Security Tests as Part of CI - Nir Koren, SAP - DevOpsDays Tel Aviv 2015

•

2 gefällt mir•655 views

DevOpsDays Tel Aviv

Security Tests as Part of CI - Nir Koren, SAP - DevOpsDays Tel Aviv 2015

Ignite Session
DevOpsDays TLV 2015

Nir Koren
DevOps Tech Lead, SAP Labs Israel
SECURITY TESTS
as part of
CONTINUOUS INTEGRATION

DevOps Tech Lead, SAP Labs Israel
WHOAMI
WHOAREWE
https://il.linkedin.com/in/nirkoren
https://www.facebook.com/koren.nir
@KorenNir
@nir_koren
SAP HANA Cloud Portal solution

FIXING A BUG COSTS
Coding Unit Test QA Testing Field Test Post release
25 $
16,000 $
1,000 $
AppliedSoftwareMeasurement,CapersJones1996

NORMALLY WE RUN
STATIC (MILESTONE) DYNAMIC (QUARTERLY)

DEV NEEDS
FAST FEEDBACK
TO BE AGILED
FREQUENT SCANS

WE PROVIDES
FULL AUTOMATION
REPORTS & NOTIFICATIONS
TRANSPERENCY

Identify the vulnerabilities
www.agilerecord.com
Define the important to be addressed

Transparency in Continuous Integration
www.agilerecord.com
Make sure everyone knows the status

Automated Processes
www.agilerecord.com
Find a way to automate everything you can

Automate reporting and notifications
www.agilerecord.com
Push relevant info automatically to all

SECURITY KEYPLAYERS
IBM AppScan
STATIC TOOLS DYNAMIC TOOLS

CheckMarx
AppScan
Fortify
RESULTS ANALYSIS
Build the Dev
Deploy AUT
Various Tests
EXPOSE DATASECURITYNIGHTLYSCM
IMPLEMENTATION

IBM AppScan implementation
Create a new scan Add your application URL Configure Policy and details
Live System
URL and
Login details
Predefined
scan policy
and scan
configuration

HP Fortify implementation
Create a new scan
On local server
Upload the FPR
To F360 server
Scan and Audit
On F360 server
Generate Reports
PDF and XML

implementation
Connect to my project
On my local server
Create a scan
On Cx Central server
CheckMarx Jenkins plugin
Scan and Upload
On my local server
Scan and report
On Cx Central server
Generate Reports
PDF and XML
bi-directional

HTTP XML Exposed to all

HTTP XML Exposed to all

The status contains links and info (internally developed)
Link to the PDF report
Relevant info from the scan
Status by our definition

Everyone knows the status. Always.
Both product and implementation teams are updated
New issues fixed immediately
We never spend time for security fixes
Security awareness in our group

Security Tests as Part of CI - Nir Koren, SAP - DevOpsDays Tel Aviv 2015

Weitere ähnliche Inhalte

Andere mochten auch

Graph Visualization - OWASP NYC Chapter

Graph Visualization - OWASP NYC Chapter

Graph Visualization - OWASP NYC Chapter

[ITAS.VN]CxSuite Enterprise Edition

[ITAS.VN]CxSuite Enterprise Edition

[ITAS.VN]CxSuite Enterprise Edition

This beginner’s guide to application security focuses on the main concepts and keywords used in the Application Security domain. From a secure software development lifecycle (SDLC) to the top threats facing applications and their impacts, this guide covers it all! This guide is divided into the following categories: -Code DevelopmentMethodologies -Code -Application SecuritySolutions -Common threats and their impacts

Application Security Guide for Beginners

Application Security Guide for Beginners

Application Security Guide for Beginners

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

Performing continuous security testing in a DevOps environment with short release cycles and a continuous delivery pipeline is a big challenge and the traditional secure SDLC model fails to deliver the desired results. DevOps understand the process of built, test and deploy. They have largely automated this process in a delivery pipeline, they deploy to production multiple times per day but the big challenge is how can they do this securely? This session will focus on a strategy to build an application security pipeline in Jenkins, challenges and possible solutions, also how existing application security solutions (SAST, DAST, IAST, OpenSource Libraries Analysis) are playing a key role in growing the relationship between security and DevOps.

Implementing an Application Security Pipeline in Jenkins

Implementing an Application Security Pipeline in Jenkins

Implementing an Application Security Pipeline in Jenkins

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

How to efficiently identify and remediate critical vulnerabilities in SAP and other Business Applications. Vulnerabilities in individual applications harbor enormous risks for companies because they can be exploited by hackers to gain access to the corporate network and critical IT infrastructure such as SAP systems. An effective approach to application security management therefore must take the entire application portfolio of a company into consideration. It must evaluate critical vulnerabilities uniform and must be capable to track their remediation, regardless of the programming language or the development environment used. This approach is facilitated by ThreadFix, an open source software offered by Denim Group. In our webinar APPLICATION SECURITY MANAGEMENT we show you: - How you can scan your SAP and other business applications automatically for critical vulnerabilities - How you can easily track the remediation of vulnerabilities with ThreadFix - How you can accomplish important security and quality milestones more easily in your projects

Application Security Management with ThreadFix

Application Security Management with ThreadFix

Application Security Management with ThreadFix

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

Happy New Year!

Happy New Year!

Happy New Year!

Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle. We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.

Bringing Security Testing to Development: How to Enable Developers to Act as ...

Bringing Security Testing to Development: How to Enable Developers to Act as ...

Bringing Security Testing to Development: How to Enable Developers to Act as ...

Achim D. Brucker

The development world has come to realize that the way we build applications opens the door to hackers. We are starting to realize that it is the code itself that is enabling the attacks. It’s the responsibility of the development team to build software that is inherently impervious to attack. Catching and dealing with security defects earlier in the development lifecycle is much more economical than dealing with them once the applications have been deployed.

A Successful SAST Tool Implementation

A Successful SAST Tool Implementation

A Successful SAST Tool Implementation

Andere mochten auch (11)

Graph Visualization - OWASP NYC Chapter

Graph Visualization - OWASP NYC Chapter

Graph Visualization - OWASP NYC Chapter

[ITAS.VN]CxSuite Enterprise Edition

[ITAS.VN]CxSuite Enterprise Edition

[ITAS.VN]CxSuite Enterprise Edition

Application Security Guide for Beginners

Application Security Guide for Beginners

Application Security Guide for Beginners

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

DevSecOps Singapore 2017 - Security in the Delivery Pipeline

Implementing an Application Security Pipeline in Jenkins

Implementing an Application Security Pipeline in Jenkins

Implementing an Application Security Pipeline in Jenkins

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Application Security Management with ThreadFix

Application Security Management with ThreadFix

Application Security Management with ThreadFix

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

Happy New Year!

Happy New Year!

Happy New Year!

Bringing Security Testing to Development: How to Enable Developers to Act as ...

Bringing Security Testing to Development: How to Enable Developers to Act as ...

Bringing Security Testing to Development: How to Enable Developers to Act as ...

A Successful SAST Tool Implementation

A Successful SAST Tool Implementation

A Successful SAST Tool Implementation

Ähnlich wie Security Tests as Part of CI - Nir Koren, SAP - DevOpsDays Tel Aviv 2015

Continuous Delivery is the state of being able to reliably and rapidly release applications at any time. Behind the scenes, however, this requires many tools working in concert, from test automation to application lifecycle management to release automation (and many others). Join this session to learn about the important Continuous Delivery integration points and how CA’s new solution can fit seamlessly into your practices—pushing actions and pulling the right data—to make your Continuous Delivery pipeline flow. For more information, please visit http://cainc.to/Nv2VOe

Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...

Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...

Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...

CA Technologies

Building and Delivering Software in a Faster and More Consistent Way

Building and Delivering Software in a Faster and More Consistent Way

Building and Delivering Software in a Faster and More Consistent Way

DevOps Indonesia

DevOps: The New Face Of Application Development - Global Azure Bootcamp

DevOps: The New Face Of Application Development - Global Azure Bootcamp

DevOps: The New Face Of Application Development - Global Azure Bootcamp

Richard Harbridge

The adoption of Agile is spreading across various industries, in organizations of all sizes. However, most experts agree that scaling Agile for enterprise use is a challenge. SAFe®, the Scaled Agile Framework, was created to resolve this problem. SAFe® provides a fully controlled way to adopt and scale Agile across large companies, and to align Agile processes to business strategy. The Scaled Agile Framework's latest edition 4.0 introduces the optional Value Stream level to synchronize all the Agile Release Trains, as well as other updates compared to SAFe® 3.0. Our webinar helps you to learn more about implementing enterprise Agile with the Scaled Agile Framework, and the differences between SAFe®'s previous versions and its recently released 4.0.

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

The adoption of Agile is spreading across various industries, in organizations of all sizes. However, most experts agree that scaling Agile for enterprise use is a challenge. SAFe®, the Scaled Agile Framework, was created to resolve this problem. SAFe® provides a fully controlled way to adopt and scale Agile across large companies, and to align Agile processes to business strategy. The Scaled Agile Framework's latest edition 4.0 introduces the optional Value Stream level to synchronize all the Agile Release Trains, as well as other updates compared to SAFe® 3.0. Our webinar helps you to learn more about implementing enterprise Agile with the Scaled Agile Framework, and the differences between SAFe®'s previous versions and its recently released 4.0.

SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework

SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework

SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework

Intland Software GmbH

Taking Release Management to the Next Level

Taking Release Management to the Next Level

Taking Release Management to the Next Level

Automating your release processes can help you deliver applications to market faster and more efficiently. An enterprise application release automation solution could also be a huge benefit with your PaaS-, SaaS- and cloud-based applications like Salesforce.com. Learn how the internal IT team at CA Technologies is using CA Release Automation with AWS Beanstalk and Saleforce.com to reduce software release cycles by four to five times while also reducing errors in the deployment process by 80%. For more information, please visit http://cainc.to/Nv2VOe

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...

CA Technologies

Join Danny McKeown, Paychex’s lead test enterprise automation architect, to see how a small tools group supports nearly one-hundred agile teams as they move toward achieving continuous delivery. Take part in the conversation to understand how Paychex is progressing in the third year of its agile transformation. Danny describes how this IT-wide initiative has impacted how the tools group supports so many teams and changed its own practices to provide more timely support. With the goal of increasing velocity, a solid automation strategy has become a powerful enabler. Danny describes how Paychex assesses progress with a maturity lens. Their always-evolving automation framework serves web and mobile team requirements. He shares an HTML5 mini-case study, describing how adopting responsive web changed practices. Embedding quality in multiple daily builds has not come without its challenges, and Danny describes the lessons learned and their next steps. This interactive session will encourage participants to share their experiences as well—so come ready!

Test Automation at the Speed of Agile: Making It Work Every Build

Test Automation at the Speed of Agile: Making It Work Every Build

Test Automation at the Speed of Agile: Making It Work Every Build

Transform Digital Business with DevOps

Transform Digital Business with DevOps

Transform Digital Business with DevOps

Making the leap to continuous delivery is precarious for any organization, but the concerns are greatly exacerbated when your organization services approximately 45 million bank accounts. Committed to maintaining flawless user experiences while accelerating release cadence, Capital One faced a daunting challenge as it transformed culture, processes, and technical infrastructure in its evolution to continuous delivery. Join this session with Capital One's Michael Bonamassa and Parasoft's Wayne Airole and learn from their insights on what DevTest changes are critical for responding to extreme digital disruption. Key takeaways: o The changing responsibilities of DevTest in a "continuous everything" world o What skill sets software testers need to ride the wave of digital transformation o How service virtualization and continuous testing measure the risk of a release candidate o How to evolve the culture and process to support continuous delivery o What technical infrastructure is required for real-time test automation and continuous delivery maturation For more information, go to: www.appdynamics.com

How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16

How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16

How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16

We will provide a high level introduction to DevOps at the enterprise level and how an enterprise can implement a useful and effective DevOps capability to support its software development efforts. We will cover the definition of DevOps, the DevOps Space, how an enterprise should get started with DevOps, Zivra’s “tried and true” DevOps framework, some of the strategic initiatives that will advance your DevOps capabilities, and more.

Scaling DevOps from Ground Zero to Enterprise

Scaling DevOps from Ground Zero to Enterprise

Scaling DevOps from Ground Zero to Enterprise

Rapise Overview Presentation (2021)

Rapise Overview Presentation (2021)

Rapise Overview Presentation (2021)

Success Factors for a Mature Microservices Implementation

Success Factors for a Mature Microservices Implementation

Success Factors for a Mature Microservices Implementation

“Serverless” can be defined as a couple simple things: 1 - It’s a programming model for structuring applications as functions and events (basically a manifestation of microservices). 2 - It’s a cloud business model, where use is billed by the function call instead of by the provisioned server, so apps only pay when they run and for how long they run, eliminating over-provisioning and typically reducing costs. In this talk, we’ll cover the what, why and how of serverless, and learn more about it through running code. Throughout the session, we’ll focus on how the serverless model is being leveraged in the real world - not just toy functions and demos. Legacy enterprise apps - which are typically monolithic, written by large teams of Java and .Net devs, and resembling a bit of a mud ball - are being shaved down to take advantage of serverless, and we’ll be sharing some early results from those efforts. We'll discuss examples of how Fortune 50 companies are building their serverless projects on the Kubernetes and Mesos clouds they have already deployed. Le terme “Serverless” a plusieurs significations: 1 - un modèle de programmation pour structurer les applications en tant que fonctions et événements (essentiellement une manifestation de microservices); et 2 - Il s'agit d'un modèle d'entreprise Cloud, où l'utilisation est facturée par l'appel de fonction plutôt que par le serveur provisionné, de sorte que les applications ne paient que lorsqu'elles fonctionnent et pour combien de temps elles courent, éliminant le sur-provisionnement et réduisant les coûts associés. Dans ce discours, nous allons couvrir le quoi, le pourquoi et comment de Serverless, et en savoir plus à ce sujet en exécutant le code. Nous nous concentrerons sur la façon dont le modèle Serverless est utilisé dans le monde réel - pas seulement les fonctions et démos. Les applications d'entreprise héritées - qui sont généralement monolithiques, écrites par de grandes équipes de développeurs Java et .Net et ressemblant à un peu une grande boule de boue - sont rasées pour profiter de Serverless, et nous partagerons des résultats préliminaires de ces efforts.

Serverless 101 in Montreal

Serverless 101 in Montreal

Serverless 101 in Montreal

Continuous Delivery the French Way – Dimitri Baeli

Continuous Delivery the French Way – Dimitri Baeli

Continuous Delivery the French Way – Dimitri Baeli

Agile Tour Beirut

Continuous Delivery Agile Tour Beirut 2015

Continuous Delivery Agile Tour Beirut 2015

Continuous Delivery Agile Tour Beirut 2015

Oracle Forms Performance Testing PushToTest TestMaker JAT

Oracle Forms Performance Testing PushToTest TestMaker JAT

Oracle Forms Performance Testing PushToTest TestMaker JAT

Great software applications are critical for modern businesses to run efficiently and meet the needs of customers. IT organizations are quickly evolving, placing a high priority on transforming critical business applications to support business requirements and drive corporate growth. Still, the future has more servers and more services that are more critical to the business and more complex to manage. In this new world, how do you bring simplicity to this kind of complexity? Join Puppet Labs as we discuss the key trends that will transform the future of business application delivery. You’ll also learn how Puppet Labs’ new Application Orchestration solution helps IT teams reduce the complexity of deploying and managing business-critical applications so you can get great software applications to customers faster than ever before. Presented by Nathan Rawlins, VP of Product, and Deepak Giridharagopal, Director of Development

Top Trends in Application Delivery Webinar 10.29.15

Top Trends in Application Delivery Webinar 10.29.15

Top Trends in Application Delivery Webinar 10.29.15

Forward5 Auxis VMware

Forward5 Auxis VMware

Forward5 Auxis VMware

Auxis Consulting & Outsourcing

Operationalize all the Network Things

Operationalize all the Network Things

Operationalize all the Network Things

Ähnlich wie Security Tests as Part of CI - Nir Koren, SAP - DevOpsDays Tel Aviv 2015 (20)

Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...

Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...

Tech Talk: Master Your Continuous Delivery Pipeline with a New Level of Orche...

Building and Delivering Software in a Faster and More Consistent Way

Building and Delivering Software in a Faster and More Consistent Way

Building and Delivering Software in a Faster and More Consistent Way

DevOps: The New Face Of Application Development - Global Azure Bootcamp

DevOps: The New Face Of Application Development - Global Azure Bootcamp

DevOps: The New Face Of Application Development - Global Azure Bootcamp

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

Sa fe 4.0 implementing Enterprise Agile using the Scaled Agile Framework

SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework

SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework

SAFe 4.0 - implementing Enterprise Agile using the Scaled Agile Framework

Taking Release Management to the Next Level

Taking Release Management to the Next Level

Taking Release Management to the Next Level

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...

Reduce Software Release Cycles by 4-5x with Application Release Automation fo...

Test Automation at the Speed of Agile: Making It Work Every Build

Test Automation at the Speed of Agile: Making It Work Every Build

Test Automation at the Speed of Agile: Making It Work Every Build

Transform Digital Business with DevOps

Transform Digital Business with DevOps

Transform Digital Business with DevOps

How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16

How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16

How CapitalOne Transformed DevTest or Continuous Delivery - AppSphere16

Scaling DevOps from Ground Zero to Enterprise

Scaling DevOps from Ground Zero to Enterprise

Scaling DevOps from Ground Zero to Enterprise

Rapise Overview Presentation (2021)

Rapise Overview Presentation (2021)

Rapise Overview Presentation (2021)

Success Factors for a Mature Microservices Implementation

Success Factors for a Mature Microservices Implementation

Success Factors for a Mature Microservices Implementation

Serverless 101 in Montreal

Serverless 101 in Montreal

Serverless 101 in Montreal

Continuous Delivery the French Way – Dimitri Baeli

Continuous Delivery the French Way – Dimitri Baeli

Continuous Delivery the French Way – Dimitri Baeli

Continuous Delivery Agile Tour Beirut 2015

Continuous Delivery Agile Tour Beirut 2015

Continuous Delivery Agile Tour Beirut 2015

Oracle Forms Performance Testing PushToTest TestMaker JAT

Oracle Forms Performance Testing PushToTest TestMaker JAT

Oracle Forms Performance Testing PushToTest TestMaker JAT

Top Trends in Application Delivery Webinar 10.29.15

Top Trends in Application Delivery Webinar 10.29.15

Top Trends in Application Delivery Webinar 10.29.15

Forward5 Auxis VMware

Forward5 Auxis VMware

Forward5 Auxis VMware

Operationalize all the Network Things

Operationalize all the Network Things

Operationalize all the Network Things

Mehr von DevOpsDays Tel Aviv

From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use. Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project. In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

DevOpsDays Tel Aviv

If you have never used GraphQL before, you probably think that it is just another buzzword that will be forgotten in a few years. You might think: “Why do I need to learn a new way to write APIs when REST already answers all my needs?”. Or, you are excited to learn something new but don’t believe GraphQL is mature enough for production. In this talk, I will remind you of some of the pain points you have probably experienced when using REST. I will then explain what GraphQL is and demonstrate how it solves these pain points. Next, I will discuss the disadvantages of GraphQL. Finally, I will provide some guidelines for choosing between REST and GraphQL. By the end of this talk, you will understand what GraphQL is and when to use it.

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

DevOpsDays Tel Aviv

“The International Space Station has been orbiting the Earth for over 20 years. It was not launched fully formed, as a monolith in space. Instead, it is built out of dozens of individual modules, each with a dedicated role - life support, engineering, science, commercial applications and more. Each module (or container) functions as a microservice, adding additional capabilities to the whole. Not only do the modules need to function together, delivering both functional and non-functional capabilities, they were designed, developed and built by different countries on Earth and once launched into space (deployed in multiple different ways), had to work together - perfectly. Despite the many (minor) reliability issues which have occurred over the decades, the ISS remains a highly reliable platform for cutting edge scientific and engineering research. In this session I will describe the way the space station was developed and the lessons Site Reliability and DevOps Engineers can learn from it.

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

DevOpsDays Tel Aviv

Have you ever felt you took every wrong turn possible in the process of mitigating a production incident? Did you go through a 3-hour hell during incident response and felt the incident wasn’t complex enough to justify the horrors you’ve experienced? Did it cause you to question your engineering or problem-solving skills? Well, it’s only partially you. Our brain is wired to make decision-making simpler. In doing so, it exposes itself to biases, heuristics, and other quirks that may seem like “bad decisions” in hindsight. In this talk, through real-life outages, we’ll project those psychological principles onto the world of production monitor, and incident management. As a responder, you’ll learn why those behavioral patterns emerge during production incidents and what can be done to limit their effect, and as a manager, you’ll learn how to enable and encourage a healthy environment to better support those patterns.

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

DevOpsDays Tel Aviv

The word observable entered the English language roughly 400 years ago, but the concepts of what it means to see, comprehend, and understand something have been debated since time immemorial. Starting in the 19th century, a series of postulates and criteria coalesced into control theory, and it is from this body of knowledge that we gained the word “observability”. Today, with the advent of complex, interconnected computer systems, that word has taken on new meanings and connotations—some useful, some detrimental, and some just plain confusing. In this talk, we’ll mix a little history, a touch of philosophy, and a healthy dose of reality, to demystify what observability means to us as professional computer people. We’ll tear through the marketing material and unearth foundational principles that will help us to build better infrastructure, write better software, and promote healthier business practices. Finally, we’ll explore some potential new avenues for discussion and understanding.

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

DevOpsDays Tel Aviv

Security people say users are the weakest link. But are they? When complying with security becomes too burdensome, users take shortcuts, find workarounds, and end up jeopardizing security. Blaming users is lazy and easy. Making security usable is time consuming and challenging. How does design research help us understand our customers? What patterns and principles drive secure behavior? How can we build empathy with customers and make the right thing to do the easiest thing to do? This session explores these questions, and provides examples of how design thinking and research can help us be more secure. We will walk through our creation of core user personas, design principles, and how these inform and direct our design choices and intent. Don’t blame your users anymore. Come learn how to be part of a future where usability leads security.

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

DevOpsDays Tel Aviv

This is for you, you rockstar, ninja coffee drinking workaholic who doesn’t know what a vacation day looks like. Even though you love your job and are dedicated and are super important, you need a break too. We tend to think that working all the time is an effective practice while the truth is that finding the time for self care and recharging your batteries is beneficial for both you and your company. Additionally, if you’re a leader, you’re responsible for the wellbeing of your team. In this talk I’ll discuss the importance of taking time off of work and creating a positive culture surrounding vacation time.

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

DevOpsDays Tel Aviv

This is a story about taking the cloud infrastructure of a successful company, that is still managed as infrastructure of a startup company, and rebuilding it to support the growing business requirements, especially around disaster recovery and business continuity. In the session I will share Next Insurance’s journey - where we started, where we are now and what we learned on the way so far. I will talk about how we managed to build our proven DR plans, and actually execute them in our DR drills. I will also talk about why we decided that the only way to prove your DR plan works is to continue running your business in the DR account and make it your production account, and go on to build your next DR account. If you are a part of a company that is about to embark on a similar journey, this session might equip you with some very useful insights on how to think about such a challenge, and some very useful and practical tips on how to execute it.

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

DevOpsDays Tel Aviv

CI/CD pipelines are quickly becoming the path of least resistance for would-be attackers into sensitive internal systems, gaining access to critical data, with minimal effort. In the InfoSec world when we talk about CI/CD security often times this focuses on specific aspects of securing your pipeline - scanning the code, protecting secrets, securely managing code deployments, or even authentication and authorization mechanisms, but we rarely talk about all of these together. After years of being in the trenches and realizing that the attack surface is growing and the threat landscape becoming more and more complex, it has become increasingly apparent that security teams need to adapt and modify strategies to keep up with the new reality of CI/CD protection, without compromising developer velocity. In this talk I would like to propose a new way of thinking about CI/CD security - that encompasses the three disciplines that comprise CI/CD security - security in the pipeline, of the pipeline, and around the pipeline. Partial coverage of any or all of these disciplines simply will not cut it with the continuously evolving risk landscape. Security engineers need to address each of these aspects in their entirety to provide the full scope of coverage that modern organizations need, and I will take a deep dive on the challenges each introduce, and the approaches and techniques for mitigating them based on adversarial sec research.

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

DevOpsDays Tel Aviv

The last two decades have been all about SaaS, with advantages that cannot be overstated. Except SaaS isn’t always an option, nor is it always the right choice: businesses in tightly regulated industries, or where information security is paramount, for example, will not - often can not - consider any software that isn’t under their control. For many software enterprises, this leads to the dreaded inevitability of on-premise deployment. Fortunately, the situation today is dramatically different to a scant few years ago, let alone a decade or two: the same technologies that enable SaaS have also radically transformed on-prem deployment. Modern tools like Docker, Consul, ELK and Kubernetes - to name a few - can be leveraged to completely transform the experience for both customers and vendors. In this talk we’ll contrast the challenges and advantages of SaaS and on-prem, see how things have evolved in recent history, and see how modern on-prem deployment can be, if not pleasurable, at least relatively painless.

THE PLEASURES OF ON-PREM, TOMER GABEL

THE PLEASURES OF ON-PREM, TOMER GABEL

THE PLEASURES OF ON-PREM, TOMER GABEL

DevOpsDays Tel Aviv

Configuration Management is at the core of Ops. It’s the biggest enabler of any compute operation, small and big. In the past decade, we have switched from thinking about the machines we are configuring, to think about the software and services we are controlling. With that change of mindset, so did the tools we are using. Traditional tools like Puppet, chef, salt and Ansible are slowly declining while new tools such as Terraform, Pulumi, Helm and Kustomize are on the rise. In this talk I will try to describe the pain-points and the opportunities of this transformation as well as suggesting a future direction based on tools developed at the big-tech companies (Mainly facebook and google).

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

DevOpsDays Tel Aviv

We all know how hard it is to find DevOps engineers, and creating a diverse team despite gender and ethnicity bias? Nearly impossible. At this talk we will show our tools and methods implemented in the Develeap hiring process that overcome this inherited bias. About 2 years ago we faced a crisis in our DevOps consulting company - the market demand was higher than we could supply. The traditional recruiting process depending on CV and artificial credentials was not working. So we came up with an alternative solution, and since then - we are growing exponentially and diversely. In this talk we will show the practical tools we deployed in order to increase our capacity, and we will show how these tools overcome the inherited bias in the process.

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

DevOpsDays Tel Aviv

Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors. With the increasing complexity of modern applications, continuous profiling methods and tools are gaining popularity among the Developer and Engineering communities. In this session, we cover what continuous profiling entails and why you should implement a profiler into your tech stack (if you haven’t done so already). We’ll then bring theory to practice and demonstrate a real-life scenario using gProfiler, a free open-source continuous profiling tool, covering Linux servers on multiple architectures (such as Graviton).

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

DevOpsDays Tel Aviv

“Being oncall sucks. But it doesn’t have to!” We all heard this one before. Why is it though, that oncall still remains the biggest scar for many? What can a modern Engineering org do to rein the oncall dragons, and actually help people grow as professionals as they go oncall? In this talk, I will present the main reasons why oncall is difficult in modern orgs, and describe ways to mitigate these hardships. The idea is that oncall is often the ‘backroom’ of an org, where all the technical and organizational debt take their toll. Be it unwieldy systems or broken processes between teams, oncall checks all the ‘weak boxes’. Therefore, the only way to win at oncall is to sort out your debts, starting with the organizational ones. I will dive into the detail of the oncall rotation at Snyk as the org scaled from 1 to 220 people, what worked well about it, and what was less than perfect. I will discuss the decisions made to turn oncall into a building block of the org, and show a path to rein oncall in your organization as well.

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

DevOpsDays Tel Aviv

Github Copilot and tools that help us code better are cool. But I’m lucky if I spend 90 minutes a day writing code. We really need to optimize the hours we spend reviewing code, updating tickets and tracing where our code is deployed. Learn how I save an hour a day streamlining non-coding tasks. This talk is unique because 99% of developer productivity tools and hacks are about coding faster, better, smarter. And yet the vast majority of our time is spent doing all of this other stuff. After I started focusing on optimizing the 10 hours I spend every day on non-coding tasks, I found I my productivity went up and my frustration at annoying stuff went way down. I cover how to save time by reducing cognitive load and by cutting menial, non-coding tasks that we have to perform 10-50 times every day. For example: Bug or hotfix comes through and you want to start working on it right away so you create a branch and start fixing. What you don’t do is create a Jira ticket but then later your boss/PM/CSM yells at your due to lack of visibility. I share how I automated ticket creation in Slack by correlating Github to Jira. You have 20 minutes until your next meeting and you open a pull request and start a review. But you get pulled away half way through and when you come back the next day you forgot everything and have to start over. Huge waste of time. I share an ML job I wrote that tells me how long the review will take so I can pick PRs that fit the amount of time I have. You build. You ship it. You own it. Great. But after I merge my code I never know where it actually is. Did the CI job fail? Is it release under feature flag? Did it just go GA to everyone? I share a bot I wrote that personally tells me where my code is in the pipeline after it leaves my hands so I can actually take full ownership without spending tons of time figuring out what code is in what release.

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

DevOpsDays Tel Aviv

Do you know what it feels like to navigate as someone who can’t distinguish between green and red - looking at those badges that tell you whether something is broken or a-okay? I’ll give you a quick look into what it feels like with some examples from the monitoring tool Icinga Web 2. We all tend to forget, that not everyone sees the world like we do. In this talk I’ll be walking you through different views in Icinga Web 2 with side-by-side comparisons for the default views and how different kinds of vision impairments affect those. The talks also features a few suggestions on how to improve colour schemes and making websites and webapps better to navigate with screen readers!

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

DevOpsDays Tel Aviv

Recent years have exposed startups to a major plague - cloud overspend. No vaccine appears to exist, plethora of tools and consultants fail to stop the bleeding. And yet, some companies manage to stay safe. What makes them different? Is it the tools? Is it the mindset? Is it developer training? In this session we will examine the cultural factors involved in sound and responsible financial management in the cloud. We will also look at relevant system design elements and product design elements which enable us to spend wisely while our business runs smoothly. Following this session, you should be better versed in cost-aware system design and some of the cultural and structural requirements to keeping your cloud bill low.

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

DevOpsDays Tel Aviv

In every development process there is the question, do we invest enough on quality? Do we need to invest more? Every team knows about the dilemma of how many tests is the right amount of tests we should write. Is 80% test coverage is good enough? Maybe 90%? 100%? Should we invest more time in unit testing? Are we wasting too much time on unit-testing? Should we invest time on a faster rollback mechanism? WIIFM “Without data, you’re just another person with an opinion” - W. Edwards Deming SLO Driven Development is a framework that helps the developers focus on impact and balance of every aspect of the dev process. When working currently with SLI, SLA, SLO and error budget you can learn where to invest in the development process. Let’s talk about the importance of good SLOs and how they can help us improve our day2day

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

DevOpsDays Tel Aviv

In this talk, I will share do's and don'ts on how to onboard successfully in a remote or hybrid setup including moving to a leadership role, speaking from my own journey onboarding remotely in the midst of a global pandemic. I will share the tips that worked for me for successful onboarding, how I was able to be productive, impactful, and make a good impression on others. The key issues as an “onbordee” that I will talk about are how to create relationships, make yourself visible in the company, time management, and more. Since I started working in Augury over 100 new employees have joined the company. Each month I give a session that is part of their general onboarding process. This became a crucial step due to the fact that we are now a hybrid company and a lot of people are onboarding remotely or in a hybrid setup for the first time in their lives. I joined the company as a backend developer and a few months into my role, the squad leader position in my squad was up for grabs and I was fortunate enough to grab it :) This is my first official leadership role, which I also needed to onboard into in a hybrid setup. I will share the process that I built for myself on “How to lead”. Also, a word or two on the process we built as a squad on how we work in a hybrid setup, what are we optimizing for when we do meet and how to include new members of the team.

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

DevOpsDays Tel Aviv

In your ever-changing Infrastructure, some changes are intentional while others are not. Drift is what happens whenever the real-world state of your infrastructure differs from the state defined in your configuration. This can happen for many reasons, sometimes it happens when adding or removing resources, other times when changing resource definitions upon resource termination or failure, and even when changes have been made manually or via other automation tools. While Terraform itself can detect drifts, in most cases, you will be informed about it too late: just before you are about to deploy new changes to your infrastructure. What’s interesting about Terraform though, is that you can apply changes in two separate and distinct steps of “Planning” and “Applying”. This means that you have full visibility of what Terraform is planning on doing beforehand, and if you are satisfied with the changes, you can choose to apply them. So how does this work? When something is changed intentionally, it will appear in the source code, and the Terraform plan will not do anything. However, if any part of the infrastructure has been changed manually, Terraform’s plan will identify this, and alert you to the change. In other words, if your IaC drifted from its expected state, then Terraform’s plan will, in fact, detect it. Applying this simple solution can empower DevOps and developer velocity, with the reassurance and context for unexpected changes in your IaC, in near real-time. This talk will showcase real-world examples, and practical ways to apply this in your production environments while doing so safely and at the pace of your engineering cycles.

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

DevOpsDays Tel Aviv

Mehr von DevOpsDays Tel Aviv (20)

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

GRAPHQL TO THE RES(T)CUE, ELLA SHARAKANSKI, Salto

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

MICROSERVICES ABOVE THE CLOUD - DESIGNING THE INTERNATIONAL SPACE STATION FOR...

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

THE (IR)RATIONAL INCIDENT RESPONSE: HOW PSYCHOLOGICAL BIASES AFFECT INCIDENT ...

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

PRINCIPLES OF OBSERVABILITY // DANIEL MAHER, DataDog

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

NUDGE AND SLUDGE: DRIVING SECURITY WITH DESIGN // J. WOLFGANG GOERLICH, Duo S...

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

(Ignite) TAKE A HIKE: PREVENTING BATTERY CORROSION - LEAH VOGEL, CHEGG

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

BUILDING A DR PLAN FOR YOUR CLOUD INFRASTRUCTURE FROM THE GROUND UP, MOSHE BE...

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

THE THREE DISCIPLINES OF CI/CD SECURITY, DANIEL KRIVELEVICH, Cider Security

THE PLEASURES OF ON-PREM, TOMER GABEL

THE PLEASURES OF ON-PREM, TOMER GABEL

THE PLEASURES OF ON-PREM, TOMER GABEL

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

CONFIGURATION MANAGEMENT IN THE CLOUD NATIVE ERA, SHAHAR MINTZ, EggPack

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

SOLVING THE DEVOPS CRISIS, ONE PERSON AT A TIME, CHRISTINA BABITSKI, Develeap

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

OPTIMIZING PERFORMANCE USING CONTINUOUS PRODUCTION PROFILING ,YONATAN GOLDSCH...

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

HOW TO SCALE YOUR ONCALL OPERATION, AND SURVIVE TO TELL, ANTON DRUKH

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

HOW TO OPTIMIZE NON-CODING TIME, ORI KEREN, LinearB

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

FLYING BLIND - ACCESSIBILITY IN MONITORING, FEU MOUREK, Icinga

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

(Ignite) WHAT'S BURNING THROUGH YOUR CLOUD BILL - GIL BAHAT, CIDER SECURITY

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

SLO DRIVEN DEVELOPMENT, ALON NATIV, Tomorrow.io

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

ONBOARDING IN LOCKDOWN, HILA FOX, Augury

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

DON'T PANIC: GETTING YOUR INFRASTRUCTURE DRIFT UNDER CONTROL, ERAN BIBI, Firefly

Kürzlich hochgeladen

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Principled Technologies

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Kürzlich hochgeladen (20)

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Artificial Intelligence: Facts and Myths

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Tech Trends Report 2024 Future Today Institute.pdf

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

Real Time Object Detection Using Open CV

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

Developing An App To Navigate The Roads of Brazil

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Security Tests as Part of CI - Nir Koren, SAP - DevOpsDays Tel Aviv 2015

1. Ignite Session DevOpsDays TLV 2015

2. Nir Koren DevOps Tech Lead, SAP Labs Israel SECURITY TESTS as part of CONTINUOUS INTEGRATION

3. DevOps Tech Lead, SAP Labs Israel WHOAMI WHOAREWE https://il.linkedin.com/in/nirkoren https://www.facebook.com/koren.nir @KorenNir @nir_koren SAP HANA Cloud Portal solution

4. FIXING A BUG COSTS Coding Unit Test QA Testing Field Test Post release 25 $ 16,000 $ 1,000 $ AppliedSoftwareMeasurement,CapersJones1996

5. NORMALLY WE RUN STATIC (MILESTONE) DYNAMIC (QUARTERLY)

6. DEV NEEDS FAST FEEDBACK TO BE AGILED FREQUENT SCANS

7. WE PROVIDES FULL AUTOMATION REPORTS & NOTIFICATIONS TRANSPERENCY

8. Identify the vulnerabilities www.agilerecord.com Define the important to be addressed

9. Transparency in Continuous Integration www.agilerecord.com Make sure everyone knows the status

10. Automated Processes www.agilerecord.com Find a way to automate everything you can

11. Automate reporting and notifications www.agilerecord.com Push relevant info automatically to all

12. SECURITY KEYPLAYERS IBM AppScan STATIC TOOLS DYNAMIC TOOLS

13. CheckMarx AppScan Fortify RESULTS ANALYSIS Build the Dev Deploy AUT Various Tests EXPOSE DATASECURITYNIGHTLYSCM IMPLEMENTATION

14. IBM AppScan implementation Create a new scan Add your application URL Configure Policy and details Live System URL and Login details Predefined scan policy and scan configuration

15. HP Fortify implementation Create a new scan On local server Upload the FPR To F360 server Scan and Audit On F360 server Generate Reports PDF and XML

16. implementation Connect to my project On my local server Create a scan On Cx Central server CheckMarx Jenkins plugin Scan and Upload On my local server Scan and report On Cx Central server Generate Reports PDF and XML bi-directional

17. HTTP XML Exposed to all

18. HTTP XML Exposed to all

19. The status contains links and info (internally developed) Link to the PDF report Relevant info from the scan Status by our definition

20. Everyone knows the status. Always. Both product and implementation teams are updated New issues fixed immediately We never spend time for security fixes Security awareness in our group