Automated Security Testing in Continuous Integration

•

0 gostou•118 visualizações

ChristianKhn8

talk slides or my 2019 Talk W-JAX Continous Lifecycle Mannheim Heise DevSec

Software

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
Automated Security Testing  
In Continuous Integration

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
1) English
2)Deutsch
Language Menu

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
Agenda
why?
how?
what?
whoami?

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
whoami?
Christian Kühn 
system developer 
#java #kubernetes #devops
@DevOpsKA Meetup Organizer
synyx GmbH Karlsruhe
code with attitude!
sw development 
consulting

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
questions ?!

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
- leakage of business data
- leakage of user/customer data
- service interruption
- industry malfunction
- death (😱)
soﬅware security issues: 
what could possibly go wrong?

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
equifax - “Credit Monitoring”
examples:
https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/
hacked 2017 
vulnerability in Apache Struts dependency
 
143,000,000 SSN
209,000 credit card numbers
182,000 “consumers” with PII

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
Mossack Fonseca - “Law Firm and coprorate service provider”
examples:
https://en.wikipedia.org/wiki/Panama_Papers
hacked 2015 
vulnerability in Drupal
 
11.5 million leaked documents about
money laundering
tax avoidance
corruption

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
what stops developers from patching?
negligence
priorities / lack of time
skills / training
insight
“security - not my department” (or is it?)

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
vulnerability
/vʌln(ə)rəˈbɪlɪti/
noun
1. the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally. 
 
…
CVE
"reference for publicly known information-security vulnerabilities and exposures"
public CVE Database - sponsored by NIST  
(National Institute of Standards and Technology)

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
automate the sh!t out of it
solution
search for known vulnerabilities
implement a process to ﬁx ASAP (or whitelist 😇 )
treat security issues like technical debt

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
let's automatically ﬁnd KNOWN vulnerabilities in
dependencies / 3rd party libs
components in docker images
( let's also scan our app dynamically )

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
continuous delivery today

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
continuous delivery ++

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
dependencies | components | 3rdparty libraries
example: little maven/springboot demo-project:  
6 maven dependencies
71 transitive dependencies 
github.com/cy4n/broken

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
ﬁnd vulnerable dependencies

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
DEMO!

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
What is wrong with using containers?
docker pull cy4n/broken
FROM cy4n/broken:latest

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
https://github.com/arminc/clair-local-scan
docker run -d --name db arminc/clair-db:latest
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
alternative:  
trivy
CLI-binary only 
no need for server 
local database 
https://github.com/aquasecurity/trivy

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
API / Webserver
ZAProxy burp

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
API / Webserver - dynamic testing
OWASP ZAProxy
url spider
passive (and active) modes
ajax supported

Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de
let's discuss
 
how to react?

Mais conteúdo relacionado

Último

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

Looking for an efficient way to manage your finances? Look no further than our money management app. With easy-to-use features, you can track your expenses, create budgets, and monitor your savings goals all in one place. Our app provides real-time updates on your spending habits and helps you make smarter financial decisions. Take control of your finances today with our user-friendly money management app.

Right Money Management App For Your Financial Goals

Jhone kinadey

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs). Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease. In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Alberto González Trastoy

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Azure Native Qumulo scales elastically for common High Performance Compute (HPC) workloads based on application requirements for: Financial Services, Automotive, Genomics / Life Sciences, Media and Entertainment, Energy, Oil and Gas, etc. Performance can be dialed UP (and back down) much higher than the examples shown here. These slides offer a glimpse into ANQ's HPC capabilities, although at a smaller scale. We invite YOU to do your own testing (with a free ANQ trial) and work with us to test your HPC workloads in Azure.

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf

ryanfarris8

HR Software Buyers Guide in 2024 - HRSoftware.com

Fatema Valibhai

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

Diamond Application Development Crafting Solutions with Precision

SolGuruz

Destaque

How to Prepare For a Successful Job Search for 2024

Albert Qian

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

SpeakerHub

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

MindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

During this webinar, Anand Bagmar demonstrates how AI tools such as ChatGPT can be applied to various stages of the software development life cycle (SDLC) using an eCommerce application case study. Find the on-demand recording and more info at https://applitools.info/b59 Key takeaways: • Learn how to use ChatGPT to add AI power to your testing and test automation • Understand the limitations of the technology and where human expertise is crucial • Gain insight into different AI-based tools • Adopt AI-based tools to stay relevant and optimize work for developers and testers * ChatGPT and OpenAI belong to OpenAI, L.L.C.

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

Applitools

12 Ways to Increase Your Influence at Work

GetSmarter

ChatGPT webinar slides

Alireza Esmikhani

More than Just Lines on a Map: Best Practices for U.S Bike Routes

Project for Public Spaces & National Center for Biking and Walking

Has your project been caught in a storm of deadlines, clashing requirements, and the need to change course halfway through? If yes, then check out how the administration team navigated through all of this, relocating 160 people from 3 countries and opening 2 offices during the most turbulent time in the last 20 years. Belka Games’ Chief Administrative Officer, Katerina Rudko, will share universal approaches and life hacks that can help your project survive unstable periods when there seem to be too many tasks and a lack of time and people.

Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...

DevGAMM Conference

Barbie - Brand Strategy Presentation

Erica Santiago

According to the latest State of the American Manager report from Gallup, employees who have regular meetings with their managers are almost three times as likely to be engaged as those who don’t. These regular check-ins keep managers and employees in sync and aligned. Want to see better manager/employee relationships in your organisation? Then make an all-in commitment to 1:1 meetings. Not sure how? You’ve come to the right place. In this webinar with Jamie Resker, Founder and Practice Leader for Employee Performance Solutions (EPS), and Teala Wilson, Talent Management Consultant at Saba Software, you’ll get the inside track on how to hold effective 1:1 meetings, including tips for getting managers on board. • Go beyond discussing the status of everyday work to higher level topics, including recognition, performance, development, and career aspirations • Learn how to decide meeting frequency, what to cover, as well as roles and responsibilities of the manager and employee • Understand how managers can build trust and make it comfortable for employees to provide upward feedback • Unite your organisation with a unified approach to 1:1 meetings Join us for this 1-hour webinar to get practical tips for building better manager-employee relationships with intention and purpose. About the Speakers Jamie Resker - Founder and Practice Leader for Employee Performance Solutions (EPS) Jamie Resker, Practice Leader and Founder of Employee Performance Solutions, is a recognized innovator in performance management. She is the originator of the-the Performance Continuum Feedback Method® and Conversations to Optimize Employee Performance training program; tools and training that reshape communications between managers and employees to drive and align performance. Jamie is on the faculty for the Northeast Human Resources Association, is a contributor to Halogen Software's Talent Space Blog, and is an editorial advisory board member for HR Examiner. Teala Wilson - Senior Consultant, Strategic Services, Saba Software Teala is a Talent Management Consultant at Halogen Software, now a part of Saba Software. She has worked with teams on a national and global level supporting human resources in areas such as performance management, recruitment, employee benefit programs, training and talent development, workforce planning and internal communications. Teala also has a personal passion for visual arts and design. Want to learn more? Join us for an upcoming Product Tour! http://bit.ly/2yitfqu

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well

Saba Software

This video by Simplilearn will explain to you Introduction to C Programming Language. Introduction to C Programming Language Tutorial For Beginners will explain to you the C language's history, C's importance, its features, real-world applications, and some of its advantages and disadvantages. 00:00 Introduction to C 1:42-History of C language Dennis Ritchie, a computer scientist, could identify the gaps and tap out the best features from both B and BCPL languages to invent a new hybrid. Hence, C was born in 1972 at Bell Laboratories. A remarkably simple and highly readable programming language resulted in groundbreaking advancements in the IT industry. 2:48-Importance and unraveling the powerful capabilities of C, The widespread use of C started to take over the IT industry. Unraveling the potential of C, the designers began to discover new possibilities that led them to focus on the big picture. 3:56-C's cutting-edge features The designers at Bell Laboratories ensured that their programming language solved the issues with B and BCPL and the ones they had foreseen. 6:35-The popular real-world applications of C -UNIX operating system -google file system -Mozilla -Graphical user interface 8:30-The advantages and disadvantages of C 10:34-The popular IT companies and their domains that employ C · MasterCard · IBM · Flipkart · Dell · Twitter · GitHub and twitch 11:09-First c program. 🔥 Explore our FREE courses with completion certificates: https://www.simplilearn.com/skillup-f... ✅Subscribe to our Channel to learn more about the top Technologies: https://bit.ly/2VT4WtH ⏩ Check out the C++ Programming training videos: https://www.youtube.com/playlist?list... #IntroductiontoCProgrammingLanguage #CLanguage #CProgramming #CProgram #CProgrammingLanguage #LearnCProgramming #HowToCodeInCForBeginners #CTutorialForBeginners #LearnCProgramming #Simplilearn Dennis Ritchie, a computer scientist, was able to identify the gaps and tap out the best features from both B and BCPL languages to invent a new hybrid. Hence, C was born in 1972 at Bell Laboratories. A remarkably simple and highly readable programming language resulted in groundbreaking advancements in the IT industry. ✅What is C++ Programming? C++ is an enhanced and extended version of C programming language, developed by Bjarne Stroustrup in 1979 as part of his Ph.D. project. Bjarne developed what he called ‘C with Classes’ (later renamed C++) because he felt limited by the existing programming languages that were not ideal for large scale projects. He used C to build what he wanted because C was already a general-purpose language that was efficient and fast in its operations. ✅C++ Career Prospects: With just C++ programming expertise, you will have excellent job opportunities, salaries, and career prospects. However, for a career based on programming languages such as Java and Python (which are in more demand than C++) or for careers based on front-end, back-end, and full-stack

Introduction to C Programming Language

Simplilearn

Destaque (20)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

12 Ways to Increase Your Influence at Work

ChatGPT webinar slides

More than Just Lines on a Map: Best Practices for U.S Bike Routes

Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...

Barbie - Brand Strategy Presentation

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well

Introduction to C Programming Language

Automated Security Testing in Continuous Integration

1. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de Automated Security Testing   In Continuous Integration

2. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de 1) English 2)Deutsch Language Menu

3. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de Agenda why? how? what? whoami?

4. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de whoami? Christian Kühn  system developer  #java #kubernetes #devops @DevOpsKA Meetup Organizer synyx GmbH Karlsruhe code with attitude! sw development  consulting

5. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de questions ?!

6. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de - leakage of business data - leakage of user/customer data - service interruption - industry malfunction - death (😱) soﬅware security issues:  what could possibly go wrong?

7. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de equifax - “Credit Monitoring” examples: https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/ hacked 2017  vulnerability in Apache Struts dependency   143,000,000 SSN 209,000 credit card numbers 182,000 “consumers” with PII

8. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de Mossack Fonseca - “Law Firm and coprorate service provider” examples: https://en.wikipedia.org/wiki/Panama_Papers hacked 2015  vulnerability in Drupal   11.5 million leaked documents about money laundering tax avoidance corruption

9. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de what stops developers from patching? negligence priorities / lack of time skills / training insight “security - not my department” (or is it?)

10. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

11. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de vulnerability /vʌln(ə)rəˈbɪlɪti/ noun 1. the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally.    … CVE "reference for publicly known information-security vulnerabilities and exposures" public CVE Database - sponsored by NIST   (National Institute of Standards and Technology)

12. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

13. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de automate the sh!t out of it solution search for known vulnerabilities implement a process to ﬁx ASAP (or whitelist 😇 ) treat security issues like technical debt

14. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de let's automatically ﬁnd KNOWN vulnerabilities in dependencies / 3rd party libs components in docker images ( let's also scan our app dynamically )

15. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de continuous delivery today

16. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de continuous delivery ++

17. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de continuous delivery++

18. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de dependencies | components | 3rdparty libraries example: little maven/springboot demo-project:   6 maven dependencies 71 transitive dependencies  github.com/cy4n/broken

19. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

20. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de ﬁnd vulnerable dependencies

21. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

22. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

23. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de DEMO!

24. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

25. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de What is wrong with using containers? docker pull cy4n/broken FROM cy4n/broken:latest

26. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

27. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de https://github.com/arminc/clair-local-scan docker run -d --name db arminc/clair-db:latest docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan

28. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

29. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de alternative:   trivy CLI-binary only  no need for server  local database  https://github.com/aquasecurity/trivy

30. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de DEMO!

31. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

32. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de API / Webserver ZAProxy burp

33. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de API / Webserver - dynamic testing OWASP ZAProxy url spider passive (and active) modes ajax supported

34. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de

35. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de DEMO!

36. Automated Security Testing In Continuous Integration Christian Kühn - @CYxChris - kuehn@synyx.de let's discuss   how to react?

Automated Security Testing in Continuous Integration

Recomendados

Recomendados

Mais conteúdo relacionado

Último

Último (20)

Destaque

Destaque (20)

Automated Security Testing in Continuous Integration