How to keep a popular API up an running 24 hours a day, 365 days a year.
Presentation by Federico Hernandez, Västtrafik from Nordic APIs Copenhagen in May 2013.
How to keep a popular API up an running 24 hours a day, 365 days a year.
Presentation by Federico Hernandez, Västtrafik from Nordic APIs Copenhagen in May 2013.
Javascript Continues Integration in Jenkins with AngularJSLadislav Prskavec
The document describes a ToDo application built with AngularJS that uses MongoDB hosted on MongoHQ. It retrieves and saves ToDo items to the MongoDB database via a PHP proxy. It also discusses testing the application using tools like PhantomJS, Jasmine, JSCoverage, JSDoc, and continuous integration with Jenkins.
20 ap is in 20 minutes - Nordic APIs GothenburgAndreas Krohn
This document lists 20 different APIs that can be used for various purposes in 20 minutes or less. The APIs cover domains like streaming media, transportation, social media, government data, text analysis, robotics, phone calls, work automation, and comics/superheroes. The author is Andreas Krohn, who provides his contact information at the bottom.
The document describes what ServiceStack is and provides examples of its capabilities. It begins by asking what ServiceStack is, where it came from, and what it does. It then discusses how earlier attempts at SOA failed and what ServiceStack learned from those experiences. Key points are that ServiceStack focuses on message-based services, code-first POCOs, and maximum productivity. Examples show how ServiceStack simplifies common tasks like JSON serialization, ORM, caching, and more.
Deep-dive into Microservice Outer ArchitectureWSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2016/02/deep-dive-into-microservice-outer-architecture/
Microservices architecture (MSA) promotes loosely coupled services as building blocks for software system architecture. It was first adopted by large internet companies like Netflix and now is popular with enterprise architects everywhere.
You may find yourself asking what the main premises of MSA are and whether it replaces SOA. In this webinar Frank and Srinath will
Compare and contrast MSA with SOA and discuss both their pros and cons
Examine what MSA looks like in practice
Answer questions such as where to use databases, how to use security and how to perform service orchestration and integration
Discuss practical challenges
Sure, APIs are a technology. But APIs are part of a value chain, and every value chain is becoming infused with APIs that drive business results. What does it take to create a business strategy that makes the most of APIs? There are clear patterns for success that will enable you to get ahead of change—rather than react to competitors and disruptors.
We cover:
- why APIs are becoming an indispensable part of the value chain
- how APIs open new opportunities for business growth
- three things you should do in the next 100 days
Zinnov examines the growing trend of enterprises setting up digital labs to drive the next leg of their digital journey. Geographies with rich product development capabilities and a talent pool with key skills are emerging as hot spots for the establishment of innovative digital labs
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...Anton Kirillov
This talk is about architecture designs for data processing platforms based on SMACK stack which stands for Spark, Mesos, Akka, Cassandra and Kafka. The main topics of the talk are:
- SMACK stack overview
- storage layer layout
- fixing NoSQL limitations (joins and group by)
- cluster resource management and dynamic allocation
- reliable scheduling and execution at scale
- different options for getting the data into your system
- preparing for failures with proper backup and patching strategies
How to keep a popular API up an running 24 hours a day, 365 days a year.
Presentation by Federico Hernandez, Västtrafik from Nordic APIs Copenhagen in May 2013.
Javascript Continues Integration in Jenkins with AngularJSLadislav Prskavec
The document describes a ToDo application built with AngularJS that uses MongoDB hosted on MongoHQ. It retrieves and saves ToDo items to the MongoDB database via a PHP proxy. It also discusses testing the application using tools like PhantomJS, Jasmine, JSCoverage, JSDoc, and continuous integration with Jenkins.
20 ap is in 20 minutes - Nordic APIs GothenburgAndreas Krohn
This document lists 20 different APIs that can be used for various purposes in 20 minutes or less. The APIs cover domains like streaming media, transportation, social media, government data, text analysis, robotics, phone calls, work automation, and comics/superheroes. The author is Andreas Krohn, who provides his contact information at the bottom.
The document describes what ServiceStack is and provides examples of its capabilities. It begins by asking what ServiceStack is, where it came from, and what it does. It then discusses how earlier attempts at SOA failed and what ServiceStack learned from those experiences. Key points are that ServiceStack focuses on message-based services, code-first POCOs, and maximum productivity. Examples show how ServiceStack simplifies common tasks like JSON serialization, ORM, caching, and more.
Deep-dive into Microservice Outer ArchitectureWSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2016/02/deep-dive-into-microservice-outer-architecture/
Microservices architecture (MSA) promotes loosely coupled services as building blocks for software system architecture. It was first adopted by large internet companies like Netflix and now is popular with enterprise architects everywhere.
You may find yourself asking what the main premises of MSA are and whether it replaces SOA. In this webinar Frank and Srinath will
Compare and contrast MSA with SOA and discuss both their pros and cons
Examine what MSA looks like in practice
Answer questions such as where to use databases, how to use security and how to perform service orchestration and integration
Discuss practical challenges
Sure, APIs are a technology. But APIs are part of a value chain, and every value chain is becoming infused with APIs that drive business results. What does it take to create a business strategy that makes the most of APIs? There are clear patterns for success that will enable you to get ahead of change—rather than react to competitors and disruptors.
We cover:
- why APIs are becoming an indispensable part of the value chain
- how APIs open new opportunities for business growth
- three things you should do in the next 100 days
Zinnov examines the growing trend of enterprises setting up digital labs to drive the next leg of their digital journey. Geographies with rich product development capabilities and a talent pool with key skills are emerging as hot spots for the establishment of innovative digital labs
Data processing platforms architectures with Spark, Mesos, Akka, Cassandra an...Anton Kirillov
This talk is about architecture designs for data processing platforms based on SMACK stack which stands for Spark, Mesos, Akka, Cassandra and Kafka. The main topics of the talk are:
- SMACK stack overview
- storage layer layout
- fixing NoSQL limitations (joins and group by)
- cluster resource management and dynamic allocation
- reliable scheduling and execution at scale
- different options for getting the data into your system
- preparing for failures with proper backup and patching strategies
This document discusses SQL on Druid. It provides an overview of Druid, benchmarks comparing Druid to Spark, and details how SQL can be used with Druid through Hive integration and Druid's built-in SQL functionality. Hive allows SQL queries over Druid data through a Druid storage handler and by translating Hive queries into the appropriate Druid query format. Druid also natively supports SQL queries through its Avatica server, enabling SQL queries directly against Druid data sources.
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB
Asya is back, and so is Sherlock Holmes and his techniques to gather and analyze data from your poorly performing MongoDB clusters. In this advanced talk we take a deep look at all the diagnostic data that lives inside MongoDB - how to interrogate and interpret it to help you solve those frustrating performance bottlenecks that we all face occasionally.
For #Redpill2017, The most offensive security conference in Thailand.
This slide talks about the weak point of endpoint protection such as Antivirus, User Account Control, AppLocker.
Getting A Shell Through MS Office - CYBER PHOENIX CONCLAVE 2K18 INFORMATION ...Velayutham Selvaraj
The document discusses different methods for getting remote access to systems through Microsoft Office applications, including macros, HTML Applications (HTA), and Dynamic Data Exchange (DDE). Macros can contain malicious scripts that execute when enabled. HTA files use HTML, scripts, and ActiveX to run malicious payloads. DDE sends messages and shares data between applications in real-time, which can be abused. Tools like Kali Linux, Metasploit, Empire, and FatRat can generate payloads that exploit these Office features to retrieve remote shells. The presentation demonstrates these techniques and stresses the importance of security best practices like antivirus and strong, unique passwords.
Presentation Brucon - Anubisnetworks and PTCoresecTiago Henriques
The document discusses real-time analysis and visualization of streaming data using Anubis Networks' StreamForce platform. It describes how StreamForce collects security events from various feeds, processes them using Node.js applications to aggregate and store the information in MongoDB and Redis. The stored data can then be queried and used to generate reports on infected machines, botnets, countries and other metrics.
Mastering Spring Boot's Actuator with Madhura BhaveVMware Tanzu
The document discusses Spring Boot Actuator, a module that allows monitoring and management of Spring Boot applications. It describes the various endpoints exposed by Actuator for tasks like health checks, metrics collection, and accessing bean configuration details. It also covers how to write custom endpoints and leverage existing endpoint functionality through extensions. The document provides examples of annotations used to build endpoints and operations along with HTTP request formats.
S2Graph is a large-scale graph database built on Hbase that provides storage and graph APIs to enable real-time breadth-first search on large, constantly changing social graphs. It models social network data, such as users, messages, posts, and relationships between them as vertices and edges in a graph. This allows querying the graph through steps that traverse edges between vertices to retrieve related data in real-time with low latency. Some examples demonstrated include messaging, newsfeed, recommendation, and search applications.
Microservices architecture is discussed along with Platform as a Service (PaaS), multi-tenancy, and DevOps. Key aspects of successful services like subscription-based models are highlighted. Techniques used by companies like Amazon, Google, Netflix, Facebook, and Twitter to enable continuous delivery and deployment are examined. Issues around managing scalability with microservices are also covered.
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...Dave Stokes
MySQL Document Store allows you to use MySQL as a JSON Document Databases without needing to set up relational tables, normalize data, or use Structured Query Language.
The document discusses using WSO2's big data analytics platform to analyze social media streams like Twitter data. It describes how the WSO2 Business Activity Monitor can collect data from various sources, and the Complex Event Processor can process multiple event streams and identify patterns. An example use case presented is analyzing Twitter tags over time to identify trends and public interest around certain topics, and notifying users via email of interesting tweets. The proposed solution architecture shows how a Twitter agent can collect data and publish it to BAM for storage and processing by CEP queries.
By popular request, this is a sequel to a 2017 talk entitled “Engineering Challenges Doing Intrusion Detection in the Cloud” about the experience of doing intrusion detection at scale at one of the ten largest AWS environments at the time. One of the major lessons learned during this time is that in the public cloud, where direct network instrumentation is unavailable, doing behavioral detection with endpoint data is often more effective and more efficient. This talk presents a practical demonstration, including a demo, of behavioral intrusion detection, threat hunting and security analytics using free and open source tools. The talk received overwhelmingly positive feedback at the New England community day event; one chief security officer in the audience called it the most practical talk he had seen.
DrupalCamp London 2017 - Web site insecurity George Boobyer
Common threats to web security with real world case studies of compromised sites,
- A 'dissection' of a typical common exploit tool and how it operates,
- Simple approaches to mitigating common threats/vulnerabilities,
- Defence in depth – an overview of the various components of web security,
- Drupal specific measures that standard penetration testing often does not account for.
An overview of how to benefit from:
- Security monitoring and log analysis
- Intrusion Detection Systems & Firewalls
- Security headers and Content Security Policies (CSP).
see Drupal Camp London for full details:
http://drupalcamp.london/session/web-site-insecurity-how-your-cms-site-will-get-hacked-and-how-prevent-it
Reduciendo riesgos a través de controles de acceso, manejo de privilegios y a...Bruno Caseiro
This document discusses reducing risks through access controls, privilege management, and auditing. It begins with an agenda covering BeyondTrust, security concepts that are rarely implemented properly, high profile breaches in 2013-2014, and ways to reduce the attack surface. The document then discusses least privilege, need to know principles, and summarizes some high profile breaches. It concludes with recommendations for reducing the attack surface such as enforcing least privilege, controlling privileged access, auditing user activity, and patching vulnerabilities.
OpenStack Liberty Summit Ops Show & Tell - Go DaddyMike Dorman
Go Daddy architecture show & tell presentation from the OpenStack Liberty summit. Includes details on network IP usage API extensions, and Glance and Nova metadata services.
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
The open source TodoMVC project implements a Todo application using popular JavaScript MV* frameworks. Some of the implementations add support for compile to JavaScript languages, module loaders and real time backends. This presentation will demonstrate a TodoMVC implementation which adds support for the forthcoming W3C Web Cryptography API, as well as review some key cryptographic concepts and definitions.
Instead of storing the Todo list as plaintext in localStorage, this "secure" TodoMVC implementation encrypts Todos using a password derived key. The PBKDF2 algorithm is used for the deriveKey operation, with getRandomValues generating a cryptographically random salt. The importKey method sets up usage of AES-CBC for both encrypt and decrypt operations. The final solution helps address item "A6-Sensitive Data Exposure" from the OWASP Top 10.
With the Web Cryptography API being a recommendation in 2014, any Q&A time will likely include browser implementations and limitations, and whether JavaScript cryptography adds any value.
Data Con LA 2020
Description
MySQL is an ubiquitous relational database that can also be used as a NoSQL JSON document store. That means you do not need a DBA to set up tables - just connect and start saving data. And you can access the NoSQL data from the SQL side or the SQL data from the NoSQL side which gives you the best of both the SQL and NoSQL worlds on the same server.
*Learn how to use the X DevAPI protocol for CRUD based operations
*See how to use JSON_TABLE() to turn unstructured data temporarily structured
*Understand how JSON really makes your relational database faster
*How to extract JSON data into a relational column
Speaker
Dave Stokes,Oracle, MySQL Community Manager
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned!
This presentation will cover topics like:
– How does it work? What does it mean to “train” a bot on your docs?
– Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team?
– The trade-offs around building your own vs. buying a 3rd party solution
– Some decisions around the underlying tech
– How to build a decent “conversational mode” so you can ask follow-up questions
– How you evaluate the quality of a chatbot, and some surprises we ecountered along the way
– What do you do when things go wrong?
– Security considerations
And much more! Actually, probably not that much more. That already sounds like a lot.
The Art of API Design, by David Biesack at ApitureNordic APIs
A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13.
Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind.
A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.
This document discusses SQL on Druid. It provides an overview of Druid, benchmarks comparing Druid to Spark, and details how SQL can be used with Druid through Hive integration and Druid's built-in SQL functionality. Hive allows SQL queries over Druid data through a Druid storage handler and by translating Hive queries into the appropriate Druid query format. Druid also natively supports SQL queries through its Avatica server, enabling SQL queries directly against Druid data sources.
MongoDB Europe 2016 - Debugging MongoDB PerformanceMongoDB
Asya is back, and so is Sherlock Holmes and his techniques to gather and analyze data from your poorly performing MongoDB clusters. In this advanced talk we take a deep look at all the diagnostic data that lives inside MongoDB - how to interrogate and interpret it to help you solve those frustrating performance bottlenecks that we all face occasionally.
For #Redpill2017, The most offensive security conference in Thailand.
This slide talks about the weak point of endpoint protection such as Antivirus, User Account Control, AppLocker.
Getting A Shell Through MS Office - CYBER PHOENIX CONCLAVE 2K18 INFORMATION ...Velayutham Selvaraj
The document discusses different methods for getting remote access to systems through Microsoft Office applications, including macros, HTML Applications (HTA), and Dynamic Data Exchange (DDE). Macros can contain malicious scripts that execute when enabled. HTA files use HTML, scripts, and ActiveX to run malicious payloads. DDE sends messages and shares data between applications in real-time, which can be abused. Tools like Kali Linux, Metasploit, Empire, and FatRat can generate payloads that exploit these Office features to retrieve remote shells. The presentation demonstrates these techniques and stresses the importance of security best practices like antivirus and strong, unique passwords.
Presentation Brucon - Anubisnetworks and PTCoresecTiago Henriques
The document discusses real-time analysis and visualization of streaming data using Anubis Networks' StreamForce platform. It describes how StreamForce collects security events from various feeds, processes them using Node.js applications to aggregate and store the information in MongoDB and Redis. The stored data can then be queried and used to generate reports on infected machines, botnets, countries and other metrics.
Mastering Spring Boot's Actuator with Madhura BhaveVMware Tanzu
The document discusses Spring Boot Actuator, a module that allows monitoring and management of Spring Boot applications. It describes the various endpoints exposed by Actuator for tasks like health checks, metrics collection, and accessing bean configuration details. It also covers how to write custom endpoints and leverage existing endpoint functionality through extensions. The document provides examples of annotations used to build endpoints and operations along with HTTP request formats.
S2Graph is a large-scale graph database built on Hbase that provides storage and graph APIs to enable real-time breadth-first search on large, constantly changing social graphs. It models social network data, such as users, messages, posts, and relationships between them as vertices and edges in a graph. This allows querying the graph through steps that traverse edges between vertices to retrieve related data in real-time with low latency. Some examples demonstrated include messaging, newsfeed, recommendation, and search applications.
Microservices architecture is discussed along with Platform as a Service (PaaS), multi-tenancy, and DevOps. Key aspects of successful services like subscription-based models are highlighted. Techniques used by companies like Amazon, Google, Netflix, Facebook, and Twitter to enable continuous delivery and deployment are examined. Issues around managing scalability with microservices are also covered.
MySQL Without the SQL - Oh My! August 2nd presentation at Mid Atlantic Develo...Dave Stokes
MySQL Document Store allows you to use MySQL as a JSON Document Databases without needing to set up relational tables, normalize data, or use Structured Query Language.
The document discusses using WSO2's big data analytics platform to analyze social media streams like Twitter data. It describes how the WSO2 Business Activity Monitor can collect data from various sources, and the Complex Event Processor can process multiple event streams and identify patterns. An example use case presented is analyzing Twitter tags over time to identify trends and public interest around certain topics, and notifying users via email of interesting tweets. The proposed solution architecture shows how a Twitter agent can collect data and publish it to BAM for storage and processing by CEP queries.
By popular request, this is a sequel to a 2017 talk entitled “Engineering Challenges Doing Intrusion Detection in the Cloud” about the experience of doing intrusion detection at scale at one of the ten largest AWS environments at the time. One of the major lessons learned during this time is that in the public cloud, where direct network instrumentation is unavailable, doing behavioral detection with endpoint data is often more effective and more efficient. This talk presents a practical demonstration, including a demo, of behavioral intrusion detection, threat hunting and security analytics using free and open source tools. The talk received overwhelmingly positive feedback at the New England community day event; one chief security officer in the audience called it the most practical talk he had seen.
DrupalCamp London 2017 - Web site insecurity George Boobyer
Common threats to web security with real world case studies of compromised sites,
- A 'dissection' of a typical common exploit tool and how it operates,
- Simple approaches to mitigating common threats/vulnerabilities,
- Defence in depth – an overview of the various components of web security,
- Drupal specific measures that standard penetration testing often does not account for.
An overview of how to benefit from:
- Security monitoring and log analysis
- Intrusion Detection Systems & Firewalls
- Security headers and Content Security Policies (CSP).
see Drupal Camp London for full details:
http://drupalcamp.london/session/web-site-insecurity-how-your-cms-site-will-get-hacked-and-how-prevent-it
Reduciendo riesgos a través de controles de acceso, manejo de privilegios y a...Bruno Caseiro
This document discusses reducing risks through access controls, privilege management, and auditing. It begins with an agenda covering BeyondTrust, security concepts that are rarely implemented properly, high profile breaches in 2013-2014, and ways to reduce the attack surface. The document then discusses least privilege, need to know principles, and summarizes some high profile breaches. It concludes with recommendations for reducing the attack surface such as enforcing least privilege, controlling privileged access, auditing user activity, and patching vulnerabilities.
OpenStack Liberty Summit Ops Show & Tell - Go DaddyMike Dorman
Go Daddy architecture show & tell presentation from the OpenStack Liberty summit. Includes details on network IP usage API extensions, and Glance and Nova metadata services.
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
The open source TodoMVC project implements a Todo application using popular JavaScript MV* frameworks. Some of the implementations add support for compile to JavaScript languages, module loaders and real time backends. This presentation will demonstrate a TodoMVC implementation which adds support for the forthcoming W3C Web Cryptography API, as well as review some key cryptographic concepts and definitions.
Instead of storing the Todo list as plaintext in localStorage, this "secure" TodoMVC implementation encrypts Todos using a password derived key. The PBKDF2 algorithm is used for the deriveKey operation, with getRandomValues generating a cryptographically random salt. The importKey method sets up usage of AES-CBC for both encrypt and decrypt operations. The final solution helps address item "A6-Sensitive Data Exposure" from the OWASP Top 10.
With the Web Cryptography API being a recommendation in 2014, any Q&A time will likely include browser implementations and limitations, and whether JavaScript cryptography adds any value.
Data Con LA 2020
Description
MySQL is an ubiquitous relational database that can also be used as a NoSQL JSON document store. That means you do not need a DBA to set up tables - just connect and start saving data. And you can access the NoSQL data from the SQL side or the SQL data from the NoSQL side which gives you the best of both the SQL and NoSQL worlds on the same server.
*Learn how to use the X DevAPI protocol for CRUD based operations
*See how to use JSON_TABLE() to turn unstructured data temporarily structured
*Understand how JSON really makes your relational database faster
*How to extract JSON data into a relational column
Speaker
Dave Stokes,Oracle, MySQL Community Manager
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned!
This presentation will cover topics like:
– How does it work? What does it mean to “train” a bot on your docs?
– Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team?
– The trade-offs around building your own vs. buying a 3rd party solution
– Some decisions around the underlying tech
– How to build a decent “conversational mode” so you can ask follow-up questions
– How you evaluate the quality of a chatbot, and some surprises we ecountered along the way
– What do you do when things go wrong?
– Security considerations
And much more! Actually, probably not that much more. That already sounds like a lot.
The Art of API Design, by David Biesack at ApitureNordic APIs
A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13.
Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind.
A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13.
Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13.
Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools.
Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss:
1. The platform team model - team topologies and key roles for developing internal API platforms
2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs
3. Applying a "platform as a product" mindset to measure and communicate platform success
4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13.
Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach.
Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies.
Key topics include:
- The current challenges in API governance and how federated management addresses these.
- The principles and architecture of Federated API Management, distinguishing it from traditional models.
- Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses.
- Strategies for implementing Federated API Management, focusing on best practices for seamless integration.
- The future outlook of API governance, anticipating emerging trends and technologies.
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13.
Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13.
Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13.
Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13.
Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis.
In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows:
- Easily « boosting » any product feature with Generative AI
- Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model
- Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13.
Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs.
1. Overview of Large Language Models (LLMs) APIs
2. Understanding LLM Vulnerabilities:
- Prompt Injections
- Sensitive Data Leakage
- Inadequate Sandboxing
- Insecure Plugin Design
- Model Denial of Service
- Unauthorized Code Execution
- Input attacks
- Poisoning attacks
3. Best practices to secure LLM APIs from data breaches
I will explain all the above using real life examples.
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.
Reigniting the API Description Wars with TypeSpec and the Next Generation of...Nordic APIs
A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13.
Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward?
Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management?
I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13.
Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13.
Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13.
Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13.
Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13.
Session Description:
GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.
The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13.
Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
53. Eric Raymond’s 17 Unix
Rules
...!
Rule of Modularity!
Rule of Composition!
Rule of Separation!
Rule of Simplicity!
Rule of Parsimony!
Rule of Robustness!
...