SlideShare uma empresa Scribd logo

A294 fips support in node

M
Michael Dawson

Introduction for FIPs support in community Node.js support and the history of how it was added to the community.

Tecnologia
1 de 52
Baixar para ler offline
A294 Node.js – FIPS 140-2 support in Node.js Michael Dawson, IBM Runtime Technologies
© 2016 IBM Corporation 2 About Michael Dawson Senior Software Developer @ IBM IBM Runtime Technologies Node.js Technical Lead Node.js collaborator and CTC member Active in LTS, build, benchmarking , api and post-mortem working groups Contact me: michael_dawson@ca.ibm.com Twitter: @mhdawson1 https://www.linkedin.com/in/michael-dawson-6051282
© 2016 IBM Corporation 3 Agenda • Node.js quick intro • FIPS 140-2 intro • OpenSSL integration • Community History • Command Line Options • Gotchas – What to look out for • Bluemix Example • Express Example
© 2016 IBM Corporation 4 Node.js – Quick Intro
© 2016 IBM Corporation 5 Node.js – Quick Intro • JavaScript != Java • Node.js = Server-side JavaScript • Event-oriented • Non-blocking • Asynchronous • Uses OpenSSL as cryptographic library
http://www.modulecounts.com/ © 2016 IBM Corporation • There is a module for that • 300K modules • #1 on module counts • #1 on Github (#projects) • #1 on StackOverflow(2015) Node.js – Quick Intro 6
© 2016 IBM Corporation • Most used runtime in Bluemix TM Node.js – Quick Intro 7
© 2016 IBM Corporation V8 – Javascript Engine V8 JavaScript Engine Libuv Other Dependencies ICU Cares Zlib http_parser … Node Binding Layer Operating System Node Libraries Modules (npm or local) + Application OpenSSL Node.js – Quick Intro 8
© 2016 IBM Corporation 9 Node.js – crypto APIs https://nodejs.org/api/crypto.html • Certificate • Cipher • Decipher • DiffieHellman • ECDH • Hash • HMAC • Sign • Verify
© 2016 IBM Corporation 10 Node.js – HTTPS https://nodejs.org/api/https.html • HTTPS
© 2016 IBM Corporation 11 Node.js – HTTPS Example
© 2016 IBM Corporation 12 FIPS Intro
© 2016 IBM Corporation 13 FIPS Intro – Why • Cryptography is an important Tool • Provides a way to evaluate modules • May be contract requirements !
© 2016 IBM Corporation 14 • Federal Information Processing Standard (FIPS) – Publication 140-2 Security Requirements for Cryptographic Modules • US government security standard • Co-developed with Canadian Communications Security Establishment (CSE) • Independent labs do evaluation http://csrc.nist.gov/groups/STM/cmvp/standards.html FIPS Intro
© 2016 IBM Corporation 15 1. Cryptographic Module Specification 2. Cryptographic Module Ports and Interfaces 3. Roles, Services, and Authentication 4. Finite State Model 5. Physical Security 6. Operational Environment 7. Cryptographic Key Management 8. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) 9. Self Tests 10.Design Assurance 11.Mitigation of Other Attack FIPS Intro – Evaluation Areas
© 2016 IBM Corporation 16 FIPS Intro - Levels • 4 Levels • Level 1 • 1+ approved algorithms • Level 2 • Tamper evidence • Level 3 • Zeroization • Level 4 • Response to all tamper attempts Software Generally limited To Level 1 !
© 2016 IBM Corporation 17 FIPS Intro • Approved Security Functions http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf • AES, Triple-DES • DSS, DSA, RSA and ECDSA • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256 No MD5 !
© 2016 IBM Corporation 18 Node.js – HTTPS https://nodejs.org/api/https.html • HTTPS • Additional constraints may apply – ex: • https://wiki.openssl. org/index.php/FIPS_ mode_and_TLS • --tls-cipher-list
© 2016 IBM Corporation 19 FIPS Intro – Europe ? • Common Criteria • EAL 1 through 7 • Different profiles • FIPS still used/potentially accepted • Higher availability • Recommendations for TSPs - https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=0ahUKEwjm- oqC0bXPAhUJ4SYKHf3wDV4QFghGMAY&url=https%3A%2F%2Fwww.enisa.europa.eu%2Fpublications%2F tsp1-framework%2Fat_download%2FfullReport&usg=AFQjCNGe0RewmuzZL4AWyDmy00o- T0TLfA&sig2=EPdoyDyU6rA93SIBuuDEmw&cad=rja
OpenSSL Integration © 2016 IBM Corporation 20
OpenSSL Integration © 2016 IBM Corporation • Node.js Leverages OpenSSL certifications • FIPs on for Linux so far • https://www.openssl.org/ 21
© 2016 IBM Corporation 22 OpenSSL Integration - Certifcation • http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val- all.htm#1747
© 2016 IBM Corporation 23 OpenSSL Integration – Security Guide • Security Policy (36 pages) • https://www.openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf • User Guide (221 pages) • https://www.openssl.org/docs/fips/UserGuide-2.0.pdf • Trusted Path Requirement • User Affirmation
© 2016 IBM Corporation 24 OpenSSL Integration fipscanister.o OpenSSL/ libcrypto.a $(OPENSSLDIR)/fips/fipsld –o …. If (FIPS_mode_set(1)) { … } else { // indicate error }
© 2016 IBM Corporation 25 Building • https://github.com/n odejs/node/blob/ma ster/BUILDING.md • Must follow to the letter
© 2016 IBM Corporation 26 OpenSSL Integration – Application • Just using FIPS capable Node.js is not enough • You have to use correctly (ex TLS example) • Demonstrate to ‘customer’ you did the right thing • It is, however, an enabler
© 2016 IBM Corporation 27 Community History
© 2016 IBM Corporation 28 Community History • May 2015 – discussion starts • https://github.com/nodejs/node-v0.x-archive/issues/25463 • Jun 2015 – PR 1890
© 2016 IBM Corporation 29 Community History • Nov 2015 – Issue 3760 • PRs 3752, 3753, 3754, 3755, 3756, 3757, 3758,3759 • Added to community CI
© 2016 IBM Corporation 30 Community History • Dec 2015 – NPM cleanup • Feb 2016 – Command Line Improvement
© 2016 IBM Corporation 31 API and runtime options (v6.x)
© 2016 IBM Corporation 32 API and runtime options (v6.x) • Command Line: • --enable-fips • --force-fips • API • -crypto.fips • OpenSSL Config file [ evp_sect ] # Set to "yes" to enter FIPS mode if supported fips_mode = yes
© 2016 IBM Corporation 33 API and runtime options (v6.x) • Force prevents change
© 2016 IBM Corporation 34 API and runtime options (v6.x) • You need to be state aware • Error if already enabled
© 2016 IBM Corporation 35 Validating you have right version
© 2016 IBM Corporation 36 Gotchas
© 2016 IBM Corporation 37 Gotchas • Existing code may no longer run © 2016 IBM Corporation
OPENSSL_FIPS=1 openssl req -x509 -newkey rsa:2048 -keyout httpd.key.pem - out httpd.crt.pem -days XXX • Certificates and keys • Generation • Only use FIPs algorithms • Generate with FIPs module © 2016 IBM Corporation 38 Gotchas const options = { key: fs.readFileSync('key.pem'), cert: fs.readFileSync('cert.pem') };
Bluemix Example © 2016 IBM Corporation 39
cf set-env FIPS_MODE true Try it on out on Bluemix
Express Example © 2016 IBM Corporation 44
Express Example © 2016 IBM Corporation 45
Express Example © 2016 IBM Corporation 46
© 2016 IBM Corporation 47 Summary • Node.js quick intro • FIPS 140-2 intro • OpenSSL integration • Community History • Command Line Options • Gotchas – What to look out for • Bluemix Example • Express Example
Michael Dawson Thank you very much. IBM Runtime Technologies michael_dawson@ca.ibm.com © 2016 IBM Corporation 48
© 2016 IBM Corporation 49 Your feedback is valuable Please complete your session or lab evaluation! Session number [A294] Provide your evaluations by: Evaluation forms: Fill out a form at the end of each session Paper forms are located in each of the session or lab rooms Complete the session survey on Event Connect Portal: https://portal.ibmeventconnect.com/ma drid2016 Select Sessions, then Session Finder, and complete the survey - Or -
IBMTA16 Twitter @IBMCloud | @IBMWebSphere LinkedIn IBM Cloud YouTube IBM Cloud | IBM WebSphere Facebook IBM Cloud ibmcloud Facebook Event Page IBM Techical Academy 2016 websphere
Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. • IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml. • Node.js is an official trademark of Joyent. IBM SDK for Node.js is not formally related to or endorsed by the official Joyent Node.js open source or commercial project. • Java, JavaScript and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. • npm is a trademark of npm, Inc.

Recomendados

ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesDenim Group
 
Fortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsFortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsjasonhaddix
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesDenim Group
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Eduardo Patrocinio
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Denim Group
 
What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?Denim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic SecurityDenim Group
 

Recomendados

ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
ThreadFix 2.4: Maximizing the Impact of Your Application Security ResourcesDenim Group
 
Fortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsFortify On Demand and ShadowLabs
Fortify On Demand and ShadowLabsjasonhaddix
 
Monitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesMonitoring Attack Surface to Secure DevOps Pipelines
Monitoring Attack Surface to Secure DevOps PipelinesDenim Group
 
Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Bluemix Local – Relay Options and Challenges
Bluemix Local – Relay Options and Challenges Eduardo Patrocinio
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Denim Group
 
What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?What Permissions Does Your Database User REALLY Need?
What Permissions Does Your Database User REALLY Need?Denim Group
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic SecurityDenim Group
 
Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldDenim Group
 
Zimbra versus exchange 2010 presentation
Zimbra versus exchange 2010 presentationZimbra versus exchange 2010 presentation
Zimbra versus exchange 2010 presentationsolarisyourep
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
ThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security ProgramThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security ProgramDenim Group
 
VMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatchVMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatchVMworld
 
VA_InterConnect2017
VA_InterConnect2017VA_InterConnect2017
VA_InterConnect2017Canturk Isci
 
CGM versus SVG
CGM versus SVGCGM versus SVG
CGM versus SVGLarson Software Technology
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security ProgramDenim Group
 
DEVNET-1121 Customizing Cisco Video Access for Guests
DEVNET-1121 Customizing Cisco Video Access for GuestsDEVNET-1121 Customizing Cisco Video Access for Guests
DEVNET-1121 Customizing Cisco Video Access for GuestsCisco DevNet
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin CenterDeploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin CenterWASdev Community
 
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)Denim Group
 
News from hursley jens diedrichsen - may 2014
News from hursley jens diedrichsen - may 2014 News from hursley jens diedrichsen - may 2014
News from hursley jens diedrichsen - may 2014 Jens Diedrichsen
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Denim Group
 
Encoder For Windmill 02
Encoder For Windmill 02Encoder For Windmill 02
Encoder For Windmill 02Xinhua LI
 
Ali Gambarchayev
Ali GambarchayevAli Gambarchayev
Ali GambarchayevRustam Islamov
 

Mais conteúdo relacionado

Mais procurados

Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldDenim Group
 
Zimbra versus exchange 2010 presentation
Zimbra versus exchange 2010 presentationZimbra versus exchange 2010 presentation
Zimbra versus exchange 2010 presentationsolarisyourep
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
ThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security ProgramThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security ProgramDenim Group
 
VMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatchVMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatchVMworld
 
VA_InterConnect2017
VA_InterConnect2017VA_InterConnect2017
VA_InterConnect2017Canturk Isci
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security ProgramDenim Group
 
DEVNET-1121 Customizing Cisco Video Access for Guests
DEVNET-1121 Customizing Cisco Video Access for GuestsDEVNET-1121 Customizing Cisco Video Access for Guests
DEVNET-1121 Customizing Cisco Video Access for GuestsCisco DevNet
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsDenim Group
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCDenim Group
 
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin CenterDeploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin CenterWASdev Community
 
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)Denim Group
 
News from hursley jens diedrichsen - may 2014
News from hursley jens diedrichsen - may 2014 News from hursley jens diedrichsen - may 2014
News from hursley jens diedrichsen - may 2014 Jens Diedrichsen
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Denim Group
 

Mais procurados (20)

Vulnerability Management In An Application Security World
Vulnerability Management In An Application Security WorldVulnerability Management In An Application Security World
Vulnerability Management In An Application Security World
 
Zimbra versus exchange 2010 presentation
Zimbra versus exchange 2010 presentationZimbra versus exchange 2010 presentation
Zimbra versus exchange 2010 presentation
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb Apps
 
ThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security ProgramThreadFix 2.1 and Your Application Security Program
ThreadFix 2.1 and Your Application Security Program
 
VMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatchVMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatch
 
VA_InterConnect2017
VA_InterConnect2017VA_InterConnect2017
VA_InterConnect2017
 
CGM versus SVG
CGM versus SVGCGM versus SVG
CGM versus SVG
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
DEVNET-1121 Customizing Cisco Video Access for Guests
DEVNET-1121 Customizing Cisco Video Access for GuestsDEVNET-1121 Customizing Cisco Video Access for Guests
DEVNET-1121 Customizing Cisco Video Access for Guests
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDCVulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
 
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin CenterDeploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
Deploy, Monitor and Manage in Style with WebSphere Liberty Admin Center
 
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
Do You Have a Scanner or Do You Have a Scanning Program? (AppSecEU 2013)
 
News from hursley jens diedrichsen - may 2014
News from hursley jens diedrichsen - may 2014 News from hursley jens diedrichsen - may 2014
News from hursley jens diedrichsen - may 2014
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan Cornell
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSA
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)Running a Software Security Program with Open Source Tools (Course)
Running a Software Security Program with Open Source Tools (Course)
 

Destaque

Encoder For Windmill 02
Encoder For Windmill 02Encoder For Windmill 02
Encoder For Windmill 02Xinhua LI
 
Mila - DHET EXAM CENTRE LETTER
Mila - DHET EXAM CENTRE LETTERMila - DHET EXAM CENTRE LETTER
Mila - DHET EXAM CENTRE LETTERMawande Jozana
 
Desenvolvimento Mobile Web e PHP no Sinform2010
Desenvolvimento Mobile Web e PHP no Sinform2010Desenvolvimento Mobile Web e PHP no Sinform2010
Desenvolvimento Mobile Web e PHP no Sinform2010Bruno Fernandes "PorKaria"
 
Certificate_Anna Pogrebniak_signed
Certificate_Anna Pogrebniak_signedCertificate_Anna Pogrebniak_signed
Certificate_Anna Pogrebniak_signedAnna Pogrebniak
 
Gina depaul nomination
Gina depaul nominationGina depaul nomination
Gina depaul nominationGina Santucci
 
Trisakti certificate
Trisakti certificateTrisakti certificate
Trisakti certificateHaris Johanes
 
Mantenimiento preventivo de teclado
Mantenimiento preventivo de tecladoMantenimiento preventivo de teclado
Mantenimiento preventivo de tecladoGuisella Barajas
 
Curso curicular 4 ano - Knowledge translation
Curso curicular 4 ano - Knowledge translationCurso curicular 4 ano - Knowledge translation
Curso curicular 4 ano - Knowledge translationDavid Rodrigues
 
Animal Hospital Elevation
Animal Hospital Elevation Animal Hospital Elevation
Animal Hospital Elevation Jon Fitzgerald
 
BSI- Design Controls Cert
BSI- Design Controls CertBSI- Design Controls Cert
BSI- Design Controls CertLaura Boyd
 
Introdução ao Spider CPM (5)
Introdução ao Spider CPM (5)Introdução ao Spider CPM (5)
Introdução ao Spider CPM (5)Peter Mello
 

Destaque (20)

Encoder For Windmill 02
Encoder For Windmill 02Encoder For Windmill 02
Encoder For Windmill 02
 
Ali Gambarchayev
Ali GambarchayevAli Gambarchayev
Ali Gambarchayev
 
Mila - DHET EXAM CENTRE LETTER
Mila - DHET EXAM CENTRE LETTERMila - DHET EXAM CENTRE LETTER
Mila - DHET EXAM CENTRE LETTER
 
Desenvolvimento Mobile Web e PHP no Sinform2010
Desenvolvimento Mobile Web e PHP no Sinform2010Desenvolvimento Mobile Web e PHP no Sinform2010
Desenvolvimento Mobile Web e PHP no Sinform2010
 
Educação inclusiva 2
Educação inclusiva 2Educação inclusiva 2
Educação inclusiva 2
 
Certificate_Anna Pogrebniak_signed
Certificate_Anna Pogrebniak_signedCertificate_Anna Pogrebniak_signed
Certificate_Anna Pogrebniak_signed
 
Gina depaul nomination
Gina depaul nominationGina depaul nomination
Gina depaul nomination
 
Wall Elevation A1
Wall Elevation A1Wall Elevation A1
Wall Elevation A1
 
Trisakti certificate
Trisakti certificateTrisakti certificate
Trisakti certificate
 
Mantenimiento preventivo de teclado
Mantenimiento preventivo de tecladoMantenimiento preventivo de teclado
Mantenimiento preventivo de teclado
 
Curso curicular 4 ano - Knowledge translation
Curso curicular 4 ano - Knowledge translationCurso curicular 4 ano - Knowledge translation
Curso curicular 4 ano - Knowledge translation
 
aa
aaaa
aa
 
Digitron1
Digitron1Digitron1
Digitron1
 
Animal Hospital Elevation
Animal Hospital Elevation Animal Hospital Elevation
Animal Hospital Elevation
 
BSI- Design Controls Cert
BSI- Design Controls CertBSI- Design Controls Cert
BSI- Design Controls Cert
 
Incendios forestales pc
Incendios forestales pcIncendios forestales pc
Incendios forestales pc
 
Http
HttpHttp
Http
 
PHP no mundo Mobile
PHP no mundo MobilePHP no mundo Mobile
PHP no mundo Mobile
 
Introdução ao Spider CPM (5)
Introdução ao Spider CPM (5)Introdução ao Spider CPM (5)
Introdução ao Spider CPM (5)
 
230712 cm incendi empordà
230712 cm incendi empordà230712 cm incendi empordà
230712 cm incendi empordà
 

Semelhante a A294 fips support in node

A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringMichael Dawson
 
HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...
HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...
HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...Karen Broughton-Mabbitt
 
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014IBM France Lab
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterpriseSanjeev Sharma
 
How to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform InnovationHow to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform InnovationClaudia Ring
 
Bluemix Overview & Demo
Bluemix Overview & DemoBluemix Overview & Demo
Bluemix Overview & DemoIBM
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsCobus Bernard
 
IBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep DiveIBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep DiveDavid Currie
 
Track A-3: Drive Innovation & Reduce Costs with Managed Services
Track A-3: Drive Innovation & Reduce Costs with Managed ServicesTrack A-3: Drive Innovation & Reduce Costs with Managed Services
Track A-3: Drive Innovation & Reduce Costs with Managed Servicesscoopnewsgroup
 
A295 nodejs-knowledge-accelerator
A295 nodejs-knowledge-acceleratorA295 nodejs-knowledge-accelerator
A295 nodejs-knowledge-acceleratorMichael Dawson
 
CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...
CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...
CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...Amazon Web Services
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSDevOps.com
 
UrbanCode Deploy DevOps Best Practices
UrbanCode Deploy DevOps Best PracticesUrbanCode Deploy DevOps Best Practices
UrbanCode Deploy DevOps Best PracticesMichael Elder
 
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate BottlenecksCampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate BottlenecksSanjeev Sharma
 
IBM Connections Cloud Application Development Strategy
IBM Connections Cloud Application Development StrategyIBM Connections Cloud Application Development Strategy
IBM Connections Cloud Application Development StrategyLuis Benitez
 
Service Testing & Virtualization in an Enterprise Environments
Service Testing & Virtualization in an Enterprise EnvironmentsService Testing & Virtualization in an Enterprise Environments
Service Testing & Virtualization in an Enterprise EnvironmentsDevOps for Enterprise Systems
 
Hia 1689-techinical introduction-to_iib
Hia 1689-techinical introduction-to_iibHia 1689-techinical introduction-to_iib
Hia 1689-techinical introduction-to_iibAndrew Coleman
 

Semelhante a A294 fips support in node (20)

Cascon intro
Cascon introCascon intro
Cascon intro
 
A301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoringA301 ctu madrid2016-monitoring
A301 ctu madrid2016-monitoring
 
HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...
HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...
HIA 1015 Speed the Development of Robust Integrations with IBM Integration Bu...
 
The Future of DevOps and UrbanCode
The Future of DevOps and UrbanCodeThe Future of DevOps and UrbanCode
The Future of DevOps and UrbanCode
 
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014
 
DevOps adoption in the enterprise
DevOps adoption in the enterpriseDevOps adoption in the enterprise
DevOps adoption in the enterprise
 
How to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform InnovationHow to Balance System Speed and Risk for Multi-Platform Innovation
How to Balance System Speed and Risk for Multi-Platform Innovation
 
Bluemix Overview & Demo
Bluemix Overview & DemoBluemix Overview & Demo
Bluemix Overview & Demo
 
AWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applicationsAWS DevDay Cologne - CI/CD for modern applications
AWS DevDay Cologne - CI/CD for modern applications
 
IBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep DiveIBM WebSphere Liberty and Docker Deep Dive
IBM WebSphere Liberty and Docker Deep Dive
 
Track A-3: Drive Innovation & Reduce Costs with Managed Services
Track A-3: Drive Innovation & Reduce Costs with Managed ServicesTrack A-3: Drive Innovation & Reduce Costs with Managed Services
Track A-3: Drive Innovation & Reduce Costs with Managed Services
 
A295 nodejs-knowledge-accelerator
A295 nodejs-knowledge-acceleratorA295 nodejs-knowledge-accelerator
A295 nodejs-knowledge-accelerator
 
CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...
CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...
CI/CD best practices for building modern applications - MAD304 - Chicago AWS ...
 
Bluemix cfmeetup
Bluemix cfmeetupBluemix cfmeetup
Bluemix cfmeetup
 
Optimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWSOptimize your CI/CD with GitLab and AWS
Optimize your CI/CD with GitLab and AWS
 
UrbanCode Deploy DevOps Best Practices
UrbanCode Deploy DevOps Best PracticesUrbanCode Deploy DevOps Best Practices
UrbanCode Deploy DevOps Best Practices
 
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate BottlenecksCampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
CampDevOps keynote - DevOps: Using 'Lean' to eliminate Bottlenecks
 
IBM Connections Cloud Application Development Strategy
IBM Connections Cloud Application Development StrategyIBM Connections Cloud Application Development Strategy
IBM Connections Cloud Application Development Strategy
 
Service Testing & Virtualization in an Enterprise Environments
Service Testing & Virtualization in an Enterprise EnvironmentsService Testing & Virtualization in an Enterprise Environments
Service Testing & Virtualization in an Enterprise Environments
 
Hia 1689-techinical introduction-to_iib
Hia 1689-techinical introduction-to_iibHia 1689-techinical introduction-to_iib
Hia 1689-techinical introduction-to_iib
 

Mais de Michael Dawson

Index 2018 talk to your code
Index 2018 talk to your codeIndex 2018 talk to your code
Index 2018 talk to your codeMichael Dawson
 
Index 2018 node.js what's next
Index 2018 node.js what's nextIndex 2018 node.js what's next
Index 2018 node.js what's nextMichael Dawson
 
N api - node interactive 2017
N api - node interactive 2017N api - node interactive 2017
N api - node interactive 2017Michael Dawson
 
N api-node summit-2017-final
N api-node summit-2017-finalN api-node summit-2017-final
N api-node summit-2017-finalMichael Dawson
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformationMichael Dawson
 
Node.js Community Benchmarking WG update
Node.js Community Benchmarking WG updateNode.js Community Benchmarking WG update
Node.js Community Benchmarking WG updateMichael Dawson
 
Post mortem talk - Node Interactive EU
Post mortem talk - Node Interactive EUPost mortem talk - Node Interactive EU
Post mortem talk - Node Interactive EUMichael Dawson
 
Update from-build-workgroup
Update from-build-workgroupUpdate from-build-workgroup
Update from-build-workgroupMichael Dawson
 
Micro app-framework - NodeLive Boston
Micro app-framework - NodeLive BostonMicro app-framework - NodeLive Boston
Micro app-framework - NodeLive BostonMichael Dawson
 
Node liveboston welcome
Node liveboston welcomeNode liveboston welcome
Node liveboston welcomeMichael Dawson
 
Node home automation with Node.js and MQTT
Node home automation with Node.js and MQTTNode home automation with Node.js and MQTT
Node home automation with Node.js and MQTTMichael Dawson
 

Mais de Michael Dawson (15)

Index 2018 talk to your code
Index 2018 talk to your codeIndex 2018 talk to your code
Index 2018 talk to your code
 
Index 2018 node.js what's next
Index 2018 node.js what's nextIndex 2018 node.js what's next
Index 2018 node.js what's next
 
N api - node interactive 2017
N api - node interactive 2017N api - node interactive 2017
N api - node interactive 2017
 
N api-node summit-2017-final
N api-node summit-2017-finalN api-node summit-2017-final
N api-node summit-2017-final
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 
Ask us anything v9
Ask us anything v9Ask us anything v9
Ask us anything v9
 
Node.js Community Benchmarking WG update
Node.js Community Benchmarking WG updateNode.js Community Benchmarking WG update
Node.js Community Benchmarking WG update
 
Post mortem talk - Node Interactive EU
Post mortem talk - Node Interactive EUPost mortem talk - Node Interactive EU
Post mortem talk - Node Interactive EU
 
Update from-build-workgroup
Update from-build-workgroupUpdate from-build-workgroup
Update from-build-workgroup
 
Node fips
Node fipsNode fips
Node fips
 
Micro app-framework - NodeLive Boston
Micro app-framework - NodeLive BostonMicro app-framework - NodeLive Boston
Micro app-framework - NodeLive Boston
 
Node liveboston welcome
Node liveboston welcomeNode liveboston welcome
Node liveboston welcome
 
Micro app-framework
Micro app-frameworkMicro app-framework
Micro app-framework
 
Node home automation with Node.js and MQTT
Node home automation with Node.js and MQTTNode home automation with Node.js and MQTT
Node home automation with Node.js and MQTT
 
Java one 2015 - v1
Java one 2015 - v1Java one 2015 - v1
Java one 2015 - v1
 

Último

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

A294 fips support in node

  • 1. A294 Node.js – FIPS 140-2 support in Node.js Michael Dawson, IBM Runtime Technologies
  • 2. © 2016 IBM Corporation 2 About Michael Dawson Senior Software Developer @ IBM IBM Runtime Technologies Node.js Technical Lead Node.js collaborator and CTC member Active in LTS, build, benchmarking , api and post-mortem working groups Contact me: michael_dawson@ca.ibm.com Twitter: @mhdawson1 https://www.linkedin.com/in/michael-dawson-6051282
  • 3. © 2016 IBM Corporation 3 Agenda • Node.js quick intro • FIPS 140-2 intro • OpenSSL integration • Community History • Command Line Options • Gotchas – What to look out for • Bluemix Example • Express Example
  • 4. © 2016 IBM Corporation 4 Node.js – Quick Intro
  • 5. © 2016 IBM Corporation 5 Node.js – Quick Intro • JavaScript != Java • Node.js = Server-side JavaScript • Event-oriented • Non-blocking • Asynchronous • Uses OpenSSL as cryptographic library
  • 6. http://www.modulecounts.com/ © 2016 IBM Corporation • There is a module for that • 300K modules • #1 on module counts • #1 on Github (#projects) • #1 on StackOverflow(2015) Node.js – Quick Intro 6
  • 7. © 2016 IBM Corporation • Most used runtime in Bluemix TM Node.js – Quick Intro 7
  • 8. © 2016 IBM Corporation V8 – Javascript Engine V8 JavaScript Engine Libuv Other Dependencies ICU Cares Zlib http_parser … Node Binding Layer Operating System Node Libraries Modules (npm or local) + Application OpenSSL Node.js – Quick Intro 8
  • 9. © 2016 IBM Corporation 9 Node.js – crypto APIs https://nodejs.org/api/crypto.html • Certificate • Cipher • Decipher • DiffieHellman • ECDH • Hash • HMAC • Sign • Verify
  • 10. © 2016 IBM Corporation 10 Node.js – HTTPS https://nodejs.org/api/https.html • HTTPS
  • 11. © 2016 IBM Corporation 11 Node.js – HTTPS Example
  • 12. © 2016 IBM Corporation 12 FIPS Intro
  • 13. © 2016 IBM Corporation 13 FIPS Intro – Why • Cryptography is an important Tool • Provides a way to evaluate modules • May be contract requirements !
  • 14. © 2016 IBM Corporation 14 • Federal Information Processing Standard (FIPS) – Publication 140-2 Security Requirements for Cryptographic Modules • US government security standard • Co-developed with Canadian Communications Security Establishment (CSE) • Independent labs do evaluation http://csrc.nist.gov/groups/STM/cmvp/standards.html FIPS Intro
  • 15. © 2016 IBM Corporation 15 1. Cryptographic Module Specification 2. Cryptographic Module Ports and Interfaces 3. Roles, Services, and Authentication 4. Finite State Model 5. Physical Security 6. Operational Environment 7. Cryptographic Key Management 8. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) 9. Self Tests 10.Design Assurance 11.Mitigation of Other Attack FIPS Intro – Evaluation Areas
  • 16. © 2016 IBM Corporation 16 FIPS Intro - Levels • 4 Levels • Level 1 • 1+ approved algorithms • Level 2 • Tamper evidence • Level 3 • Zeroization • Level 4 • Response to all tamper attempts Software Generally limited To Level 1 !
  • 17. © 2016 IBM Corporation 17 FIPS Intro • Approved Security Functions http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf • AES, Triple-DES • DSS, DSA, RSA and ECDSA • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256 No MD5 !
  • 18. © 2016 IBM Corporation 18 Node.js – HTTPS https://nodejs.org/api/https.html • HTTPS • Additional constraints may apply – ex: • https://wiki.openssl. org/index.php/FIPS_ mode_and_TLS • --tls-cipher-list
  • 19. © 2016 IBM Corporation 19 FIPS Intro – Europe ? • Common Criteria • EAL 1 through 7 • Different profiles • FIPS still used/potentially accepted • Higher availability • Recommendations for TSPs - https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&ved=0ahUKEwjm- oqC0bXPAhUJ4SYKHf3wDV4QFghGMAY&url=https%3A%2F%2Fwww.enisa.europa.eu%2Fpublications%2F tsp1-framework%2Fat_download%2FfullReport&usg=AFQjCNGe0RewmuzZL4AWyDmy00o- T0TLfA&sig2=EPdoyDyU6rA93SIBuuDEmw&cad=rja
  • 20. OpenSSL Integration © 2016 IBM Corporation 20
  • 21. OpenSSL Integration © 2016 IBM Corporation • Node.js Leverages OpenSSL certifications • FIPs on for Linux so far • https://www.openssl.org/ 21
  • 22. © 2016 IBM Corporation 22 OpenSSL Integration - Certifcation • http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val- all.htm#1747
  • 23. © 2016 IBM Corporation 23 OpenSSL Integration – Security Guide • Security Policy (36 pages) • https://www.openssl.org/docs/fips/SecurityPolicy-2.0.9.pdf • User Guide (221 pages) • https://www.openssl.org/docs/fips/UserGuide-2.0.pdf • Trusted Path Requirement • User Affirmation
  • 24. © 2016 IBM Corporation 24 OpenSSL Integration fipscanister.o OpenSSL/ libcrypto.a $(OPENSSLDIR)/fips/fipsld –o …. If (FIPS_mode_set(1)) { … } else { // indicate error }
  • 25. © 2016 IBM Corporation 25 Building • https://github.com/n odejs/node/blob/ma ster/BUILDING.md • Must follow to the letter
  • 26. © 2016 IBM Corporation 26 OpenSSL Integration – Application • Just using FIPS capable Node.js is not enough • You have to use correctly (ex TLS example) • Demonstrate to ‘customer’ you did the right thing • It is, however, an enabler
  • 27. © 2016 IBM Corporation 27 Community History
  • 28. © 2016 IBM Corporation 28 Community History • May 2015 – discussion starts • https://github.com/nodejs/node-v0.x-archive/issues/25463 • Jun 2015 – PR 1890
  • 29. © 2016 IBM Corporation 29 Community History • Nov 2015 – Issue 3760 • PRs 3752, 3753, 3754, 3755, 3756, 3757, 3758,3759 • Added to community CI
  • 30. © 2016 IBM Corporation 30 Community History • Dec 2015 – NPM cleanup • Feb 2016 – Command Line Improvement
  • 31. © 2016 IBM Corporation 31 API and runtime options (v6.x)
  • 32. © 2016 IBM Corporation 32 API and runtime options (v6.x) • Command Line: • --enable-fips • --force-fips • API • -crypto.fips • OpenSSL Config file [ evp_sect ] # Set to "yes" to enter FIPS mode if supported fips_mode = yes
  • 33. © 2016 IBM Corporation 33 API and runtime options (v6.x) • Force prevents change
  • 34. © 2016 IBM Corporation 34 API and runtime options (v6.x) • You need to be state aware • Error if already enabled
  • 35. © 2016 IBM Corporation 35 Validating you have right version
  • 36. © 2016 IBM Corporation 36 Gotchas
  • 37. © 2016 IBM Corporation 37 Gotchas • Existing code may no longer run © 2016 IBM Corporation
  • 38. OPENSSL_FIPS=1 openssl req -x509 -newkey rsa:2048 -keyout httpd.key.pem - out httpd.crt.pem -days XXX • Certificates and keys • Generation • Only use FIPs algorithms • Generate with FIPs module © 2016 IBM Corporation 38 Gotchas const options = { key: fs.readFileSync('key.pem'), cert: fs.readFileSync('cert.pem') };
  • 39. Bluemix Example © 2016 IBM Corporation 39
  • 40. cf set-env FIPS_MODE true Try it on out on Bluemix
  • 41.
  • 42.
  • 43.
  • 44. Express Example © 2016 IBM Corporation 44
  • 45. Express Example © 2016 IBM Corporation 45
  • 46. Express Example © 2016 IBM Corporation 46
  • 47. © 2016 IBM Corporation 47 Summary • Node.js quick intro • FIPS 140-2 intro • OpenSSL integration • Community History • Command Line Options • Gotchas – What to look out for • Bluemix Example • Express Example
  • 48. Michael Dawson Thank you very much. IBM Runtime Technologies michael_dawson@ca.ibm.com © 2016 IBM Corporation 48
  • 49. © 2016 IBM Corporation 49 Your feedback is valuable Please complete your session or lab evaluation! Session number [A294] Provide your evaluations by: Evaluation forms: Fill out a form at the end of each session Paper forms are located in each of the session or lab rooms Complete the session survey on Event Connect Portal: https://portal.ibmeventconnect.com/ma drid2016 Select Sessions, then Session Finder, and complete the survey - Or -
  • 50. IBMTA16 Twitter @IBMCloud | @IBMWebSphere LinkedIn IBM Cloud YouTube IBM Cloud | IBM WebSphere Facebook IBM Cloud ibmcloud Facebook Event Page IBM Techical Academy 2016 websphere
  • 51. Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
  • 52. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. • IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml. • Node.js is an official trademark of Joyent. IBM SDK for Node.js is not formally related to or endorsed by the official Joyent Node.js open source or commercial project. • Java, JavaScript and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. • npm is a trademark of npm, Inc.