Practical DevSecOps - Arief Karfianto

•

1 gefällt mir•929 views

Practical DevSecOps

Practical DevSecOps
Arief Karfianto
IDSECCONF 2018

Agenda
• Background (15')
• DevSecOps in Action (15')
• Question and Answer (15')

Who am I?
Arief Karfianto
Information System Analyst
System Administrator
QA Engineer
App Designer
Web Developer

Where am I working?

Development Life Cycle
V1 V3
• Email
• FTP
V2
– No Code Versioning
– No Development Env
– No Automation

Development Life Cycle
• Code Repository
• Development Server
• Scheduled Sync*
(DevOps)
V1 V2 V3
– No Automated Security
Testing
– Prod-Dev Difference
problems

Development Life Cycle
• Code Versioning
• Continuous Integration
• Automated Security Analysis
(DevSecOps)
V1 V2 V3

Competing Forces
Business
Development Security Operations
Build it
Faster! Make it
Secure!
Keep it
Stable!

Why Automation?
Reduce risk of human error
• Automation is effective
• Automation is reliable
• Automation is scalable

What is DevOps?
Culture Practice Tools
People Process Technology

Collaborative Work
Business
Development Security Operations
Build it faster, make it
secure and stable!

Collaborative Work
ü Continuous Communication
ü Continuous Feedback
ü Continuous Requirement
ü Continuous Fixes
§ Secure Coding (e.g.OWASP)
§ Coding Standard (e.g. PSR)
§ Release Management

What is DevSecOps?
1. Code Repository
2. Runner
3. Code Scanner
Push a new commit
to a branch
trigger
Dev Server
deploy to
Automated Testing and Deployment
Code Scanning
Script
Deployment
Script

GitLab CI Configuration (.gitlab-ci.yml)
stages:
- scan
- deploy
code_analysis:
stage: scan
image: docker-image-name
script:
- script_1
only:
- develop
deploy_to_dev:
stage: deploy
image: docker-image-name
script:
- script_2
only:
- develop

Architecture

DevSecOps in Action

Lessons Learned
• Some security vulnerabilities can be detected by suitable
tools
• Non-standard coding styles can be detected by the code
analyzer
• There can be a high rate of false positive detection
• The deployment process is quick
• It is important to combine the static analysis with dynamic
testing as some vulnerabilities are not easily detected through
the code analysis

Thank You!
@karfianto
blog.ictlab.org
au.linkedin.com/karfi

Weitere ähnliche Inhalte

Was ist angesagt?

Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture. Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services

Implementing DevSecOps

Implementing DevSecOps

Implementing DevSecOps

Amazon Web Services

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

DevSecOps reference architectures 2018

DevSecOps reference architectures 2018

DevSecOps reference architectures 2018

DevSecOps: Taking a DevOps Approach to Security

DevSecOps: Taking a DevOps Approach to Security

DevSecOps: Taking a DevOps Approach to Security

2019 DevSecOps Reference Architectures

2019 DevSecOps Reference Architectures

2019 DevSecOps Reference Architectures

Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations. This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.

DevSecOps 101

Narudom Roongsiriwong, CISSP

DevSecOps - The big picture

DevSecOps - The big picture

DevSecOps - The big picture

Stefan Streichsbier

DevSecOps is a recent offshoot of the DevOps movement, which doubles down on the importance of security. As security continues to be downplayed or ignored even as the threat landscape explodes, DevSecOps promotes a set of well-developed design principles and engineering patterns which involve security owners and product designers much earlier. DevSecOps lays out a robust and practical blueprint for building security features into the design process, leveraging new engineering tools and patterns and creating a secure, defensible software right from the start. Join Chris Knotts, Innovation Product Director at Cprime, to: - Learn how the concept of "shifting left" applies to application security and how to prioritize security requirements earlier in the design process - Get an introduction to a few of the most effective engineering tools for implementing DevSecOps, including popular code scanners, dependency checkers, and free open-source products - Understand how progress with DevSecOps depends on roles and stakeholders outside of just security staff

The What, Why, and How of DevSecOps

The What, Why, and How of DevSecOps

The What, Why, and How of DevSecOps

In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities. Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey. He will cover DevSecOps challenges he has faced and how he converted them into opportunities. He will cover the following as part of the session. DevSecOps Challenges. DevSecOps Opportunities. Converting Challenges into Opportunities. Quick wins and lessons learned. … and more useful takeaways!

[DevSecOps Live] DevSecOps: Challenges and Opportunities

[DevSecOps Live] DevSecOps: Challenges and Opportunities

[DevSecOps Live] DevSecOps: Challenges and Opportunities

Mohammed A. Imran

DevSecOps

Link to Youtube video: https://youtu.be/-awH_CC4DLo You can contact me at abhimanyu.bhogwan@gmail.com My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/ Basic Introduction to DevSecOps concept Why What and How for DevSecOps Basic intro for Threat Modeling Basic Intro for Security Champions 3 pillars of DevSecOps 6 important components of a DevSecOps approach DevSecOps Security Best Practices How to integrate security in CI/CD pipeline

Introduction to DevSecOps

Introduction to DevSecOps

Introduction to DevSecOps

abhimanyubhogwan

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevOps to DevSecOps Journey..

DevOps to DevSecOps Journey..

DevOps to DevSecOps Journey..

Siddharth Joshi

DevSecOps

DevSecOps means considering application and infrastructure security from the beginning. This also means automating some security doors to prevent the DevOps workflow from slowing down. The goal of DevSecOps (development, security, and operations) is to make everyone responsible for security, with the main target on implementing security decisions and actions at an equivalent scale and speed as development and operations decisions and actions. Implementing DevSecOps are often an elaborate process for a corporation , but well worthwhile when considering the advantages . Implementation usually includes the subsequent stages: Planning and development Building and testing Deployment and operation Monitoring and scaling Tonex's DevSecOps Training Bootcamp DevSecOps training Bootcamp is a practical DevSecOps course, participants can acquire in-depth knowledge and skills to apply, implement and improve IT security in modern DevOps. Participants understand DevOps and DevSecOps to take full advantage of the agility and responsiveness of the secure DevOps method, IT security on SDLC, and the entire life cycle of the application. DevSecOps Training Bootcamp focuses on: Concepts Principles Processes Policies Guidelines Mitigation Applied Risk Management Framework (RMF) Technical Skills Audience: Security Staff IT Leadership IT Infrastructure CIOs / CTOs /CSO Configuration Managers Developers and Application Team Members and Leads IT Operations Staff IT Project & Program Managers Product Owners and Managers Release Engineers Agile Staff and ScrumMasters Software Developers Software Team Leads System Admin Training Objectives: Identify and explain the phases of the DevOps life cycle Define the roles and responsibilities that support the DevOps environment Describe the security components of DevOps and determine its risk principles Analyze, evaluate and automate DevOps application security across SDLC Identify and explain the characteristics required to meet the definition of DevOps computing security Discuss strategies for maintaining DevOps methods Perform gap analysis between DevOps security benchmarks and industry standard best practices Evaluate and implement the safety controls necessary to make sure confidentiality, integrity and availability (CIA) in DevOps environments Perform risk assessments of existing and proposed DevOps environments Integrate RMF with DevOps Explain the role of encryption in protecting data and specific strategies for key management And more. Course Content: DevOps vs. DevSecOps DevOps Security Requirements DevOps Typical Security Activities Tools for Securing DevOps Principles Behind DevSecOps DevSecOps and Application Security How to DevSecOps DevSecOps Maturity RMF, DevOps and DevSecOps For More Information: https://www.tonex.com/training-courses/devsecops-training-bootcamp/

DevSecOps Training Bootcamp - A Practical DevSecOps Course

DevSecOps Training Bootcamp - A Practical DevSecOps Course

DevSecOps Training Bootcamp - A Practical DevSecOps Course

Pentest is yesterday, DevSecOps is tomorrow

Pentest is yesterday, DevSecOps is tomorrow

Pentest is yesterday, DevSecOps is tomorrow

Amien Harisen Rosyandino

DEVSECOPS.pptx

MohammadSaif904342

DevSecOps

DevSecOps Singapore introduction

DevSecOps Singapore introduction

DevSecOps Singapore introduction

Stefan Streichsbier

DevSecOps | DevOps Sec

DevSecOps | DevOps Sec

DevSecOps | DevOps Sec

Was ist angesagt? (20)

Implementing DevSecOps

Implementing DevSecOps

Implementing DevSecOps

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

DEVSECOPS: Coding DevSecOps journey

DevSecOps reference architectures 2018

DevSecOps reference architectures 2018

DevSecOps reference architectures 2018

DevSecOps: Taking a DevOps Approach to Security

DevSecOps: Taking a DevOps Approach to Security

DevSecOps: Taking a DevOps Approach to Security

2019 DevSecOps Reference Architectures

2019 DevSecOps Reference Architectures

2019 DevSecOps Reference Architectures

DevSecOps 101

DevSecOps - The big picture

DevSecOps - The big picture

DevSecOps - The big picture

The What, Why, and How of DevSecOps

The What, Why, and How of DevSecOps

The What, Why, and How of DevSecOps

[DevSecOps Live] DevSecOps: Challenges and Opportunities

[DevSecOps Live] DevSecOps: Challenges and Opportunities

[DevSecOps Live] DevSecOps: Challenges and Opportunities

DevSecOps

Introduction to DevSecOps

Introduction to DevSecOps

Introduction to DevSecOps

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

DevOps to DevSecOps Journey..

DevOps to DevSecOps Journey..

DevOps to DevSecOps Journey..

DevSecOps

DevSecOps Training Bootcamp - A Practical DevSecOps Course

DevSecOps Training Bootcamp - A Practical DevSecOps Course

DevSecOps Training Bootcamp - A Practical DevSecOps Course

Pentest is yesterday, DevSecOps is tomorrow

Pentest is yesterday, DevSecOps is tomorrow

Pentest is yesterday, DevSecOps is tomorrow

DEVSECOPS.pptx

DevSecOps

DevSecOps Singapore introduction

DevSecOps Singapore introduction

DevSecOps Singapore introduction

DevSecOps | DevOps Sec

DevSecOps | DevOps Sec

DevSecOps | DevOps Sec

Ähnlich wie Practical DevSecOps - Arief Karfianto

Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini. Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka. Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

Experience Credentials

Experience Credentials

Experience Credentials

Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW

As part of key IT initiatives to improve customer experience, reduce IT costs, ensure compliance and increase reliability, Akbank took on an audacious project to apply DevOps principles and an Agile approach as standard across all of the bank's applications, including customer-facing, branch infrastructure, multi-channel architecture and mainframe areas. Building a tool chain that covers project initiation through to deployment in production in such a complex environment is a challenging task. Akbank chose to link its existing toolset using CA Release Automation as a Continuous Delivery backbone, with CA Harvest and CA Endevor to manage source code, build and package tasks. This session will explore the vision to improve the development cycle, as well as the requirements for the project, and ultimately the benefits being realized. For more information, please visit http://cainc.to/Nv2VOe

Applying DevOps from the Mobile to the Mainframe

Applying DevOps from the Mobile to the Mainframe

Applying DevOps from the Mobile to the Mainframe

CA Technologies

Succeeding-Marriage-Cybersecurity-DevOps final

Succeeding-Marriage-Cybersecurity-DevOps final

Succeeding-Marriage-Cybersecurity-DevOps final

Integrating DevOps and ITSM for agility in action_v1

Integrating DevOps and ITSM for agility in action_v1

Integrating DevOps and ITSM for agility in action_v1

This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle.   The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.

Threat Modeling All Day!

Threat Modeling All Day!

Threat Modeling All Day!

Career in IT - HMTIF UB Platform 2014

Career in IT - HMTIF UB Platform 2014

Career in IT - HMTIF UB Platform 2014

Eryk Budi Pratama

Cyber Scotland Connect: What is Security Engineering?

Cyber Scotland Connect: What is Security Engineering?

Cyber Scotland Connect: What is Security Engineering?

DevOps & DevSecOps in Swiss Banking

DevOps & DevSecOps in Swiss Banking

DevOps & DevSecOps in Swiss Banking

Remember the old days when software engineering teams used to tune software until it passed quality gates, gave golden bits to marketing, and finally threw a big release party? The world was simple, and writing code that worked according to a specification was enough to be a star developer. Viktor Veis says that world has changed. Software now often dials back home to record information about its usage and health. This telemetry flows back to engineering teams who are accountable for making sense out of this data. This is a fundamental shift in the software engineer role. Teams who can leverage data-driven engineering will delight customers by learning more about customers than they know about themselves. Teams who ignore data-driven engineering will continue based on assumptions and eventually lose competitive nerve. Join Viktor to learn how to start data-driven engineering today. Discover a practical approach that sometimes deviates from classical data science but is easy to learn and apply.

Data-Driven Software Engineering for Agile Teams

Data-Driven Software Engineering for Agile Teams

Data-Driven Software Engineering for Agile Teams

Bill curtis Beyond process - a challenge for SEPGs

Bill curtis Beyond process - a challenge for SEPGs

Bill curtis Beyond process - a challenge for SEPGs

Software Analytics: Data Analytics for Software Engineering and Security

Software Analytics: Data Analytics for Software Engineering and Security

Software Analytics: Data Analytics for Software Engineering and Security

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

Cascnet technologies service offerings

Cascnet technologies service offerings

Cascnet technologies service offerings

CascnetTechnologies

About Tekmonks. Products and services we offer. Founded to address the disparity of software access between small businesses and conglomerates, TekMonks’ vision has been to provide superior software to any size organization. Our focus and dedication (and love of AI) has since been poured into developing software in every category from enterprise integration, robotic process automation, AIOPs, unparalleled cybersecurity & even a plug and play chatbot. This unwavering passion for development has led to the creation of the amazing products of tomorrow, today.

About Tekmonks

Mainstream Development - the best software developers for you and us

Mainstream Development - the best software developers for you and us

Mainstream Development - the best software developers for you and us

Irena Ruzhanskaya

Skill_Level_ Strider

Skill_Level_ Strider

Skill_Level_ Strider

LSG Intro

21.06.2017 - KYOS Breakfast Event

21.06.2017 - KYOS Breakfast Event

21.06.2017 - KYOS Breakfast Event

Presentation by Shannon Lietz Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t? Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path. Software needs to be awesome, resilient, available and “secure”, but Security has long been a big roadblock to fast deployments and software improvement. What if it wasn’t? Continuous delivery requires operational functions to shift left and for an iterative approach to be taken. Security has not been easy to shift left and taking an iterative approach requires everyone to take responsibility. With a continuos security approach and everyone in the Software Supply Chain taking on the tasks of including security, its possible to achieve Rugged Software. This talk aims to provide a journey towards this approach and provide the path.

2016 - Safely Removing the Last Roadblock to Continuous Delivery

2016 - Safely Removing the Last Roadblock to Continuous Delivery

2016 - Safely Removing the Last Roadblock to Continuous Delivery

devopsdaysaustin

Ähnlich wie Practical DevSecOps - Arief Karfianto (20)

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

TechTalk 2021: Peran IT Security dalam Penerapan DevOps

Experience Credentials

Experience Credentials

Experience Credentials

Applying DevOps from the Mobile to the Mainframe

Applying DevOps from the Mobile to the Mainframe

Applying DevOps from the Mobile to the Mainframe

Succeeding-Marriage-Cybersecurity-DevOps final

Succeeding-Marriage-Cybersecurity-DevOps final

Succeeding-Marriage-Cybersecurity-DevOps final

Integrating DevOps and ITSM for agility in action_v1

Integrating DevOps and ITSM for agility in action_v1

Integrating DevOps and ITSM for agility in action_v1

Threat Modeling All Day!

Threat Modeling All Day!

Threat Modeling All Day!

Career in IT - HMTIF UB Platform 2014

Career in IT - HMTIF UB Platform 2014

Career in IT - HMTIF UB Platform 2014

Cyber Scotland Connect: What is Security Engineering?

Cyber Scotland Connect: What is Security Engineering?

Cyber Scotland Connect: What is Security Engineering?

DevOps & DevSecOps in Swiss Banking

DevOps & DevSecOps in Swiss Banking

DevOps & DevSecOps in Swiss Banking

Data-Driven Software Engineering for Agile Teams

Data-Driven Software Engineering for Agile Teams

Data-Driven Software Engineering for Agile Teams

Bill curtis Beyond process - a challenge for SEPGs

Bill curtis Beyond process - a challenge for SEPGs

Bill curtis Beyond process - a challenge for SEPGs

Software Analytics: Data Analytics for Software Engineering and Security

Software Analytics: Data Analytics for Software Engineering and Security

Software Analytics: Data Analytics for Software Engineering and Security

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

Continuous Compliance and DevSecOps

Cascnet technologies service offerings

Cascnet technologies service offerings

Cascnet technologies service offerings

About Tekmonks

Mainstream Development - the best software developers for you and us

Mainstream Development - the best software developers for you and us

Mainstream Development - the best software developers for you and us

Skill_Level_ Strider

Skill_Level_ Strider

Skill_Level_ Strider

LSG Intro

21.06.2017 - KYOS Breakfast Event

21.06.2017 - KYOS Breakfast Event

21.06.2017 - KYOS Breakfast Event

2016 - Safely Removing the Last Roadblock to Continuous Delivery

2016 - Safely Removing the Last Roadblock to Continuous Delivery

2016 - Safely Removing the Last Roadblock to Continuous Delivery

Mehr von idsecconf

Cloud Managed Router merupakan hasil dari kombinasi antara perangkat router konvensional dengan teknologi cloud management, yang dikembangkan agar memudahkan pengguna untuk dapat mengatur perangkat router dari jarak jauh. Namun tentu saja dengan penerapan yang kurang tepat, maka hal ini bisa dimanfaatkan oleh orang yang tidak bertanggung jawab, bahkan dapat beresiko akses perangkat router diambil alih. Pada topik ini saya akan sedikit menceritakan bagaimana resiko tersebut bisa terjadi.

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

Kesiapan infrastruktur terkadang menjadi kendala dalam melaksanakan red team exercise secara internal. Guna memperoleh hasil yang optimal terdapat beberapa strong points yang perlu diadopsi dalam pengembangan infrastruktur yakni rapid deployment, stealth, dan scalability. Melalui Infrastructure as code (IaC) yang dapat mendukung proses automation infrastruktur red team, operator dapat mereduksi waktu deployment dengan komponen yang bersifat disposable per engagement. Infrastruktur terbagi menjadi 4 segmen yakni segmen network memanfaatkan WireGuard yang disederhanakan melalui Headscale “Zero Config”. Segmen C2 dan Segmen Phishing merupakan core sections. Segmen SIEM bertujuan mengagregasi dan memproses log dari berbagai komponen seperti reverse proxy pada redirector ataupun C2 server. Manajemen multi-cloud environment memanfaatkan Terraform dengan provisioning yang di-handle menggunakan Ansible. Python sebagai wrapper kedua platform sehingga penggunaan tetap sederhana. Operator dapat secara fleksibel mendeskripsikan segmen yang hendak di deploy melalui sebuah YAML file.

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

Dalam dunia keamanan siber, sinergi antara berbagai proses memiliki peran yang sangat penting. Salah satu proses atau framework yang tengah menjadi sorotan dan menarik perhatian luas adalah Detection Engineering. Proses Detection Engineering ini bertujuan untuk meningkatkan struktur dan pengorganisasian dalam pembuatan detection use case atau rules di Security Operation Center (SOC). Detection Engineering bisa dikatakan masih baru dalam dunia keamanan siber, sehingga terdapat banyak peluang untuk membuat keseluruhan prosesnya menjadi lebih baik. Salah satu hal yang masih terlupakan adalah integrasi antara proses Detection Engineering dan Threat Modeling. Biasanya, Threat Modeling lebih berfokus pada solusi pencegahan dan mitigasi resiko secara langsung dan melupakanan komponen deteksi ketika pencegahan dan mitigasi tersebut gagal dalam menjalankan fungsinya. Dalam makalah ini, kami memperkenalkan paradigma baru dengan mengintegrasikan Detection Engineering ke dalam proses Threat Modeling. Pendekatan ini menjadikan Detection sebagai langkah proaktif tambahan, yang dapat menjadi lapisan pertahanan ekstra ketika kontrol pencegahan dan mitigasi akhirnya gagal dalam menghadapi ancaman sesungguhnya.

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

Smart doorbell atau bel pintar telah menjadi populer dalam sistem keamanan rumah pintar. Namun, banyak dari perangkat ini masih menggunakan protokol yang tidak aman untuk berkomunikasi, protokol yang rentan terhadap serangan keamanan seperti jamming, sniffing dan replay attack. Penelitian ini bertujuan untuk menganalisis kelemahan penggunaan protokol komunikasi pada smart doorbell, serta menginvestigasi potensi pemanfaatan Software Defined Radio (SDR) dan modul arduino dalam mengamati komunikasi gelombang elektronik pada frekuensi 433 MHz. Selain itu penelitian ini ditujukan untuk mengidentifikasi potensi risiko yang dihadapi oleh pengguna pengkat IoT, serta memberikan pandangan tentang perlindungan yang lebih baik.

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

Modern organizations are facing the severe challenge of effectively countering threats and mitigating Indicators of Compromise (IOCs) within their network environments. The increasing complexity and volume of cyber threats has highlighted the urgency of building robust mechanisms to block specific IOCs independently. While some organizations have adopted Endpoint Detection and Response (EDR) systems, these solutions often have limitations and require manual processes to collect and examine IOCs from multiple sources. These operational barriers prevent organizations from achieving a proactive and efficient defense posture, an obstacle that is particularly important due to the critical role that IOC blocking plays in containing the spread of threats and limiting potential damage. Hence, the need for a solution that orchestrates automated IOC blocking, utilizing tools such as AlienVault Open Threat Exchange (OTX), VirusTotal, CrowdStrike, and Slack. In this presentation, we examine the importance of automated IOC blocking and its potential to strengthen network security, while highlighting the critical role that these tools play in mitigating evolving cyber threats.

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Semakin berkembangnya teknologi di aplikasi Desktop terdapat celah keamanan yang dapat menyebabkan dampak langsung atau tidak langsung pada kerahasiaan, Integritas Data yang di bangun menggunakan Framework dari Electron khusus nya aplikasi Desktop di Sistem Operasi MAC. Dalam materi yang di persentasikan akan membahas celah keamanan Security Misconfiguration,RCE,Code Injection, Bypass File Quarantine dan juga bagaiman cara intercept Aplikasi Electron Desktop di system operasi macOS

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Amazon Web Service (AWS) menjadi pemain besar dalam industri provider cloud, AWS menawarkan berbagai macam layanan yang mempermudah pengguna untuk operasional dan manajemen administrasi cloud computing. Dengan banyaknya layanan yang disediakan oleh Amazon Web Service membuat pengguna lupa akan keamanan dari service yang digunakan, karena bukan hanya Simple Storage Service (S3) saja yang bisa secara tidak sengaja mengekspos data sentitif seperti kredensial Database, SSH Private Key, Source code aplikasi atau bahkan data pribadi lain yang bersifat rahasia. Terdapat banyak service yang secara tidak sengaja terekspos ke public seperti EBS Snapshot, RDS Snapshot, SSM Document, SNS topic dan sebagainya. Malicious Actor bisa memanfaatkan Public shared atau exposed untuk melakukan Initial Access ke lingkungan Amazon Web Service pengguna lalu melakukan eksfiltrasi data internal yang rahasia.

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Near Field Communication (NFC) saat ini adalah teknologi yang umumnya di gunakan untuk media pembayaran serta akses kontrol untuk keamanan ruangan dan gedung. Tidak terbatas untuk hal itu saja, teknologi NFC juga kerap di implementasikan untuk perangkat IoT. Beberapa perangkat menggunakan NFC tag untuk menyimpan informasi guna sinkronisasi dengan perangkat smartphone. Penggunaan teknologi NFC awalnya dianggap aman karna mengharuskan alat baca dengan tag berada dalam poisisi yang sangat dekat. Sehingga dianggap sulit untuk melakukan penyadapan informasinya. Seiring waktu banyak penilitian mengungkapkan bahwa komunikasi ISO 1443-3 ini bisa di intip dan di terjemahkan ke dalam bentuk perintah serta respon aslinya. Proxmark3 adalah salah satu alat yang dikembangkan untuk keperluan tersebut. Namun ada kondisi dimana perangkat proxmark tidak dapat di fungsikan maksimal lantaran berkurangnya sensititifitas pembaca dan tag ketika ada objek berada diantara keduanya. Di paper ini saya ingin menyajikan hasil penelitian saya tentang penggunaan Dynamic Instrumentation Frida untuk memantau penggunaan modul java nfc dalam platform Android dan menggunakannya untuk melakukan lockpicking pada gembok pintar berbasis NFC.

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

This paper is a documentation of proposed security management for Electronic Health Records which includes security planning and policy, security program, risk management, and protection mechanism. Planning and policy are developed to provide a basic principle of security management at a hospital. The security program in this document includes Risk-Adaptable Access Control (RAdAC) and the implementation of security education, training and awareness (SETA). Regarding risk management, we perform risk identification, inventory of assets, information assets classification, and information assets value assessment, threat identification, and vulnerability assessment. For protection mechanism, we propose biometrics and signature as the authentication methods. The use of firewalls, intrusion detection system and encrypted data transmission is also suggested for securing data, application and network.

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Pelanggaran privasi merupakan suatu hal yang sering ditemui dewasa ini. Salah satu penyebab pelanggaran privasi adalah adanya data privat milik pengguna yang dikirimkan pada server milik aplikasi tanpa seizin pengguna atau adanya pengumpulan data tertentu tanpa izin. Pada penelitian ini, kami menganalisis aplikasi-aplikasi yang didapatkan dari Google Play Store Indonesia untuk dicari apakah ada data privat milik pengguna yang dilanggar privasinya. Penelitian ini menggunakan tiga jenis metode yang utamanya berbasis static analysis; pendekatan reverse-engineering dengan static analysis untuk melihat apakah ada data yang berpotensi mengganggu privasi pengguna, analisis perizinan dan tracker yang dimiliki oleh aplikasi untuk melihat apakah perizinan dan tracker yang dimiliki oleh aplikasi memang tepat sesuai dengan use-case dari aplikasi tersebut, dan analisis regulasi data dengan mengambil data mengenai keamanan data yang diberikan developer ke Google Play Store. Hasil studi menunjukkan bahwa ada beberapa aplikasi yang memang mengambil data privat pengguna yang tidak relevan dengan use-case aplikasi dan mengirimnya ke server milik aplikasi dan pihak ketiga

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Cloud service is often part of broader strategic initiatives, principally digital transformation (DX) and cloud-first. Despite the continued rapid adoption of cloud services, security remains a crucial issue for cloud users. A majority of organizations confirm they are at least moderately concerned about cloud security. However, there is still a gap between using the cloud and the implementation of cloud security by organizations, so retains the rate of cloud crime high. Eliminating or narrowing the gap is necessary so that organizations can continue to take advantage of the cloud securely. Understanding cloud crime would aid in both cloud crime prevention and protection. The purpose of this presentation is to identify how cloud security incidents can occur from both attacker and victim sides. Organizations can use this presentation's results as a reference to develop or improve cloud security programs and eliminate or narrow the gap between cloud utilization and cloud security implementation.

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Organization using Adversary Emulation plan to develop an attack emulation and/or simulation and execute it against enterprise infrastructure. These activities leverage real-world attacks and TTPs by Threat Actor, so you can identify and finding the gaps in your defense before the real adversary attacking your infrastructure. Adversary Emulation also help security team to get more visibility into their environment. Performing Adversary Emulation continuously to strengthen and improve your defense over the time.

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

React Native merupakan framework yang digunakan untuk membuat aplikasi mobile baik itu Android maupun IOS (multi platform). Framework ini memungkinkan developer untuk membuat aplikasi untuk berbagai platform dengan menggunakan basis kode yang sama, yaitu JavaScript. Dikarenakan aplikasi ini berbasis JavaScript (client side), banyak developer yang tidak memperhatikan celah keamanan pada aplikasi. Terdapat berbagai macam celah keamanan meliputi client side dan server side. Presentasi ini memuat pengalaman saya dalam menemukan celah keamanan pada saat melakukan Penetration Testing pada aplikasi mobile berbasis React Native

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Pandemi covid-19 melonjak pada gelombang ke-2 di. Untuk mengantisipasi itu pemerintah membagikan oximeter ke puskesmas. Oximeter yang ada dipasaran mengharuskan tenaga kesehatan untuk kontak langsung dengan pasien. Dengan menggunakan Hacked Oxymeter ini dapat mengurangi intensitas bertemu dengan pasien dan mengurangi resiko terpapar covid-19. Secara metodologi, hacking oximeter ini membaca output komunikasi serial pada alat oximeter untuk kemudian diolah oleh mikrokontroler dan dikirim ke MQTT broker untuk diteruskan ke klien yang membutuhkan. Alat ini digunakan oleh pasien yang sedang isoman di hotel, fasilitas Kesehatan atau rumah sakit darurat/lapangan

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Proses DevSecOps saat ini banyak digunakan dikalangan industri yang membutuhkan kecepatan baik dalam pengembangan maupun implementasi. Setiap tahapan pada pipeline DevSecOps merupakan tahapan yang harus diperhatikan dan masuk kedalam pantauan SOC (Security Operation Center). Untuk itu diperlukan kemampuan SOC untuk bisa memantau setiap pipeline DevSecOps sehingga dapat memberikan gambaran kondisi keamanan pada organisasi

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Mehr von idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Ali - The Journey-Hack Electron App Desktop (MacOS).pdf

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Utian Ayuba - Profiling The Cloud Crime.pdf

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Proactive cyber defence through adversary emulation for improving your securi...

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Pentesting react native application for fun and profit - Abdullah

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto

Kürzlich hochgeladen

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Rustici Software

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

rafiqahmad00786416

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Exploring Multimodal Embeddings with Milvus

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Practical DevSecOps - Arief Karfianto

1. Practical DevSecOps Arief Karfianto IDSECCONF 2018

2. Agenda • Background (15') • DevSecOps in Action (15') • Question and Answer (15')

3. Who am I? Arief Karfianto Information System Analyst System Administrator QA Engineer App Designer Web Developer

4. Where am I working?

5. IT Organization Profile Information and Communication Management Division 1. Data and Information • Statistical and Spatial Data, Information System 2. Infrastructure • Data Center, Server, Network, Video Conference 3. Information Security • Security Testing, ISMS 12 IT Employees

6. Development Life Cycle V1 V3 • Email • FTP V2 – No Code Versioning – No Development Env – No Automation

7. Development Life Cycle • Code Repository • Development Server • Scheduled Sync* (DevOps) V1 V2 V3 – No Automated Security Testing – Prod-Dev Difference problems

8. Development Life Cycle • Code Versioning • Continuous Integration • Automated Security Analysis (DevSecOps) V1 V2 V3

9. Competing Forces Business Development Security Operations Build it Faster! Make it Secure! Keep it Stable!

10.

11. Why Automation? Reduce risk of human error • Automation is effective • Automation is reliable • Automation is scalable

12. What is DevOps? Culture Practice Tools People Process Technology

13. Collaborative Work Business Development Security Operations Build it faster, make it secure and stable!

14. Collaborative Work ü Continuous Communication ü Continuous Feedback ü Continuous Requirement ü Continuous Fixes § Secure Coding (e.g.OWASP) § Coding Standard (e.g. PSR) § Release Management

15. What is DevSecOps? 1. Code Repository 2. Runner 3. Code Scanner Push a new commit to a branch trigger Dev Server deploy to Automated Testing and Deployment Code Scanning Script Deployment Script

16. GitLab CI Configuration (.gitlab-ci.yml) stages: - scan - deploy code_analysis: stage: scan image: docker-image-name script: - script_1 only: - develop deploy_to_dev: stage: deploy image: docker-image-name script: - script_2 only: - develop

17. Architecture

18. DevSecOps in Action

19. Lessons Learned • Some security vulnerabilities can be detected by suitable tools • Non-standard coding styles can be detected by the code analyzer • There can be a high rate of false positive detection • The deployment process is quick • It is important to combine the static analysis with dynamic testing as some vulnerabilities are not easily detected through the code analysis

20. Thank You! @karfianto blog.ictlab.org au.linkedin.com/karfi