SlideShare uma empresa Scribd logo

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec California 2019

Abhay Bhargav
Abhay Bhargav

Serverless Technology (Functions as a Service) is fast becoming the next "big thing" in the world of distributed applications. Organizations are investing a great deal of resources in this technology as a force-multiplier, cost-saver and ops-simplification cure-all. Especially with widespread support from cloud vendors, this technology is going to only become more influential. However, like everything else, Serverless apps are subject to a a wide variety of attack possibilities, ranging from attacks against access control tech like Function Event Injection, JWTs, to NoSQL Injection, to exploits against the apps themselves (deserialization, etc) escalating privileges to other cloud component. On the other hand GraphQL (API Query Language) is the natural companion to serverless apps, where traditional REST APIs are replaced with GraphQL to provide greater flexibility, greater query parameterization and speed. GraphQL is slowly negating the need for REST APIs from being developed. Combined with Serverless tech/Reactive Front-end frameworks, GraphQL is very powerful for distributed apps. However, GraphQL can be abused with a variety of attacks including but not limited to Injection Attacks, Nested Resource Exhaustion attacks, Authorization Flaws among others. This talk presents a red-team perspective of the various ways in which testers can discover and exploit serverless and/or GraphQL driven applications to compromise sensitive information, and gain a deeper foothold into database services, IAM services and other other cloud components. The talk will have some demos that will demonstrate practical attacks and attack possibilities against Serverless and GraphQL applications.

Tecnologia
1 de 100
Baixar para ler offline
An Attacker’s View of Serverless and GraphQL Abhay Bhargav - we45 Copyright - we45, 2019 abhaybhargav
abhaybhargav Yours Truly • Founder @ we45 • Chief Architect - Orchestron • Avid Pythonista and AppSec Automation Junkie • Speaker at DEF CON, BlackHat, OWASP Events, etc world-wide • Lead Trainer - we45 Training and Workshops • Co-author of Secure Java For Web Application Development • Author of PCI Compliance: A Definitive Guide Copyright - we45, 2019
abhaybhargav Copyright - we45, 2018
abhaybhargav Get ready! Copyright - we45, 2018
abhaybhargav Get ready! Copyright - we45, 2018
abhaybhargav Get ready! Copyright - we45, 2018
abhaybhargav Today’s Session • A Gentle Introduction to Serverless (FaaS) and GraphQL • Attacker’s view of FaaS • Attacker’s View of GraphQL • Demos • FIN Copyright - we45, 2018
abhaybhargav As always, I pray to the demo gods! Copyright - we45, 2018
abhaybhargav Serverless (FaaS)
abhaybhargav Moving FaaSter! Copyright - we45, 2018 Monolith Microservice Function
abhaybhargav What is FaaS? Copyright - we45, 2018
abhaybhargav What is FaaS? • Functions that are triggered via events => Triggering a Container/VM Copyright - we45, 2018
abhaybhargav What is FaaS? • Functions that are triggered via events => Triggering a Container/VM • Execute (thing) Copyright - we45, 2018
abhaybhargav What is FaaS? • Functions that are triggered via events => Triggering a Container/VM • Execute (thing) • The container/VM freezes post execution and kills Copyright - we45, 2018
abhaybhargav What is FaaS? • Functions that are triggered via events => Triggering a Container/VM • Execute (thing) • The container/VM freezes post execution and kills • Repeat Copyright - we45, 2018
abhaybhargav Summary Copyright - we45, 2018 Function •Short lived •No ports •No state •Single purpose
abhaybhargav Events Copyright - we45, 2018
abhaybhargav Lifecycle Copyright - we45, 2018 Containers/MicroVMs are “thawed” when they are invoked again Additional Containers/MicroVMs are spawned based on concurrent invocations Function is invoked launching a container to run. Destroyed after. Deploy into Lambda with zip file
abhaybhargav customary FaaS Demo…
abhaybhargav GraphQL
What is GraphQL? • API Query Language => instead of REST API • (Usually) single endpoint to query and insert (mutate) data for the API • Query/Mutate exactly what you want • Multiple Resources in a Single Request • PubSub Functionality for Realtime Data
REST vs GraphQL
REST vs GraphQL re_path(r'^media/(?P<path>.*)$', MediaServeView.as_view()), re_path(r'^api/user/password/change/(?P<email>.*)/$', UserUtilityView.as_view({'post':'change_password'})), re_path(r'^api/user/token/', obtain_jwt_token), re_path(r'^api/user/profile/', UserProfileView.as_view()), re_path(r'^api/users/list/$', UserListView.as_view({'get':'list'}),name='user_list'), re_path(r'^api/organizations/list/$', OrganizationListView.as_view({'get':'list'}),name='org_list'), re_path(r'^api/projects/list/$', ProjectListView.as_view({'get':'list'}),name='pro_list'), re_path(r'^api/applications/list/$', ApplicationListView.as_view({'get':'list'}),name='app_list'), re_path(r'^api/users/$', UserView.as_view({'get':'list','put':'create'}),name='user'), re_path(r'^api/users/(?P<pk>d+)/$', UserView.as_view({'get':'retrieve','post':'update','delete':'destroy'}),name='ind_user'), re_path(r'^api/tools/$', OptionsListView.as_view({'get':'tools'}),name='tools'), re_path(r'^api/hosttypes/$', OptionsListView.as_view({'get':'hosttypes'}),name='hosttypes'), re_path(r'^api/platforms/$', OptionsListView.as_view({'get':'platforms'}),name='platforms'), re_path(r'^api/permissions/$', OptionsListView.as_view({'get':'permissions'}),name='permissions'),
GraphQL const app = express(); const PORT = 3000; app.use('/graphql', graphlHTTP({ schema: schema, graphiql: true, }));
GraphQL
GraphQL Architecture Source: Apollo Server
GraphQL Terminology •Schemas and Types: •Define Object Types and Fields (Objects and Attributes •Queries => Select Statements •Mutations => Insert/Update Statements •Scalar => Custom Data Types •Resolver => Function that translates the type system to DB queries
abhaybhargav customary GraphQL Demo…
abhaybhargav Why Serverless AND GraphQL?
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav
abhaybhargav Super-easy to deploy service: gql-sql-injection package: exclude: - node_modules - package-lock.json provider: name: aws runtime: nodejs8.10 timeout: 30 functions: graphql: handler: app.handler timeout: 30 events: - http: path: graphql method: post cors: false
abhaybhargav Security Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Events from Multiple Sources • Highly disciplined approach to Architecture Copyright - we45, 2018
abhaybhargav reading between the lines….
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •No Batteries included Security Features (Frameworks)
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •No Batteries included Security Features (Frameworks) •DIY Validation
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •No Batteries included Security Features (Frameworks) •DIY Validation •Access Control per Function
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •No Batteries included Security Features (Frameworks) •DIY Validation •Access Control per Function •Logging Per Function
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •No Batteries included Security Features (Frameworks) •DIY Validation •Access Control per Function •Logging Per Function •and other things we don’t too too well…..
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface •Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface •Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •Monitoring Attacks is a challenge unless you architect for it
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface •Observability/Debugging is a challenge • Highly disciplined approach to Architecture Copyright - we45, 2018 •Monitoring Attacks is a challenge unless you architect for it •Security Logging => FUHGEDDABOUDIT!
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge •Events from Multiple Sources Copyright - we45, 2018
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge •Events from Multiple Sources Copyright - we45, 2018 •Functions triggered from events like S3, SNS, SQS,etc
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge •Events from Multiple Sources Copyright - we45, 2018 •Functions triggered from events like S3, SNS, SQS,etc •Larger Attack Surface
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge •Events from Multiple Sources Copyright - we45, 2018 •Functions triggered from events like S3, SNS, SQS,etc •Larger Attack Surface •Traditional Security Controls - WAFs, etc may be ineffective
abhaybhargav Considerations - FaaS • No* Frameworks => Back to Plain ol’ platform code • No Network Attack Surface • Observability/Debugging is a challenge •Events from Multiple Sources Copyright - we45, 2018 •Functions triggered from events like S3, SNS, SQS,etc •Larger Attack Surface •Traditional Security Controls - WAFs, etc may be ineffective •DAST/Testing is hard to exec
abhaybhargav Useful Projects for Serverless Security Copyright - we45, 2018
abhaybhargav Attacker’s View of FaaS
abhaybhargav Routes to FaaS pwnage! • Attacking Function (and cloud provider) through non-API Gateway Events • Attacking Function (and Cloud Provider) through API (Web Services Attacks) • Identifying Vulnerabilities with IAM and Privileges => Elevation of Privs • Information Disclosure => Database Access, etc • Denial of Service Copyright - we45, 2018
abhaybhargav Function Data Event Injection
abhaybhargav What is Event Injection? • Injection Attacks triggered through Third party event notifications • Example: • File Uploaded to S3 • Message sent over Notification Service • Message received on Queue • DynamoDB Stream Events, • etc Copyright - we45, 2018
abhaybhargav Function Data Event Injection • Injection is back!! • Multiple Possibilities with Functions: • Insecure Deserialization • XXE • SQL Injection • NoSQL Injection • Server-Side Request Forgery • Template Injection
abhaybhargav Function Data Event Injection - Sources Command Injection SQL/NoSQL Injection Insecure Deserialization XXE
abhaybhargav Case Study User uploads XML laced with malware File Stores in Amazon S3 Notification triggers function Function reads uploaded file, XXE executes Attacker gains access
abhaybhargav Demo
abhaybhargav Challenges - Function Data Event Injection • Hard to test for => Execution is largely Out-of-Band • Hard to Protect with WAFs (other Network Security) => Several non-HTTP Protocols can be used to trigger this • Wide variety of execution scenarios
abhaybhargav Privilege Escalation - IAM Misconfiguration
abhaybhargav IAM & Other Misconfigurations • Permissions are often the greatest bugbear in a FaaS implementation • Devs tend to provide overly permissive capabilities for resources that interact with FaaS implementations • Permissions are usually set in cloud IAM environments with Policies, Roles, etc • This includes misconfigurations like Public S3 buckets and access to all DynamoDB tables, etc
abhaybhargav Examples of IAM - Effect: Allow Action: - 'dynamodb:*' Resource: - 'arn:aws:dynamodb:us-east-1:****************:table/TABLE_NAME' Allows ALL actions on a DynamoDB Table - Effect: Allow Action: - dynamodb:PutItem Resource: 'arn:aws:dynamodb:us-east-1:****************:table/TABLE_NAME' Only PUT allowed on Table
abhaybhargav DynamoDB Injection client.scan(TableName = 'dynamo-user', Select = 'ALL_ATTRIBUTES', ScanFilter = { 'first_name': {"AttributeValueList": [{"S": "Joe"}], "ComparisonOperator": "EQ"} }) Standard “scan” with DynamoDBEQ|NE|IN|LE|LT|GE|GT|BETWEEN| NOT_NULL|NULL|CONTAINS| NOT_CONTAINS|BEGINS_WITH client.scan(TableName = 'dynamo-user', Select = 'ALL_ATTRIBUTES', ScanFilter = {'first_name': {"AttributeValueList": [{"S": "*"}], "ComparisonOperator": "GT"}}) Equivalent of ‘OR 1=1, Retrieves all values from the Table
abhaybhargav Demo
abhaybhargav Other Weaknesses • Authorization Weaknesses especially with JSON Web Tokens (JWTs) • Denial of Service Attacks based on Library weaknesses • Dynamic Testing is a major challenge for Serverless Functions • SAST/SCA becomes the way to go. But gets hard with multiple language implementations Copyright - we45, 2018
abhaybhargav Attacker’s view of GraphQL
abhaybhargav Security Considerations - GraphQL Copyright - we45, 2018
abhaybhargav Security Considerations - GraphQL • Access Control Copyright - we45, 2018
abhaybhargav Security Considerations - GraphQL • Access Control • Input Validation Copyright - we45, 2018
abhaybhargav Security Considerations - GraphQL • Access Control • Input Validation • Query Whitelisting Copyright - we45, 2018
abhaybhargav Security Considerations - GraphQL • Access Control • Input Validation • Query Whitelisting • Rate Limiting Copyright - we45, 2018
abhaybhargav Security Considerations - GraphQL • Access Control • Input Validation • Query Whitelisting • Rate Limiting Copyright - we45, 2018 }
abhaybhargav Security Considerations - GraphQL • Access Control • Input Validation • Query Whitelisting • Rate Limiting Copyright - we45, 2018 }
abhaybhargav Attacker’s View of GraphQL Copyright - we45, 2018
abhaybhargav Attacker’s View of GraphQL • Similar set of flaws as you would see with any other Web App/Web Service Copyright - we45, 2018
abhaybhargav Attacker’s View of GraphQL • Similar set of flaws as you would see with any other Web App/Web Service • Authorization Flaws and Info Disclosure Flaws take center-stage Copyright - we45, 2018
abhaybhargav Attacker’s View of GraphQL • Similar set of flaws as you would see with any other Web App/Web Service • Authorization Flaws and Info Disclosure Flaws take center-stage • NoSQL Flaws might be big with GraphQL Apps Copyright - we45, 2018
abhaybhargav Attacker’s View of GraphQL • Similar set of flaws as you would see with any other Web App/Web Service • Authorization Flaws and Info Disclosure Flaws take center-stage • NoSQL Flaws might be big with GraphQL Apps • Make Denial-of-Service Great Again! Copyright - we45, 2018
abhaybhargav GraphQL Introspection (Information Disclosure)
abhaybhargav Introspection? Copyright - we45, 2018
abhaybhargav Introspection? Copyright - we45, 2018
abhaybhargav Introspection? Copyright - we45, 2018
abhaybhargav Introspection? Copyright - we45, 2018
abhaybhargav Authorization Bypass
abhaybhargav Anyone remember Mass Assignment? Copyright - we45, 2018
abhaybhargav Demo
abhaybhargav Injection
abhaybhargav Injection with GraphQL • Unlike REST (single query per function), GraphQL resolvers are written for a larger query space • With NoSQL databases, this could lead to injection (and probably RCE) if Dynamic Scripting is enabled (Mongo, Elasticsearch, etc) Copyright - we45, 2018
abhaybhargav Demo
abhaybhargav DoS
abhaybhargav Nested Queries - Resource Exhaustion • Nested Queries with Many to Many Fields can be easily scaled to “high cost” queries • When coupled with FaaS invocations, can really add up the costs Copyright - we45, 2018
abhaybhargav Demo Copyright - we45, 2018
abhaybhargav Conclusions • Serverless and GraphQL Stacks are going to be big moving forward • Developers need to largely DIY Implementations => Few Frameworks today! • Security Tooling => Needs to catch up a WHOLE LOT MORE! Copyright - we45, 2018
abhaybhargav Thanks! •Twitter: @abhaybhargav •Website and Blog: www.we45.com •Product: www.orchestron.io Copyright - we45, 2018

Recomendados

Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 

Recomendados

Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesWebsecurify
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop Ivan Novikov
 
Secure coding in C#
Secure coding in C#Secure coding in C#
Secure coding in C#Siddharth Bezalwar
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPPaul Ionescu
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 
Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveAbhay Bhargav
 
Meetup callback
Meetup callbackMeetup callback
Meetup callbackWayne Scarano
 

Mais conteúdo relacionado

Mais procurados

Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesWebsecurify
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationChris Gates
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case studyAntonio Fontes
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPPaul Ionescu
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide Isabelle Mauny
 

Mais procurados (20)

Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best PracticesSecure Coding - Web Application Security Vulnerabilities and Best Practices
Secure Coding - Web Application Security Vulnerabilities and Best Practices
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Client-Side Penetration Testing Presentation
Client-Side Penetration Testing PresentationClient-Side Penetration Testing Presentation
Client-Side Penetration Testing Presentation
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
Secure coding in C#
Secure coding in C#Secure coding in C#
Secure coding in C#
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
Threat modeling web application: a case study
Threat modeling web application: a case studyThreat modeling web application: a case study
Threat modeling web application: a case study
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAP
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 

Semelhante a An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec California 2019

Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveAbhay Bhargav
 
Application Deployment at UC Riverside
Application Deployment at UC RiversideApplication Deployment at UC Riverside
Application Deployment at UC RiversideMichael Kennedy
 
GraphQL - The new "Lingua Franca" for API-Development
GraphQL - The new "Lingua Franca" for API-DevelopmentGraphQL - The new "Lingua Franca" for API-Development
GraphQL - The new "Lingua Franca" for API-Developmentjexp
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonSmartBear
 
JIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian Grunert
JIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian GrunertJIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian Grunert
JIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian GrunertAtlassian
 
Riak seattle-meetup-august
Riak seattle-meetup-augustRiak seattle-meetup-august
Riak seattle-meetup-augustpharkmillups
 
Kubernetes and AWS Lambda can play nicely together
Kubernetes and AWS Lambda can play nicely togetherKubernetes and AWS Lambda can play nicely together
Kubernetes and AWS Lambda can play nicely togetherEdward Wilde
 
GitBucket: The perfect Github clone by Scala
GitBucket: The perfect Github clone by ScalaGitBucket: The perfect Github clone by Scala
GitBucket: The perfect Github clone by Scalatakezoe
 
Your API on Steroids
Your API on Steroids Your API on Steroids
Your API on Steroids QAware GmbH
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxapidays
 
drupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupaldrupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupalrolf vreijdenberger
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with PythonAbhay Bhargav
 
Serverless <3 GraphQL | 2019 - Serverless Architecture Conference
Serverless <3 GraphQL | 2019 - Serverless Architecture ConferenceServerless <3 GraphQL | 2019 - Serverless Architecture Conference
Serverless <3 GraphQL | 2019 - Serverless Architecture ConferenceMarcia Villalba
 
aip-workshop1-dev-tutorial
aip-workshop1-dev-tutorialaip-workshop1-dev-tutorial
aip-workshop1-dev-tutorialMatthew Vaughn
 
Spark Hsinchu meetup
Spark Hsinchu meetupSpark Hsinchu meetup
Spark Hsinchu meetupYung-An He
 
"Easy and scalable serverless backend for your next mobile or web app", Arman...
"Easy and scalable serverless backend for your next mobile or web app", Arman..."Easy and scalable serverless backend for your next mobile or web app", Arman...
"Easy and scalable serverless backend for your next mobile or web app", Arman...Fwdays
 
Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...
Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...
Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...Fwdays
 

Semelhante a An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec California 2019 (20)

Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec Perspective
 
Meetup callback
Meetup callbackMeetup callback
Meetup callback
 
Application Deployment at UC Riverside
Application Deployment at UC RiversideApplication Deployment at UC Riverside
Application Deployment at UC Riverside
 
REST APIs
REST APIsREST APIs
REST APIs
 
GraphQL - The new "Lingua Franca" for API-Development
GraphQL - The new "Lingua Franca" for API-DevelopmentGraphQL - The new "Lingua Franca" for API-Development
GraphQL - The new "Lingua Franca" for API-Development
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & Python
 
JIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian Grunert
JIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian GrunertJIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian Grunert
JIRA 7 for Developers - Bartek Gatz Filip Rogaczewski Ian Grunert
 
Riak seattle-meetup-august
Riak seattle-meetup-augustRiak seattle-meetup-august
Riak seattle-meetup-august
 
Kubernetes and AWS Lambda can play nicely together
Kubernetes and AWS Lambda can play nicely togetherKubernetes and AWS Lambda can play nicely together
Kubernetes and AWS Lambda can play nicely together
 
GitBucket: The perfect Github clone by Scala
GitBucket: The perfect Github clone by ScalaGitBucket: The perfect Github clone by Scala
GitBucket: The perfect Github clone by Scala
 
Your API on Steroids
Your API on Steroids Your API on Steroids
Your API on Steroids
 
API Conference 2021
API Conference 2021API Conference 2021
API Conference 2021
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
 
drupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupaldrupal 7 amfserver presentation: integrating flash and drupal
drupal 7 amfserver presentation: integrating flash and drupal
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Python
 
Serverless <3 GraphQL | 2019 - Serverless Architecture Conference
Serverless <3 GraphQL | 2019 - Serverless Architecture ConferenceServerless <3 GraphQL | 2019 - Serverless Architecture Conference
Serverless <3 GraphQL | 2019 - Serverless Architecture Conference
 
aip-workshop1-dev-tutorial
aip-workshop1-dev-tutorialaip-workshop1-dev-tutorial
aip-workshop1-dev-tutorial
 
Spark Hsinchu meetup
Spark Hsinchu meetupSpark Hsinchu meetup
Spark Hsinchu meetup
 
"Easy and scalable serverless backend for your next mobile or web app", Arman...
"Easy and scalable serverless backend for your next mobile or web app", Arman..."Easy and scalable serverless backend for your next mobile or web app", Arman...
"Easy and scalable serverless backend for your next mobile or web app", Arman...
 
Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...
Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...
Workshop "Building Modern Web Applications with Firebase (and Angular)", Arm...
 

Último

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Último (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec California 2019