Ruby on Rails security in your Continuous Integration

•

2 likes•2,863 views

Sqreen (https://www.sqreen.io) describes how open-source public tools can help improve your software security in your Continuous Integration cycle. This presentation focus on Ruby on Rails and uses open source Ruby gems as well as Jenkins, an open source CI tool. Two tools are presented. Arachni (https://github.com/Arachni/arachni) is a dynamic security analysis tool. It need some special scripting to get integrated to Jenkins (ask me!). Brakeman (https://github.com/presidentbeef/brakeman), a static analysis tool, targets Ruby on Rails applications source code. It can be easily integrated to Jenkins thanks to an existing plug-in. This method can make the reports hard to understand and process systematically in a CI work flow. Jean-Baptiste Aviat, Sqreen CTO

Software

Conﬁdential & proprietary © Sqreen, 2015
Rails Security Continuous Integration
We make products antifragile.

Conﬁdential & proprietary © Sqreen, 2015
–Agent Smith
“Never send a human to
do a machine's job.”

Conﬁdential & proprietary © Sqreen, 2015
Continuous Integration
Quality: automate everything you can
Unit tests at every commit
Integration tests at every commit
Test against a production like stack
Maximize conﬁdence for every commit

Conﬁdential & proprietary © Sqreen, 2015
–Edsger W. Dijkstra
“Testing shows the presence,
not the absence of bugs.”

Conﬁdential & proprietary © Sqreen, 2015
Static & Dynamic analysis

Conﬁdential & proprietary © Sqreen, 2015
Static analysis - Brakeman
http://brakemanscanner.org/
Written in Ruby
Dedicated to Ruby on Rails
Open source: https://github.com/presidentbeef/brakeman
Podcast: Ruby Rogues #219

Conﬁdential & proprietary © Sqreen, 2015
Static analysis - Jenkins integration
Jenkins plugin:
https://wiki.jenkins-ci.org/display/JENKINS/Brakeman+Plugin
Install Gem on test server
Add an adequate test to Jenkins
Done.

Conﬁdential & proprietary © Sqreen, 2015
Dynamic analysis - Arachni
http://www.arachni-scanner.com/
Written in Ruby
Compatible with any Web application
Open source: https://github.com/Arachni/arachni/
Powerful but complex

Conﬁdential & proprietary © Sqreen, 2015
Dynamic analysis - Jenkins integration
No Jenkins plugin
Do it yourself JUnit XML (contact me)
Order tests by sensitivity
Set a short timeout
Dynamic tests: the faster server the better
Puma did well

Conﬁdential & proprietary © Sqreen, 2015
Demo

Conﬁdential & proprietary © Sqreen, 2015
Brakeman detects 2 XSS

Conﬁdential & proprietary © Sqreen, 2015
Brakeman detected XSS details
Undetected
issue
Fake issue:
@secure
is static!
Real XSS

Conﬁdential & proprietary © Sqreen, 2015
Arachne scan result

Conﬁdential & proprietary © Sqreen, 2015
Arachne issue details

Conﬁdential & proprietary © Sqreen, 2015
Issues
False positives lower CI conﬁdence
Cannot test against production (dangerous), lead to more false
positives
Tools updates depend on maintainers will
Need to iteratively adapt your code
Vulnerabilities debt (legacy)
Security tests are not written by you
Need deep attack knowledge to understand them

Conﬁdential & proprietary © Sqreen, 2015
Sqreen: you code, we protect
We automatically protect your apps
Strong and transparent
Beta program available:
Come and see me if you have Rails or Sinatra based
applications
Sqreen is hiring : http://sqreen.io/jobs.html

What's hot

DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...

Lacework

Lacework | Top 10 Cloud Security Threats

Lacework

Mitigate Security Threats with SIEM

Akamai Developers & Admins

Self Service for IT Infrastructure

Cisco DevNet

Security in OSS DevOps

Cheah Eng Soon

Better Bug Stomping with Zend Studio and Zend Server

Zend by Rogue Wave Software

Enforce compliance policy with model-driven automation

Puppet

You don’t need to be a security expert to protect your organisations data in the cloud. You don’t need to be a security expert to protect your workloads on AWS. You just need to be informed of the many security tools available in AWS, and learn how to use them. Taking a highly automated approach to security, you can use key features of the AWS Cloud to transform security in your organisation. As with infrastructure as an API, security as an API allows you to move rapidly & stay secure. From AWS security groups, to virtual private networks, to security tools, you need to learn how to automate and accelerate. In this talk, you’ll see how various AWS features and cloud-aware security controls can work together to protect your deployments. Using real-world examples, you’ll come away with an understanding of steps you can take to ensure that you maximise the security of your deployment while minimising the work it takes to keep it secure. You will learn a logical approach to modern security that you can immediately apply to your own AWS deployments. You will learn how to use security tools and techniques to help you build with confidence.

Using Security To Build  With Confidence In AWS - Trend Micro

Amazon Web Services

Using Security To Build With Confidence You don’t need to be a security expert to protect your organisations data in the cloud. You don’t need to be a security expert to protect your workloads on AWS. You just need to be informed of the many security tools available in AWS, and learn how to use them. Taking a highly automated approach to security, you can use key features of the AWS Cloud to transform security in your organisation. As with infrastructure as an API, security as an API allows you to move rapidly & stay secure. From AWS security groups, to virtual private networks, to security tools, you need to learn how to automate and accelerate. In this talk, you’ll see how various AWS features and cloud-aware security controls can work together to protect your deployments. Using real-world examples, you’ll come away with an understanding of steps you can take to ensure that you maximise the security of your deployment while minimising the work it takes to keep it secure. You will learn a logical approach to modern security that you can immediately apply to your own AWS deployments. You will learn how to use security tools and techniques to help you build with confidence.

Using Security To Build With Confidence - Session Sponsored by Trend Micro

Amazon Web Services

In Practical DevSecOps - DevSecOps Live online meetup, you’ll learn Automating security tests using Selenium and OWASP ZAP. Join Srinivas, Red Team Member at Banking Industry, also Offensive Security Certified Professional(OSCP) and Offensive Security Certified Expert(OSCE. He will cover Automating security tests using Selenium and OWASP ZAP. In this intriguing meetup, you will learn: 1. Introduction to automated vulnerability scans and their limitations. 2. A short introduction to how functional tests can be useful in performing robust security tests. 3. Introduction to selenium and OWASP ZAP 4. Proxying selenium tests through OWASP ZAP 5. Invoking authenticated active scans using OWASP ZAP 6. Obtaining scan reports … and more useful takeaways!

Automating security test using Selenium and OWASP ZAP - Practical DevSecOps

Mohammed A. Imran

Set up a Development Environment in 5 Minutes

Akamai Developers & Admins

All Your Containers Are Belong To Us

Lacework

Principles Of Chaos Engineering - Chaos Engineering Hamburg

Nils Meder

Terraform, the first multi-vendor infrastructure tool from HashiCorp, helps you build, update, and version your infrastructure safely and efficiently. We love it for the simple syntax and because it lets us combine infrastructure from multiple vendors - reducing complexity and the effort that goes into managing multiple infrastructures. In this webinar we’ll explain what the Akamai Terraform Provider includes, how you can get started with the Akamai Terraform Provider, and we’ll showcase a demo for a variety of use-cases we documented from early adopters.

Manage Your Akamai-as-Code with Terraform

Akamai Developers & Admins

Deployment Automation & Self-Healing with Dynatrace & Ansible

Jürgen Etzlstorfer

Infrastructure as Code

Prasant Kumar

BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back

Lacework

Automated Intrusion Detection and Response on AWS

Teri Radichel

When is the last time when you pushed an update to .NET framework in a production environment? Did you define an updated process of .NET framework for production environments? Is the support team aware about what can happen if a security update is not pushed to the machines? In this session we will take a look on some security problems that .NET framework has and what can happen if we don't take security into account. We will take a look on different versions of .NET (including .NET Core). Best practives related to this topic will be covered and debated.

.NET Security (Radu Vunvulea)

Radu Vunvulea

Ignite Denver - Robots!

360|Conferences

What's hot (20)

DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...

Lacework | Top 10 Cloud Security Threats

Mitigate Security Threats with SIEM

Self Service for IT Infrastructure

Security in OSS DevOps

Better Bug Stomping with Zend Studio and Zend Server

Enforce compliance policy with model-driven automation

Using Security To Build  With Confidence In AWS - Trend Micro

Using Security To Build With Confidence - Session Sponsored by Trend Micro

Automating security test using Selenium and OWASP ZAP - Practical DevSecOps

Set up a Development Environment in 5 Minutes

All Your Containers Are Belong To Us

Principles Of Chaos Engineering - Chaos Engineering Hamburg

Manage Your Akamai-as-Code with Terraform

Deployment Automation & Self-Healing with Dynatrace & Ansible

Infrastructure as Code

BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back

Automated Intrusion Detection and Response on AWS

.NET Security (Radu Vunvulea)

Ignite Denver - Robots!

Viewers also liked

How to-use-buffer-by-ella

Eleaza Rose Devilleres

From Second Screen to Multi-Screen: We Are Social's Guide to Social Screens

We Are Social Singapore

In this session I will present best practices of how open source tools (used in the DevOps and security communities) can be properly chained together to form a framework that can - as part of an agile software development CI chain - perform automated checking of certain security aspects. This does not remove the requirement for manual pentests, but tries to automate early security feedback to developers. Ultimately the aim is to free pentesters’ time by continuously reducing the amount of recurring (easy to find) default findings, so that pentesters can use that time to focus on the really high-hanging fruits. Based on my experience of applying SecDevOps techniques to projects, I will present the glue steps required on every commit and at nightly builds to achieve different levels of depth in automated security testing during the CI workflow. I will conclude with a "SecDevOps Maturity Model" of different stages of automated security testing and present concrete examples of how to achieve each stage with open source security tools.

Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...

Christian Schneider

SteadyBudget's Seed Funding Pitch Deck

Shape Integrated Software

Short talk about presentations given at Startup Dynamo, a workshop held by Startup@Singapore NUS using the Learn Startup Methodology. My segment was on Presentation Design to make an impact on VCs. Many thanks to @ryanlou for the invite. And not to forget Emiland De Cubber for his amazing slide deck inspirations and invaluable advice. Disclaimer: this is a reimagination off some of Emiland's presentations. I do not make any money of this. Download for just a tweet: http://goo.gl/fbM4j Want something similar done for your next pitch? Contact me at my site: http://itseugene.me/contact/

7 Tips to Beautiful PowerPoint by @itseugenec

Eugene Cheng

The Minimum Loveable Product

The Happy Startup School

How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)

Board of Innovation

The Seven Deadly Social Media Sins

XPLAIN

Five Killer Ways to Design The Same Slide

Crispy Presentations

For the newest version of this presentation, always go to: 4ourth.com/tppt For the latest video version, see: 4ourth.com/tvid Presented at ConveyUX in Seattle, 7 Feb 2014 For the newest version of this presentation, always go to: 4ourth.com/tppt For the latest video version, see: 4ourth.com/tvid We are finally starting to think about how touchscreen devices really work, and design proper sized targets, think about touch as different from mouse selection, and to create common gesture libraries. But despite this we still forget the user. Fingers and thumbs take up space, and cover the screen. Corners of screens have different accuracy than the center. It's time to re-evaluate what we think we know. Steven reviews his ongoing research into how people actually interact with mobile devices, presents some new ideas on how we can design to avoid errors and take advantage of this new knowledge, and leaves you with 10 (relatively) simple steps to improve your touchscreen designs tomorrow.

How People Really Hold and Touch (their Phones)

Steven Hoober

Upworthy: 10 Ways To Win The Internets

Upworthy

What 33 Successful Entrepreneurs Learned From Failure

ReferralCandy

Design Your Career 2018

Slides That Rock

Why Content Marketing Fails

Rand Fishkin

The History of SEO

HubSpot

Inside this guide, you'll learn an insiders tips and techniques to getting into the marketing industry - no job applications necessary. You'll learn what marketing really is, why you'll find a job easily, what entry level marketing jobs look like and four actionable things you can try right now to help get you into the marketing industry. Visit Inbound.org and the Inbound.org/jobs community jobs board to find opportunities and connect with professional marketers from all over.

How To (Really) Get Into Marketing

Ed Fry

Why "What If"...? The What If Technique tackles the challenge of engaging a creative, disruptive mindset when it comes to design thinking and crafting innovative user experiences. Thinking disruptively is a disruptive thing to do, which means it's a very hard thing to do, especially when you add in risk-averse business leaders and company cultures, who hold on tight to psychological blocks, corporate lore, and excuse personas that stifle creativity and possibilities (see www.motivatedesign.com/what-if for more details). The What If Technique offers key steps, tools and examples to help you achieve incremental changes that promote disruptive thinking, overcome barriers to creativity, and lead to big, innovative differences for business leaders, companies, and ultimately user experiences and products. Let's find out what's what together! Explore your "What Ifs" with us. See www.motivatedesign.com/what-if for details about the What If Technique, studio workshops, the book, case studies and more downloads--including a the sample chapter "Corporate Lore and Blocks to Creativity" Connect with us @Motivate_Design

The What If Technique presented by Motivate Design

Motivate Design

Displaying Data

Bipul Deb Nath

10 Powerful Body Language Tips for your next Presentation

SOAP Presentations

Crap. The Content Marketing Deluge.

Velocity Partners

Viewers also liked (20)

How to-use-buffer-by-ella

From Second Screen to Multi-Screen: We Are Social's Guide to Social Screens

Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...

SteadyBudget's Seed Funding Pitch Deck

7 Tips to Beautiful PowerPoint by @itseugenec

The Minimum Loveable Product

How I got 2.5 Million views on Slideshare (by @nickdemey - Board of Innovation)

The Seven Deadly Social Media Sins

Five Killer Ways to Design The Same Slide

How People Really Hold and Touch (their Phones)

Upworthy: 10 Ways To Win The Internets

What 33 Successful Entrepreneurs Learned From Failure

Design Your Career 2018

Why Content Marketing Fails

The History of SEO

How To (Really) Get Into Marketing

The What If Technique presented by Motivate Design

Displaying Data

10 Powerful Body Language Tips for your next Presentation

Crap. The Content Marketing Deluge.

Similar to Ruby on Rails security in your Continuous Integration

Delivering small and fast means we are more frequently introducing new vulnerabilities. We're facing new threats that come from cloud computing and the internet of things.Traditional cycles of pentests and code reviews are not keeping up. DevSecOps focuses on integrating security in our processes and teams. Automate first and fail fast will help build security in, and will also support the growth of awareness in the teams. Kim will show the practical lessons learned from her journey. Get an overview of the current continuous security landscape and the practical insights and pitfalls.

Kim van Wilgen - Continuous security - Codemotion Amsterdam 2019

Codemotion

Agile is maturing in delivering incremental change. We innovate through data-driven experiments, enabled through continuous delivery and evolutionary architectures. Delivering small and fast means we are more frequently introducing new vulnerabilities. We are also facing new threats that come from increased integration through cloud computing and the internet of things. Traditional cycles of penetration tests and code reviews are not keeping up with the accelerated delivery pace unless these processes are also automated. DevSecOps focusses on integrating security in our processes and teams. Automate security first and fail fast will help build security in, but will also support the growth of awareness in the teams. Kim will show the lessons learned from her journey to Continuous security at ANVA, securing their open SaaS cloud platform for insurance software. Get an overview of the current continuous security landscape and the practical insights and pitfalls. And learn how security can be fun.

Continuous security

Kim van Wilgen

Kim van Wilgen - Continuous security - Codemotion Rome 2019

Codemotion

The presentation focuses on the responsibilities, practices, processes, tools, and techniques that systematically increase security in the software development lifecycle (SSDLC). Software should be provisioned uniformly declarative regardless of whether software artifacts are produced in-house or purchased. This is the foundation for effective quality and security standardization, which are key facilitators of reliability engineering.

Shift Left Security

BATbern

SPI Dynamics web application security 101

Wade Malone

AWS live hack: Atlassian + Snyk OSS on AWS

Eric Smalling

Security process should be integrated with SDLC well to be successful. While many companies have already moved from Waterfall to Agile methodologies security remains behind more often than not. We have demonstrated in our presentation how security can move to agile by utilizing open source tools, customizing them to meet our needs and to implement a continuos security testing using dynamic scanners as well as manual testing. It’s very important also to assure that false positives are not fed to the developers bug tracking systems and to assign a severity for each finding correctly. To make it happen we import all our findings to a security dashboard and review them before exporting to a bug tracking system.

Making Security Agile

Oleg Gryb

Security as Code: DOES15

Ed Bellis

Security in the cloud is fundamentally different. Not so much due to the technology--though there's plenty of differences there--but more with respect to the way that security is applied and how it's run. Over the past few years, we've seen a radical shift in how development and operational teams work together. Security teams have been left out in the cold and are still viewed as the "No" team. It doesn't have to be that way. Cloud technologies have enabled new work flows and models for businesses and other teams...security is no different. We just have to wake up and take advantage of the new ecosystem. When security teams embrace change, the boundaries start to dissolve and security can finally be built in instead of bolted on. In this session, we'll look at some of the challenges involved in this shift, how it impacts your teams, your skill set, and how a modern approach to defence will improve your security posture. Presented at BC Aware Day, 31-Jan-2017

Security Teams & Tech In A Cloud World

Mark Nunnikhoven

Kubernetes has become the default way for many organizations to scale and orchestrate their use of containers. However, organizations are starting to find themselves needing to take the necessary steps to protect their containers. Automating security checks throughout the development life cycle can help reduce risk and allow organizations to develop and deploy securely. Join Shiri Ivstan, Senior Product Manager at WhiteSource and Yaniv Peleg Tsabari, Senior Director of Product Management at Alcide, as they explore the world of security in Kubernetes and discuss: The security risks associated with open-source code and Kubernetes environments Supply Chain: Continuous Security throughout the CI/CD pipeline Security aspects throughout the development cycle, such as Image Scanning, Image Assurance, K8s Configuration hygiene and more. How to automate policies with respect to the above techniques throughout the CI/CD pipeline in order to facilitate more secure application deployments.

360° Kubernetes Security: From Source Code to K8s Configuration Security

DevOps.com

DevOps is changing the way that organizations design, build, deploy and operate online systems. Engineering teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Security must be reinvented in a DevOps world and take advantage of the opportunities provided by continuous integration and delivery pipelines. In this talk, we start with a case study of an organization trying to leverage the power of Continuous Integration (CI) and Continuous Delivery (CD) to improve their security posture. After identifying the key security checkpoints in the pre-commit, commit, acceptance, and deployment lifecycle phases, we will explore how unit testing and static analysis fit into DevSecOps. Live demonstrations will show how to identify vulnerabilities pre-commit inside the Visual Studio development environment, and how to enforce security unit tests and static analysis in a Jenkins continuous integration (CI) build pipeline. Attendees will walk away with a better understanding of how security fits into DevOps, and an open source .NET static analysis engine to help secure your organization’s applications.

Secure DevOps: A Puma's Tail

Puma Security, LLC

Building a secure system is like constructing a good pizza – each individual layer adds flavor that ultimately builds to the perfect bite. At Netflix we have hand-crafted ingredients that by themselves are scrumptious, but when placed together strategically on the crust (read: cloud), constructs a pizza so large that any pizza lover (read: attacker) would be challenged to finish. Attendees will learn the secret to the sauce that is Netflix Infrastructure Security and how even defensive appsec tooling like Signal Sciences can be used in the mix to be better equipped to start baking pizza in their own kitchen, and leave satisfied.

Reducing Risk of Credential Compromise at Netflix

SBWebinars

Making Security Agile - Oleg Gryb

SeniorStoryteller

This presentation was given at the Techno Security & Forensics Investigations Conference in Myrtle Beach, SC on June 2, 2015. Abstract: Manual application security testing alone doesn't cut it anymore -- scanning with SAST, DAST, and IAST tools is necessary to achieve security at portfolio scale; but as agile development practices become more popular, tool-assisted security reviews used as gates to production become more disruptive and expensive. While development teams evolve toward continuous release and deployment, the security industry continues to use the same paradigms developed 15 years ago. If organizations hope to produce more secure code at DevOps speed, something has to change. This session will describe how many of the application security tasks performed manually today can be automated to allow security professionals to look for novel security problems, rather than just low-hanging fruit. I'll explain 1) How open source and commercial tools can add value when integrated into the development lifecycle; 2) How using security tools as automated sensors can improve security visibility and provide real-time actionable intelligence; and 3) How automating simple security tasks can free up security teams to work on real security challenges. We'll also describe some common pitfalls when incorporating security into development, as well as real-world solutions learned from our work in this area over the past 6 years.

Automating Your Tools: How to Free Up Your Security Professionals for Actual ...

Kevin Fealey

AppSec California 2016 - Making Security Agile

Oleg Gryb

Using Security to Build with Confidence in AWS - Trend Micro

Amazon Web Services

You can't control what you can't see. Security observability is an intrinsic attribute of an application that provides direct observation of software vulnerabilities and attempted exploits as they happen, in order to allow rapid proactive remediation and prevention. Security Observability can be achieved by taking an instrumentation based approach that provides continuous visibility and exposure of vulnerabilities and threats and their context from within the software itself. This approach is particularly appropriate for cloud-based and hybridized distributed environments, because the instrumentation is agnostic to deployment methodologies and runtime environments. A demonstration will be provided that demonstrates the benefits of this approach for both custom code and open source dependencies, as well as across the software development lifecycle, showing both the rapid pinpointing of line-of-code level vulnerabilities for developers, and realtime exploit prevention in production.

Security Observability for Cloud Based Applications

John Varghese

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Amazon Web Services

Devops security-An Insight into Secure-SDLC

Suman Sourav

In today’s inter-connected world, the statistics are against you for a secure API. It is not a matter of if but when one simple breach can make front page news, tarnish your organization’s reputation, and cause problems not only for your organization but for external consumers of your API as well. With such loaded consequences, testing and validating access to your application or device for security vulnerabilities needs to become an industry standard. In this session, you'll learn: Shift left your security testing efforts and establish a continuous security testing process Perform API security penetration testing Extend existing functional tests with security scenarios Correlate security vulnerabilities to business requirements

LF_APIStrat17_Bulletproofing Your API's

LF_APIStrat

Similar to Ruby on Rails security in your Continuous Integration (20)

Kim van Wilgen - Continuous security - Codemotion Amsterdam 2019

Continuous security

Kim van Wilgen - Continuous security - Codemotion Rome 2019

Shift Left Security

SPI Dynamics web application security 101

AWS live hack: Atlassian + Snyk OSS on AWS

Making Security Agile

Security as Code: DOES15

Security Teams & Tech In A Cloud World

360° Kubernetes Security: From Source Code to K8s Configuration Security

Secure DevOps: A Puma's Tail

Reducing Risk of Credential Compromise at Netflix

Making Security Agile - Oleg Gryb

Automating Your Tools: How to Free Up Your Security Professionals for Actual ...

AppSec California 2016 - Making Security Agile

Using Security to Build with Confidence in AWS - Trend Micro

Security Observability for Cloud Based Applications

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Devops security-An Insight into Secure-SDLC

LF_APIStrat17_Bulletproofing Your API's

Recently uploaded

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

masabamasaba

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

masabamasaba

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in Tembisa ● Abortion Pills For Sale in Tembisa ● Tembisa 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

ADR, or Architecture Decision Record, is a valuable tool in software development for several reasons. It provides a centralized location for documenting and tracking architectural decisions, aiding both current and future team members. ADRs enhance communication among team members by documenting the rationale behind architectural decisions, especially beneficial during onboarding of new team members or when revisiting decisions. They serve as a knowledge base, enabling teams to learn from past decisions and refine their decision-making process. Additionally, ADRs contribute to transparency by helping stakeholders understand the reasons behind specific architectural choices. As with any other tool or process, introducing them into an organization can face several obstacles, and overcoming these challenges is crucial for successful implementation. In this talk I go through some common problems and our way of solving them.

Architecture decision records - How not to get lost in the past

Papp Krisztián

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview

masabamasaba

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

masabamasaba

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

WSO2

%in Harare+277-882-255-28 abortion pills for sale in Harare

masabamasaba

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

masabamasaba

Software Quality Assurance Interview Questions

Arshad QA

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...

masabamasaba

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Recently uploaded (20)

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

Microsoft AI Transformation Partner Playbook.pdf

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

WSO2CON 2024 - Does Open Source Still Matter?

Announcing Codolex 2.0 from GDK Software

8257 interfacing 2 in microprocessor for btech students

Architecture decision records - How not to get lost in the past

%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

%in Harare+277-882-255-28 abortion pills for sale in Harare

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

Software Quality Assurance Interview Questions

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Ruby on Rails security in your Continuous Integration

2. Conﬁdential & proprietary © Sqreen, 2015 Jean-Baptiste Aviat Sqreen CTO (https://sqreen.io) Former Apple software security engineer Former white hat hacker Twitter: @JbAviat Email: jb@sqreen.io

4. Conﬁdential & proprietary © Sqreen, 2015 Continuous Integration Quality: automate everything you can Unit tests at every commit Integration tests at every commit Test against a production like stack Maximize conﬁdence for every commit

7. Conﬁdential & proprietary © Sqreen, 2015 Static analysis - Brakeman http://brakemanscanner.org/ Written in Ruby Dedicated to Ruby on Rails Open source: https://github.com/presidentbeef/brakeman Podcast: Ruby Rogues #219

8. Conﬁdential & proprietary © Sqreen, 2015 Static analysis - Jenkins integration Jenkins plugin: https://wiki.jenkins-ci.org/display/JENKINS/Brakeman+Plugin Install Gem on test server Add an adequate test to Jenkins Done.

9. Conﬁdential & proprietary © Sqreen, 2015 Dynamic analysis - Arachni http://www.arachni-scanner.com/ Written in Ruby Compatible with any Web application Open source: https://github.com/Arachni/arachni/ Powerful but complex

10. Conﬁdential & proprietary © Sqreen, 2015 Dynamic analysis - Jenkins integration No Jenkins plugin Do it yourself JUnit XML (contact me) Order tests by sensitivity Set a short timeout Dynamic tests: the faster server the better Puma did well

13. Conﬁdential & proprietary © Sqreen, 2015 Brakeman detected XSS details Undetected issue Fake issue: @secure is static! Real XSS

16. Conﬁdential & proprietary © Sqreen, 2015 Issues False positives lower CI conﬁdence Cannot test against production (dangerous), lead to more false positives Tools updates depend on maintainers will Need to iteratively adapt your code Vulnerabilities debt (legacy) Security tests are not written by you Need deep attack knowledge to understand them

17. Conﬁdential & proprietary © Sqreen, 2015 Sqreen: you code, we protect We automatically protect your apps Strong and transparent Beta program available: Come and see me if you have Rails or Sinatra based applications Sqreen is hiring : http://sqreen.io/jobs.html

Ruby on Rails security in your Continuous Integration

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Ruby on Rails security in your Continuous Integration

Similar to Ruby on Rails security in your Continuous Integration (20)

Recently uploaded

Recently uploaded (20)

Ruby on Rails security in your Continuous Integration