Code review and security audit in private cloud - Arief Karfianto

•Télécharger en tant que PPTX, PDF•

0 j'aime•1,479 vues

Code review and security audit in private cloud

Code Review and Security
Audit in Private Cloud
@karfianto
UKP4

About Me
• UPN alumnus
• civil cervant
• sysadmin
• system analyst
• app tester

Things I Like
• foss
• website optimization
• system security
• wireframing

Managed Projects
data.id

Problems in App Development
• design
• functionality test
• security test
• maintenance

Problem: Maintenance
From: sysadmin
Hi Developers,
There’s a bug in your app
From: postmaster
Error
User not found dude@expert.com

Security Test
• Blackbox
• Greybox
• Whitebox (Code Review)

Problem: Access to Source
Code
From: Developers
Hi sysadmin,
We found some bugs in the
app, we will patch soon
From: Sysadmin
Hi developer,
Username: root
Password: 123456

Problem: No Changes History
From: Developers
Hi sysadmin,
We found some bugs in the
app, we will patch soon
From: Sysadmin
Hi developer,
Please send me the
changed php files..

500 Internal Server Error
From: Sysadmin
Hi developer,
There’s another error after
patching. Please roll them
back ..!!

Let’s Make Our Job Easier
• Create source code repository
• Use versioning
• Control user access to the code
• No access to production servers

Free Source Code Hosting

Make It Private
• security
• availability
• policy compliance (e.g. iso27001)

...and Flexible
Using Cloud Infrastructure
• Flexible Resource
• Cloning
• High Availability
• Snapshot and Restore

Model

How These Stuffs Work
• VPN Tunneling

Related Tools
• Git : a version control system
• Gitweb : the git web interface
• Gitosis : repository access control
• VPN & SSH : tunneled access

Creating a Repository
root@revision-control ~# ./addrepo.sh
Please enter repository name and description
Name :sample-app2
Description :Sample application 2.0
Creating a repository...
Initialized empty Git repository in /srv/repos/git/sample-app2/.git/
# On branch master
#
# Initial commit
#
nothing to commit (create/copy files and use "git add" to track)
Cloning into bare repository repositories/sample-app2.git...
done.
warning: You appear to have cloned an empty repository.
[Done]

Gitosis Config
Copy the public key to server
Then edit gitosis.conf..
[group sample-app2]
writable = sample-app2
members = intruder@LENOVOY460
John@Doe.PC

Clone and Review

Thank You

Contenu connexe

Tendances

Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence

Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence

Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence

Testing Without a GUI Using TestComplete

Testing Without a GUI Using TestComplete

Testing Without a GUI Using TestComplete

C#: Past, Present and Future

C#: Past, Present and Future

C#: Past, Present and Future

Rodolfo Finochietti

HTML5 is one of the hottest technologies around right now because HTML5 apps are beautiful, engaging, and can perform important and entertaining functions. With the wide range of devices and platforms to support, the promise of multi-platform support is appealing. But HTML5 apps present their own range of security issues. So, what do you do about security? How do you test HTML5 applications to ensure their security? Alexander Andelkovic works at Spotify where their streaming music player desktop client applications are all HTML5-based. Alexander explains how manual testers can get the most out of HTML5 app security testing and manifest of HTML5 apps. He covers these common security testing issues and more: cross-site scripting (script inclusion), privacy-related issues, data leakage, and permissions. Discover how, by being proactive, you can avoid having to search for security issues late in a development project.

T23 HTML5 Security Testing at Spotify

T23 HTML5 Security Testing at Spotify

T23 HTML5 Security Testing at Spotify

Build PWA with Ionic Toolkit

Build PWA with Ionic Toolkit

Build PWA with Ionic Toolkit

How to keep Jenkins logs forever without performance issues

How to keep Jenkins logs forever without performance issues

How to keep Jenkins logs forever without performance issues

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

Azure Functions

Azure Functions

Azure Functions

Rodolfo Finochietti

Meteor Angular

Forcelandia Salesforce CI

Forcelandia Salesforce CI

Forcelandia Salesforce CI

Our third annual hackathon at CloudFest (formerly WHDglobal) was a great success. Developers from all over Europe came to participate - including noted experts from the WordPress and Joomla communities. Six technology projects were completed with two building on last year's success. Topics included IoT, secure FPTD, Domain Connect, WordPress updates, and more. And a special thanks to our sponsors who made it all possible. Cheers!

CloudFest 2018 Hackathon Project Results Presentation - CFHack18

CloudFest 2018 Hackathon Project Results Presentation - CFHack18

CloudFest 2018 Hackathon Project Results Presentation - CFHack18

Jeffrey J. Hardy

Artūrs Liepiņš from Accenture Latvia will talk about the cloud-hosted Continuous Integration service Travis CI – its strengths and weaknesses and how it compares to more traditional tools like Jenkins. The presentation will showcase automated building, testing and deployment to various services, including a live sample application going through these phases. Also, some promising alternative solutions will be introduced. Artūrs Liepiņš is a young DevOps engineer exploring the latest and greatest in automation, virtualization and cloud technologies.

Travis CI

Анете Аннемария

Reach the next level with PowerShell

Reach the next level with PowerShell

Reach the next level with PowerShell

Product update 1 2018

Product update 1 2018

Product update 1 2018

🌍 Job van der Voort

There is no doubt that security has been in the spotlight over the last few years, recent events have been responsible for the increased demand for better and more secure systems. Security was often treated as an afterthought or something that could be implemented ‘later’. In this session, we will go over some best practices, using existing tools and frameworks to help you set up a more secure environment and to get a grasp of what is happening in your environment. We will leverage your existing automation skills to secure and automate these workflows. Expect a session with a lot of demos and resources that can directly be implemented.

Automating security with PowerShell

Automating security with PowerShell

Automating security with PowerShell

Tanner Ellen - Forcelandia 2016 - Dev Stack.pptx

Tanner Ellen - Forcelandia 2016 - Dev Stack.pptx

Tanner Ellen - Forcelandia 2016 - Dev Stack.pptx

شرح عن منتج Azure DevOps و اهم مكوناته و كيفيه الحصول على الشهادة Azure DevOps Expert Azure DevOps link: https://dev.azure.com Exam AZ-103: Microsoft Azure Administrator https://docs.microsoft.com/en-us/learn/certifications/exams/az-103 Exam AZ-203: Developing Solutions for Microsoft Azure https://docs.microsoft.com/en-us/learn/certifications/exams/az-203 Exam AZ-400: Microsoft Azure DevOps Solutions https://docs.microsoft.com/en-us/learn/certifications/exams/az-400 مصادر تعليم الخاصه بالشهادات https://cloudsociety.fastlane.live/courses My Twitter account https://twitter.com/ahmad_ezzeir My Facebook page: https://www.facebook.com/Arabic-DevOps-Ahmad-Ezzeir-100543094861932

Azure DevOps Overview [Arabic]

Azure DevOps Overview [Arabic]

Azure DevOps Overview [Arabic]

Jeff Andersen from GoInstant Have you ever thought that writing web applications should allow you to use your mad Javascript skillz on the server side as well? Node.js is such a platform. Bundling up the Google Chrome Javascript runtime, Node lets you easily building fast and scalable network applications perfect for the real-time web. It's also a pretty great platform for building basic data driven websites too. Jeff, a web developer at Halifax based GoInstant, will introduce us to the Node platform, exploring it from the ground up.

Hello world - intro to node js

Hello world - intro to node js

Hello world - intro to node js

Refresh Annapolis Valley

Divine and felonios cyber security devopsdays austin 2018

Divine and felonios cyber security devopsdays austin 2018

Divine and felonios cyber security devopsdays austin 2018

Next Generation Infrastructure - Devops Enterprise Summit 2018

Next Generation Infrastructure - Devops Enterprise Summit 2018

Next Generation Infrastructure - Devops Enterprise Summit 2018

Tendances (20)

Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence

Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence

Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence

Testing Without a GUI Using TestComplete

Testing Without a GUI Using TestComplete

Testing Without a GUI Using TestComplete

C#: Past, Present and Future

C#: Past, Present and Future

C#: Past, Present and Future

T23 HTML5 Security Testing at Spotify

T23 HTML5 Security Testing at Spotify

T23 HTML5 Security Testing at Spotify

Build PWA with Ionic Toolkit

Build PWA with Ionic Toolkit

Build PWA with Ionic Toolkit

How to keep Jenkins logs forever without performance issues

How to keep Jenkins logs forever without performance issues

How to keep Jenkins logs forever without performance issues

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

DevSecCon Tel Aviv 2018 - Integrated Security Testing by Morgan Roman

Azure Functions

Azure Functions

Azure Functions

Meteor Angular

Forcelandia Salesforce CI

Forcelandia Salesforce CI

Forcelandia Salesforce CI

CloudFest 2018 Hackathon Project Results Presentation - CFHack18

CloudFest 2018 Hackathon Project Results Presentation - CFHack18

CloudFest 2018 Hackathon Project Results Presentation - CFHack18

Travis CI

Reach the next level with PowerShell

Reach the next level with PowerShell

Reach the next level with PowerShell

Product update 1 2018

Product update 1 2018

Product update 1 2018

Automating security with PowerShell

Automating security with PowerShell

Automating security with PowerShell

Tanner Ellen - Forcelandia 2016 - Dev Stack.pptx

Tanner Ellen - Forcelandia 2016 - Dev Stack.pptx

Tanner Ellen - Forcelandia 2016 - Dev Stack.pptx

Azure DevOps Overview [Arabic]

Azure DevOps Overview [Arabic]

Azure DevOps Overview [Arabic]

Hello world - intro to node js

Hello world - intro to node js

Hello world - intro to node js

Divine and felonios cyber security devopsdays austin 2018

Divine and felonios cyber security devopsdays austin 2018

Divine and felonios cyber security devopsdays austin 2018

Next Generation Infrastructure - Devops Enterprise Summit 2018

Next Generation Infrastructure - Devops Enterprise Summit 2018

Next Generation Infrastructure - Devops Enterprise Summit 2018

Similaire à Code review and security audit in private cloud - Arief Karfianto

Aleksei Dremin - Application Security Pipeline - phdays9

Aleksei Dremin - Application Security Pipeline - phdays9

Aleksei Dremin - Application Security Pipeline - phdays9

The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors. This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share best practices (including ones followed internally at Amazon) and how you can bring them to your company by using open source and AWS services. Speaker: Raghuraman Balachandran, Solutions Architect, Amazon India

Continuous Delivery, Continuous Integration

Continuous Delivery, Continuous Integration

Continuous Delivery, Continuous Integration

Amazon Web Services

Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER

Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER

Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER

Indrajit Poddar

Is code review the solution?

Is code review the solution?

Is code review the solution?

Introduction to cypress in Angular (Chinese)

Introduction to cypress in Angular (Chinese)

Introduction to cypress in Angular (Chinese)

The goal of every developer is get her super cool new feature out to customers, as fast as possible, with little to no bugs and with no manual effort so she can go back to coding the next awesome one. Doing all of this takes tremendous amounts of effort to plan, coordinate and execute on a DevOps engineer. Continuous Integration coupled with Continuous Deployment aide in this endeavor. But again, those are cumbersome and can be difficult to set up. AWS has four new tools to help with this; AWS CodeDeploy, CodeCommit, CodePipeline, and CodeBuild. Each one has specialized features to help get your code to customers faster, more reliable and bug free as possible. In this presentation, we will walk through how to setup a CI/CD pipeline using those AWS tools and demonstrate how we can go from yay it compiles to a 5-star review.

DevOps and AWS - Code PaLOUsa 2017

DevOps and AWS - Code PaLOUsa 2017

DevOps and AWS - Code PaLOUsa 2017

Proactive Security AppSec Case Study

Proactive Security AppSec Case Study

Proactive Security AppSec Case Study

Kritis is an open-source solution for securing your software supply chain for Kubernetes applications. Kritis enforces deploy-time security policies that ensures only trusted container images are deployed on kubernetes to your cluster. With Kritis, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. Kritis enables tighter control over your container environment by ensuring only verified images are integrated into production. Talk outline: - Introduction to the concept of binary authorization - Live demo of using Kritis and Grafeas for deploying images with confidence in Kubernetes - Grafeas and Kritis roadmap At the end, attendees will gain solid understanding on the process of binary authorization and how to incorporate it in their build and deployment pipelines

Binary Authorization in Kubernetes

Binary Authorization in Kubernetes

Binary Authorization in Kubernetes

Aysylu Greenberg

Oscon presentation

Oscon presentation

Oscon presentation

Agile Secure Cloud Application Development Management

Agile Secure Cloud Application Development Management

Agile Secure Cloud Application Development Management

Thick Application Penetration Testing - A Crash Course

Thick Application Penetration Testing - A Crash Course

Thick Application Penetration Testing - A Crash Course

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan Kušt

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan Kušt

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan Kušt

13 practical tips for writing secure golang applications

13 practical tips for writing secure golang applications

13 practical tips for writing secure golang applications

Karthik Gaekwad

Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle. Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image. Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible. During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system. Contacts: LinkedIn - https://www.linkedin.com/in/vshynkar/ GitHub - https://github.com/sqerison ------------------------------------------------------------------------------------- Materials from the video: The policies and docker files examples: https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90 The repo with the helm chart used in a demo: https://github.com/sqerison/argo-rollouts-demo Tools that showed in the last section: https://github.com/armosec/kubescape https://github.com/aquasecurity/kube-bench https://github.com/controlplaneio/kubectl-kubesec https://github.com/Shopify/kubeaudit#installation https://github.com/eldadru/ksniff Further learning. A book released by CISA (Cybersecurity and Infrastructure Security Agency): https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF O`REILLY Kubernetes Security: https://kubernetes-security.info/ O`REILLY Container Security: https://info.aquasec.com/container-security-book Thanks for watching!

Kubernetes and container security

Kubernetes and container security

Kubernetes and container security

Volodymyr Shynkar

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx

Apache NiFi, a robust, scalable, and secure tool for data flow management, ships with over 212 processors to ingest, route, manipulate, and exfil data from a variety of sources and consumers. But many users turn to NiFi to meet unusual requirements — from proprietary protocol parsing, to running inside connected cars, to offloading massive hardware metrics from oil rigs in the most remote environments. Rather than posting a community request for custom development or offloading unusual demands to unnecessary external systems, there’s an answer in NiFi. Learn how NiFi allows you to quickly prototype custom processors in the scripting language of your choice against live production data without affecting your existing flows. Easily translate prototypes to full-fledged processors to optimize performance and leverage the full provenance reporting infrastructure. Discover how the framework provides conventions to streamline your development and minimize common boilerplate code, and the robust testing framework to make testing easy, and dare we say, fun. Expected prior knowledge / intended audience: developers and data flow managers should have passing knowledge of Apache NiFi as a platform for routing, transforming, and delivering data through systems (a brief overview will be provided). The intended audience will have experience with programming in Groovy, Ruby, Jython, ECMAScript/Javascript, or Lua. Takeaways: Attendees will gain an understanding in writing custom processors for Apache NiFi, including the component lifecycle, unit and integration testing, quick prototyping using a scripting language of their choice, and the artifact publishing and deployment process.

BYOP: Custom Processor Development with Apache NiFi

BYOP: Custom Processor Development with Apache NiFi

BYOP: Custom Processor Development with Apache NiFi

DataWorks Summit

Application Lifecycle Management

Application Lifecycle Management

Application Lifecycle Management

Amazon Web Services

Netflix oss season 2 episode 1 - meetup Lightning talks

Netflix oss season 2 episode 1 - meetup Lightning talks

Netflix oss season 2 episode 1 - meetup Lightning talks

Ruslan Meshenberg

Devops.pptx

MeetPatel921377

Similaire à Code review and security audit in private cloud - Arief Karfianto (20)

Aleksei Dremin - Application Security Pipeline - phdays9

Aleksei Dremin - Application Security Pipeline - phdays9

Aleksei Dremin - Application Security Pipeline - phdays9

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Continuous Delivery, Continuous Integration

Continuous Delivery, Continuous Integration

Continuous Delivery, Continuous Integration

Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER

Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER

Continuous Integration with Cloud Foundry Concourse and Docker on OpenPOWER

Is code review the solution?

Is code review the solution?

Is code review the solution?

Introduction to cypress in Angular (Chinese)

Introduction to cypress in Angular (Chinese)

Introduction to cypress in Angular (Chinese)

DevOps and AWS - Code PaLOUsa 2017

DevOps and AWS - Code PaLOUsa 2017

DevOps and AWS - Code PaLOUsa 2017

Proactive Security AppSec Case Study

Proactive Security AppSec Case Study

Proactive Security AppSec Case Study

Binary Authorization in Kubernetes

Binary Authorization in Kubernetes

Binary Authorization in Kubernetes

Oscon presentation

Oscon presentation

Oscon presentation

Agile Secure Cloud Application Development Management

Agile Secure Cloud Application Development Management

Agile Secure Cloud Application Development Management

Thick Application Penetration Testing - A Crash Course

Thick Application Penetration Testing - A Crash Course

Thick Application Penetration Testing - A Crash Course

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan Kušt

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan Kušt

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan Kušt

13 practical tips for writing secure golang applications

13 practical tips for writing secure golang applications

13 practical tips for writing secure golang applications

Kubernetes and container security

Kubernetes and container security

Kubernetes and container security

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx

SANS_PentestHackfest_2022-PurpleTeam_Cloud_Identity.pptx

BYOP: Custom Processor Development with Apache NiFi

BYOP: Custom Processor Development with Apache NiFi

BYOP: Custom Processor Development with Apache NiFi

Application Lifecycle Management

Application Lifecycle Management

Application Lifecycle Management

Netflix oss season 2 episode 1 - meetup Lightning talks

Netflix oss season 2 episode 1 - meetup Lightning talks

Netflix oss season 2 episode 1 - meetup Lightning talks

Devops.pptx

Plus de idsecconf

Cloud Managed Router merupakan hasil dari kombinasi antara perangkat router konvensional dengan teknologi cloud management, yang dikembangkan agar memudahkan pengguna untuk dapat mengatur perangkat router dari jarak jauh. Namun tentu saja dengan penerapan yang kurang tepat, maka hal ini bisa dimanfaatkan oleh orang yang tidak bertanggung jawab, bahkan dapat beresiko akses perangkat router diambil alih. Pada topik ini saya akan sedikit menceritakan bagaimana resiko tersebut bisa terjadi.

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

Kesiapan infrastruktur terkadang menjadi kendala dalam melaksanakan red team exercise secara internal. Guna memperoleh hasil yang optimal terdapat beberapa strong points yang perlu diadopsi dalam pengembangan infrastruktur yakni rapid deployment, stealth, dan scalability. Melalui Infrastructure as code (IaC) yang dapat mendukung proses automation infrastruktur red team, operator dapat mereduksi waktu deployment dengan komponen yang bersifat disposable per engagement. Infrastruktur terbagi menjadi 4 segmen yakni segmen network memanfaatkan WireGuard yang disederhanakan melalui Headscale “Zero Config”. Segmen C2 dan Segmen Phishing merupakan core sections. Segmen SIEM bertujuan mengagregasi dan memproses log dari berbagai komponen seperti reverse proxy pada redirector ataupun C2 server. Manajemen multi-cloud environment memanfaatkan Terraform dengan provisioning yang di-handle menggunakan Ansible. Python sebagai wrapper kedua platform sehingga penggunaan tetap sederhana. Operator dapat secara fleksibel mendeskripsikan segmen yang hendak di deploy melalui sebuah YAML file.

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

Dalam dunia keamanan siber, sinergi antara berbagai proses memiliki peran yang sangat penting. Salah satu proses atau framework yang tengah menjadi sorotan dan menarik perhatian luas adalah Detection Engineering. Proses Detection Engineering ini bertujuan untuk meningkatkan struktur dan pengorganisasian dalam pembuatan detection use case atau rules di Security Operation Center (SOC). Detection Engineering bisa dikatakan masih baru dalam dunia keamanan siber, sehingga terdapat banyak peluang untuk membuat keseluruhan prosesnya menjadi lebih baik. Salah satu hal yang masih terlupakan adalah integrasi antara proses Detection Engineering dan Threat Modeling. Biasanya, Threat Modeling lebih berfokus pada solusi pencegahan dan mitigasi resiko secara langsung dan melupakanan komponen deteksi ketika pencegahan dan mitigasi tersebut gagal dalam menjalankan fungsinya. Dalam makalah ini, kami memperkenalkan paradigma baru dengan mengintegrasikan Detection Engineering ke dalam proses Threat Modeling. Pendekatan ini menjadikan Detection sebagai langkah proaktif tambahan, yang dapat menjadi lapisan pertahanan ekstra ketika kontrol pencegahan dan mitigasi akhirnya gagal dalam menghadapi ancaman sesungguhnya.

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

Smart doorbell atau bel pintar telah menjadi populer dalam sistem keamanan rumah pintar. Namun, banyak dari perangkat ini masih menggunakan protokol yang tidak aman untuk berkomunikasi, protokol yang rentan terhadap serangan keamanan seperti jamming, sniffing dan replay attack. Penelitian ini bertujuan untuk menganalisis kelemahan penggunaan protokol komunikasi pada smart doorbell, serta menginvestigasi potensi pemanfaatan Software Defined Radio (SDR) dan modul arduino dalam mengamati komunikasi gelombang elektronik pada frekuensi 433 MHz. Selain itu penelitian ini ditujukan untuk mengidentifikasi potensi risiko yang dihadapi oleh pengguna pengkat IoT, serta memberikan pandangan tentang perlindungan yang lebih baik.

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

Modern organizations are facing the severe challenge of effectively countering threats and mitigating Indicators of Compromise (IOCs) within their network environments. The increasing complexity and volume of cyber threats has highlighted the urgency of building robust mechanisms to block specific IOCs independently. While some organizations have adopted Endpoint Detection and Response (EDR) systems, these solutions often have limitations and require manual processes to collect and examine IOCs from multiple sources. These operational barriers prevent organizations from achieving a proactive and efficient defense posture, an obstacle that is particularly important due to the critical role that IOC blocking plays in containing the spread of threats and limiting potential damage. Hence, the need for a solution that orchestrates automated IOC blocking, utilizing tools such as AlienVault Open Threat Exchange (OTX), VirusTotal, CrowdStrike, and Slack. In this presentation, we examine the importance of automated IOC blocking and its potential to strengthen network security, while highlighting the critical role that these tools play in mitigating evolving cyber threats.

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Semakin berkembangnya teknologi di aplikasi Desktop terdapat celah keamanan yang dapat menyebabkan dampak langsung atau tidak langsung pada kerahasiaan, Integritas Data yang di bangun menggunakan Framework dari Electron khusus nya aplikasi Desktop di Sistem Operasi MAC. Dalam materi yang di persentasikan akan membahas celah keamanan Security Misconfiguration,RCE,Code Injection, Bypass File Quarantine dan juga bagaiman cara intercept Aplikasi Electron Desktop di system operasi macOS

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Amazon Web Service (AWS) menjadi pemain besar dalam industri provider cloud, AWS menawarkan berbagai macam layanan yang mempermudah pengguna untuk operasional dan manajemen administrasi cloud computing. Dengan banyaknya layanan yang disediakan oleh Amazon Web Service membuat pengguna lupa akan keamanan dari service yang digunakan, karena bukan hanya Simple Storage Service (S3) saja yang bisa secara tidak sengaja mengekspos data sentitif seperti kredensial Database, SSH Private Key, Source code aplikasi atau bahkan data pribadi lain yang bersifat rahasia. Terdapat banyak service yang secara tidak sengaja terekspos ke public seperti EBS Snapshot, RDS Snapshot, SSM Document, SNS topic dan sebagainya. Malicious Actor bisa memanfaatkan Public shared atau exposed untuk melakukan Initial Access ke lingkungan Amazon Web Service pengguna lalu melakukan eksfiltrasi data internal yang rahasia.

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Near Field Communication (NFC) saat ini adalah teknologi yang umumnya di gunakan untuk media pembayaran serta akses kontrol untuk keamanan ruangan dan gedung. Tidak terbatas untuk hal itu saja, teknologi NFC juga kerap di implementasikan untuk perangkat IoT. Beberapa perangkat menggunakan NFC tag untuk menyimpan informasi guna sinkronisasi dengan perangkat smartphone. Penggunaan teknologi NFC awalnya dianggap aman karna mengharuskan alat baca dengan tag berada dalam poisisi yang sangat dekat. Sehingga dianggap sulit untuk melakukan penyadapan informasinya. Seiring waktu banyak penilitian mengungkapkan bahwa komunikasi ISO 1443-3 ini bisa di intip dan di terjemahkan ke dalam bentuk perintah serta respon aslinya. Proxmark3 adalah salah satu alat yang dikembangkan untuk keperluan tersebut. Namun ada kondisi dimana perangkat proxmark tidak dapat di fungsikan maksimal lantaran berkurangnya sensititifitas pembaca dan tag ketika ada objek berada diantara keduanya. Di paper ini saya ingin menyajikan hasil penelitian saya tentang penggunaan Dynamic Instrumentation Frida untuk memantau penggunaan modul java nfc dalam platform Android dan menggunakannya untuk melakukan lockpicking pada gembok pintar berbasis NFC.

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

This paper is a documentation of proposed security management for Electronic Health Records which includes security planning and policy, security program, risk management, and protection mechanism. Planning and policy are developed to provide a basic principle of security management at a hospital. The security program in this document includes Risk-Adaptable Access Control (RAdAC) and the implementation of security education, training and awareness (SETA). Regarding risk management, we perform risk identification, inventory of assets, information assets classification, and information assets value assessment, threat identification, and vulnerability assessment. For protection mechanism, we propose biometrics and signature as the authentication methods. The use of firewalls, intrusion detection system and encrypted data transmission is also suggested for securing data, application and network.

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Pelanggaran privasi merupakan suatu hal yang sering ditemui dewasa ini. Salah satu penyebab pelanggaran privasi adalah adanya data privat milik pengguna yang dikirimkan pada server milik aplikasi tanpa seizin pengguna atau adanya pengumpulan data tertentu tanpa izin. Pada penelitian ini, kami menganalisis aplikasi-aplikasi yang didapatkan dari Google Play Store Indonesia untuk dicari apakah ada data privat milik pengguna yang dilanggar privasinya. Penelitian ini menggunakan tiga jenis metode yang utamanya berbasis static analysis; pendekatan reverse-engineering dengan static analysis untuk melihat apakah ada data yang berpotensi mengganggu privasi pengguna, analisis perizinan dan tracker yang dimiliki oleh aplikasi untuk melihat apakah perizinan dan tracker yang dimiliki oleh aplikasi memang tepat sesuai dengan use-case dari aplikasi tersebut, dan analisis regulasi data dengan mengambil data mengenai keamanan data yang diberikan developer ke Google Play Store. Hasil studi menunjukkan bahwa ada beberapa aplikasi yang memang mengambil data privat pengguna yang tidak relevan dengan use-case aplikasi dan mengirimnya ke server milik aplikasi dan pihak ketiga

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Cloud service is often part of broader strategic initiatives, principally digital transformation (DX) and cloud-first. Despite the continued rapid adoption of cloud services, security remains a crucial issue for cloud users. A majority of organizations confirm they are at least moderately concerned about cloud security. However, there is still a gap between using the cloud and the implementation of cloud security by organizations, so retains the rate of cloud crime high. Eliminating or narrowing the gap is necessary so that organizations can continue to take advantage of the cloud securely. Understanding cloud crime would aid in both cloud crime prevention and protection. The purpose of this presentation is to identify how cloud security incidents can occur from both attacker and victim sides. Organizations can use this presentation's results as a reference to develop or improve cloud security programs and eliminate or narrow the gap between cloud utilization and cloud security implementation.

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

React Native merupakan framework yang digunakan untuk membuat aplikasi mobile baik itu Android maupun IOS (multi platform). Framework ini memungkinkan developer untuk membuat aplikasi untuk berbagai platform dengan menggunakan basis kode yang sama, yaitu JavaScript. Dikarenakan aplikasi ini berbasis JavaScript (client side), banyak developer yang tidak memperhatikan celah keamanan pada aplikasi. Terdapat berbagai macam celah keamanan meliputi client side dan server side. Presentasi ini memuat pengalaman saya dalam menemukan celah keamanan pada saat melakukan Penetration Testing pada aplikasi mobile berbasis React Native

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Pandemi covid-19 melonjak pada gelombang ke-2 di. Untuk mengantisipasi itu pemerintah membagikan oximeter ke puskesmas. Oximeter yang ada dipasaran mengharuskan tenaga kesehatan untuk kontak langsung dengan pasien. Dengan menggunakan Hacked Oxymeter ini dapat mengurangi intensitas bertemu dengan pasien dan mengurangi resiko terpapar covid-19. Secara metodologi, hacking oximeter ini membaca output komunikasi serial pada alat oximeter untuk kemudian diolah oleh mikrokontroler dan dikirim ke MQTT broker untuk diteruskan ke klien yang membutuhkan. Alat ini digunakan oleh pasien yang sedang isoman di hotel, fasilitas Kesehatan atau rumah sakit darurat/lapangan

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Proses DevSecOps saat ini banyak digunakan dikalangan industri yang membutuhkan kecepatan baik dalam pengembangan maupun implementasi. Setiap tahapan pada pipeline DevSecOps merupakan tahapan yang harus diperhatikan dan masuk kedalam pantauan SOC (Security Operation Center). Untuk itu diperlukan kemampuan SOC untuk bisa memantau setiap pipeline DevSecOps sehingga dapat memberikan gambaran kondisi keamanan pada organisasi

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Plus de idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Dernier

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Scalable LLM APIs for AI and Generative AI Application Development Ettikan Karuppiah, Director/Technologist - NVIDIA Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

A Beginners Guide to Building a RAG App Using Open Source Milvus

A Beginners Guide to Building a RAG App Using Open Source Milvus

A Beginners Guide to Building a RAG App Using Open Source Milvus

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

rafiqahmad00786416

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

Dernier (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

Powerful Google developer tools for immediate impact! (2023-24 C)

A Beginners Guide to Building a RAG App Using Open Source Milvus

A Beginners Guide to Building a RAG App Using Open Source Milvus

A Beginners Guide to Building a RAG App Using Open Source Milvus

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

GenAI Risks & Security Meetup 01052024.pdf

Code review and security audit in private cloud - Arief Karfianto

1. Code Review and Security Audit in Private Cloud @karfianto UKP4

2. About Me • UPN alumnus • civil cervant • sysadmin • system analyst • app tester

3. Things I Like • foss • website optimization • system security • wireframing

4. Managed Projects data.id

5. Problems in App Development • design • functionality test • security test • maintenance

6. Problem: Maintenance From: sysadmin Hi Developers, There’s a bug in your app From: postmaster Error User not found dude@expert.com

7. Security Test • Blackbox • Greybox • Whitebox (Code Review)

8. Problem: Access to Source Code From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Username: root Password: 123456

9. Problem: No Changes History From: Developers Hi sysadmin, We found some bugs in the app, we will patch soon From: Sysadmin Hi developer, Please send me the changed php files..

10. 500 Internal Server Error From: Sysadmin Hi developer, There’s another error after patching. Please roll them back ..!!

11. Let’s Make Our Job Easier • Create source code repository • Use versioning • Control user access to the code • No access to production servers

12. Free Source Code Hosting

13. Make It Private • security • availability • policy compliance (e.g. iso27001)

14. ...and Flexible Using Cloud Infrastructure • Flexible Resource • Cloning • High Availability • Snapshot and Restore

16. How These Stuffs Work • VPN Tunneling

17. Related Tools • Git : a version control system • Gitweb : the git web interface • Gitosis : repository access control • VPN & SSH : tunneled access

18. Creating a Repository root@revision-control ~# ./addrepo.sh Please enter repository name and description Name :sample-app2 Description :Sample application 2.0 Creating a repository... Initialized empty Git repository in /srv/repos/git/sample-app2/.git/ # On branch master # # Initial commit # nothing to commit (create/copy files and use "git add" to track) Cloning into bare repository repositories/sample-app2.git... done. warning: You appear to have cloned an empty repository. [Done]

19. Gitosis Config Copy the public key to server Then edit gitosis.conf.. [group sample-app2] writable = sample-app2 members = intruder@LENOVOY460 John@Doe.PC

20. Clone and Review