HTTPS and YOU

•Transferir como PPTX, PDF•

1 gostou•789 visualizações

Eric Lewis

All about HTTPS. Talk given at WordCamp NYC 2015

Tecnologia

What is HTTP?
(or, how does the Internet work?)

How HTTP works
HTTP request
I want to see a webpage
nytimes.com/index.html

How HTTP works
HTTP request
HTTP Response
Here’s the content of index.html

Request data is unencrypted, and
servers don’t need to provide their
identity over HTTP

HTTP is unencrypted. The data can be
read by any intermediary.
HTTP request
Insecure wifi
Attacker can read the user’s
HTTP request and response.
“Hmm, looks like Eric is
interested in Twitter stock…”
I want to see a
webpage
nytimes.com/twitter-
stock-plummets/

HTTP is unencrypted. The data can be
read by any intermediary.
HTTP request
Insecure wifi
I wonder what a jorf is…
Log into my
WordPress site with
my username “eric”
and my password
“jorf”

HTTP request
I want to see a webpage
nytimes.com/index.html
An attacker can catch the
request (DNS Spoofing, etc)
HTTP doesn’t require server identification.
Any intermediary can spoof a request.

HTTP request
The attacker returns spoofed content of index.html
which says Russia bombed the U.S.
HTTP Response
HTTP doesn’t require server identification.
Any intermediary can spoof a request.

All data in the request is encrypted,
except the delivery address.
HTTPS request
Send to 182.23.194.39
Fwu3489fehu9fr93wehufu9ef89y3
hu9efhiufhr803
(encrypted request data)
I want to see a
webpage
nytimes.com/index.ht
ml

All data in the request is encrypted,
except the delivery address.
HTTPS request
Send to 212.39.10.88
sdfj83jof83hfajnksdc83hud08duh3
8dhe8y38h383
(encrypted response data)
HTTPS response
Here’s the
content of
index.html

HTTPS request
HTTPS is encrypted. The data can’t be
read by any intermediary.
Insecure wifi
Attacker can eavesdrop on the
encrypted conversation, but
doesn’t understand it.
Log into my
WordPress site with
my username “eric”
and my password
“jorf”
Send to 182.23.194.39
Fwu3489fehu9fr9ufu9ef89
y3hu9efhiufhr803
(encrypted request data)

I want to see a
webpage
nytimes.com/index.html
The attacker can’t spoof
the server’s identification.
HTTPS requires server identification.
An intermediary can’t spoof a request.
HTTPS request

Only the server with valid identification
can respond to the request.
HTTPS requires server identification.
An intermediary can’t spoof a request.
HTTPS request
HTTPS request

“What if I don’t care about security?”
• Google gives an SEO boost for HTTPS sites.

“What if I don’t care about security?”
• Google gives an SEO boost for HTTPS sites.
• Your site can be faster on HTTPS with HTTP/2,
which requires HTTPS.

“What if I don’t care about security?”
• Google gives an SEO boost for HTTPS sites.
• Your site can be faster on HTTPS with HTTP/2,
which requires HTTPS.
• New browser features and APIs limited to
HTTPS sites.

Try logging into a
WordPress site as “eric”
with password “a”
HTTPS does not protect from brute
force attacks.

Now try logging into a
WordPress site as “eric”
with password “b”
HTTPS does not protect from brute
force attacks.

How does HTTPS work?
A server needs an SSL certificate and a private
key.

During the HTTPS handshake…
Server sends SSL certificate.

An SSL certificate includes a digital signature to
identify the server, and a public key to assist
with encryption.

Browser and server negotiate
encryption with private/public key
encryption

Certificate Authority (CA).
A trusted organization.

How can a server provide
identity?
I really am nytimes.com,
not some middle-man
hacker!

Certificate Authority verifies a
server.
I really am nytimes.com,
not some middle-man
hacker! Yes, we verified you
are.

After verification, a Certificate
Authority provides an SSL certificate.
Here’s an SSL
certificate.

The digital signature proves that
the CA created the certificate.

Browsers trust SSL certificates
created by specific Certificate
Authorities.

Mais conteúdo relacionado

Mais procurados

Using OAuth with PHP

David Ingram

Token Based Authentication Systems with AngularJS & NodeJS

Hüseyin BABAL

JSON Web Token

Deddy Setyadi

2016 pycontw web api authentication

Micron Technology

Json web token api authorization

Giulio De Donato

JWT Authentication with AngularJS

robertjd

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.

Integrity protection for third-party JavaScript

Francois Marier

Securing Single Page Applications with Token Based Authentication

Stefan Achtsnit

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.

Integrity protection for third-party JavaScript

Francois Marier

Software security is hard. Software security in Microservice Systems is even harder. Microservice-style software architectures have steadily been gaining popularity in recent years. They offer many benefits over traditional monolithic software products, however they also introduce new challenges - one of these being security. In recent years David has worked on this problem in several independent projects, and this talk will draw on his learnings within the topic of authenticating end-users. David will describe, compare and evaluate several authentication options from the perspective of how secure they are and how well they comply with the qualities of a well-designed microservice system. You will leave the talk with suggested evaluation criteria and guidance for implementation based on their use cases.

muCon 2016: Authentication in Microservice Systems By David Borsos

OpenCredo

第0回ワススタ!! #wasbookを読もう

Tatsuya Tobioka

Secure socket layer

REST Service Authetication with TLS & JWTs

Jon Todd

20190516 web security-basic

MksYi

Authentication: Cookies vs JWTs and why you’re doing it wrong

Derek Perkins

OAuth is not an API or a service: it is an open standard for authorization and any developer can implement it. OAuth is a standard that applications can use to provide client applications with “secure delegated access”. OAuth works over HTTP and authorizes Devices, APIs, Servers and Applications with access tokens rather than credentials, which we will go over in depth below. OpenID Connect (OIDC) is built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the user and, as well as to obtain their basic profile information. This session covers how OAuth/OIDC work, when to use them, and frameworks/services that simplify authentication. Blog post: https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth

What the Heck is OAuth and Open ID Connect? - UberConf 2017

Matt Raible

API Security : Patterns and Practices

Prabath Siriwardena

Insecurity-In-Security version.1 (2010)

Abhishek Kumar

Micro Web Service - Slim and JWT

Tuyen Vuong

La curva de aprendizaje para la seguridad es severa e implacable. Las especificaciones prometen una flexibilidad infinita y habitualmente dan nuevos nombres a los conceptos antiguos. Esta sesión profundiza el estado actual y evolución que la seguridad en arquitecturas basadas en servicios REST han requerido con conceptos competitivos como OAuth 2.0 en el mundo mobile y HTTP signatures utilizado por Amazon en API's B2B. Finalmente, se analiza un nuevo borrador de Internet lanzado este año que los combina a ambos en el sistema perfecto de dos factores que podría proporcionar una consolidación para los escenarios de REST mobile y de negocios.

2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest

César Hernández

Mais procurados (20)

Using OAuth with PHP

Token Based Authentication Systems with AngularJS & NodeJS

JSON Web Token

2016 pycontw web api authentication

Json web token api authorization

JWT Authentication with AngularJS

Integrity protection for third-party JavaScript

Securing Single Page Applications with Token Based Authentication

Integrity protection for third-party JavaScript

muCon 2016: Authentication in Microservice Systems By David Borsos

第0回ワススタ!! #wasbookを読もう

Secure socket layer

REST Service Authetication with TLS & JWTs

20190516 web security-basic

Authentication: Cookies vs JWTs and why you’re doing it wrong

What the Heck is OAuth and Open ID Connect? - UberConf 2017

API Security : Patterns and Practices

Insecurity-In-Security version.1 (2010)

Micro Web Service - Slim and JWT

2018 ecuador deconstruyendo y evolucionando la seguridad en servicios rest

Destaque

The Automation and Proliferation of Military Drones and the Protection of Civ...

Angelo State University

рисинка

dou188

"Commodore 64 Mon Amour" by Andrea Ferlito. Cosa succede se dopo 30 anni riprendi in mano un vecchio listato assembly? E' quello che racconterò in questo speech. Utilizzando come esempio un piccolo platform a livelli capiremo come si progettava e si scriveva un videogioco negi anni 80 e quali possono essere gli strumenti che oggi ci permettono di farlo ancora semplificandoci, e non poco, la vita. Un minimo di conoscenza del linguaggio assembly del 6510 sarebbe opportuno.

Commodore 64 Mon Amour

Codemotion

"Let's go HTTPS" by Simone Carletti HTTPS has gone mainstream and nowadays it's a good practice to serve a website via HTTPS. However, simply installing a TLS/SSL certificate may not be not enough to stay secure. It's important to understand how HTTPS works and how to configure it properly. In this talk we'll take a look at different types of SSL certificates, along with how to obtain a trusted SSL certificate and install it on the most common web servers/PaaS. Finally, we'll discuss the best practices surrounding HTTPS, including the HSTS headers, public key pinning, and common pitfalls such as the mixed security error.

Let's go HTTPS

Codemotion

"Refactoring to a Single Page Application" by Marcello Teodori In origine era il monolite. Spesso dietro una startup web di successo c'è un'applicazione in tecnologia singola (Java, Rails, ecc.) che cresce finché fatica a scalare all'aumentare degli utenti e con essa il relativo processo di sviluppo all'aumentare degli sviluppatori. Sul back-end una strategia consolidata è suddividere progressivamente il monolite in microservice. Per il front-end la soluzione duale è estrarre gradualmente il codice HTML, CSS e JavaScript in una Single Page Application, applicando diverse tecniche come quelle maturate durante la mia esperienza in Workshare.

Refactoring to a Single Page Application

Codemotion

Single-Page Application Design Principles 101

Jollen Chen

"The road to Ember.js 2.0" by Lucio Grenzi Why should I use Ember.js? JavaScript MVC frameworks are plentiful. In this presentation I will give you some compelling reasons to consider Ember,and the the new parts coming from the upcoming version 2.0. Different from other framework the new vesion does not brings a far new world because the dev team has planned continuos releases in order to improve backward compatibility. But there are new parts, like in React, the "virtual DOM" to improve performance. In this talk I will go through the new parts of EmberJS 2.0

The road to Ember.js 2.0

Codemotion

"Are Drones our best friends?" by Nicola Marietti Close to 4.3 million drones were shipped worldwide in 2015, and with each drone sold, the risk of 'bad-drone' abuse increases. During those years unexpected convergent consequences explode onto the drone scene at once .A drone is an aerial robot that can be controlled remotely or autonomously, drones are now effective data gathering platforms, Computer vision, sense-and-avoid and optical tracking become standard in consumer drones. Are we safe from a little drone attack? How we can defend our site from this new threat. Security solutions are the big new deal the next future.

Are Drones our best friends?

Codemotion

Destaque (8)

The Automation and Proliferation of Military Drones and the Protection of Civ...

рисинка

Commodore 64 Mon Amour

Let's go HTTPS

Refactoring to a Single Page Application

Single-Page Application Design Principles 101

The road to Ember.js 2.0

Are Drones our best friends?

Semelhante a HTTPS and YOU

How the SSL/TLS protocol works (very briefly) How to use HTTPS

whj76337

The Identity Problem of the Web and how to solve it

Bastian Hofmann

Firesheep & HTTPS, Explained!

Mahmoud Tantawy

Crossing the Boundaries of Web Applications with OpenSocial

Bastian Hofmann

Important Things To Know In SEO

Reshma Shaikh

When users use our sites, they put their faith in us. They trust we will keep their information from reaching others, believe we provided the information they see, and allow us to run (web) code on their devices. Using HTTPS to secure our conversations is a key part of maintaining this trust. If that’s not motivation enough, the web’s giants are actively promoting HTTPS, requiring it for features such as HTTP2 & ServiceWorker, using it for search engine ranking and more. To make the most of the web, you need to use HTTPS. This deck reviews what HTTPS is, discusses why you should prioritize using it, and cover some of the easiest (and most cost effective) steps to get started using HTTPS

HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)

Guy Podjarny

Simple Principles for Website Security

Lauren Wood

Proxy log review and use cases

Mostafa Yahia

Technical SEO helps search engine spiders crawl and index your site more effectively. Some activities of technical SEO are SSL, Robots.txt, Sitemaps, Meta tags which are explained below- SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. The Robots. txt is a file which is used by websites to communicate with web crawlers and other web robots. Sitemaps are an easy way for webmasters to inform search engines about pages on their sites that are available for crawling. Meta tags are snippets of text that describe a page's content. It helps the search engine identify what a web page is about.

Technical SEO

Animon2019

An Introduction to OpenID

Max Manders

Why should you use HTTPS and how can you use this? These are the two most important questions when thinking about secure communication between the visitors and your website. This is exactly what the presentation was about. What is HTTPS? How does the basics work? What do I to know about it? How does it work with Joomla! ? Presentation was given at the JoomlaDay in Austria December 2016, to different kind of Joomla! users, from beginners to developers.

JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!

Wilco Alsemgeest

HTTP VS. HTTPS: WHICH IS BETTER??

SEONetsolITSolutions

HTTP Services & REST API Security

Taiseer Joudeh

Session hijacking

Pushpinder Singh Joshi

WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...

Peter LaFond

Intrigue Core: Scaling Assessment Automation

Jonathan Cran

Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include: - HTTP Authentication - Choosing a Security Protocol - Generating & Managing API Keys - Authorization & Scopes - Token Authentication with JSON Web Tokens (JWTs) - Much more... Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.

Rest API Security

Stormpath

When you browse the net - you often send sensitive and highly personal data - passwords, banking information and so much more. One of the basic protections we have is a secure connection - or HTTPS instead of a HTTP. What does this mean? Should you enable this secure connection on your website? How can you inform your users to seek out these connections? Typing our banking information, secure passwords or our credit card information into an unsecure connection - can put at anyone at high risk of having our information stolen. This scenario and various others are all to true in the digital age and can wreak havoc on many individual’s personal lives. Some leading towards bankruptcy and financial ruin. This webinar will discuss: - what HTTPS is - how it functions - how to enable it - where to get a SSL certificate that will sign your HTTPS implementation -along with where it should be implemented.

HTTPS

Justin Denton

Building Encrypted APIs with HTTPS and Paillier

Nicholas Doiron

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...

CA API Management

Semelhante a HTTPS and YOU (20)

How the SSL/TLS protocol works (very briefly) How to use HTTPS

The Identity Problem of the Web and how to solve it

Firesheep & HTTPS, Explained!

Crossing the Boundaries of Web Applications with OpenSocial

Important Things To Know In SEO

HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)

Simple Principles for Website Security

Proxy log review and use cases

Technical SEO

An Introduction to OpenID

JoomlaDay Austria 2016 - Presentation Why and how to use HTTPS on your website!

HTTP VS. HTTPS: WHICH IS BETTER??

HTTP Services & REST API Security

Session hijacking

WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...

Intrigue Core: Scaling Assessment Automation

Rest API Security

HTTPS

Building Encrypted APIs with HTTPS and Paillier

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...

Último

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Choosing the right accounts payable services provider is a strategic decision that can significantly impact your business's financial performance and operational efficiency. By considering factors such as expertise, range of services, technology infrastructure, scalability, cost, and reputation, businesses can make informed decisions and select a provider that aligns with their unique needs and objectives. Partnering with the right provider can streamline accounts payable processes, drive cost savings, and position your business for long-term success. https://katprotech.com/accounts-payable-and-purchase-order-automation/

Factors to Consider When Choosing Accounts Payable Services Providers.pptx

Katpro Technologies

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

HTTPS and YOU

1. HTTPS and YOU

2. What is HTTP? (or, how does the Internet work?)

3. How HTTP works HTTP request I want to see a webpage nytimes.com/index.html

4. How HTTP works HTTP request HTTP Response Here’s the content of index.html

5. Why is HTTP insecure?

6. Request data is unencrypted, and servers don’t need to provide their identity over HTTP

7. HTTP is unencrypted. The data can be read by any intermediary. HTTP request Insecure wifi Attacker can read the user’s HTTP request and response. “Hmm, looks like Eric is interested in Twitter stock…” I want to see a webpage nytimes.com/twitter- stock-plummets/

8. HTTP is unencrypted. The data can be read by any intermediary. HTTP request Insecure wifi I wonder what a jorf is… Log into my WordPress site with my username “eric” and my password “jorf”

9. HTTP request I want to see a webpage nytimes.com/index.html An attacker can catch the request (DNS Spoofing, etc) HTTP doesn’t require server identification. Any intermediary can spoof a request.

10. HTTP request The attacker returns spoofed content of index.html which says Russia bombed the U.S. HTTP Response HTTP doesn’t require server identification. Any intermediary can spoof a request.

11. What security does HTTPS provide?

12. All data in the request is encrypted, except the delivery address. HTTPS request Send to 182.23.194.39 Fwu3489fehu9fr93wehufu9ef89y3 hu9efhiufhr803 (encrypted request data) I want to see a webpage nytimes.com/index.ht ml

13. All data in the request is encrypted, except the delivery address. HTTPS request Send to 212.39.10.88 sdfj83jof83hfajnksdc83hud08duh3 8dhe8y38h383 (encrypted response data) HTTPS response Here’s the content of index.html

14. HTTPS request HTTPS is encrypted. The data can’t be read by any intermediary. Insecure wifi Attacker can eavesdrop on the encrypted conversation, but doesn’t understand it. Log into my WordPress site with my username “eric” and my password “jorf” Send to 182.23.194.39 Fwu3489fehu9fr9ufu9ef89 y3hu9efhiufhr803 (encrypted request data)

15. I want to see a webpage nytimes.com/index.html The attacker can’t spoof the server’s identification. HTTPS requires server identification. An intermediary can’t spoof a request. HTTPS request

16. Only the server with valid identification can respond to the request. HTTPS requires server identification. An intermediary can’t spoof a request. HTTPS request HTTPS request

17. “What if I don’t care about security?”

18. “What if I don’t care about security?” • Google gives an SEO boost for HTTPS sites.

19. “What if I don’t care about security?” • Google gives an SEO boost for HTTPS sites. • Your site can be faster on HTTPS with HTTP/2, which requires HTTPS.

20. “What if I don’t care about security?” • Google gives an SEO boost for HTTPS sites. • Your site can be faster on HTTPS with HTTP/2, which requires HTTPS. • New browser features and APIs limited to HTTPS sites.

21. What is HTTPS not?

22. Try logging into a WordPress site as “eric” with password “a” HTTPS does not protect from brute force attacks.

23. Now try logging into a WordPress site as “eric” with password “b” HTTPS does not protect from brute force attacks.

24. How does HTTPS work?

25. How does HTTPS work? A server needs an SSL certificate and a private key.

26. During the HTTPS handshake… Server sends SSL certificate.

27. An SSL certificate includes a digital signature to identify the server, and a public key to assist with encryption.

28. Browser and server negotiate encryption with private/public key encryption

29. Certificate Authority (CA). A trusted organization.

30. How can a server provide identity? I really am nytimes.com, not some middle-man hacker!

31. Certificate Authority verifies a server. I really am nytimes.com, not some middle-man hacker! Yes, we verified you are.

32. After verification, a Certificate Authority provides an SSL certificate. Here’s an SSL certificate.

33. The digital signature proves that the CA created the certificate.

34. Browsers trust SSL certificates created by specific Certificate Authorities.

HTTPS and YOU

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (8)

Semelhante a HTTPS and YOU

Semelhante a HTTPS and YOU (20)

Último

Último (20)

HTTPS and YOU