SlideShare a Scribd company logo

Selecting security fixes or workarounds effectively

Download as PPTX, PDF
B
Bohdan Serednytskyi

This document summarizes the results of a security assessment of an educational application. It identifies several high and medium risk vulnerabilities found, including cross-site request forgery, cross-site scripting, weak password requirements, and improper access control. It discusses approaches taken to remediate vulnerabilities like using automated tools and fixes by the development team. It provides recommendations around prioritizing fixes, using web application firewalls as a fast fix, and ensuring security is an ongoing process rather than a single event.

Technology
1 of 22
Security fix or workaround: which way to select? Bohdan Serednytskyi, OWASP Lviv
• OWASP Lviv Chapter • Security Consulting Team at SoftServe We are…
Communication with client Project Execution Delivering Results Consulting Dev Team in issues fixing Usual Project Flow
Tools will solve all our problems Clients Vision
https://www.outpost24.com/wp-content/uploads/2014/12/Picture1-1024x610.jpg Automated Tools Effectiveness
• All application security tool vendors’ claims put together cover only 45% of the known vulnerability types (over 600 in CWE). • They also found very little overlap between tools, so to get 45% you need them all (assuming their claims are true) MITRE Claims
Case with One Educational Application
Risk Vulnerability Critical CROSS-SITE REQUEST FORGERY (CSRF) CROSS-SITE SCRIPTING (STORED) High SESSION TOKEN DOES NOT CHANGE AFTER LOGIN Medium USERLOGINID ENUMERATION WEAK PASSWORD REQUIREMENTS NO LOGOUT FUNCTION IMPLEMENTED ACCOUNT ENUMERATION IMPROPER ACCESS CONTROL STUDENT CAN REVEAL TEACHERS LOGIN FROM SERVER RESPONSE Low ERROR MESSAGES REVEAL SENSITIVE INFORMATION INTERNAL IP ADDRESS DISCLOSURE INSUFFICIENT PASSWORD HISTORY MANAGEMENT Remediation Status PARTIALLY FIXED NEED IMPROVEMENT FIXED FIXED FIXED FIXED FIXED FIXED NOT FIXED FIXED FIXED FIXED Security Test Results
XSS Vulnerability Fixing ‘});alert(1)” Initial payload Protection implemented by Developers Team ‘});alert(1)” ‘});alert(1)” Modified payload ‘});alert(1)”
CSRF and Information Leakage Fixing
Best Practices
Every security flaw is a process problem
Security vulnerabilities are “patterned”.
Security issue could be widespread amongst all code bases.
Ensure that root cause analysis is used Remove as many vulnerabilities of this type as is possible within the prescribed time frame or budget Involve Security Expert Recommendations
Use Fast Fix Methods - WAFs A security solution on the web application level which does not depend on the application itself
Security Expert is not a Developer
•OWASP Secure Coding Practices •OWASP Guide Project •OWASP Enterprise Security API •Microsoft Web Protection Library Resources
Security is a Journey Not a Destination
• Patching • Updating • Continuous Security Monitoring • Regular Security Tests
Questions?
Thank You! http://owasp-lviv.blogspot.com/

Recommended

Hacking a company
Hacking a companyHacking a company
Hacking a companyIgor Beliaiev
 
Building better product security
Building better product securityBuilding better product security
Building better product securityBohdan Serednytskyi
 
[Wroclaw #3] 50 shadows of company's infosec
[Wroclaw #3] 50 shadows of company's infosec[Wroclaw #3] 50 shadows of company's infosec
[Wroclaw #3] 50 shadows of company's infosecOWASP
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easyEC-Council
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
How to Choose the Right Security Training for You
How to Choose the Right Security Training for YouHow to Choose the Right Security Training for You
How to Choose the Right Security Training for YouCigital
 

Recommended

Hacking a company
Hacking a companyHacking a company
Hacking a companyIgor Beliaiev
 
Building better product security
Building better product securityBuilding better product security
Building better product securityBohdan Serednytskyi
 
[Wroclaw #3] 50 shadows of company's infosec
[Wroclaw #3] 50 shadows of company's infosec[Wroclaw #3] 50 shadows of company's infosec
[Wroclaw #3] 50 shadows of company's infosecOWASP
 
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"
Security Hole #12 Lviv SoftServe-Symphony Solutions "Lockpicking Authentication"Nazar Tymoshyk, CEH, Ph.D.
 
Skills that make network security training easy
Skills that make network security training easySkills that make network security training easy
Skills that make network security training easyEC-Council
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
How to Choose the Right Security Training for You
How to Choose the Right Security Training for YouHow to Choose the Right Security Training for You
How to Choose the Right Security Training for YouCigital
 
ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industryAgile Partner S.A.
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatSurachai Chatchalermpun
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Dakiry
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Null bachav
Null bachavNull bachav
Null bachavNaga Venkata Sunil Alamuri
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through InjectionsNazar Tymoshyk, CEH, Ph.D.
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 ProjectMuhammad Shehata
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Arvind resume - Copy
Arvind resume - CopyArvind resume - Copy
Arvind resume - Copyarvind kumar tripathi
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling TrainingBryan Len
 
resume _jayendra Kadam
resume _jayendra Kadamresume _jayendra Kadam
resume _jayendra KadamJayendra Kadam
 
Your Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the DatacenterYour Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the DatacenterIvanti
 
SC Application Stack
SC Application StackSC Application Stack
SC Application StackPaul Worrall
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Security as a New Metric for Your Business, Product and Development Lifecycle...
Security as a New Metric for Your Business, Product and Development Lifecycle...Security as a New Metric for Your Business, Product and Development Lifecycle...
Security as a New Metric for Your Business, Product and Development Lifecycle...IT Arena
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 

More Related Content

What's hot

ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industryAgile Partner S.A.
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Dakiry
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskSecurity Innovation
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Jorge Orchilles
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling TrainingBryan Len
 
resume _jayendra Kadam
resume _jayendra Kadamresume _jayendra Kadam
resume _jayendra KadamJayendra Kadam
 
Your Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the DatacenterYour Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the DatacenterIvanti
 
SC Application Stack
SC Application StackSC Application Stack
SC Application StackPaul Worrall
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 

What's hot (20)

ALM and DevOps in the health industry
ALM and DevOps in the health industryALM and DevOps in the health industry
ALM and DevOps in the health industry
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoat
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”Олексій Барановський “Vulnerability assessment as part software testing process”
Олексій Барановський “Vulnerability assessment as part software testing process”
 
Threat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security RiskThreat Modeling to Reduce Software Security Risk
Threat Modeling to Reduce Software Security Risk
 
Null bachav
Null bachavNull bachav
Null bachav
 
Hack through Injections
Hack through InjectionsHack through Injections
Hack through Injections
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
 
Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?Vulnerability Ass... Penetrate What?
Vulnerability Ass... Penetrate What?
 
Arvind resume - Copy
Arvind resume - CopyArvind resume - Copy
Arvind resume - Copy
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the things
 
Threat Simulation and Modeling Training
Threat Simulation and Modeling TrainingThreat Simulation and Modeling Training
Threat Simulation and Modeling Training
 
resume _jayendra Kadam
resume _jayendra Kadamresume _jayendra Kadam
resume _jayendra Kadam
 
Your Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the DatacenterYour Datacenter at risk? – Patching for the Datacenter
Your Datacenter at risk? – Patching for the Datacenter
 
SC Application Stack
SC Application StackSC Application Stack
SC Application Stack
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 

Similar to Selecting security fixes or workarounds effectively

Security as a New Metric for Your Business, Product and Development Lifecycle...
Security as a New Metric for Your Business, Product and Development Lifecycle...Security as a New Metric for Your Business, Product and Development Lifecycle...
Security as a New Metric for Your Business, Product and Development Lifecycle...IT Arena
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Bossrbrockway
 
2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a boss2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a bossrbrockway
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersDenim Group
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24
 
VRX_ Presentation 2023 (1).pptx
VRX_ Presentation 2023 (1).pptxVRX_ Presentation 2023 (1).pptx
VRX_ Presentation 2023 (1).pptxchannelnext21
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityLarry Ball
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsdrewz lin
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutionsguest609a5ed
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And SolutionsHannan Ahmed
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...Amazon Web Services
 

Similar to Selecting security fixes or workarounds effectively (20)

Security as a New Metric for Your Business, Product and Development Lifecycle...
Security as a New Metric for Your Business, Product and Development Lifecycle...Security as a New Metric for Your Business, Product and Development Lifecycle...
Security as a New Metric for Your Business, Product and Development Lifecycle...
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development Lifecycle
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
 
Website Security Service.pdf
Website Security Service.pdfWebsite Security Service.pdf
Website Security Service.pdf
 
Enterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A BossEnterprise Class Vulnerability Management Like A Boss
Enterprise Class Vulnerability Management Like A Boss
 
2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a boss2016 06 03_threat_mgmt like a boss
2016 06 03_threat_mgmt like a boss
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSA
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
 
VRX_ Presentation 2023 (1).pptx
VRX_ Presentation 2023 (1).pptxVRX_ Presentation 2023 (1).pptx
VRX_ Presentation 2023 (1).pptx
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application Security
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_edits
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
V-Empower Services And Solutions
V-Empower Services And SolutionsV-Empower Services And Solutions
V-Empower Services And Solutions
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
AWS Partner Webcast - Web App Security on AWS: How to Make Shared Security Wo...
 

Recently uploaded

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Selecting security fixes or workarounds effectively