SlideShare une entreprise Scribd logo

When the CDN goes bananas

Gabor Szathmari
Gabor Szathmari

How to protect your website assets with Subresource Integrity The slides were first presented on the SecTalks Sydney Meetup: http://www.meetup.com/SecTalks/events/228854146/

Technologie
1  sur  51
Télécharger pour lire hors ligne
WHEN THE CDN GOES BANANAS SUBRESOURCE INTEGRITY
WHEN THE CDN GOES BANANAS me_irl • Gabor Szathmari • Information Security Professional Hacker Freelancer • Privacy Advocate
WHEN THE CDN GOES BANANAS I WILL BE TALKING ABOUT • JavaScript hosted by third-parties • Some scary bits • The Solution: Subresource Integrity ‣ What it does ‣ Tooling
THIRD-PARTY CODE ON MODERN WEBSITES
ANALYTICS
A/B TESTING
HEATMAPS
TAG MANAGERS
PRIVATE CDN
PUBLIC CDN
WHEN THE CDN GOES BANANAS MODERN WEBSITES • Third-party JavaScript
 (heatmaps, user tracking, analytics …) • Public CDNs
 (jsDelivr, ajax.googleapis.com, ajax.aspnetcdn.com …) • Private CDNs
 (S3, Akamai, CloudFront, Fastly …)
“YOU KNOW WHAT THEY SAY: LOVE* IS BLIND”* <script src=“”>
WHAT CAN GO WRONG?
WHEN THE CDN GOES BANANAS MODERN WEBSITES • Third-party JavaScript
 (heatmaps, user tracking, analytics …) • Public CDNs
 (jsDelivr, ajax.googleapis.com, ajax.aspnetcdn.com …) • Private CDNs
 (S3, Akamai, CloudFront, Fastly …) HACKED
window.location.href =
 "https://www.reddit.com/ r/badmemes"
WHEN THE CDN GOES BANANAS 🙀 🙀 🙀 • https://www.maxcdn.com/blog/bootstrapcdn-security-post-mortem/ • https://blog.pagefair.com/2015/halloween-security-breach/ • https://citizenlab.org/2015/04/chinas-great-cannon/ • http://securityaffairs.co/wordpress/31480/cyber-crime/afghanistan- cdn-network-hacked.html • https://medium.com/@FredericJacobs/the-reuters-compromise-by- the-syrian-electronic-army-6bf570e1a85b
REUTERS.COM SEA.SY
HTTP://CDN.TABOOLA.COM/LIBTRC/ REUTERS-NETWORK/LOADER.JS
WHEN THE CDN GOES BANANAS WHAT IS THE DAMAGE? • Unwanted redirection • Website defacement • Click fraud • Exploit kits (ransomware) • Cookie stealing, session hijacking • Keylogging • UI redressing (password stealing, OTP stealing)
WHAT CAN WE DO?
SUBRESOURCE INTEGRITY
 AKA. SRI
PROTECTS
 JAVASCRIPT
 INTEGRITY
PROTECTS
 CSS
 INTEGRITY
<script src="https:// cdn.jsdelivr.net/jquery/2.1.4/ jquery.min.js"
 integrity="sha256-ImQv...=" crossorigin="anonymous"
 ></script>
"TRUST, BUT VERIFY”
“Я НЕМНОГО ЧАЙНИКА”
<SCRIPT SRC=“HTTPS:// MAXCDN.BOOTSTRAPCDN.COM/.. ./BOOTSTRAP.MIN.JS” INTEGRITY=“SHA512-I3A1A…”
WHEN THE CDN GOES BANANAS BROWSER SUPPORT
WHEN THE CDN GOES BANANAS
TOOLING
MANUAL HASHING
WHEN THE CDN GOES BANANAS OPENSSL • openssl dgst -sha256 -binary jquery.min.js | openssl base64 -A • openssl dgst -sha384 -binary jquery.min.js | openssl base64 -A • openssl dgst -sha512 -binary jquery.min.js | openssl base64 -A
WHEN THE CDN GOES BANANAS OPENSSL • $ curl -s
 https://code.jquery.com/jquery-2.2.3.min.js |
 openssl dgst -sha512 -binary |
 openssl base64 -A
 
 SFaNb3xC08k/Wf6CRM1J+O/vv4YWyrPBSdy0o+1nqKzf +uLrIBnaeo8aYoAAOd31nMNHwX8zwVwTMbbCJjA8Kg==
 • <script src=“https://code.jquery.com/jquery-2.2.3.min.js” integrity=“sha512-SFaNb3xC08k/Wf…” […]
HOSTED TOOLS
SRIHASH.ORG REPORT-URI.IO JSDELIVR.COM
CMS
WHEN THE CDN GOES BANANAS PLUGINS • WordPress
 https://wordpress.org/plugins/wp-sri/ • Drupal
 https://www.drupal.org/project/advagg
WORKFLOW INTEGRATION
WHEN THE CDN GOES BANANAS WORKFLOW INTEGRATION
WHEN THE CDN GOES BANANAS WORKFLOW INTEGRATION
SCAN YOUR WEBSITE FOR SRI USAGE
SRITEST.IO
SRITEST.IO
WHEN THE CDN GOES BANANAS TOOLING • Manual • Hosted • CMS Plugins • Workflow Integration • sritest.io
WHEN THE CDN GOES BANANAS SUMMARY • Modern websites rely on JS/CSS • Hosted on CDNs / at third-parties • SRI protects from unexpected JS/CSS changes • Tooling is available
WHEN THE CDN GOES BANANAS FURTHER READING • https://www.owasp.org/index.php/ 3rd_Party_Javascript_Management_Cheat_Sheet • http://j.mp/cdn-goes-bananas • http://j.mp/new-sri2-features ‣ Enforce SRI with CSP ‣ Violation Reporting
WHEN THE CDN GOES BANANAS THANK YOU• @gszathmari • PGP: keybase.io/gszathmari

Recommandé

Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defenseSecuRing
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
WSO2 API Management - UFF
WSO2 API Management - UFFWSO2 API Management - UFF
WSO2 API Management - UFFHugo Henley
 
Grabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceGrabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceJP Bourget
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
 

Recommandé

Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defenseSecuRing
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
WSO2 API Management - UFF
WSO2 API Management - UFFWSO2 API Management - UFF
WSO2 API Management - UFFHugo Henley
 
Grabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceGrabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceJP Bourget
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019PeckaDesign.cz
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?SecuRing
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2Jim Manico
 
Shields Up! Securing React Apps
Shields Up! Securing React AppsShields Up! Securing React Apps
Shields Up! Securing React AppsZachary Klein
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Become an IAM Policy Ninja
Become an IAM Policy NinjaBecome an IAM Policy Ninja
Become an IAM Policy NinjaAmazon Web Services
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedTorsten Lodderstedt
 
Using Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud ServersUsing Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud Serversbanerjeea
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAdam Fokken
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAmazon Web Services
 
AWS Security
AWS SecurityAWS Security
AWS SecurityVijayendra Bhati
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPRafal Gancarz
 

Contenu connexe

Tendances

Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019PeckaDesign.cz
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?SecuRing
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2Jim Manico
 
Shields Up! Securing React Apps
Shields Up! Securing React AppsShields Up! Securing React Apps
Shields Up! Securing React AppsZachary Klein
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Using Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud ServersUsing Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud Serversbanerjeea
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAdam Fokken
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAmazon Web Services
 

Tendances (20)

Web content security policies
Web content security policiesWeb content security policies
Web content security policies
 
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2
 
Shields Up! Securing React Apps
Shields Up! Securing React AppsShields Up! Securing React Apps
Shields Up! Securing React Apps
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with Conditions
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennai
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
 
Become an IAM Policy Ninja
Become an IAM Policy NinjaBecome an IAM Policy Ninja
Become an IAM Policy Ninja
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
Using Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud ServersUsing Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud Servers
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep Dive
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets Mallory
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS Security
 
AWS Security
AWS SecurityAWS Security
AWS Security
 

Similaire à When the CDN goes bananas

AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPRafal Gancarz
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesBrad Hill
 
Delivering Javascript to World+Dog
Delivering Javascript to World+DogDelivering Javascript to World+Dog
Delivering Javascript to World+DogKyle Randolph
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleChris Farris
 
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...Andrey Devyatkin
 
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...Andrey Devyatkin
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Jay Zarfoss
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)Amazon Web Services
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
How elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroomHow elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroomGraham Tackley
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
 
Living on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian ColeLiving on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian Colejaxconf
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 

Similaire à When the CDN goes bananas (20)

AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
 
Delivering Javascript to World+Dog
Delivering Javascript to World+DogDelivering Javascript to World+Dog
Delivering Javascript to World+Dog
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for Scale
 
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
 
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJS
 
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
 
performance.ppt
performance.pptperformance.ppt
performance.ppt
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
How elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroomHow elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroom
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
Living on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian ColeLiving on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian Cole
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 

Plus de Gabor Szathmari

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmGabor Szathmari
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesGabor Szathmari
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsiblyGabor Szathmari
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsGabor Szathmari
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenchesGabor Szathmari
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Gabor Szathmari
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopGabor Szathmari
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introductionGabor Szathmari
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists IntroductionGabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)Gabor Szathmari
 

Plus de Gabor Szathmari (13)

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firm
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain names
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsibly
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scams
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenches
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay Workshop
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introduction
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)
 

Dernier

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

When the CDN goes bananas