Web.dev - Web Privacy and Security Recipe

•

0 gefällt mir•111 views

The document discusses how HTTPS helps protect the integrity and privacy of websites and users by preventing tampering with communications and passive listening. It also notes that HTTPS is important for the future of the web and new features. The document then provides information on cookie attributes like SameSite, Secure, and Path that help secure cookies. It covers cross-origin policies like COOP and COEP that enable cross-origin isolation and related concepts like CORP and CORS. The document gives steps to enable cross-origin isolation and check that resources support CORP/CORS. It emphasizes applying CORP headers to resources and warns that without CORP, resources may get blocked. Finally, it shows code to check if a page is cross-origin isolated and

Technologie

Web Privacy & Security Recipes
Mark Robin
Senior Software Engineer
Inspire Team
GDG Cebu #webdevLIVE

Protects the integrity of your
website
HTTPS
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.
Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
The future of the web
HTTPS is a key component to the
permission workﬂows for new features
and updated APIs.
GDG Cebu

Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
Protects the integrity of your
website
HTTPS
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.
Protects the privacy & security
of your users
HTTPS prevents intruders from being
able to passively listen to
communications between your
websites and your users.
The future of the web
HTTPS is a key component to the
permission workﬂows for new features
and updated APIs.
GDG Cebu
Protects the integrity of your
website
HTTPS helps prevent intruders from
tampering with the communications
between your websites and your users'
browsers.

Cookie recipes:
SameSite and beyond
GDG Cebu

Set-Cookie:
__Host-cookiename=cookievalue;
Secure;
Path=/;
HttpOnly;
SameSite=Lax
Set-Cookie:
__Host-cookiename=cookievalue;
Secure;
Path=/;
HttpOnly;
SameSite=Lax
GDG Cebu

Set-Cookie:
__Host-cookiename=cookievalue;
Secure;
Path=/;
HttpOnly;
SameSite=Lax
GDG Cebu

Set-Cookie:
__Secure-cookiename=cookievalue;
Secure;
Domain=news.site;
Path=/;
HttpOnly;
SameSite=Lax
GDG Cebu

Set-Cookie:
__Host-cookiename=cookievalue;
Secure;
Path=/;
HttpOnly;
SameSite=Lax;
Max-Age=900
GDG Cebu

Set-Cookie:
__Host-cookiename=cookievalue;
Secure;
Path=/;
HttpOnly;
SameSite=Strict
GDG Cebu

Set-Cookie:
__Host-cookiename=cookievalue;
Secure;
Path=/;
HttpOnly;
SameSite=None
GDG Cebu

Set-Cookie:
first_party=cookievalue;
SameSite=Lax
Set-Cookie:
third_party=cookievalue;
SameSite=None; Secure
GDG Cebu

COOP:
COEP:
Cross-Origin-Opener-Policy
Cross-Origin-Embedder-Policy
GDG Cebu

Powerful Features
• SharedArrayBuffer across platforms
• performance.measureMemory()
• JS Self Profiling API
and more to come…
GDG Cebu

Composability
● Ads
● Fonts
● Images
● Videos
● Maps
● Payment solutions
a.example
b.example
GDG Cebu

Same-origin Policy
a.example
b.example
Browsing Context Group
GDG Cebu

Same-origin Policy
Origin A Origin B
Explanation of whether Origin A
and B are "same-origin" or
"cross-origin"
https://www.example.com:443
https://www.evil.com:443 cross-origin: different domains
https://example.com:443 cross-origin: different subdomains
https://login.example.com:443 cross-origin: different subdomains
http://www.example.com:443 cross-origin: different schemes
https://www.example.com:80 cross-origin: different ports
https://www.example.com:443 same-origin: exact match
https://www.example.com same-origin: implicit port number (443)
matches
GDG Cebu

Spectre
evil.example
Browsing Context Group
a.example
b.example
GDG Cebu

COOP+COEP = cross-origin isolated
evil.example
a.example
b.example
GDG Cebu

Enabling cross-origin isolation
1. Set `Cross-Origin-Opener-Policy: same-origin` for the main
document.
2. Make sure cross-origin resources use `CORP: cross-origin` or CORS.
3. Set `Cross-Origin-Embedder-Policy: require-corp` for the main
document.
GDG Cebu

Cross-Origin-Opener-Policy: same-origin
COOP COEP CORP CORS
GDG Cebu

Confirm cross-origin resources support:
COOP COEP CORP CORS
• `Cross-Origin-Resource-Policy: cross-origin` header
• Cross Origin Resource Sharing
`<img src=“image.png” crossorigin>`
GDG Cebu

Attention! Resource providers:
COOP COEP CORP CORS
Apply `Cross-Origin-Resource-Policy: cross-origin` header!
GDG Cebu

Cross-Origin-Embedder-Policy: require-corp
Resource without `CORP` or CORS will be blocked
COOP COEP CORP CORS
GDG Cebu

Cross-Origin-Embedder-Policy: require-corp
Cross-origin resource with `CORP: cross-origin` can be loaded
COOP COEP CORP CORS
GDG Cebu

```js
if (self.crossOriginIsolated) {
// Your page is at "cross-origin isolated" state
}
```
GDG Cebu

This cover has been designed using
resources from Freepik.com
Security is always excessive
until it’s not enough.
Robbie Sinclair

linkedin.com/in/markdrobin
github.com/mdrobin95
GDG Cebu
giphy.com
SOURCE web.dev/secure

Empfohlen

Integrity protection for third-party JavaScript

Francois Marier

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.

Integrity protection for third-party JavaScript

Francois Marier

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.

Security and Privacy on the Web in 2016

Francois Marier

In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016

Security and Privacy on the Web in 2015

Francois Marier

In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages. As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications. https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en

Content Security Policy

Ryan LaBouve

Preventing XSS with Content Security Policy

Ksenia Peguero

W3C Content Security Policy

Markus Wichmann

Securing Java EE Web AppsFrank Kim

Empfohlen

Integrity protection for third-party JavaScript

Francois Marier

Integrity protection for third-party JavaScript

Francois Marier

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.

Security and Privacy on the Web in 2016

Francois Marier

Security and Privacy on the Web in 2015

Francois Marier

In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages. As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications. https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en

Content Security Policy

Ryan LaBouve

Preventing XSS with Content Security Policy

Ksenia Peguero

W3C Content Security Policy

Markus Wichmann

Securing Java EE Web AppsFrank Kim

Bünyamin Demir - 10 Adımda Yazılım Güvenliği

CypSec - Siber Güvenlik Konferansı

BrightonSEO

Richard Falconer

Content Security Policy - The application security Swiss Army Knife

Scott Helme

BSides Cleveland: Phishing Forensics - Is it just suspicious or is it malicious?

ThreatReel Podcast

These are the slides from my "Phishing Forensics - Is it just suspicious or is it malicious?" presentation at the BSides Cleveland Information Security Conference on 06/23/2018 in Cleveland, Ohio. Title: Phishing Forensics - Is it just suspicious or is it malicious? Abstract: What thoughts currently make tech defenders uneasy as they go to bed at night? Despite implementing and properly configuring the latest technological controls and security solutions into our environments, end users typically remain the most vulnerable point of entry into nearly any network. Unfortunately, only one misstep by a single user provides attackers with the foothold they need to begin compromising an entire enterprise network environment. The safety of our inboxes is a key initiative on the battlefront of protecting staff from the scourge of phishing and spear phishing attacks. We will perform a deep-dive look at the latest techniques used by criminals to bypass security products and traditional defense-in-depth strategies. We then focus heavily on conducting a digital forensic investigation on a sample phishing email message. Topics covered include technical analysis of message headers, message source code, message attachments, and malicious landing web pages even when a dedicated sandbox environment is unavailable.

CONFidence 2018: Defense-in-depth techniques for modern web applications and ...

PROIDEA

In this presentation, we show promising new defense-in-depth techniques to protect modern web applications from old and new classes of bugs: Suborigins to have finer-grained control over origin boundaries, Site Isolation and XSDB against Spectre and Meltdown attacks, and last but not least Origin and Feature Policy. In addition to that, we explain new features of the upcoming CSP 3 specification like 'unsafe-hashed-attributes' and give an overview of how we were able to enforce CSP as a strong mitigation against cross-site scripting on over 50% of production web traffic at Google. With increased adoption new challenges arise: dealing with CSP report noise - generated by buggy browsers, extensions, malware and security software - devising an effective monitoring infrastructure, and keeping on top of bypassing techniques. In this presentation we reveal how our internal CSP infrastructure works and how we solved problems, share our experience, show real-world examples, best practices and common pitfalls. Finally, we hint at a new promising web mitigation technique, which we hope to see gaining traction in the near future: Suborigins.

Techorama 2019 - Azure Security Center Unleashed

Tom Janetscheck

Experts Live Norway - Azure Infrastructure Security

Tom Janetscheck

In today's cloud era, admins struggle to keep their IT infrastructures safe. Cloud security is joint responsibility and what we need is a new approach! In this session, you will learn how to securely deploy and maintain Azure infrastructure solutions, why automation is essential, what network security and encryption options you have, and how access control can prevent you from having sleepless nights. We will successfully attack an Azure environment live on stage, dive deep into Azure Security Center, and see how we can use it to ultimately secure IT infrastructures on premises, hybrid, and on Azure.

Microsoft Ignite The Tour 2020 - BRK30173 - Identity is the new control plane

Tom Janetscheck

Back in the days, when blocking network traffic was enough to prevent attackers from accessing corporate content, life was easy. You could be sure that your physical datacenter walls built your perimeter, so you simply needed to protect your borders. But nowadays, when we see an increasing amount of phishing, spear phishing and credential theft attacks against corporate environments, it’s no longer sufficient to only take care of network and data security.Today, it's more important than ever to protect and securely manage identities in the cloud and on-premises, and to make sure to be informed as soon as someone tries to get hold of them.

Connecting Physical Devices to the Web - Event Driven Architecture using WebS...

Peter Moskovits

Before the Web, clients connected to back-end servers without compromises. As the Web came along with HTTP, we had to give up some of the power of our connectivity. With the evolving open Web communications standards, now we have a unique opportunity to move on from a request-response based REST world to a true, event-driven architecture. Learn what it takes to connect physical devices, such as Arduino and the Rasberry Pi to collect sensor data, or control physical devices over the Web. Commercial aviation's biggest challenge when things go wrong is that flight data is stuck on the plane inside the black box. Until the black box is recovered, we barely know anything about what went wrong. This presentation offers detailed insights into how IoT and modern Web communications concepts have the power to change all this. If you're a maker, you will learn about "flight sensors" attached and controlled by Arduino, data transmitted over long range WiFi as well as satellite networks. If interested in real-time Web communications, you'll learn about a highly secure WebSocket implementation with extreme scale, publishing flight data to tablets and laptops used as monitoring dashboard. If protocol layering, enterprise messaging, or JMS is your thing, this talk is for you. Code samples and plenty of interactive live demos (with Things) add color to the talk.

Converting you website to https

Peter Salerno

SEO benefits | ssl certificate | Learn SEO

devbhargav1

In the digital age, cybersecurity is a paramount concern, and Google is committed to ensuring user safety and privacy. As part of their efforts, they've made SSL certificates a significant factor in search engine optimization (SEO). SSL (Secure Sockets Layer) certificates, indicated by the "https" in website URLs and the padlock symbol in browsers, are not only essential for security but also offer several SEO benefits. In this comprehensive guide, we'll delve into the advantages of having an SSL certificate for SEO.

Overview of SSL: choose the option that's right for you

Cloudflare

Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer). SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings. CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.

Geek Guide: Apache Web Servers and SSL Authentication

RapidSSLOnline.com

Android P Security Updates: What You Need to Know

NowSecure

Stateless authentication for microservices - GR8Conf 2015

Alvaro Sanchez-Mariscal

This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails.

How Does SSL Affect Your Search Engine Optimization

Christopher Dill

Stateless authentication for microservices - Spring I/O 2015

Alvaro Sanchez-Mariscal

http://www.springio.net/stateless-authentication-for-microservices/ This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails. More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro.

Stateless authentication for microservices - Greach 2015

Alvaro Sanchez-Mariscal

Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today

Heroku

Webinar recording here: https://www.heroku.com/tech-sessions/creating-secure-web-apps Secure internet communication is one of the most important issues facing technology practitioners these days. But for many software development teams, it’s an afterthought. Almost every week there’s a new headline about web security: Google Chrome flagging non-HTTPS sites as insecure, Apple requiring iOS apps’ API communication to use HTTPS, and Google giving search ranking preference to HTTPS. Join Josh Aas, Executive Director of Let's Encrypt, and Chris Castle, Developer Advocate from Heroku, as they take you on a quick tour of what you, as a developer, need to know about HTTPS today plus show you how Let's Encrypt and Heroku are making it easier than ever for all developers to add HTTPS to their web apps.

Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...

Click Consult (Part of Ceuta Group)

Rails security: above and beyond the defaults

Matias Korhonen

In a world with increasingly sophisticated adversaries employing both targeted and automated attacks, what can we do to keep our users and our web apps safe? While Rails provides pretty decent security options straight out of the box, we can go further and make attacks more difficult to accomplish. For example, why and how to implement a Content Security Policy. Should you use HTTP Public Key Pinning? How do you know if you've configured HTTPS correctly?

65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...

Cloudflare

Join Cloudflare and CoinGecko, a Singapore-based cryptocurrency ranking chart platform that serves over 100 million pages views per month, for an educational webinar. Learn about the steps CoinGecko took to improve the user experience of its cryptocurrency platform, and how Cloudflare’s Argo Smart Routing routed over 1.2 billion website requests per month to improve performance on average by 65%, while using caching to save CoinGecko up to 88% on bandwidth.

Weitere ähnliche Inhalte

Was ist angesagt?

Bünyamin Demir - 10 Adımda Yazılım Güvenliği

CypSec - Siber Güvenlik Konferansı

BrightonSEO

Richard Falconer

Content Security Policy - The application security Swiss Army Knife

Scott Helme

BSides Cleveland: Phishing Forensics - Is it just suspicious or is it malicious?

ThreatReel Podcast

CONFidence 2018: Defense-in-depth techniques for modern web applications and ...

PROIDEA

Techorama 2019 - Azure Security Center Unleashed

Tom Janetscheck

Experts Live Norway - Azure Infrastructure Security

Tom Janetscheck

Microsoft Ignite The Tour 2020 - BRK30173 - Identity is the new control plane

Tom Janetscheck

Was ist angesagt? (8)

Bünyamin Demir - 10 Adımda Yazılım Güvenliği

BrightonSEO

Content Security Policy - The application security Swiss Army Knife

BSides Cleveland: Phishing Forensics - Is it just suspicious or is it malicious?

CONFidence 2018: Defense-in-depth techniques for modern web applications and ...

Techorama 2019 - Azure Security Center Unleashed

Experts Live Norway - Azure Infrastructure Security

Microsoft Ignite The Tour 2020 - BRK30173 - Identity is the new control plane

Ähnlich wie Web.dev - Web Privacy and Security Recipe

Connecting Physical Devices to the Web - Event Driven Architecture using WebS...

Peter Moskovits

Converting you website to https

Peter Salerno

SEO benefits | ssl certificate | Learn SEO

devbhargav1

Overview of SSL: choose the option that's right for you

Cloudflare

Geek Guide: Apache Web Servers and SSL Authentication

RapidSSLOnline.com

Android P Security Updates: What You Need to Know

NowSecure

Stateless authentication for microservices - GR8Conf 2015

Alvaro Sanchez-Mariscal

How Does SSL Affect Your Search Engine Optimization

Christopher Dill

Stateless authentication for microservices - Spring I/O 2015

Alvaro Sanchez-Mariscal

Stateless authentication for microservices - Greach 2015

Alvaro Sanchez-Mariscal

Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today

Heroku

Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...

Click Consult (Part of Ceuta Group)

Rails security: above and beyond the defaults

Matias Korhonen

65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...

Cloudflare

WebSocket Perspectives and Vision for the Future - HTML5DevConf Oct 2013 SF

Frank Greco

PWA Roadshow Seoul - HTTPS

Chang W. Doh

Hacking Client Side Insecuritiesamiable_indian

WordCamp US: Delivering the news over HTTPS

Paul Schreiber

Ghost in the Browser: Broad-Scale Espionage with Bitsquatting

Bishop Fox

Bitflips happen more than you know, especially on mobile devices and especially on cheap phones with memory that has higher FIT rates (Failures-In-Time). In the past, encryption in-transit (TLS/SSL) would have protected you against the most dangerous opportunistic attackers because it was cost prohibitive. Today however, certificates are free. Free for you and threat actors, thanks to Let’s Encrypt and major cloud providers. While free certificate authorities are a net positive for internet security, we already know attackers are leveraging the HTTPS lock for subverting security awareness training and more successful phishing. What about corporate espionage? That’s precisely what we investigated and will demonstrate with this slide deck.

HTTP VS. HTTPS: WHICH IS BETTER??

SEONetsolITSolutions

Ähnlich wie Web.dev - Web Privacy and Security Recipe (20)

Connecting Physical Devices to the Web - Event Driven Architecture using WebS...

Converting you website to https

SEO benefits | ssl certificate | Learn SEO

Overview of SSL: choose the option that's right for you

Geek Guide: Apache Web Servers and SSL Authentication

Android P Security Updates: What You Need to Know

Stateless authentication for microservices - GR8Conf 2015

How Does SSL Affect Your Search Engine Optimization

Stateless authentication for microservices - Spring I/O 2015

Stateless authentication for microservices - Greach 2015

Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today

Time to Migrate to HTTPS – The Simple Way to Do It Right, And the Ways That t...

Rails security: above and beyond the defaults

65% Performance Gains at Cryptocurrency Platform CoinGecko: An Argo Smart Rou...

WebSocket Perspectives and Vision for the Future - HTML5DevConf Oct 2013 SF

PWA Roadshow Seoul - HTTPS

Hacking Client Side Insecurities

WordCamp US: Delivering the news over HTTPS

Ghost in the Browser: Broad-Scale Espionage with Bitsquatting

HTTP VS. HTTPS: WHICH IS BETTER??

Kürzlich hochgeladen

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Artificial Intelligence for XMLDevelopment

Octavian Nadolu

In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject. We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup. Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved. The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring. The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise. By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Free Complete Python - A step towards Data Science

RinaMondal9

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Mind map of terminologies used in context of Generative AI

Kumud Singh

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Kürzlich hochgeladen (20)

UiPath Test Automation using UiPath Test Suite series, part 6

Artificial Intelligence for XMLDevelopment

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Introduction to CHERI technology - Cybersecurity

Free Complete Python - A step towards Data Science

National Security Agency - NSA mobile device best practices

Communications Mining Series - Zero to Hero - Session 1

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Uni Systems Copilot event_05062024_C.Vlachos.pdf

20240607 QFM018 Elixir Reading List May 2024

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DevOps and Testing slides at DASA Connect

Large Language Model (LLM) and it’s Geospatial Applications

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Essentials of Automations: The Art of Triggers and Actions in FME

Mind map of terminologies used in context of Generative AI

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Web.dev - Web Privacy and Security Recipe

1. GDG Cebu

2. Web Privacy & Security Recipes Mark Robin Senior Software Engineer Inspire Team GDG Cebu #webdevLIVE

3. GDG Cebu

4. https:// GDG Cebu

5. Protects the integrity of your website HTTPS HTTPS helps prevent intruders from tampering with the communications between your websites and your users' browsers. Protects the privacy & security of your users HTTPS prevents intruders from being able to passively listen to communications between your websites and your users. The future of the web HTTPS is a key component to the permission workﬂows for new features and updated APIs. GDG Cebu

6. Protects the privacy & security of your users HTTPS prevents intruders from being able to passively listen to communications between your websites and your users. Protects the integrity of your website HTTPS HTTPS helps prevent intruders from tampering with the communications between your websites and your users' browsers. Protects the privacy & security of your users HTTPS prevents intruders from being able to passively listen to communications between your websites and your users. The future of the web HTTPS is a key component to the permission workﬂows for new features and updated APIs. GDG Cebu Protects the integrity of your website HTTPS helps prevent intruders from tampering with the communications between your websites and your users' browsers.

7. Protects the integrity of your website HTTPS HTTPS helps prevent intruders from tampering with the communications between your websites and your users' browsers. Protects the privacy & security of your users HTTPS prevents intruders from being able to passively listen to communications between your websites and your users. The future of the web HTTPS is a key component to the permission workﬂows for new features and updated APIs. GDG Cebu Protects the privacy & security of your users HTTPS prevents intruders from being able to passively listen to communications between your websites and your users. The future of the web HTTPS is a key component to the permission workﬂows for new features and updated APIs.

8. www.iliketoquote.com

10. Cookie recipes: SameSite and beyond GDG Cebu

11. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

12. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

13. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

14. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

15. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

16. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

17. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

18. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

19. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

20. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax GDG Cebu

21. Set-Cookie: __Secure-cookiename=cookievalue; Secure; Domain=news.site; Path=/; HttpOnly; SameSite=Lax GDG Cebu

22. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Lax; Max-Age=900 GDG Cebu

23. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=Strict GDG Cebu

24. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=None GDG Cebu

25. Set-Cookie: __Host-cookiename=cookievalue; Secure; Path=/; HttpOnly; SameSite=None GDG Cebu

26. Set-Cookie: first_party=cookievalue; SameSite=Lax Set-Cookie: third_party=cookievalue; SameSite=None; Secure GDG Cebu

27. COOP: COEP: Cross-Origin-Opener-Policy Cross-Origin-Embedder-Policy GDG Cebu

28. Powerful Features • SharedArrayBuffer across platforms • performance.measureMemory() • JS Self Profiling API and more to come… GDG Cebu

29. Composability ● Ads ● Fonts ● Images ● Videos ● Maps ● Payment solutions a.example b.example GDG Cebu

30. Same-origin Policy a.example b.example Browsing Context Group GDG Cebu

31. Same-origin Policy Origin A Origin B Explanation of whether Origin A and B are "same-origin" or "cross-origin" https://www.example.com:443 https://www.evil.com:443 cross-origin: different domains https://example.com:443 cross-origin: different subdomains https://login.example.com:443 cross-origin: different subdomains http://www.example.com:443 cross-origin: different schemes https://www.example.com:80 cross-origin: different ports https://www.example.com:443 same-origin: exact match https://www.example.com same-origin: implicit port number (443) matches GDG Cebu

32. Spectre evil.example Browsing Context Group a.example b.example GDG Cebu

33. COOP+COEP = cross-origin isolated evil.example a.example b.example GDG Cebu

34. Enabling cross-origin isolation 1. Set `Cross-Origin-Opener-Policy: same-origin` for the main document. 2. Make sure cross-origin resources use `CORP: cross-origin` or CORS. 3. Set `Cross-Origin-Embedder-Policy: require-corp` for the main document. GDG Cebu

35. Cross-Origin-Opener-Policy: same-origin COOP COEP CORP CORS GDG Cebu

36. Confirm cross-origin resources support: COOP COEP CORP CORS • `Cross-Origin-Resource-Policy: cross-origin` header • Cross Origin Resource Sharing `<img src=“image.png” crossorigin>` GDG Cebu

37. Attention! Resource providers: COOP COEP CORP CORS Apply `Cross-Origin-Resource-Policy: cross-origin` header! GDG Cebu

38. Cross-Origin-Embedder-Policy: require-corp Resource without `CORP` or CORS will be blocked COOP COEP CORP CORS GDG Cebu

39. Cross-Origin-Embedder-Policy: require-corp Cross-origin resource with `CORP: cross-origin` can be loaded COOP COEP CORP CORS GDG Cebu

40. ```js if (self.crossOriginIsolated) { // Your page is at "cross-origin isolated" state } ``` GDG Cebu

41. Chrome DevTools GDG Cebu

42. GDG Cebu

43. Issues Tab GDG Cebu

44. GDG Cebu

45. GDG Cebu

46. GDG Cebu

47. This cover has been designed using resources from Freepik.com Security is always excessive until it’s not enough. Robbie Sinclair

48. linkedin.com/in/markdrobin github.com/mdrobin95 GDG Cebu giphy.com SOURCE web.dev/secure