Keeping Rails Applications on Track with Brakeman. Justin RailsConf 2012
|
|
|
- Eustace Malone
- 6 years ago
- Views:
Transcription
1 Keeping Rails Applications on Track with Brakeman Justin RailsConf
2 Everyone knows they should worry about security 2
3 But when should you worry? 3
4 Idealized Software Development Write Run Commit Push to Code QA Deploy tests CI server review Testing 4
5 Cost to Fix Defects Write Run Commit Push to Code QA Deploy tests CI server review Testing 5
6 Cost to Fix Defects Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
7 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
8 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
9 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
10 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
11 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
12 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
13 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
14 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing 6
15 Cost to Fix Defects Security Review Write Run Commit Push to Code QA Deploy tests CI server review Testing Save 6
16 brakemanscanner.org 7
17 zero configuration security scanning 8
18 gem install brakeman cd my_rails_app/ brakeman 9
19 10
20 gem install brakeman cd my_rails_app/ brakeman -o report.html 11
21 12
22 Confidence View Warning Type Render Location Line Number Code Snippet 13
23 Line 5 14
24 Static Analysis Detour 15
25 Static Analysis Anything that can be determined about a program without actually executing it 16
26 But Ruby is way too dynamic for that! 17
27 eval(file.read(gets.strip)) 18
28 We don t have to know everything 19
29 Most of the Action Happens Here Filters Controller View Partials 20
30 Start Simple: User Input in Views <%= params[:user][:name] %> View 21
31 Next: From Controllers to = params[:user] Controller %> View 22
32 Next: From Controllers to = params[:user] Controller %> View 22
33 Next: From Controllers to = params[:user] Controller <%= params[:user][:name] %> View 23
34 Really Simple Data Flow user = params[:user] user_id = = 24
35 Really Simple Data Flow user = params[:user] user_id = = 24
36 Really Simple Data Flow user = params[:user] user_id = = 25
37 Really Simple Data Flow user = params[:user] user_id = = 25
38 Really Simple Data Flow user = params[:user] user_id = = 26
39 Really Simple Data Flow user = params[:user] user_id = = 26
40 Really Simple Data Flow user = params[:user] user_id = = User.find(params[:user][:id]) User.find(params[:user][:id]).update_attributes(user) 27
41 Really Simple Data Flow user = params[:user] user_id = = User.find(params[:user][:id]) User.find(params[:user][:id]).update_attributes(user) 27
42 Really Simple Data Flow user = params[:user] user_id = = User.find(params[:user][:id]) User.find(params[:user][:id]).update_attributes(params[:user]) 28
43 Really Simple Data Flow user = params[:user] user_id = = User.find(params[:user][:id]) User.find(params[:user][:id]).update_attributes(params[:user]) Mass Assignment 28
44 Brakeman Can Detect... Cross site scripting SQL injection Command injection Unrestricted mass assignment Unprotected redirects Unsafe file access Version-specific security issues Dangerous use of eval Dangerous use of send Default routes Dynamic render paths and more! Insufficient model validation 29
45 Performance Twitter Main App < 2m nventory (66c, 58m, 688t) Redmine (50c, 77m, 256t) Typo (34c, 47m, 113t) ~1m ~20s ~5s Brakeman 1.6.0, Ruby p125 30
46 Back to SDLC Write Run Commit Push to Code QA Deploy tests CI server review Testing 31
47 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 32
48 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 32
49 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 32
50 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 32
51 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 32
52 Brakeman + jenkins-ci.org open source CI server 33
53 Brakeman + 34
54 Brakeman + 35
55 Brakeman Programatically require brakeman Brakeman.run myapp 36
56 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 37
57 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 37
58 Run Brakeman Anytime Write Run Commit Push to Code QA Deploy tests CI server review Testing 37
59 Brakeman + Rake brakeman --rake rake brakeman:run 38
60 Hardcore Mode brakeman -z 39
61 Comparing Brakeman Results brakeman -o report.json brakeman --compare report.json 40
62 Brakeman...All the Time? Write Run Commit Push to Code QA Deploy tests CI server review Testing 41
63 Brakeman...All the Time? Write Run Commit Push to Code QA Deploy tests CI server review Testing Save 41
64 Fast Rescanning Brakeman supports fast rescanning of changed files* 42
65 Fast Rescanning *If scan is kept in memory 43
66 Brakeman + Guard group :development do end gem 'guard-brakeman' 44
67 Brakeman + Guard guard init brakeman guard 45
68 Brakeman + Guard Demo watch?v=cmgycr9_ons 46
69 Caveats 47
70 warnings!= vulnerabilities 48
71 zero warnings does not mean zero vulnerabilities 49
72 Brakeman is not omniscient 50
73 Supports Rails 2.x & 3.x Ruby & 1.9.x JRuby 51
74 brakemanscanner.org 52
Ruby on Rails Secure Coding Recommendations
Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional
CS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
Angular 2 and Hexo. Static Meets Dynamic For the Best of Both Worlds! Copyright 2016 Code Career Academy
Angular 2 and Hexo Static Meets Dynamic For the Best of Both Worlds! Who am I? Jeff Ammons Microsoft MVP Pluralsight Author CEO/Chief Instructor at Code Career Academy 25 Years Professional Experience
RailsConf Europe 2008 Juggernaut Realtime Rails. Alex MacCaw and Stuart Eccles
RailsConf Europe 2008 Juggernaut Realtime Rails Alex MacCaw and Stuart Eccles RailsConf Europe 2008 Juggernaut Realtime Rails Alex MacCaw and Stuart Eccles http://www.madebymany.co.uk/ server push HTTP
Introduction to Ruby on Rails
Introduction to Ruby on Rails Ralf Teusner ralf.teusner@hpi.de Software Engineering II WS 2018/19 Prof. Plattner, Dr. Uflacker Enterprise Platform and Integration Concepts group Introduction to Ruby on
Having Fun with Social Coding. Sean Handley. February 25, 2010
Having Fun with Social Coding February 25, 2010 What is Github? GitHub is to collaborative coding, what Facebook is to social networking 1 It serves as a web front-end to open source projects by allowing
Introduction to Ruby on Rails
Introduction to Ruby on Rails Software Engineering II WS 2016/17 Arian Treffer arian.treffer@hpi.de Prof. Plattner, Dr. Uflacker Enterprise Platform and Integration Concepts group Introduction to Ruby
Introduction to Ruby on Rails
Introduction to Ruby on Rails Keven Richly keven.richly@hpi.de Software Engineering II WS 2017/18 Prof. Plattner, Dr. Uflacker Enterprise Platform and Integration Concepts group Introduction to Ruby on
Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
Contents in Detail. Foreword by Xavier Noria
Contents in Detail Foreword by Xavier Noria Acknowledgments xv xvii Introduction xix Who This Book Is For................................................ xx Overview...xx Installation.... xxi Ruby, Rails,
Web Applications (Part 2) The Hackers New Target
Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application
AppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
How to Build an Appium Continuous Testing Pipeline
How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous
Turbo boost your digital app test automation with Jenkins
Turbo boost your digital app test automation with Jenkins Step-by-Step Tutorial May, 2018 Speakers Sheli Ashkenazi Sr. Product Manager Experitest Jonathan Aharon Sr. Sales Engineer Experitest 2 01 The
Deployment for Mac. A Guide For: Reflector 3/Teacher can be deployed across a domain using an Automator workflow and Apple Remote Desktop.
Deployment for Mac A Guide For: Reflector 3/Teacher can be deployed across a domain using an Automator workflow and Apple Remote Desktop. Table of Contents SETTING UP A CLIENT MACHINE FOR REMOTE INSTALLATION...
Plorma Documentation. Release 0.4. Torsten Irländer
Plorma Documentation Release 0.4 Torsten Irländer November 11, 2015 Contents 1 Introduction 1 1.1 What is Plorma.............................................. 1 1.2 Licence..................................................
Lecture 8. Validations & Sessions 1 / 41
Lecture 8 Validations & Sessions 1 / 41 Advanced Active Record 2 / 41 More Complex Queries Arel provides us with a number of methods to query our database tables So far, we've only used find which limits
Anchore Container Image Scanner Plugin
Anchore Container Image Scanner Plugin Plugin Information View Anchore Container Image Scanner on the plugin site for more information. Older versions of this plugin may not be safe to use. Please review
LEVERAGING CONVENTION OVER CONFIGURATION FOR STATIC ANALYSIS IN DYNAMIC LANGUAGES
LEVERAGING CONVENTION OVER CONFIGURATION FOR STATIC ANALYSIS IN DYNAMIC LANGUAGES David Worth dave@highgroove.com (email) - @highgroovedave (twitter) Or why it s ok to write simple frameworks for complicated
Advanced Java Testing. What s next?
Advanced Java Testing What s next? Vincent Massol, February 2018 Agenda Context & Current status quo Coverage testing Testing for backward compatibility Mutation testing Environment testing Context: XWiki
Software Engineering 2 (SWT2) Chapter 2: Introduction into Ruby on Rails
Software Engineering 2 (SWT2) Chapter 2: Introduction into Ruby on Rails Agenda 2 Ruby & Ruby on Rails What is Ruby on Rails? A few words about Ruby Core components RESTful architecture Active Record Your
Validations vs. Filters
Validations vs. Filters Advice (DRYness) Validation Filter Check invariants on model Check conditions for allowing controller action to run Pointcut AR model lifecycle hooks Before and/or after any public
DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
Ruby on Rails Welcome. Using the exercise files
Ruby on Rails Welcome Welcome to Ruby on Rails Essential Training. In this course, we're going to learn the popular open source web development framework. We will walk through each part of the framework,
Sergio Benitez.
Sergio Benitez sb@sergio.bz Rocket is a web framework for Rust that makes it simple to write fast web applications without sacrificing flexibility or type safety. Rocket is a web framework for Rust that
Software Development I
6.148 Software Development I Two things How to write code for web apps. How to collaborate and keep track of your work. A text editor A text editor A text editor Anything that you re used to using Even
DISQUS. Continuous Deployment Everything. David
DISQUS Continuous Deployment Everything David Cramer @zeeg Continuous Deployment Shipping new code as soon as it s ready (It s really just super awesome buildbots) Workflow Commit (master) Integration
Git! Fundamentals. IT Pro Roundtable! June 17, 2014!! Justin Elliott! ITS / TLT! Classroom and Lab Computing!! Michael Potter!
Git! Fundamentals IT Pro Roundtable! June 17, 2014!! Justin Elliott! ITS / TLT! Classroom and Lab Computing!! Michael Potter! IT Communications 1 What is Version Control? Version Control System (VCS)!
Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
CS169.1x Lecture 6: Basic Rails" Fall 2012"
CS169.1x Lecture 6: Basic Rails" Fall 2012" 1" The Database is Golden Contains valuable customer data don t want to test your app on that! Rails solution: development, production and test environments
USING GIT FOR AUTOMATION AND COLLABORATION JUSTIN ELLIOTT - MATT HANSEN PENN STATE UNIVERSITY
USING GIT FOR AUTOMATION AND COLLABORATION JUSTIN ELLIOTT - MATT HANSEN PENN STATE UNIVERSITY AGENDA Version control overview Introduction and basics of Git Advanced Git features Collaboration Automation
How to set up SQL Source Control The short guide for evaluators
GUIDE How to set up SQL Source Control The short guide for evaluators 1 Contents Introduction Team Foundation Server & Subversion setup Git setup Setup without a source control system Making your first
Utilizing Fast Testing to Transform Java Development into an Agile, Quick Release, Low Risk Process
Utilizing Fast Testing to Transform Java Development into an Agile, Quick Release, Low Risk Process Introduction System tests, often called slow tests, play a crucial role in nearly every Java development
Lab 5: Web Application Test Automation
Software Testing MTAT.03.159 Lab 5: Web Application Test Automation Inst. of Comp. Science, University of Tartu Spring 2018 Instructions Submission deadline: Lab reports must be submitted within seven
Application Layer Security
Application Layer Security General overview Ma. Angel Marquez Andrade Benefits of web Applications: No need to distribute separate client software Changes to the interface take effect immediately Client-side
JRuby: Who What Now. Thomas Enebo JRuby Guy Sun Microsystems
JRuby: Who What Now Thomas Enebo JRuby Guy Sun Microsystems 1 Who am I? エネボ. トーマス Co-lead of JRuby project Longtime Java developer (12+ years) Ruby developer (6 years) Engineer at Sun Microsystems for
Testing your puppet code
Libre Software Meeting 2013 July 10, 2013 1 2 Style and linting Catalogs 3 4 Homework sysadmin @ inuits open-source defender for 7+ years devops believer @roidelapluie on twitter/github Infrastructure
Continuous Delivery at Liferay A fast lane for your software updates. Rubén Eduardo
Continuous Delivery at Liferay A fast lane for your software updates Rubén Pulido @_rubenpulido Eduardo García @edupgv What to expect During this session, you will 1. Understand what Continuous Delivery
BeBanjo Infrastructure and Security Overview
BeBanjo Infrastructure and Security Overview Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits
GOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
Fortify SCA Workshop Exercises. Haleh Nematollahy Sr. Security Solutions Architect
Fortify SCA Workshop Exercises Haleh Nematollahy Sr. Security Solutions Architect Prep Work Exercises Open Your VM c:\vm Images\2017\windows 10 x64 (2).vmx UID: Admin PWD: P@ssword1 Check Access to http://localhost:8180/ssc
test with :) chen songyong
test with :) chen songyong about me about me Remote worker! Worked in start-ups, web consultancies, banks and digital agencies! @aquajach in Twitter & Github test in old days test in old days do you write
Fidor Solutions Software Defined Everything and Breaking up the Monolith. marc grimme
Fidor Solutions Software Defined Everything and Breaking up the Monolith marc grimme Software Defined Everything? Software defined everything? Codifying Business Logic THE code Micro services / domain
Securing Production Applications & Data at Runtime. Prevoty
Securing Production Applications & Data at Runtime Prevoty Introducing Prevoty Scalable visibility and protection for all applications and services 20+ 3 Over Verticals: Awards & Recognitions Years in
Microservice Deployment. Software Engineering II Sharif University of Technology MohammadAmin Fazli
Microservice Software Engineering II Sharif University of Technology MohammadAmin Fazli Topics Continuous Integration & Microservices Continuous Delivery Artifacts Custom Images Environments Service Configuration
Holistic Database Security
Holistic Database Security 1 Important Terms Exploit: Take advantage of a flaw or feature Attack Surface: Any node on the network that can be attacked. That can be the UI, People, anything that touches
Leveraging the OO Jenkins Plugin in DevOps scenarios
Leveraging the OO Jenkins Plugin in DevOps scenarios HP OO Webinar, October 2015 Remus Golgot, HP Operations Orchestration RnD Agenda Introduction Overview OO Jenkins Plugin Download and Installation Configurations
Azure Web App for Containers Code Sample. Demo Script
Azure Web App for Containers Code Sample Demo Script 1 Prepare the demo Setup the demo according to the instructions in the README.md file in the GitHub repository. Create or use existing GitHub AND LinkedIn
DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
Rails Guide. MVC Architecture. Migrations. Hey, thanks a lot for picking up this guide!
Rails Guide Hey, thanks a lot for picking up this guide! I created this guide as a quick reference for when you are working on your projects, so you can quickly find what you need & keep going. Hope it
OWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
Bitnami JRuby for Huawei Enterprise Cloud
Bitnami JRuby for Huawei Enterprise Cloud Description JRuby is a 100% Java implementation of the Ruby programming language. It is Ruby for the JVM. JRuby provides a complete set of core built-in classes
Serverless Website Publishing with AWS Code* Services. Steffen Grunwald Solutions Architect, AWS October 27, 2016
Serverless Website Publishing with AWS Code* Services Steffen Grunwald Solutions Architect, AWS October 27, 2016 Software Delivery Models evolved What do you need to move fast? Re-use services, Architect
Exploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
Strengthen and Scale security using DevSecOps
OWASP Indonesia Meetup Strengthen and Scale security using DevSecOps $ www.teachera.io!"# @secfigo % secfigo@gmail.com # whoami Author, Speaker and Community Leader. Speaker/Trainer at Blackhat, AppSec EU,
Help Me! A Consumer Product Assistance Application
Grand Valley State University ScholarWorks@GVSU Technical Library School of Computing and Information Systems 2016 Help Me! A Consumer Product Assistance Application Ryan Kingsley Grand Valley State University
Continuous Integration using Cruise Control
Continuous Integration using Cruise Control Presented By Tom Grant PlatinumSolutions, Inc. Thursday, April 14 th, 2005 What is Integration? Definition: the act of combining into an integral whole In software
Day 3: 26/April/2012 Scaffolding Generation of Skeletons; Test run Memopad
Day 3: 26/April/2012 Scaffolding Generation of Skeletons; Test run Memopad p Generate WEB screens of the MemoPad Database Application n Setting up for Database Connection n Automatic generation of DB Files
Secure DevOps: A Puma s Tail
Secure DevOps: A Puma s Tail SANS Secure DevOps Summit Tuesday, October 10th 2017 Eric Johnson (@emjohn20) Eric Johnson, CISSP, GSSP, GWAPT Cypress Data Defense Principal Security Consultant Static code
Windows. Not just for houses
Windows Not just for houses Everyone Uses Windows! (sorry James!) Users Accounts to separate people on a computer Multiple user accounts on a computer Ex) shared family computer Access level can be set
Secure Software Dev. Framework
Towards an SDL for all SDLCs My Friends & Co-Authors Tony Martin @ Intel Corp Raghudeep Kannavara @ Intel Corp Priti Shrivastav @ Intel Corp Brook Schoenfield @ McAfee A little about me Software Security
Rails on HBase. Zachary Pinter and Tony Hillerson RailsConf 2011
Rails on HBase Zachary Pinter and Tony Hillerson RailsConf 2011 What we will cover What is it? What are the tradeoffs that HBase makes? Why HBase is probably the wrong choice for your app Why HBase might
DevNet Workshop-Hands-on with CloudCenter and Jenkins
DevNet Workshop-Hands-on with CloudCenter and Jenkins Tuan Nguyen, Technical Marketing Engineer, CPSG Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find
Scaling Rails on App Engine with JRuby and Duby
Scaling Rails on App Engine with JRuby and Duby Run your apps on Google Servers, with access to first-class Java APIs John Woodell David Masover Ryan Brown June 9, 2010 2 Google App Engine 3 Key Features
DefectDojo. The Good, the Bad and the Ugly. OWASP Stammtisch Hamburg Tilmann Haak Manuel Schneider
DefectDojo The Good, the Bad and the Ugly OWASP Stammtisch Hamburg Tilmann Haak Manuel Schneider 2018-05-31 PREFACE CIO: What is the security posture of our applications? How do you handle and communicate
DevOps with SUSE: How SUSE Manager, SUSE Studio and SUSE Cloud APIs Facilitate Continuous Software Delivery. Wolfgang Engel.
DevOps with SUSE: How SUSE Manager, SUSE Studio and SUSE Cloud APIs Facilitate Continuous Software Delivery Joachim Werner Wolfgang Engel Senior Product Manager SUSE/joe@suse.com Engineer SUSE/wengel@suse.com
Web System Development by Ruby on Rails. Day 3(4/Oct/2012) First Project Internationalization
Web System Development by Ruby on Rails Day 3(4/Oct/2012) First Project Internationalization Today s Goal (Continued) Run Rails 3 on CentOS, and generate the first project. Generate the bi-lingual screen
Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
DevOps in the Cloud A pipeline to heaven?! Robert Cowham BCS CMSG Vice Chair
DevOps in the Cloud A pipeline to heaven?! Robert Cowham BCS CMSG Vice Chair Agenda Definitions, History & Background Cloud intro DevOps Pipelines Docker containers Examples 2 Definitions DevOps Agile
ME?
ME? VULNEX: Blog: Twitter: www.vulnex.com www.simonroses.com @simonroses TALK OBJECTIVES Apps are the new Web Peek into current state of Apps security on Markets Bugs will be revealed but not the victims
Large Scale Generation of Complex and Faulty PHP Test Cases
Large Scale Generation of Complex and Faulty PHP Test Cases Bertrand STIVALET Elizabeth FONG ICST 2016 Chicago, IL, USA April 15th, 2016 http://samate.nist.gov Authors Bertrand STIVALET National Institute
Technology Background Development environment, Skeleton and Libraries
Technology Background Development environment, Skeleton and Libraries Christian Kroiß (based on slides by Dr. Andreas Schroeder) 18.04.2013 Christian Kroiß Outline Lecture 1 I. Eclipse II. Redmine, Jenkins,
DRYing Out MVC (ESaaS 5.1)"
DRYing Out MVC (ESaaS 5.1)" Armando Fox" 2013 Armando Fox & David Patterson, all rights reserved Don t Repeat Yourself but how?" Goal: enforce that movie names must be less than 40 characters" Call a check
Deployment Is Not A Four Letter Word. Chris Hartjes PHP Quebec 2009 Conference
Deployment Is Not A Four Letter Word Chris Hartjes PHP Quebec 2009 Conference WARNING: This presentation may contain language that is offensive to some. I ll try not to swear but sometimes it just comes
About Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016
About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &
Continuous Integration Ensemble / HealthShare Health Connect
Continuous Integration Ensemble / HealthShare Health Connect The scope of IT within an organisation is largely related to automating Business processes. So why not automate IT processes for once? Version
Great User Experience Starts with Continuous Testing April 19, Copyright 2016 Vivit Worldwide
Great User Experience Starts with Continuous Testing April 19, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Mark Herbert HPE Software Education SIG Leader
Copyright 2013 Avdi Grimm. All rights reserved.
Copyright 2013 Avdi Grimm. All rights reserved. Confident Ruby 4.17 Represent special cases as objects If it's possible to for a variable to be null, you have to remember to surround it with null test
Companion document for deliverable D2.2: Preliminary Prototype of the RDSTM and RSS
Cloud-TM Specific Targeted Research Project (STReP) Contract no. 257784 Companion document for deliverable D2.2: Preliminary Prototype of the RDSTM and RSS Date of preparation: 10 June 2010 Start date
SQL Injection how far does the rabbit hole go? OWASP 5 November The OWASP Foundation
SQL Injection how far does the rabbit hole go? 5 November 2009 Justin Clarke London Chapter Leader Gotham Digital Science justin.clarke@owasp.org Copyright The Foundation Permission is granted to copy,
Tools. SWE 432, Fall Design and Implementation of Software for the Web
Tools SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Before we can really make anything, there s a bunch of technical stuff to get out of the way Tools make our lives so much
Chado on Rails. a framework to simplify development on the Chado schema. Justin Reese / Chris Childers
Chado on Rails a framework to simplify development on the Chado schema Justin Reese / Chris Childers Some links: These slides: http://tinyurl.com/chadoonrails Source code, have a look: svn co http://chadoonrails.rubyforge.org/svn/trunk
How to Take the CI/CD Plunge
How to Take the CI/CD Plunge or How I Learned to Stop Worrying and Love OpenStack www.mirantis.com Introductions Christopher Aedo Product Architect Christopher is an IT veteran for consulting, design and
insecure expectations Matt Jemurai.com
insecure expectations Matt Konda @mkonda Jemurai.com introduction BACKGROUND ON ME Thanks to family! demo cucumber --name "person is restricted from putting input into a field that will be executed by
Building Secure PHP Apps
Building Secure PHP Apps is your PHP app truly secure? Let s make sure you get home on time and sleep well at night. Ben Edmunds This book is for sale at http://leanpub.com/buildingsecurephpapps This version
Chapter 1 - Continuous Delivery and the Jenkins Pipeline
Chapter 1 - Continuous Delivery and the Jenkins Pipeline Objectives Key objectives of this chapter Continuous Delivery The Jenkins Pipeline A Brief Introduction to Groovy The JenkinsFile Pipeline Jobs
breathehr security, reliability and GDPR
breathehr security, reliability and GDPR Contact us: Tel 01403 288700 breathehr.com @breathehr General Data Protection Regulations (September update) You may be aware that in May 2018 the new General Data
Welcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
TM DevOps Use Case. 2017TechMinfy All Rights Reserved
Document Details Use Case Name TMDevOps Use Case04 First Draft 10 th Dec 2017 Author Reviewed By Amrendra Kumar Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Pre-Conditions/Trigger... 4
Step by step guide to two-factor authentication in MYOB Advanced
Step by step guide to two-factor authentication in MYOB Advanced September 2018 Version no. 1.0 Table of Contents Introduction... 3 Registration... 4 Standard registration process... 4 Two-factor authentication
OWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
Discover Best of Show März 2016, Düsseldorf
Discover Best of Show 2016 2. - 3. März 2016, Düsseldorf 2. - 3. März 2016 Softwaresicherheit im Zeitalter von DevOps Lucas von Stockhausen Regional Product Manager Fortify The case for Application Security
Managing Dependencies and Runtime Security. ActiveState Deminar
ActiveState Deminar About ActiveState Track-record: 97% of Fortune 1000, 20+ years open source Polyglot: 5 languages - Python, Perl, Tcl, Go, Ruby Runtime Focus: concept to development to production Welcome
Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS Mesosphere, Inc. All Rights Reserved.
Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS 1 Introduction MOBILE, SOCIAL & CLOUD ARE RAISING CUSTOMER EXPECTATIONS We need a way to deliver software so fast that our
Web Hosting. Important features to consider
Web Hosting Important features to consider Amount of Storage When choosing your web hosting, one of your primary concerns will obviously be How much data can I store? For most small and medium web sites,
How Can Testing Teams Play a Key Role in DevOps Adoption?
June 3, 2016 How Can Testing Teams Play a Key Role in DevOps Adoption? Sujay Honnamane QA Director @sujayh Rameshkumar Bar Sr. Automation Architect @rameshbar 2016 Cognizant Session take away DevOps Overview
HTTP Security Headers Explained
HTTP Security Headers Explained Scott Sauber Slides at scottsauber.com scottsauber Audience Anyone with a website Agenda What are HTTP Security Headers? Why do they matter? HSTS, XFO, XSS, CSP, CTO, RH,
Ruby in the Sky with Diamonds. August, 2014 Sao Paulo, Brazil
Ruby in the Sky with Diamonds August, 2014 Sao Paulo, Brazil JELASTIC PLATFORM AS INFRASTRUCTURE Jelastic provides enterprise cloud software that redefines the economics of cloud deployment and management.
Micro Focus Fortify Application Security
Micro Focus Fortify Application Security Petr Kunstat SW Consultant +420 603 400 377 petr.kunstat@microfocus.com My web/mobile app is secure. What about yours? High level IT Delivery process Business Idea