cost Optimization at Scale

Amazon Web Services

AWS Summit Tel Aviv - Enterprise Track - Enterprise Apps and Hybrid

Amazon Web Services

Getting Started with Amazon Aurora

Amazon Web Services

Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...

Amazon Web Services

Wild rydes serverless website workshop

Amazon Web Services

Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...

Amazon Web Services

In recent years, more and more enterprises notice about what values of Big Data can bring, and willing to devote more resources to Big Data field. Doing Hadoop for PoC and further for running in PROD. In common cases, enterprises need to get their servers first for running their Hadoop. By now, thanks for the popularity of Hadoop　and its ecosystem. Enterprises have another choice for doing Hadoop, which is, doing it on Public Cloud platforms, such as Amazon, etc. Trend Micro also noticed this trends for Big Data on the cloud, and would like to leverage its elasticity to enable more chances to find more values from our Big Data with less of constraints. In this sharing, we would like to introduce our common Big Data computation platform - Analytic Engine (AE), which is a simple RESTful API service running on AWS for Trenders, with features, such as createCluster, deleteCluster and submitJob, etc. By now, Trenders can run their research jobs, and furthermore, build their own PoC/Staging/PROD levels of services based on AE, to get any computation resources they want, anytime and anyplace in Trend Micro, just by few RESTful API calls.

Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...

Amazon Web Services

AWS provides a platform that is ideally suited for deploying highly available and reliable systems that can scale with a minimal amount of human interaction. This talk describes a set of architectural patterns that support highly available services that are also scalable, low cost, low latency and allow for agile development practices. We walk through the various architectural decisions taken for each tier and explain our choices for appropriate AWS services and building blocks to ensure the security, scale, availability and reliability of the application.

AWS Summit Sydney 2014 | Running your First Application on AWS

Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. As an IoT developer, you will need to interact with AWS services like Amazon Kinesis, AWS Lambda, and Amazon Machine Learning to get the most from your IoT application. In this session, we will do a deep dive on how to define rules in the Rules Engine, or retrieve the last known and desired state of device using Device Shadows, routing data from devices to AWS services to leverage the entire cloud for your Internet of Things application.

Deep Dive on AWS IoT

Amazon Web Services

In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.

Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options

Amazon Web Services

AWSome Day Kuala Lumpur - Opening Keynote, Rick Harshman

Amazon Web Services

Maximizing Business Value as You Migrate to AWS

Amazon Web Services

Whether you're a startup getting to profitability or an enterprise optimizing spend, it pays to run cost-efficient architectures on AWS. Dive deep into techniques used by successful customers to reduce waste and fine-tune their AWS spending, often with improved performance and a better end-customer experience. Some techniques covered in this session: Learn how to make the most of Auto Scaling, develop an effective Spot Instance strategy, and optimize for your daily traffic cycles. Learn techniques to tier storage, offload your static content to Amazon S3 and Amazon CloudFront, reduce your database loads with edge caching, spawn part-time databases, pool resources across accounts, and even teach your dev/test instances to sleep. Showcasing easily-applicable methods, this session could be your best invested hour all day.

Running Lean and Mean: Designing Cost-efficient Architectures on AWS (ARC313)...

Amazon Web Services

En vedette (20)

AWS Summit Auckland 2014 | Managing the Pace of Innovation: Behind the Scenes...

Scmp aws digitalmedia_2013

AWS Summit Auckland 2014 | Black Belt Tips on AWS

Customer Sharing: HTC - What is in AWS Cloud for me?

AWS Big Data Analytics IP Expo 2013

Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum Efficiency

Getting Started with AWS Security

Cost Optimization at Scale

AWS Summit Tel Aviv - Enterprise Track - Enterprise Apps and Hybrid

Getting Started with Amazon Aurora

Media Content Ingest, Storage, and Archiving with AWS - John Downey, Amazon W...

Wild rydes serverless website workshop

Zombie Apocalypse Workshop by Warren Santer and Kyle Somers, Solutions Archit...

Customer Sharing: Trend Micro - Analytic Engine - A common Big Data computati...

AWS Summit Sydney 2014 | Running your First Application on AWS

Deep Dive on AWS IoT

Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options

AWSome Day Kuala Lumpur - Opening Keynote, Rick Harshman

Maximizing Business Value as You Migrate to AWS

Running Lean and Mean: Designing Cost-efficient Architectures on AWS (ARC313)...

Plus de Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Dernier

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

DBX First Quarter 2024 Investor Presentation

Dropbox

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

MINDCTI Revenue Release Quarter One 2024

MIND CTI

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Dernier (20)

Manulife - Insurer Transformation Award 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

A Year of the Servo Reboot: Where Are We Now?

Automating Google Workspace (GWS) & more with Apps Script

Exploring the Future Potential of AI-Enabled Smartphone Processors

FWD Group - Insurer Innovation Award 2024

Data Cloud, More than a CDP by Matt Robison

Apidays New York 2024 - The value of a flexible API Management solution for O...

How to Troubleshoot Apps for the Modern Connected Worker

DBX First Quarter 2024 Investor Presentation

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

MINDCTI Revenue Release Quarter One 2024

A Beginners Guide to Building a RAG App Using Open Source Milvus

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Artificial Intelligence Chap.5 : Uncertainty

Boost Fertility New Invention Ups Success Rates.pdf

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Why Teams call analytics are critical to your entire business

Automating Content Protection at the Edge

2. Agenda • Brief WAF Overview • Demos • Conclusion

3. Why use a WAF? Application Vulnerabilities Good users Bad guys Web server Database Exploit code

4. Use case for a WAF Content Abuse Good users Bad guys Web server Database

5. Another use case for a WAF Application DDoS Good users Bad guys Web server Database

6. What is AWS WAF? Edge Location AWS WAF Amazon CloudFront Elastic Load Balancing Amazon EC2 Amazon RDS

7. What is AWS WAF?

8. Customer case study Customer: Magazine Luiza • Large eCommerce platform in Brazil > than 700 stores Requirements: • Wanted protection days before Black Friday • Needed APIs for automation • Needed fast rule updates • Needed high-scale blocking

9. Customer categories for AWS WAF Ready-to-use Protection  SQLi  XSS Customizable Protection  Flexible Rules Engine  Size Constraint Rules, Body Inspection

10. Customer categories for AWS WAF Ready-to-use Protection  SQLi  XSS  Easy Automated Setup with Cloud Formation Templates  Setup Time: ~1 min Customizable Protection  Flexible Rules Engine  Size Constraint Rules, Body Inspection  Lambda Based Protection  Open Source GitHub Repository Automated Protections

11. Demo 1: Easy automated setup Protection Against Common Attacks  SQL injection attacks  Cross-site scripting attacks  IP Blacklist Edge Location Amazon CloudFront Elastic Load Balancing Amazon RDS Amazon EC2 AWS CloudFormationAWS WAF

12. Demo 1: Easy Automated Setup

13. Demo 2: Lambda based automated protection • Problem: HTTP Requesters Overwhelm Web Servers or Database Servers • Solution: Count Number of requests in CloudFront access logs and block offenders Attackers HTTP Floods (Rate Based Blacklisting)

14. Demo 2: Lambda based automated protection HTTP Floods (Rate Based Blacklisting) Good users (allowed on src ip) Bad users (blocked on src ip) Amazon CloudFront Elastic Load Balancing Amazon EC2 Amazon RDS AWS WAF CloudFront Logs in S3 AWS Lambda Amazon CloudWatch 1 3 2 4 AWS CloudFormation Stack

15. Demo 2: Lambda Based Automated Protection

16. More Lambda based automated protection HTTP floods Scans & probesIP reputation lists Bots & scrapers Attackers • Ready to use as-is • And Customizable

17. Session Takeaways CloudFront In Front of your Websites and APIs  TLS/SSL Acceleration  Improve Application performance without caching  Inherent DDoS Protection AWS WAF for Automated Protection  Easy Setup. Get started within minutes https://aws.amazon.com/waf/pr econfiguredrules/  Customizable Automated Protection. https://github.com/awslabs/aws -waf-sample

18. Thank you! @cloudfront https://aws.amazon.com/waf/ CloudFront.com

Notes de l'éditeur

Ecommerce customers often fights against bots that scrape pricing details Customers use AWS WAFs to find and block content abuse cases.
Finally, Sometimes bad actors want to bring down a web site, using regular web requests. Attacker often target slow parts of a web site. Customers use WAFs to block these requests before they reach web server infrastructure.
AWS WAF integrates with Amazon CloudFront and sits between users and the web server. By integrating with CloudFront, we keep request latency very low. In fact, rule execution typically takes less than 1 ms. The goal is to block all of the bad stuff and let all of the good stuff in Web application firewall (WAF) that gives you control over who (or what) can access your web applications. Integrated with Amazon CloudFront Protection against exploits, abuse, and application DDoS
AWS WAF integrates with CloudFront and sits between users and the web server. By integrating with CloudFront, we keep request latency very low. In fact, rule execution typically takes less than 1 ms. The goal is to block all of the bad stuff and let all of the good stuff in
AWS WAF gives customers the web security features they need, but with a unique approach to security: Ready-to-use (preconfigured rule sets) Pre configured Cloud Formation Templates for most common attacks example: SQLi, XSS, IP Blacklists Customizable rules Investment in Rules engine Security Automation: Open source GitHub repository with easily deployable code (using AWS Lambda)
This demo shows you how to use readily available CFT to quickly configure AWS WAF to protect against the following common attacks
This demo shows you how to use readily available CFT to quickly configure AWS WAF to protect against the following common attacks
Customizable = Example: If you want your own Reputation lists, you can easily integrate it with this.
This demo shows you how to use readily available CFT to quickly configure AWS WAF to protect against the following common attacks

Automating Content Protection at the Edge

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Dernier

Dernier (20)

Automating Content Protection at the Edge

Notes de l'éditeur