Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users of mobile applications by Google. The service implements algorithms specified in RFC 6238 and RFC 4226, respectively.
Single sign-on (SSO) is an authentication method that allows a user to access multiple applications using one set of login credentials. It authenticates the user for all applications they have rights to use and eliminates additional login prompts when switching between applications in a session. SSO provides benefits like reduced costs, improved user experience with fewer passwords to remember, and centralized user management. However, it also presents risks such as being difficult to implement for existing applications and creating a single point of attack for hackers.
Good Secure Development Practices Presented By: Bil Corry lasso.pro Education Project. It recommends validating all user input, distrusting even your own requests, and taking a layered approach to validation, enforcement of business rules, and authentication. Some specific best practices include implementing positive authentication, principle of least privilege, centralized authorization routines, separating admin and user access, and ensuring error handling fails safely.
This session is focused on the Hashicorp vault which is a secret management tool. We can manage secrets for 2-3 environments but what if we have more than 10 environments, then it will become a very painful task to manage them when secrets are dynamic and need to be rotated after some time. Hashicorp vault can easily manage secrets for both static and dynamic also it can help in secret rotations.
This document discusses single sign-on (SSO), which allows a user to use one set of login credentials to access multiple applications. SSO works by authenticating a user once at an authentication domain and then asserting the user's identity to other affiliated domains without requiring additional logins. The document outlines how SSO systems function, their components, dependencies, session management, authentication methods, applications, and advantages and disadvantages. Examples of SSO implementations include logging in with Facebook, Twitter, or LinkedIn to access multiple affiliated sites and services.
The document discusses several common mobile application security risks including lack of binary protection, weak server-side controls, insecure data storage, insufficient transport layer protection, unintended data leakage, poor authorization and authentication, broken cryptography, client-side injection, and improper session handling. It provides recommendations to address each of these risks such as using obfuscation, secure data storage techniques, TLS, strong authentication, secure cryptography, input validation, and secure session management.
USER AUTHENTICATION
MEANS OF USER AUTHENTICATION
PASSWORD AUTHENTICATION
PASSWORD VULNERABILITIES
USE OF HASHED PASSWORDS – IN UNIX
PASSWORD CRACKING TECHNIQUES
USING BETTER PASSWORDS
TOKEN AUTHENTICATION
BIO-METRIC AUTHENTICATION
Multi-factor authentication (or MFA) Learn all you need to know about what multi-factor authentication is, and why you need MFA to protect customer data.
https://bit.ly/3jowx1a
One Time Password - A two factor authentication systemSwetha Kogatam
This document provides an overview of one-time passwords (OTP), including a brief history, benefits and costs, categories, generation methods like HOTP and TOTP, delivery methods, relevant RFCs and standards, potential attacks, and development libraries. It defines an OTP as a single-use password or code used to authenticate over untrusted channels, complementing a user password for two-factor authentication. Common OTP types are event-based HOTP, which uses a HMAC to generate codes based on a key and counter, and time-based TOTP, which extends HOTP to generate codes based on time.
Authentication is the process of verifying a user's identity by requiring them to provide credentials like a password or certificate. Common authentication methods include centralized authentication services like RADIUS, TACACS+, and Kerberos which verify credentials on a network authentication server. Firewalls can integrate with these authentication servers to provide user authentication and authorization when accessing the network.
This document discusses secure session management and common session security issues. It explains that capturing a user's session allows an attacker to act as that user. Sessions need to be properly terminated on logout to prevent replay attacks. Weaknesses like cookies set before authentication, non-random session IDs, and failing to remove sessions on logout can enable session hijacking. The document provides guidelines for generating secure random session IDs, setting cookies only after authentication, removing sessions on logout, and using HTTPS to mitigate these risks.
In this session, you will learn about what are sessions, cookies, how we can implement authentication in nodejs. And will also see about the CSRF attacks.
Hitachi ID provides privileged access management solutions to secure administrative passwords across on-premises and cloud applications. The presentation discusses Hitachi ID's corporate overview and product suite, focusing on its privileged access manager which randomizes privileged passwords daily, controls password disclosure, and provides logging and reporting for accountability. It also describes the fault-tolerant architecture with replicated password vaults across multiple sites to prevent data loss or service disruption in case of server crashes or site disasters.
Secure coding is the practice of developing software securely by avoiding security vulnerabilities. It involves understanding the application's attack surface and using techniques like input validation, secure authentication, access control, and encrypting sensitive data. The OWASP organization provides free tools and guidelines to help developers code securely, such as their Top 10 security risks and cheat sheets on issues like injection, authentication, and access control. Developers should use static and dynamic application security testing tools to identify vulnerabilities and continuously learn about secure coding best practices.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
SSL uses certificates and keys to securely encrypt communication between a client and server over a network. It establishes trust by authenticating the identities of both the client and server through mutual authentication. During mutual authentication, the server sends its certificate to the client, and the client then sends its own certificate to the server. This allows the client and server to verify each other's identities before encrypting their communication session with a shared key. Mutual authentication provides two-way protection to ensure only authorized devices can connect and exchange sensitive data.
This document discusses password authentication and introduces SecureOTP as a two-factor authentication solution. Passwords have weaknesses like being easily cracked, stolen, or guessed. SecureOTP provides strong authentication through a combination of something you know (a password) and something you have (a one-time password token). It generates one-time passwords using an algorithm based on time, events, or challenges to prevent theft or guessing of passwords. SecureOTP offers hardware and software tokens that provide mobile, low-cost, and secure two-factor authentication as an alternative to weak single-factor password authentication.
2013.devcon3 liferay and google authenticator integration rafik_harabiRafik HARABI
Today, with expand of the web portal, many customers are seeking for more secure solutions to access to their web portal outside of their own networks.
For Liferay portal customers, this request has been increased due to the number of portal deployed on Cloud and the increase of deployment of Liferay portal for internet sites (B2C …).
One of the proposed solutions is the use of Multi-factor authentication mechanism.
Google Authenticator is one of the lead open source dual factor authentication systems.
In this presentation, we will explain the integration technical solution of Liferay and Google Authenticator in order to deliver a two-factor authentication system. The presentation will be followed by a live demo.
This document discusses one-time password (OTP) authentication. It describes how OTPs provide two-factor authentication by requiring a password and a unique, time-based code. It outlines Open Authentication (OATH) standards for OTP algorithms like HOTP, TOTP, and OCRA. The document also summarizes different OTP authentication devices like tokens and soft tokens, comparing their security levels and generation mechanisms.
The document discusses upcoming changes to authentication for Google AdWords API applications. ClientLogin authentication will be deprecated in favor of OAuth 2.0 authentication, which provides improved security over ClientLogin. The summary outlines the key steps developers need to take to implement OAuth 2.0 authentication, including registering their application, obtaining access and refresh tokens, calling the API with tokens, and handling token expiration.
The document summarizes the Open Authentication initiative (OATH), which aims to drive adoption of open strong authentication standards. OATH has created standardized authentication algorithms like HOTP and works with members to promote interoperability. Its reference architecture provides guidance for integrating strong authentication into applications while balancing security, usability and choice. OATH also works on credential provisioning standards and certification programs to further authentication adoption.
An introduction to OAuth 2.0 from a Salesforce perspective to establish the foundations of OAuth 2.0. Discusses the key concepts of Authentication and Authorization and distinguishes the two. Also discusses Open ID connect.
This document discusses identity management and security in cloud computing. It covers key topics such as:
- Centralized identity management provides benefits like a single user identity, consistent security policies, and reduced costs.
- Authentication establishes a user's identity through credentials. Popular methods include JSON web tokens (JWTs) which use digital signatures to authenticate API requests without authenticating each one individually.
- JWTs work by having a client authenticate once to get a token, then include that token in subsequent requests to prove identity without further authentication. The token contains identity claims and is digitally signed by an authentication authority.
This document discusses migrating from ClientLogin to OAuth 2.0 for authentication with Google APIs. It provides an overview of OAuth 2.0, including that it is more secure than ClientLogin by not exposing passwords and allowing token revocation. It also outlines the steps to implement OAuth 2.0 using the web server flow, including getting credentials from the Google APIs console and using refresh tokens to automatically renew expired access tokens. Code examples are provided to demonstrate authorization and connecting to APIs using OAuth 2.0 credentials.
Enhancing Password Manager Chrome Extension through Multi Authentication and ...ijtsrd
The document describes a proposed enhancement to password manager Chrome extensions through multi-authentication and device logs. The proposed system would use PGP encryption and require 2FA for authentication. It would provide cross-device authentication and store user credentials in a secure manner. The system would use Angular, Node.js, MongoDB, and include modules for signup, login, and storing credentials. Implementing this as a Chrome extension initially could later be expanded to mobile or desktop apps to provide a more secure open-source password manager.
Google authenticator odoo two factor authentication (2FA) login securityAxis Technolabs
Two Factor Authentication app This App provides two factor authentication (TFA) during login. you just need to enter a time-based passcode when logging into odoo account. This passcode changes every 30 seconds from google Authenticator, even if someone knows your password, they will not be able to login to your account due to extra layer security using Google Time Based OTP(TOTP) algorithm.
App download now :
Odoo 14 : https://bit.ly/3HjAaRY
Odoo 13 : https://bit.ly/3Hov9Hy
Odoo 12 : https://bit.ly/3HjPIVC
Odoo 11 : https://bit.ly/3mMxLFW
#odoo11 #odoo12 #odoo13 #odoo14 #odoo15 #odoocompany #odoodevelopmentcompany #odooconsultant #odooappstore #odoomodule #odooproducts #odooservices #2fa #googleauthentication #twofactorauthentication #googleauthenticator #securelogin #authenticationapp #axistechnolabs #odoocommunity #odoodevloper
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
This document outlines a solution to integrate Okta identity management with MuleSoft Anypoint Platform using OpenID Connect. It describes setting up Okta with custom attributes, scopes and claims. It also covers configuring OpenID Connect in Anypoint Platform, applying token enforcement policies to APIs, and accessing Okta claims in API implementations. The solution uses Authorization Code Flow with PKCE to get an access token from Okta to invoke a secured API while retrieving a custom claim like customer ID without passing it in the URL.
Microsoft Graph API Webinar Application PermissionsStefan Weber
Slidedeck presented during a webinar i held on 15th November 2023 about how to consume Microsoft Graph API using application level permissions.
Webinar Recording https://youtu.be/yVK8WQz5qnU
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Identity Server ha sido durante mucho tiempo el framework para OpenIdConnect y OAuth 2 más utilizado en el ámbito de .NET. Usándolo conectábamos de modo seguro front y back, conseguíamos Single Sign-On y en general manejábamos aspectos relativos a la seguridad de nuestras aplicaciones.
Pero nada es eterno, y en Octubre de 2020, desde Duende Software, fundada por los mantainers de Identity Server anunciaban que el soporte se acabaría junto al de .NET Core 3.1 ¡Y eso se acerca! En noviembre de 2022 dejará de mantenerse, y por tanto dejaremos de recibir actualizaciones de seguridad.
¿Qué opciones tenemos?
Veremos algunas de ellas, entre las que están otros paquetes open source y soluciones que Microsoft nos ofrece en Azure, como Azure AD B2C.
API Security Teodor Cotruta discusses API security and provides an overview of key concepts. The document discusses how API security involves protecting APIs against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It also outlines methods for implementing API security such as HTTP authentication, TLS, identity delegation, OAuth 1.0, OAuth 2.0, Federation, SAML, JWT, OpenID Connect, JWToken, JWSignature and JWEncryption.
Alexa is Amazon’s cloud-based voice service.
It is a way to communicate the system using our voice.
Alexa provides a set of built-in capabilities, referred to as skills.
GraalVM is an ecosystem and runtime that provides performance advantages to JVM languages like Java, Scala, Groovy, and Kotlin as well as other languages. It includes a just-in-time compiler called Graal that improves efficiency, polyglot APIs for combining languages, and SDK for embedding languages and creating native images. Installation can be done with the JDK which includes Graal starting with JDK 9, or by directly downloading GraalVM from Oracle's website.
This document provides an overview of Docker and Kubernetes (K8S). It defines Docker as an open platform for developing, shipping and running containerized applications. Key Docker features include isolation, low overhead and cross-cloud support. Kubernetes is introduced as an open-source tool for automating deployment, scaling, and management of containerized applications. It operates at the container level. The document then covers K8S architecture, including components like Pods, Deployments, Services and Nodes, and how K8S orchestrates containers across clusters.
Apache Commons is an Apache project focused on all aspects of reusable Java components.
It is divided into three components: Commons Proper, Commons Sandbox, Commons Dormant.
This document provides an overview of HazelCast IMDG (In-Memory Data Grid), which is middleware software that manages objects across distributed servers in RAM, enabling scaling and fault tolerance. It discusses cache access patterns, cache types, use cases for HazelCast including scaling applications and sharing data across clusters, features like dynamic clustering and distributed data structures, data partitioning, and configurations. It also covers advanced techniques, alternatives to HazelCast like Redis, and performance comparisons.
Mysql PRO provides an overview of MySQL basics, architecture, transactions, triggers, PL/SQL, and engines. The document discusses SELECT statements, joins, INSERT, UPDATE, DELETE, and transactions. It explains MySQL architecture including optimization, execution, and concurrency control using table locks and row locks. Transactions ensure atomicity and consistency by allowing statements to be treated as single units that either all succeed or fail as a whole.
The document discusses microservice architecture using Spring Boot with React and Redux. It defines a microservice as a software development technique where an application is composed of loosely coupled services. It outlines characteristics of microservice architecture such as independent, loosely coupled services that communicate via APIs and can be deployed independently. The document provides an example portal application architecture broken into microservices and discusses components like API gateways, service discovery, configuration services, and client libraries.
Swagger is an open source software framework backed by
a large ecosystem of tools that helps developers
design, build, document and consume RESTful Web
services.
The theory of SOLID principles was
introduced by Robert C. Martin in his 2000
paper “Design Principles and Design
Patterns”.
SOLID => Single Responsibility, Open/Closed, Liskov Substitution, Interface Segregation, Dependency Inversion.
ArangoDB is a native multi-model database system developed by triAGENS GmbH. The database system supports three important data models (key/value, documents, graphs) with one database core and a unified query language AQL (ArangoDB Query Language). ArangoDB is a NoSQL database system but AQL is similar in many ways to SQL
TypeScript is a superset of JavaScript that adds optional static typing and class-based object-oriented programming. It adds additional features like interfaces and modules to JavaScript to allow code to scale. The document provides an introduction to TypeScript, explaining what it is, why to use it, its basic types, annotations, functions, interfaces, classes, generics, modules, and compiling. It also provides references for further reading.
The document contains code for 6 sample smart contracts:
1) An Adder contract that allows adding two integers and setting/getting a name string
2) A Greeter contract that allows setting/getting a greeting string
3) An AuditLog contract that logs a uid, audit details, and date
4) A Voting contract that allows voting for candidates and getting vote counts
5) A FeverContract that tracks temperature, allows increasing/decreasing it, and checks for fever
6) Each contract code includes functions for setting/getting values and other relevant logic
The document describes the steps to create a private Ethereum network with 4 nodes using the same genesis block. It details how to initialize and start each node with different ports, check connectivity between nodes, create and transfer accounts, and begin mining to generate blocks across the network. The genesis code provided specifies the initial empty state of the private network before any transactions occur.
Geth is widely used to interact with Ethereum networks. Ethereum software enables a user to set up a
“private” or “testnet” Ethereum chain. This chain will be totally different from main chain.
Component that tell geth that we want to use/create a private Ethereum Chain:
1. Custom Genesis file
2. Custom Data Directory
3. Custom Network Id
4. Disable Node Discovery
Ethereum is an open software platform based on blockchain technology that enables developers to
build and deploy decentralized applications.
Ethereum is a distributed public blockchain network.
While the Bitcoin blockchain is used to track ownership of digital currency (bitcoins), the Ethereum
blockchain focuses on running the programming code of any decentralized application.
Ether is a cryptocurrency whose blockchain is generated by the Ethereum platform. Ether can be
transferred between accounts and used to compensate participant mining nodes for computations
performed.
The document discusses microservices architecture and how to implement it using Spring Boot and Spring Cloud. It describes how microservices address challenges with monolithic architectures like scalability and innovation. It then covers how to create a microservices-based application using Spring Boot, register services with Eureka, communicate between services using RestTemplate and Feign, and load balance with Ribbon.
This document provides an introduction to Redux, including what it is, its core principles and building blocks. Redux is a predictable state container for JavaScript apps that can be used with frameworks like React, Angular and Vue. It follows the Flux architecture pattern and is based on three principles - state is immutable, state can only be changed through actions, and changes are made with pure functions called reducers. The main building blocks are actions, reducers and the store.
This document summarizes new features in Java 9 including Jshell for interactive coding, private methods in interfaces, factory methods for immutable collections, enhancements to try-with-resources, the Java Platform Module System (JPMS), Jlink for creating custom runtime images, and updates to the HTTP client and Process APIs. Key areas covered include modularization of the JDK, creating custom runtimes, improved resource management, and support for HTTP/2.
Keynote : Presentation on SASE TechnologyPriyanka Aash
Secure Access Service Edge (SASE) solutions are revolutionizing enterprise networks by integrating SD-WAN with comprehensive security services. Traditionally, enterprises managed multiple point solutions for network and security needs, leading to complexity and resource-intensive operations. SASE, as defined by Gartner, consolidates these functions into a unified cloud-based service, offering SD-WAN capabilities alongside advanced security features like secure web gateways, CASB, and remote browser isolation. This convergence not only simplifies management but also enhances security posture and application performance across global networks and cloud environments. Discover how adopting SASE can streamline operations and fortify your enterprise's digital transformation strategy.
"Hands-on development experience using wasm Blazor", Furdak Vladyslav.pptxFwdays
I will share my personal experience of full-time development on wasm Blazor
What difficulties our team faced: life hacks with Blazor app routing, whether it is necessary to write JavaScript, which technology stack and architectural patterns we chose
What conclusions we made and what mistakes we committed
Develop Secure Enterprise Solutions with iOS Mobile App Development ServicesDamco Solutions
The security of enterprise apps should not be overlooked by organizations. Since these apps handle confidential finance/user data and business operations, ensuring greater security is crucial. That’s why, businesses should hire dedicated iOS mobile application development services providers for creating super-secured enterprise apps. By incorporating sophisticated security mechanisms, these developers make enterprise apps resistant to a range of cyber threats.
Content source - https://www.bizbangboom.com/articles/enterprise-mobile-app-development-with-ios-augmenting-business-security
Read more - https://www.damcogroup.com/ios-application-development-services
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingDianaGray10
The power of Snowflake analytics enables CRM systems to improve operational efficiency, while gaining deeper insights into closed/won opportunities.
In this webinar, learn how infusing Snowflake into your CRM can quickly provide analysis for sales wins by region, product, customer segmentation, customer lifecycle—and more!
Using prebuilt connectors, we’ll show how workflows using Snowflake, Salesforce, and Zendesk tickets can significantly impact future sales.
Smart mobility refers to the integration of advanced technologies and innovative solutions to create efficient, sustainable, and interconnected transportation systems. It encompasses various aspects of transportation, including public transit, shared mobility services, intelligent transportation systems, electric vehicles, and connected infrastructure. Smart mobility aims to improve the overall mobility experience by leveraging data, connectivity, and automation to enhance safety, reduce congestion, optimize transportation networks, and minimize environmental impacts.
Discovery Series - Zero to Hero - Task Mining Session 1DianaGray10
This session is focused on providing you with an introduction to task mining. We will go over different types of task mining and provide you with a real-world demo on each type of task mining in detail.
kk vathada _digital transformation frameworks_2024.pdfKIRAN KV
I'm excited to share my latest presentation on digital transformation frameworks from industry leaders like PwC, Cognizant, Gartner, McKinsey, Capgemini, MIT, and DXO. These frameworks are crucial for driving innovation and success in today's digital age. Whether you're a consultant, director, or head of digital transformation, these insights are tailored to help you lead your organization to new heights.
🔍 Featured Frameworks:
PwC's Framework: Grounded in Industry 4.0 with a focus on data and analytics, and digitizing product and service offerings.
Cognizant's Framework: Enhancing customer experience, incorporating new pricing models, and leveraging customer insights.
Gartner's Framework: Emphasizing shared understanding, leadership, and support teams for digital excellence.
McKinsey's 4D Framework: Discover, Design, Deliver, and De-risk to navigate digital change effectively.
Capgemini's Framework: Focus on customer experience, operational excellence, and business model innovation.
MIT’s Framework: Customer experience, operational processes, business models, digital capabilities, and leadership culture.
DXO's Framework: Business model innovation, digital customer experience, and digital organization & process transformation.
Welcome to Cyberbiosecurity. Because regular cybersecurity wasn't complicated...Snarky Security
How wonderful it is that in our modern age, every bit of our biological data can be digitized, stored, and potentially pilfered by cyber thieves! Isn't it just splendid to think that while scientists are busy pushing the boundaries of biotechnology, hackers could be plotting the next big bio-data heist? This delightful scenario is brought to you by the ever-expanding digital landscape of biology and biotechnology, where the integration of computer science, engineering, and data science transforms our understanding and manipulation of biological systems.
While the fusion of technology and biology offers immense benefits, it also necessitates a careful consideration of the ethical, security, and associated social implications. But let's be honest, in the grand scheme of things, what's a little risk compared to potential scientific achievements? After all, progress in biotechnology waits for no one, and we're just along for the ride in this thrilling, slightly terrifying, adventure.
So, as we continue to navigate this complex landscape, let's not forget the importance of robust data protection measures and collaborative international efforts to safeguard sensitive biological information. After all, what could possibly go wrong?
-------------------------
This document provides a comprehensive analysis of the security implications biological data use. The analysis explores various aspects of biological data security, including the vulnerabilities associated with data access, the potential for misuse by state and non-state actors, and the implications for national and transnational security. Key aspects considered include the impact of technological advancements on data security, the role of international policies in data governance, and the strategies for mitigating risks associated with unauthorized data access.
This view offers valuable insights for security professionals, policymakers, and industry leaders across various sectors, highlighting the importance of robust data protection measures and collaborative international efforts to safeguard sensitive biological information. The analysis serves as a crucial resource for understanding the complex dynamics at the intersection of biotechnology and security, providing actionable recommendations to enhance biosecurity in an digital and interconnected world.
The evolving landscape of biology and biotechnology, significantly influenced by advancements in computer science, engineering, and data science, is reshaping our understanding and manipulation of biological systems. The integration of these disciplines has led to the development of fields such as computational biology and synthetic biology, which utilize computational power and engineering principles to solve complex biological problems and innovate new biotechnological applications. This interdisciplinary approach has not only accelerated research and development but also introduced new capabilities such as gene editing and biomanufact
How UiPath Discovery Suite supports identification of Agentic Process Automat...DianaGray10
📚 Understand the basics of the newly persona-based LLM-powered Agentic Process Automation and discover how existing UiPath Discovery Suite products like Communication Mining, Process Mining, and Task Mining can be leveraged to identify APA candidates.
Topics Covered:
💡 Idea Behind APA: Explore the innovative concept of Agentic Process Automation and its significance in modern workflows.
🔄 How APA is Different from RPA: Learn the key differences between Agentic Process Automation and Robotic Process Automation.
🚀 Discover the Advantages of APA: Uncover the unique benefits of implementing APA in your organization.
🔍 Identifying APA Candidates with UiPath Discovery Products: See how UiPath's Communication Mining, Process Mining, and Task Mining tools can help pinpoint potential APA candidates.
🔮 Discussion on Expected Future Impacts: Engage in a discussion on the potential future impacts of APA on various industries and business processes.
Enhance your knowledge on the forefront of automation technology and stay ahead with Agentic Process Automation. 🧠💼✨
Speakers:
Arun Kumar Asokan, Delivery Director (US) @ qBotica and UiPath MVP
Naveen Chatlapalli, Solution Architect @ Ashling Partners and UiPath MVP
Finetuning GenAI For Hacking and DefendingPriyanka Aash
Generative AI, particularly through the lens of large language models (LLMs), represents a transformative leap in artificial intelligence. With advancements that have fundamentally altered our approach to AI, understanding and leveraging these technologies is crucial for innovators and practitioners alike. This comprehensive exploration delves into the intricacies of GenAI, from its foundational principles and historical evolution to its practical applications in security and beyond.
Cracking AI Black Box - Strategies for Customer-centric Enterprise ExcellenceQuentin Reul
The democratization of Generative AI is ushering in a new era of innovation for enterprises. Discover how you can harness this powerful technology to deliver unparalleled customer value and securing a formidable competitive advantage in today's competitive market. In this session, you will learn how to:
- Identify high-impact customer needs with precision
- Harness the power of large language models to address specific customer needs effectively
- Implement AI responsibly to build trust and foster strong customer relationships
Whether you're at the early stages of your AI journey or looking to optimize existing initiatives, this session will provide you with actionable insights and strategies needed to leverage AI as a powerful catalyst for customer-driven enterprise success.
Top 12 AI Technology Trends For 2024.pdfMarrie Morris
Technology has become an irreplaceable component of our daily lives. The role of AI in technology revolutionizes our lives for the betterment of the future. In this article, we will learn about the top 12 AI technology trends for 2024.
Choosing the Best Outlook OST to PST Converter: Key Features and Considerationswebbyacad software
When looking for a good software utility to convert Outlook OST files to PST format, it is important to find one that is easy to use and has useful features. WebbyAcad OST to PST Converter Tool is a great choice because it is simple to use for anyone, whether you are tech-savvy or not. It can smoothly change your files to PST while keeping all your data safe and secure. Plus, it can handle large amounts of data and convert multiple files at once, which can save you a lot of time. It even comes with 24*7 technical support assistance and a free trial, so you can try it out before making a decision. Whether you need to recover, move, or back up your data, Webbyacad OST to PST Converter is a reliable option that gives you all the support you need to manage your Outlook data effectively.
2. Content
● About google authentication
● Two-Factor Authentication
● Plugin
● Time Based OTP
● How to Integrate
● Integrate with Spring Security
● Demo
● References
3. Google Authentication
Google Authenticator is a software token that implements two-step verification services using
the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password
Algorithm (HOTP), for authenticating users of mobile applications by Google. The service
implements algorithms specified in RFC 6238 and RFC 4226, respectively.
Authenticator provides a six- to eight-digit one-time password which users must provide in
addition to their username and password to log into Google services or other sites
4. Two Factor Authentication
Two-factor authentication (2FA) -- also known as two-step verification or multifactor
authentication -- is widely used to add a layer of security to your online accounts. The most
common form of two-factor authentication when logging into an account is the process of
entering your password and then receiving a code via text on your phone that you then need to
enter.
An extra layer of security that is known as "multi factor authentication"
5. The authentication factors of a multi-factor/two-factor authentication scheme may include:
1. some physical object in the possession of the user, such as a USB stick with a secret token,
a bank card, a key, etc.
2. some secret known to the user, such as a password, PIN, TAN, etc.
3. some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice,
typing speed, pattern in key press intervals, etc
6. Plugin:
For Gradle :
compile 'com.warrenstrange:googleauth:1.1.2'
For Maven :
<dependency>
<groupId>com.warrenstrange</groupId>
<artifactId>googleauth</artifactId>
<version>1.1.2</version>
</dependency>
The required libraries will be automatically pulled into your project:
● Apache Commons Codec.
● Apache HTTP client.
7. Time Based OTP
A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm,
for use in authenticating access to computer systems.
The algorithm that generates each password uses the current time of day as one of its factors,
ensuring that each password is unique. Time-based one-time passwords are commonly used for
two-factor authentication and have seen growing adoption by cloud application providers.
8. Integration with Google Auth
The following code creates a new set of credentials for a user. No user name is provided to the
API and it is a responsibility of the caller to save it for later use during the authorisation phase.
GoogleAuthenticator gAuth = new GoogleAuthenticator();
final GoogleAuthenticatorKey key = gAuth.createCredentials();
The user should be given the value of the shared secret, returned by
key.getKey(), this will return secret key ,which can be used next time for TOTP varification.
9. The following code checks the validity of the specified password against the provided Base32-
encoded secretKey:
GoogleAuthenticator gAuth = new GoogleAuthenticator();
boolean isCodeValid = gAuth.authorize(secretKey, totp);
10. Integrate With Spring Security
Plugin:
compile ':spring-security-oauth-google:0.3.1'
grails install-plugin spring-security-oauth
11. Configure with spring security
oauth {
debug = true
providers {
google {
api = org.scribe.builder.api.GoogleApi
key = 'oauth_google_key'
secret = 'oauth_google_secret'
successUri = '/oauth/google/success'
failureUri = '/oauth/google/error'
callback = "${baseURL}/oauth/google/callback"
scope = 'https://www.googleapis.com/auth/userinfo.email'
}
}
}
12. How to create domain for OAuth:
To create OAuth Domain :
grails s2-init-oauth [domain-class-package] [oauthid-class-name]
that creates:
● The domain class
● The controller class [package path]SpringSecurityOAuthController
● The view springSecurityOAuth/askToLinkOrCreateAccount.gsp
Finally, add
static hasMany = [oAuthIDs: OAuthID]
to you user domain class.
13. Demo
You can find demo on :
https://github.com/NexThoughts/Google-Authenticator