SlideShare une entreprise Scribd logo

邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)

Yi-Feng Tzeng
Yi-Feng Tzeng

一般人對於應用程式的撰寫邏輯與順序,只考量正確性及效能面。但是從灰色的視角切入時,時序或時間差所透露的資訊往往比我們想像中來得多。本議程將針對網頁應用上的時序攻擊,探討邏輯優化可能帶來的安全問題。

Technologie
1  sur  74
Télécharger pour lire hors ligne
邏輯優化的灰色面 針對網頁應用的時序攻擊 ( Timing Attacks on Web ) Ant ant@chroot.org / yftzeng@gmail.com 2018-03-13
2/74 Introduction Coding Security Intellectual property Startup• • •
3/74 Thank @mathias for inspiring me
4/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
5/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
6/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
7/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 1000 µs 1000 µs 100 µs 200 µs
8/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
9/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 A000000 B000000 … E000000 EA00000 …
10/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016
11/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 1000 µs 1000 µs 100 µs 200 µs
12/74 Premature optimization is the root of all evil ( 過早最佳化是萬惡的根源 ) ~ Donald Knuth ~ a little bit
13/74 PHP Are PHP functions safe against timing attacks ?
14/74
15/74 DEMO #01
16/74
17/74 Those work on web ideally ?
18/74 localhost
19/74
20/74 Applicaton jitte 10-30 ms Databast jitte 10-300 ms Nttwoek jitte 100-150 ms
21/74 Attack Shift Timing atack against sofwaet impltmtntaton
22/74 Attack Shift Timing atack against sofwaet impltmtntaton Ideal
23/74 Attack Shift Timing atack against sofwaet impltmtntaton Ideal Timing atack against busintss logic Reality
24/74
25/74 ~2500 ms
26/74 ~1500 ms
27/74 Login Admin User 100 ms 2500 ms 1500 ms
28/74 Login Admin User 100 ms 2500 ms 1500 ms ~1000 ms
29/74 Login Admin User 100 ms 2500 ms 1500 ms Validate user 100 ms ~1000 ms
30/74
31/74 100 ms
32/74 100 ms Email guess, brute force attack
33/74 Which one is better ?
34/74
35/74 100 ms
36/74 100 ms 100 ms
37/74 100 ms 100 ms 100 ms
38/74 100 ms 100 ms 100 ms DEMO #02
39/74 100 ms 100 ms 100 ms
40/74 Login Admin User Gender Age VIP 100 ms 2500 ms 1500 ms 1000 ms 1000 ms 1200 ms …...…... Validate user 100 ms
41/74 Welcome Ant ! ~1000 ms
42/74 ~500 ms
43/74 old
44/74 ~30 ms Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 (p52)
45/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 (p54) ~15 ms
46/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference 2016 (p50)
47/74 Login Admin User Gender Age VIP 100 ms 2500 ms 1500 ms 1000 ms 1000 ms 1200 ms …...…... Validate user 100 ms
48/74 404 Page not found ~200 ms
49/74 404 Page not found ~80 ms
50/74
51/74 Login Admin User Gender Age VIP 100 ms 2500 ms 1500 ms 1000 ms 1000 ms 1200 ms …...…... Validate user 100 ms 302 / 404 80 ms 1200 ms
52/74
53/74
54/74
55/74
56/74
57/74
58/74 DEMO Online
59/74 Applicaton jitte 10-30 ms Databast jitte 10-300 ms Nttwoek jitte 100-150 ms
60/74 LAN Router IoT device NAS server / etc.POS / Console / etc.
61/74 Login Admin User Gender Age VIP 100 ms 2500 ms 1500 ms 1000 ms 1000 ms 1200 ms …...…... Validate user 100 ms 302 / 404 80 ms 1200 ms
62/74 SuperUser Login Admin User Gender Age VIP 100 ms 100 ms 2500 ms 1500 ms 1000 ms 1000 ms 1200 ms Backdoor …...…... 400 ms Validate user 100 ms 302 / 404 80 ms 1200 ms
63/74
64/74 DEMO #03
65/74 A000000 B000000 … E000000 EA00000 …
66/74 最佳化就像迴旋鏢,何時不小心回來打到你,可能也不知道 ~ Ant ~
67/74 Attack Modes Post-auth Administrator Permissions Hidden page* Pre-auth Hidden page*Validate userBackdoor Active attacks Passive attacks
68/74 Passive attacks
69/74 Active attacks
70/74 Attack Modes Post-auth Administrator Permissions Hidden page* Pre-auth Hidden page*Validate userBackdoor Active attacks Passive attacks
71/74 password hash function ?
72/74 password hash function ? DEMO #04
73/74 安全就像洋蔥,一片一片地剝開,總有一片會讓人流淚 ~ Ant ~
74/74 ant@chroot.org / yftzeng@gmail.com https://www.facebook.com/yftzeng.tw https://twitter.com/yftzeng

Recommandé

IEEE SMC 2014
IEEE SMC 2014IEEE SMC 2014
IEEE SMC 2014Francisco Serdio
 
Ficstar Software: Cassandra Installation to Optimization
Ficstar Software: Cassandra Installation to OptimizationFicstar Software: Cassandra Installation to Optimization
Ficstar Software: Cassandra Installation to OptimizationDataStax Academy
 
Rendering Large Models in the Browser in Real-Time
Rendering Large Models in the Browser in Real-TimeRendering Large Models in the Browser in Real-Time
Rendering Large Models in the Browser in Real-TimeC4Media
 
Traveler's Guide to Cassandra
Traveler's Guide to CassandraTraveler's Guide to Cassandra
Traveler's Guide to CassandraDataStax Academy
 
【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまで
【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまで【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまで
【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまでtechgamecollege
 
Flash Presentation
Flash PresentationFlash Presentation
Flash PresentationSamuel Adams, MBA
 
重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical Decision重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical DecisionYi-Feng Tzeng
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版Yi-Feng Tzeng
 

Recommandé

IEEE SMC 2014
IEEE SMC 2014IEEE SMC 2014
IEEE SMC 2014Francisco Serdio
 
Ficstar Software: Cassandra Installation to Optimization
Ficstar Software: Cassandra Installation to OptimizationFicstar Software: Cassandra Installation to Optimization
Ficstar Software: Cassandra Installation to OptimizationDataStax Academy
 
Rendering Large Models in the Browser in Real-Time
Rendering Large Models in the Browser in Real-TimeRendering Large Models in the Browser in Real-Time
Rendering Large Models in the Browser in Real-TimeC4Media
 
Traveler's Guide to Cassandra
Traveler's Guide to CassandraTraveler's Guide to Cassandra
Traveler's Guide to CassandraDataStax Academy
 
【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまで
【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまで【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまで
【TECH×GAME COLLEGE#32】ゼロからリアルタイムサーバーを作るまでtechgamecollege
 
Flash Presentation
Flash PresentationFlash Presentation
Flash PresentationSamuel Adams, MBA
 
重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical Decision重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical DecisionYi-Feng Tzeng
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版Yi-Feng Tzeng
 
Testing in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysTesting in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysYi-Feng Tzeng
 
COSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteCOSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteYi-Feng Tzeng
 
COSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteCOSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteYi-Feng Tzeng
 
Severless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APISeverless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APIYi-Feng Tzeng
 
給資安工程師開源授權觀念
給資安工程師開源授權觀念給資安工程師開源授權觀念
給資安工程師開源授權觀念Yi-Feng Tzeng
 
Progressive Deployment & NoDeploy
Progressive Deployment & NoDeployProgressive Deployment & NoDeploy
Progressive Deployment & NoDeployYi-Feng Tzeng
 
Dev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceDev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceYi-Feng Tzeng
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊Yi-Feng Tzeng
 
淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算Yi-Feng Tzeng
 
A Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceA Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceYi-Feng Tzeng
 
量子技術 (2018 03-31)
量子技術 (2018 03-31)量子技術 (2018 03-31)
量子技術 (2018 03-31)Yi-Feng Tzeng
 
Swoole Love PHP
Swoole Love PHPSwoole Love PHP
Swoole Love PHPYi-Feng Tzeng
 
Modern Web Architecture Design Journey
Modern Web Architecture Design JourneyModern Web Architecture Design Journey
Modern Web Architecture Design JourneyYi-Feng Tzeng
 
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1Yi-Feng Tzeng
 
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]Yi-Feng Tzeng
 
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議Yi-Feng Tzeng
 
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)Yi-Feng Tzeng
 
軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險Yi-Feng Tzeng
 
Enterprise Architecture Case in PHP (MUZIK Online)
Enterprise Architecture Case in PHP (MUZIK Online)Enterprise Architecture Case in PHP (MUZIK Online)
Enterprise Architecture Case in PHP (MUZIK Online)Yi-Feng Tzeng
 
Redis, another step on the road
Redis, another step on the roadRedis, another step on the road
Redis, another step on the roadYi-Feng Tzeng
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Contenu connexe

Plus de Yi-Feng Tzeng

Testing in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysTesting in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysYi-Feng Tzeng
 
COSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteCOSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteYi-Feng Tzeng
 
COSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteCOSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteYi-Feng Tzeng
 
Severless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APISeverless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APIYi-Feng Tzeng
 
給資安工程師開源授權觀念
給資安工程師開源授權觀念給資安工程師開源授權觀念
給資安工程師開源授權觀念Yi-Feng Tzeng
 
Progressive Deployment & NoDeploy
Progressive Deployment & NoDeployProgressive Deployment & NoDeploy
Progressive Deployment & NoDeployYi-Feng Tzeng
 
Dev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceDev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceYi-Feng Tzeng
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊Yi-Feng Tzeng
 
淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算Yi-Feng Tzeng
 
A Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceA Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceYi-Feng Tzeng
 
量子技術 (2018 03-31)
量子技術 (2018 03-31)量子技術 (2018 03-31)
量子技術 (2018 03-31)Yi-Feng Tzeng
 
Modern Web Architecture Design Journey
Modern Web Architecture Design JourneyModern Web Architecture Design Journey
Modern Web Architecture Design JourneyYi-Feng Tzeng
 
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1Yi-Feng Tzeng
 
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]Yi-Feng Tzeng
 
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議Yi-Feng Tzeng
 
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)Yi-Feng Tzeng
 
軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險Yi-Feng Tzeng
 
Enterprise Architecture Case in PHP (MUZIK Online)
Enterprise Architecture Case in PHP (MUZIK Online)Enterprise Architecture Case in PHP (MUZIK Online)
Enterprise Architecture Case in PHP (MUZIK Online)Yi-Feng Tzeng
 
Redis, another step on the road
Redis, another step on the roadRedis, another step on the road
Redis, another step on the roadYi-Feng Tzeng
 

Plus de Yi-Feng Tzeng (20)

Testing in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysTesting in Production, Deploy on Fridays
Testing in Production, Deploy on Fridays
 
COSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteCOSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening Keynote
 
COSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteCOSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening Keynote
 
Severless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board APISeverless PHP Case : Agile Dashboard via GitLab Board API
Severless PHP Case : Agile Dashboard via GitLab Board API
 
給資安工程師開源授權觀念
給資安工程師開源授權觀念給資安工程師開源授權觀念
給資安工程師開源授權觀念
 
Progressive Deployment & NoDeploy
Progressive Deployment & NoDeployProgressive Deployment & NoDeploy
Progressive Deployment & NoDeploy
 
Dev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and ComplianceDev(Sec)Ops - Architecture for Security and Compliance
Dev(Sec)Ops - Architecture for Security and Compliance
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
 
淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算
 
A Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceA Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) Compliance
 
量子技術 (2018 03-31)
量子技術 (2018 03-31)量子技術 (2018 03-31)
量子技術 (2018 03-31)
 
Swoole Love PHP
Swoole Love PHPSwoole Love PHP
Swoole Love PHP
 
Modern Web Architecture Design Journey
Modern Web Architecture Design JourneyModern Web Architecture Design Journey
Modern Web Architecture Design Journey
 
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
 
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
 
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
 
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
 
軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險
 
Enterprise Architecture Case in PHP (MUZIK Online)
Enterprise Architecture Case in PHP (MUZIK Online)Enterprise Architecture Case in PHP (MUZIK Online)
Enterprise Architecture Case in PHP (MUZIK Online)
 
Redis, another step on the road
Redis, another step on the roadRedis, another step on the road
Redis, another step on the road
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)