Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
This document provides an overview of Kubernetes and attacking Kubernetes clusters for penetration testers. It begins with introductions to containers, Kubernetes, and setting up a local Kubernetes cluster. It then covers a threat model for Kubernetes and describes an attacker's workflow against a cluster, including discovery, vulnerability testing, exploitation, and persistence. Specific attacks demonstrated include API server authorization testing, discovering exposed etcd and internal services, container escapes, and Helm Tiller privilege escalation. Resources for further learning are also provided.
Hashicorp Vault: Open Source Secrets Management at #OPEN18Kangaroot
HashiCorp Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. We'll show how this works.
This presentation covers the basics of dockers, its security related features and how certain misconfigurations can be used to escape from container to host
OpenID for SSI aims to specify protocols based on OpenID Connect and OAuth 2.0 to enable self-sovereign identity (SSI) applications. This initiative is conducted by the OpenID Foundation in collaboration with the Decentralized Identity Foundation. One specification builds upon the DID-SIOP and SIOPv1 standards. Using OpenID Connect allows for variety in SSI technology choices like identifiers, credentials, and cryptography while leveraging existing OpenID Connect implementations, libraries, and developer familiarity. Demonstrations show credential presentation and issuance via OIDC4SSI specifications.
This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.
Carlos García - Pentesting Active Directory Forests [rooted2019]RootedCON
The document discusses penetration testing of Active Directory forests and trusts. It begins with an introduction to forests, domains, and trust types. It then covers authentication protocols like NTLM and Kerberos across trusts. Next, it discusses techniques for enumerating trusts and mapping the trust relationships. The document outlines common attacks when domain admin privileges are available, such as using Golden Tickets and SID history exploitation. For situations without domain admin, it recommends reconnaissance of trusts and objects to map a path to privileged accounts.
The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points:
- Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets.
- An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools.
- Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions.
- AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
This document discusses the growing adoption of FIDO authentication standards for passwordless, phishing-resistant multi-factor authentication. It predicts that in 2022, enterprise passwordless deployments will grow rapidly as mobile platforms provide consumer-ready solutions at scale. The document outlines how FIDO specifications offer simpler and stronger authentication using public key cryptography backed by major technology companies. It notes that over 5 billion devices now support FIDO and more than 150 million people are using passwordless methods each month. Government policies are evolving to recognize FIDO authentication as the preferred choice and gold standard for phishing-resistant multi-factor authentication.
This 20-minute presentation introduces OAuth through defining it, explaining why it is useful, providing background information, defining key terminology, outlining the workflow, and including a live example. It defines OAuth as a method for users to grant third-party access to their resources without sharing passwords and to grant limited access. It highlights issues with traditional client-server authentication and how OAuth addresses them. The presentation then covers OAuth background, terminology like consumer and service provider, the redirection-based authorization workflow, and concludes with a live example and references for further information.
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
This document summarizes a presentation about OpenID Connect. OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows clients to verify the identity of the user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. It defines core functionality for modern identity frameworks by standardizing how clients and servers discover and use identity data exposed by identity providers and how clients can verify that identity data. The presenter discusses how OpenID Connect provides a simple yet powerful way to authenticate users and share attributes about them between websites and applications in an interoperable manner.
Introduction to Self Sovereign Identity - IIW October 2019Heather Vescent
The document describes an internet identity workshop discussing decentralized identity models, standards, and specifications. It provides an agenda that includes introductions from three speakers and their backgrounds in decentralized identity. The vision for a global digital rail is presented, covering interoperability, cross-border functionality, and government support. Digital identity models from centralized to federated to decentralized are defined. Emerging standards for decentralized identifiers (DIDs) are explained, including DID documents, methods, authentication, and verifiable credentials. Examples from Transmute and Vivvo are mentioned, along with a Q&A session.
This document discusses authentication and authorization frameworks like OAuth and OpenID Connect. It provides an overview of key concepts like authentication, authorization, roles in OAuth like resource owner, client, authorization server and resource server. It explains the authorization code grant flow in OAuth and how OpenID Connect builds upon OAuth to provide identity features. It also compares OpenID Connect to SAML and discusses Microsoft and TechCello implementations of these specifications.
View on-demand: https://wso2.com/library/webinars/api-security-best-practices-and-guidelines/
Modern enterprises are increasingly adopting APIs, exceeding all predictions. With more businesses investing in microservices and the increased consumption of cloud APIs, you need to secure beyond just a handful of well-known APIs. You will need to secure a higher number of internal and external endpoints.
At the same time, security itself is a broad area and vendors implement a number of seemingly similar standards and patterns, making it very difficult for consumers to settle on the best option for securing APIs. The sheer number of options can be very confusing.
There is much to learn about API security, regardless of whether you are a novice or expert and it’s extremely important that you do because security is an integral part of any development project, including API ecosystems.
This webinar will deep-dive into the importance of API security, API security patterns, and how identity and access management (IAM) fit in the ecosystem.
DURING THE WEBINAR, WE WILL COVER:
Managed APIs
OAuth 2.0 and API security patterns
Introduction to WSO2 Identity Server
How we align with OWASP API security guidelines
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
This document provides an overview and summary of a presentation about authentication and authorization for cloud native applications using Keycloak. The presentation introduces Keycloak as an open source identity and access management solution, discusses the importance of authentication and authorization, and describes how Keycloak can be used for authentication methods like single sign-on, social login, and multi-factor authentication as well as authorization standards like OAuth 2.0 and Financial-Grade API 1.0. It also covers Keycloak features that help secure cloud native environments and applications.
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
In this webinar, GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets. Then, GitLab Security Lead, Brian Neel, will explain how they leverage their community using HackerOne to spot and prioritize security issues quickly.
PittsburgJUG_Cloud-Native Dev Tools: Bringing the cloud back to earthGrace Jansen
How can we effectively develop for the cloud, when we as developers are coding back down on earth? This is where effective cloud-native developer tools can enable us to either be transported into the cloud or alternatively, to bring the cloud back down to earth. But what tools should we be using for this? In this session, we’ll explore some of the useful OSS tools and technologies that can used by developers to effectively develop, design and test cloud-native Java applications.
Ionic Native: Native-powered apps, without the hassleIonic Framework
Join us for a live walkthrough of Ionic Native, a curated library of over 250 Community and Premier native solutions and plugins, delivering everything you need to build amazing cross-platform experiences from Day One.
View the presentation here: https://ionicpro.wistia.com/medias/bacos4ktbn
It's clear that Docker speeds up development and makes testing and deployment more efficient. As Docker moves into production new use cases and patterns are emerging that address availability and security concerns. With microservices, safety is part of the architecture that developers need to understand and build for. It's no longer good enough to wrap a firewall around an entire app when it goes to production, and have a cold standby in case it breaks.
9 Software Development Tools Used by Experts | What Tools You Should Use to D...Carl Alston
Good software development is always a huge undertaking. Over the last 10 years, we Gear Inc. have had the privilege to work on a vast array of projects. Here are some of the top tools that have helped us and may prove to make you more productive and efficient on your own projects.
#softwaredevelopment #appdev #tools #software
9 Software Development Tools Used by Experts | What Tools You Should Use to D...Gear Inc.
Good software development is always a huge undertaking. Over the last 10 years, we Gear Inc. have had the privilege to work on a vast array of projects. Here are some of the top tools that have helped us and may prove to make you more productive and efficient on your own projects.
#softwaredevelopment #appdev #tools #software
Aleksei Dremin - Application Security Pipeline - phdays9Alexey Dremin
This document discusses setting up an application security pipeline for continuous integration and delivery (CI/CD). It recommends using static application security testing (SAST) tools, dependency checkers, source code scanners, dynamic application security testing (DAST) tools, and integrating them with Jenkins. It also suggests managing vulnerabilities and results in DefectDojo and notifying stakeholders of new findings through integration with communication tools like Slack. The document stresses the importance of educating developers on security best practices.
1) The document discusses ways that security functions on Windows can potentially be bypassed during a penetration test, such as restricting access to drives, applications, and Internet Explorer.
2) Methods are presented for bypassing application restrictions, such as using HTML help to access the internet without a browser or using InstallUtil to execute PowerShell without PowerShell.
3) Countermeasures are suggested like using AppLocker with a whitelist and monitoring logs to prevent bypassing security restrictions.
Java EE Application Security With PicketLinkpigorcraveiro
In this presentation we will take a look at PicketLink, a security framework for Java EE and learn how its identity management, authentication and authorization features can be used to address the security requirements for all aspects of application development.
RICOH THETA x IoT Developers Contest : Cloud API Seminarcontest-theta360
This document summarizes a presentation about Ricoh's Cloud API and Theta camera functions. It introduces two current Cloud API functions - video communication and photo/media storage. Video communication allows video chat between devices using WebRTC. Photo storage provides APIs for uploading, storing, and downloading images. Future functions may include remote camera control, sensor data collaboration, image processing, and social media integration. The presentation demonstrated a simple image slideshow application using the Cloud APIs and SDK to access stored photos in a web browser.
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Daniel Oh
Podman, Buildah, and CRI-O are new open source projects that address early concerns with Docker like requiring a daemon, secret handling issues, and root/privileged concerns. Podman is a daemonless container engine that provides a Docker-compatible command line. Buildah is a tool for building OCI container images without needing a daemon. CRI-O implements the Kubernetes Container Runtime Interface for running containers securely in production clusters without daemons.
- Hyperledger is an open source collaborative effort created in 2016 to advance cross-industry blockchain technologies. It is hosted by The Linux Foundation.
- Hyperledger aims to develop enterprise-grade, open source distributed ledger technologies and applications. It has over 200 members including major technology companies.
- The presentation provides an overview of several Hyperledger projects including Fabric, Sawtooth, Iroha, Indy, Burrow, Composer and Cello. It summarizes the goals and technical aspects of these projects.
- The presenter discusses the growth and momentum of Hyperledger, outlines the roadmap for 2018, and notes IBM's founding role and ongoing leadership in Hyperledger.
Over 30 years, the term Open Source has been gaining momentum and it is at its peak right now, with all tech giants shifting focus into open source. In contrast, you don’t see a lot of penetration in open source IAM, this is largely due to the uncertainty and doubts around the topic. Register here for an in-depth explanation of facts and fiction in this space.
View the on-demand webinar: https://wso2.com/library/webinars/open-source-value-benefits-risks/
This document discusses identity management solutions provided by Azure Active Directory (AAD). AAD allows users to self-manage their identities through features like password reset and multi-factor authentication. It also enables single sign-on for on-premises and cloud applications. AAD provides tools to measure identity security levels and integrate with other identity providers. It is a growing product supported by Microsoft with documentation, procedures, and monitoring. AAD helps users take more responsibility for their identities while improving security.
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
How to Debug IoT Agents Webinar - 17th April 2019
Corresponding webinar recording: https://youtu.be/FRqJsywi9e8
Chapter: IoT Agents
Difficulty: 3
Audience: Any Technical
Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)
How to debug IoT Agents - investigating what goes wrong and how to fix it.
Preventing Code Leaks & Other Critical Security Risks from CodeDevOps.com
In the last decade, the way software is developed and deployed has completely changed, yet the way we secure it has stood still. Today, developers use Git and open source and deploy via devops to the cloud. All of this has introduced security risks that are being exploited by hackers.
In this one hour webinar, learn the top threats facing companies from their code environments and how to address them.
You will learn:
How Git-based environments post a threat to enterprise security
Why companies lack visibility into who has downloaded their code on unprotected devices
How to mitigate the threats from code without altering or slowing down the software development process
How code security must fit into an overall information security strategy
Who should attend:
CISOs or infosec directors
Devsecops leaders and engineers
Appsec leaders and engineers
This document discusses the security features of Windows operating systems. It provides an overview of security improvements in Vista, Windows 7, Windows 8, and Windows 10. Some key security features discussed include User Account Control, BitLocker, Credential Guard, Device Guard, and Windows Hello authentication. The presentation evaluates how these features help to address vulnerabilities and protect the operating system and user data.
Forge.mil is a collaborative software development platform that aims to overcome siloed development, reduce duplication of effort, and enable cross-program sharing of software and services. It provides application lifecycle management services and tools for collaborative development within a shared, multi-tenant environment for Department of Defense programs and partners. Forge.mil has grown to support over 2700 software releases from various DoD projects across different services since its initial launch in 2009.
Similar to “How to Secure Your Applications With a Keycloak? (20)
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Ukraine
Під час доповіді відповімо на питання, навіщо потрібно підвищувати продуктивність аплікації і які є найефективніші способи для цього. А також поговоримо про те, що таке кеш, які його види бувають та, основне — як знайти performance bottleneck?
Відео та деталі заходу: https://bit.ly/45tILxj
GlobalLogic Embedded Community x ROS Ukraine Webinar "Surgical Robots"GlobalLogic Ukraine
Доповідь присвячена медицині майбутнього, малоінвазивній хірургії: розглянемо рішення із використанням роботів хірургів. Оглянемо інструментарій та звернемо увагу на речі, які можна відтворити для експериментів у домашніх умовах.
GlobalLogic Java Community Webinar #17 “SpringJDBC vs JDBC. Is Spring a Hero?”GlobalLogic Ukraine
Доповідь присвячена розгляду Spring JDBC у порівнянні зі стандартним JDBC у Java. Спікерка покаже на конкретних прикладах розподіл логіки коду за класами та як використання Spring JDBC скорочує кількість коду, який необхідно написати, і чому це відбувається.
Відео та деталі заходу: https://bit.ly/3wqEjCx
GlobalLogic JavaScript Community Webinar #18 “Long Story Short: OSI Model”GlobalLogic Ukraine
Ця доповідь зацікавить усіх, хто хоче заповнити прогалини у базових знаннях чи підтягнути теорію з університету. Під час доповіді ми дізнаємось, що таке модель OSI та розглянемо кожен її рівень. Як результат, ви краще розумітимете свою область відповідальності як Front-end, Back-end, DevOps чи системний адміністратор.
Відео та деталі заходу: https://bit.ly/47T4QWI
Штучний інтелект як допомога в навчанні, а не замінник.pptxGlobalLogic Ukraine
Про що лекція:
- Як використовувати штучний інтелект у навчанні
- Обмеження та недоліки використання AI
- Рекомендації щодо відповідального використання AІ в навчанні. Огляд кращих прикладів.
Спікер: Оксана Поморова — Lead Software Engineer, GlobalLogic, доктор технічних наук з 20-річним досвідом в IT. Напрям діяльності — застосування штучного інтелекту та комп’ютерний зір.
Задачі AI-розробника як застосовується штучний інтелект.pptxGlobalLogic Ukraine
Про що лекція:
- Пошук схожих зображень за допомогою ШІ
- Як ШІ видаляє задній фон на фото. Розв’язання задачі сегментації.
- Ефективне навчання ШІ на основі великого масиву даних (фото).
Спікер: Олександр Мірошниченко, Senior Software Engineer, має понад 7 років досвіду в ІТ. Напрям діяльності — нейронні мережі та Deep Learning.
Що треба вивчати, щоб стати розробником штучного інтелекту та нейромереж.pptxGlobalLogic Ukraine
Про що лекція:
- Що таке штучний інтелект зсередини та чим зумовлена його популярність
- Напрями розвитку штучного інтелекту: які є та як обрати свій
- Які знання необхідні, щоб стати розробником штучного інтелекту
Спікер: Василь Ляшкевич — Solution Architect, GlobalLogic, PhD в компʼютерних науках, має понад 15 років досвіду в ІТ. Напрям діяльності — розробка алгоритмів і засобів штучного інтелекту, хмарних систем та сервісів.
GlobalLogic Java Community Webinar #16 “Zaloni’s Architecture for Data-Driven...GlobalLogic Ukraine
20 липня відбувся вебінар від Java Community – “Zaloni’s Architecture for Data-Driven Design” by Максим Дем’яновський — Software Engineer, GlobalLogic.
Доповідь надасть уявлення про Data-Driven Design, основні його переваги і практичну користь, а також покаже як його можна реалізувати на практиці.
25 квітня відбувся вебінар від JavaScript Community – “Why Is Git Rebase?”
Ганна Ліхтман — Senior Software Engineer, GlobalLogic.
Під час вебінару дізнались, що таке git history, та чому важливо тримати її в чистоті і порядку. Яка різниця між merge та rebase. Що таке інтерактивний rebase та в чому його сила не тільки на словах, але й на практиці.
GlobalLogic .NET Community Webinar #3 "Exploring Serverless with Azure Functi...GlobalLogic Ukraine
29 березня відбувся вебінар від .NET Community – “Exploring Serverless with Azure Functions”.
Спікер: Євген Павленко – Senior Software Engineer, GlobalLogic.
Поговорили на ті теми:
- Вступ до Azure Functions та Serverless;
- Типи хмарного обчислення;
- Переваги serverless;
- Функції та можливості Azure Functions.
Страх і сила помилок - IT Inside від GlobalLogic EducationGlobalLogic Ukraine
Ви дізнаєтесь:
- Що знаходиться за кулісами успішного успіху;
- Страх, що контролює тебе та робота з ним;
- Звідки береться невпевненість у власних силах;
- Чого власні помилки демотивують.
ℹ️IT Inside — це серія 30-хвилинних лекцій для охочих розпочати кар'єру в ІТ. Наші експерти відкриють залаштунки айтішного життя, обговорять поширені думки про ІТ-сферу й розкажуть те, що самі б хотіли почути на старті кар'єри.
🎬Переглянути записи попередніх лекцій IT Inside (https://youtube.com/playlist?list=PLipGbz33Ay3H5ynlB0YQ6P-16IX-pRvce).
GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”GlobalLogic Ukraine
24 листопада відбувся вебінар від .NET Community – “Azure RBAC and Managed Identity”.
Спікер: Євген Павленко – Senior Software Engineer, GlobalLogic.
Розповіли, що таке Azure RBAC (Role Base Access Control) і як він працює, для чого нам Azure Managed Identity та як звільнитись від використання паролів-секретів при використанні Azure.
Деталі заходу: https://bit.ly/3GSBvRx
Відкриті .NET-позиції у GlobalLogic: https://bit.ly/3ilJYCq
Долучитись до .NET Community у Facebook: https://www.facebook.com/groups/communitydotnet
GlobalLogic QA Webinar “What does it take to become a Test Engineer”GlobalLogic Ukraine
We considered:
- What attracts you to testing?
- What set of skills does the tester need?
- How to find your niche?
- Truth and fiction about testing
- Resume as a way to success
- Recommended materials
GlobalLogic Machine Learning Webinar “Advanced Statistical Methods for Linear...GlobalLogic Ukraine
31 травня відбувся вебінар для ML-спеціалістів - “Advanced Statistical Methods for Linear Regression” від спікера Віталія Мірошниченка! Ця доповідь для тих, хто добре ознайомлений із найпоширенішими моделями даних та підходами у машинному навчанні і хоче розширити знання іншими підходами.
У доповіді ми розглянули:
- Нагадування. Модель лінійної регресії і підгонка параметрів;
- Навчання батчами (великі об’єми вибірок);
- Оптимізація розрахунків у каскаді моделей;
- Модель суміші лінійних регресій;
- Оцінки методом складеного ножа матриць коваріацій.
Про спікера:
Віталій Мірошниченко — Senior ML Software Engineer, GlobalLogic. Має більше 6 років досвіду, який отримав здебільшого на проєктах, пов’язаних із Telecom, Cyber security, Retail. Активний учасник змагань Kaggle, та Аспірант КНУ.
Деталі заходу: https://bit.ly/3HkqhDB
Відкриті ML позиції у GlobalLogic: https://bit.ly/3MPC9yo
GlobalLogic Machine Learning Webinar “Statistical learning of linear regressi...GlobalLogic Ukraine
24 травня відбувся GlobalLogic Machine Learning Webinar “Statistical learning of linear regression model” від спікера Віталія Мірошніченка.
Під час вебінару ми обговорили такі теми:
- Модель лінійної регресії;
- Підгонка параметрів моделі (custom, sklearn, scipy);
- Основні теореми та асимптотика параметрів;
- Дискриптивні статистики (візуалізація результатів);
- Тести та їх інтерпретація;
- Приклади з Machine Learning.
Відео та деталі заходу - https://www.globallogic.com/ua/about/events/statistical-learning-of-linear-regression-model/?utm_source=youtube-organic&utm_medium=social&utm_campaign=statistical-learning-of-linear-regression-model
Попередня реєстрація на GL BaseCamp - https://bit.ly/BaseCampwaitinglist
GlobalLogic C++ Webinar “The Minimum Knowledge to Become a C++ Developer”GlobalLogic Ukraine
18 травня відбувся GlobalLogic C++ Webinar “The Minimum Knowledge to Become a C++ Developer” від спікера Романа Івасишина.
У доповіді ми розглянули:
- Список тем, які повинен знати С++ розробник (синтаксис мови, класи, STL, а також дізнались, для чого вчити темплейти та багатопотоковість);
- На що потрібно звернути увагу при вивченні мови;
- Деякі приховані аспекти мови;
- Практичні приклади з С++.
Відео та деталі заходу: https://bit.ly/3Gxmkee
Приєднатись до спільноти: https://www.facebook.com/groups/EmbeddedCommunity
Відкриті C++ позиції у GlobalLogic: https://bit.ly/3GzW03c
22 лютого відбувся Embedded Webinar #17 “Low-level Network Testing in Embedded Devices Development” від спікера Сергія Корнієнка.
Під час вебінару ми говорили на такі теми:
- Підхід до низькорівневого тестування мережевих протоколів;
- Інструменти, які можна використати в реальних проєктах;
- Знайдені баги та способи знаходження корневих причин на прикладі реального R&D проєкту.
Відео та деталі заходу: https://bit.ly/embedded_webinar_17
Приєднатись до спільноти: https://www.facebook.com/groups/EmbeddedCommunity
Відкриті Embedded-позиції у GlobalLogic: https://bit.ly/Embedded_Positions
11 січня відбувся вебінар “Introduction to Embedded QA”.
Під час вебінару ми поговорили на такі теми:
Огляд вбудованих систем;
Основні складнощі, що виникають під час їх тестування;
Основні напрямки та технології, які необхідно відслідковувати під час роботи з вбудованими системами.
Більше про захід: https://www.globallogic.com/ua/about/events/globallogic-webinar-introduction-to-embedded-qa/
Приємного перегляду і не забудьте залишити коментар про враження від вебінару!
9 грудня відбувся вебінар “Why Should You Learn C++ in 2021-22?”
Розглянули, наскільки популярною є C/C++ і де її можна використовувати. Поговорили про основні переваги та недоліки цієї мови програмування. Розповіли, як розвивається C/C++ і, нарешті, ми зрозуміли, як почати вивчати C/C++.
Більше про захід: https://www.globallogic.com/ua/about/events/c-webinar-why-you-should-learn-c-in-2021-22/
Приємного перегляду і не забудьте залишити коментар про враження від вебінару!
GlobalLogic Test Automation Live Testing Session “Android Behind UI — Testing...GlobalLogic Ukraine
В рамках GlobalLogic Test Automation Advent Calendar нещодавно відбувся GlobalLogic Test Automation Live Testing Session “Android Behind UI — Testing Challenges” від Дмитра Токарського, Lead Test Engineer, Quality Assurance, GlobalLogic.
Під час заходу ми говорили про те, як працює Android Debug Bridge, що стоїть за вбудованими фреймворками тестування UI та як спілкуватися з додатками та системою, якщо немає UI. Окремо поговорили про Bluetooth й окреслили бібліотеки Python для роботи с Bluetooth та сервісами Android.
Більше про захід: https://www.globallogic.com/ua/about/events/globallogic-test-automation-live-testing-session-android-behind-ui-testing-challenges/
Приємного перегляду і не забудьте залишити коментар про враження від вебінару!
Ця активність — частина заходів в рамках GlobalLogic Test Automation Advent Calendar, ще більше заходів та цікавинок за посиланням: https://bit.ly/AdventCalendar_fb
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio, Inc.
Alluxio Webinar
June. 18, 2024
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
- Jianjian Xie (Staff Software Engineer, Alluxio)
As Trino users increasingly rely on cloud object storage for retrieving data, speed and cloud cost have become major challenges. The separation of compute and storage creates latency challenges when querying datasets; scanning data between storage and compute tiers becomes I/O bound. On the other hand, cloud API costs related to GET/LIST operations and cross-region data transfer add up quickly.
The newly introduced Trino file system cache by Alluxio aims to overcome the above challenges. In this session, Jianjian will dive into Trino data caching strategies, the latest test results, and discuss the multi-level caching architecture. This architecture makes Trino 10x faster for data lakes of any scale, from GB to EB.
What you will learn:
- Challenges relating to the speed and costs of running Trino in the cloud
- The new Trino file system cache feature overview, including the latest development status and test results
- A multi-level cache framework for maximized speed, including Trino file system cache and Alluxio distributed cache
- Real-world cases, including a large online payment firm and a top ridesharing company
- The future roadmap of Trino file system cache and Trino-Alluxio integration
CommandBox was highlighted as a powerful web hosting solution, perfect for developers and businesses alike. Featuring a built-in server and command-line interface, CommandBox simplified web application management. Developers could deploy multiple application instances simultaneously, optimizing development workflows. CommandBox's efficient deployment processes ensured reliable web hosting, seamlessly integrating into existing workflows for scalability and feature enhancements.
Discover BoxLang, the innovative JVM programming language developed by Ortus Solutions. Designed to harness the power of the Java Virtual Machine, BoxLang offers a modern approach to application development with robust performance and scalability. Join us as we explore the capabilities of BoxLang, its syntax, and how it enhances productivity in software development.
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...Hironori Washizaki
Hironori Washizaki, "Charting a Course for Equity: Strategies for Overcoming Challenges and Promoting Inclusion in the Metaverse", IEEE COMPSAC 2024 D&I Panel, 2024.
A captivating AI chatbot PowerPoint presentation is made with a striking backdrop in order to attract a wider audience. Select this template featuring several AI chatbot visuals to boost audience engagement and spontaneity. With the aid of this multi-colored template, you may make a compelling presentation and get extra bonuses. To easily elucidate your ideas, choose a typeface with vibrant colors. You can include your data regarding utilizing the chatbot methodology to the remaining half of the template.
What is OCR Technology and How to Extract Text from Any Image for FreeTwisterTools
Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.
Join me for an insightful journey into task scheduling within the ColdBox framework. In this session, we explored how to effortlessly create and manage scheduled tasks directly in your code, enhancing control and efficiency in applications and modules. Attendees experienced a user-friendly dashboard for seamless task management and monitoring. Whether you're experienced with ColdBox or new to it, this session provided practical knowledge and tips to streamline your development workflow.
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsEstuary Flow
Unlock the full potential of your data by effortlessly migrating from PostgreSQL to Snowflake, the leading cloud data warehouse. This comprehensive guide presents an easy-to-follow 8-step process using Estuary Flow, an open-source data operations platform designed to simplify data pipelines.
Discover how to seamlessly transfer your PostgreSQL data to Snowflake, leveraging Estuary Flow's intuitive interface and powerful real-time replication capabilities. Harness the power of both platforms to create a robust data ecosystem that drives business intelligence, analytics, and data-driven decision-making.
Key Takeaways:
1. Effortless Migration: Learn how to migrate your PostgreSQL data to Snowflake in 8 simple steps, even with limited technical expertise.
2. Real-Time Insights: Achieve near-instantaneous data syncing for up-to-the-minute analytics and reporting.
3. Cost-Effective Solution: Lower your total cost of ownership (TCO) with Estuary Flow's efficient and scalable architecture.
4. Seamless Integration: Combine the strengths of PostgreSQL's transactional power with Snowflake's cloud-native scalability and data warehousing features.
Don't miss out on this opportunity to unlock the full potential of your data. Read & Download this comprehensive guide now and embark on a seamless data journey from PostgreSQL to Snowflake with Estuary Flow!
Try it Free: https://dashboard.estuary.dev/register
Non-Functional Testing Guide_ Exploring Its Types, Importance and Tools.pdfkalichargn70th171
Are you looking for ways to ensure your software development projects are successful? Non-functional testing is an essential part of the process, helping to guarantee that applications and systems meet the necessary non-functional requirements such as availability, scalability, security, and usability.
Explore the latest in ColdBox Debugger v4.2.0, featuring the Hyper Collector for HTTP/S request tracking, Lucee SQL Collector for query profiling, and Heap Dump Support for memory leak debugging. Enhancements like the revamped Request Dock and improved SQL/JSON formatting streamline debugging for optimal ColdBox application performance and stability. Ideal for developers familiar with ColdBox, this session focuses on leveraging advanced debugging tools to enhance development efficiency.
Discover Passkeys, the next evolution in secure login methods that eliminate traditional password vulnerabilities. Learn about the CBSecurity Passkeys module's installation, configuration, and integration into your application to enhance security.
Drona Infotech is one of the best Mobile App Development Company in Noida. Elevate your business with our professional app development services. Let us help you create user-friendly and high-performing mobile applications.
Visit Us For: https://www.dronainfotech.com/mobile-application-development/
Sami provided a beginner-friendly introduction to Amazon Web Services (AWS), covering essential terms, products, and services for cloud deployment. Participants explored AWS' latest Gen AI offerings, making it accessible for those starting their cloud journey or integrating AI into coding practices.
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
3. 3
Confidential
3
Disclaimer
Everything described there is true and complete to the
best of author's knowledge. All recommendations and
inferences are made without guarantee of the part of the
author. The author disclaims any liability in connection
with the use of this information.
6. 6
Confidential
6
Implementation of Custom Security Layer
● Manage login/registration
forms
● Manage user profiles
● Store users, passwords
● Check credentials
● API for token management
Authentication for Backend
● Integrate this into the project
● Combine UI and backend
together with authentication
flows
Authentication for UI
1
Put together
3 Project Integration
4
2
8. 8
Confidential
8
Reasons to Delegate Your Security
Stay DRY
Don’t Repeat
Yourself
So you need some
ways to protect
your data
You are
probably not a
security expert
10. 10
Confidential
10
Keycloak Overview
Open-source identity and access management. Features:
Single sign in
LDAP and Active
Directory
Clustering
Standard
protocols
Social login
Themes
Centralized
management
Identity brokering
Extensible
Adapters
High performance
Password policies
Sign in once to
multiple applications
Connect to existing
user directories
Optimize scalability
and availability
OpenID Connect, OAuth
2.0, and SAML 2.0
Easily enable social
sign in
Customize look and
feeling
Available both for
admins and users
OpenID Connect or
SAML 2.0 IdPs
Customize through
code
Customize password
policies
Easy, fast, and
scalable
Secure applications
and services
12. 12
Confidential
12
Reasons to Use Keycloak
Reliable Solution
● Stable release: 19.0.1
July 29, 2022
● Issues board
(https://github.com/keycloak/k
eycloak/issues)
● Documentation
(https://www.keycloak.org/doc
umentation.html)
Open Source
● Free product
● Various customizations and
contributions
● Open community
Straightforward
● Not reinventing the wheel
● Shared libraries, keys,
certificates, and configurations
13. 13
Confidential
13
Launch Keycloak
Launch with
JBoss WildFly
Launch with
Docker
1. Download Keycloak from
https://www.keycloak.org/downloads.html
2. Use the following command:
keycloak-x.x.x.Final/bin>./stand
alone.sh
Use the following commands:
1. docker pull jboss/keycloak
2. docker run --rm -d --name
keycloak -p 5555:8080 -e
KEYCLOAK_USER=admin -e
KEYCLOAK_PASSWORD=admin
jboss/keycloak
14. 14
Confidential
14
Prepare to integrate with Keycloak
Realm:
external-apps
Keycloak
Client ID: hello-world-app
OpenID Connect/SAML
Resource Endpoint
Keycloak
Adapter
Mobile App
Frontend App
Backend App
SDK: Android, iOS
Client side: JS
Server side: Java, Python,
Node.js, Ruby, C#, etc.
15. 15
Confidential
15
Integrate with Keycloak
Provide a client
configuration
3
Create a client
2
Create a realm
1
● You can use master for a dev
environment or base it into your
business domain (for example,
external-appsor
internal-apps).
● Create a client for your
application (for example,
hello-world-app). Client
configuration requires the
following details:
○ Protocol — SAML or OIDC).
○ Resource endpoint — the
application hostname or
REST endpoint.
○ Redirect URL — where to
redirect the user when
authentication is granted.
● Provide the client configuration
to your application as input, for
example:
○ The client ID
(hello-world-app).
○ The realm
(external-apps).
○ The Keycloak server URL.