SlideShare uma empresa Scribd logo

Better Do What They Told Ya

Transferir como PPTX, PDF
U
urma

Developers are pressed for producing more secure code, but do not receive support from stakeholders, management and even from the very manufacturers who produce the tools used to write applications. What can go wrong when even the official documentation for a product is wrong regarding security aspects?

Tecnologia
1 de 41
© 2012 Presented by: Software Development: You Better Do What They Told Ya Ulisses Albuquerque ualbuquerque@trustwave.com
© 2012 $ whois urma • Ulisses Albuquerque – App Security Consultant for Trustwave SpiderLabs • Penetration testing • Code reviews • Secure development training – Passionate and opinionated developer • Ruby and C FTW – Long time F/LOSS advocate • It’s all about the community
© 2012 Who is SpiderLabs? SpiderLabs is the elite security team at Trustwave, offering clients the most advanced information security expertise and intelligence available today. The SpiderLabs team has performed more than 1,500 computer incident response and forensic investigations globally, as well as over 15,000 penetration and application security tests for Trustwave’s clients. The global team actively provides threat intelligence to both Trustwave and growing numbers of organizations from Fortune 50 to enterprises and start-ups. Companies and organizations in more than 50 countries rely on the SpiderLabs team’s technical expertise to identify and anticipate cyber security attacks before they happen. Featured Speakers at: Featured Media:
© 2012 Agenda • Motivation • Non-Functional Requirements • Who You Gonna Call? • Official Documentation • What Can We Do About It? • Conclusion
© 2012© 2012 Motivation
© 2012 Motivation Really, b*tch? http://seclists.org/fulldisclosure/2013/Apr/173 Meanwhile, on [full-disclosure]…
© 2012 Motivation http://memegenerator.net/instance/37406597
© 2012 Motivation • Are developers really at fault? • Do we (ahem, them) really suck this much? • Do we have an attitude problem between developers and security people in the software industry? • Obviously not, developers SUCK, right?
© 2012© 2012 Non-Functional Requirements
© 2012 Non-Functional Requirements • Implicit expectations about the software • It should be fast • It should not crash • It should be user-friendly • It should be secure
© 2012 Non-Functional Requirements http://memegenerator.net/instance/37522060
© 2012© 2012 Who You Gonna Call?
© 2012 Who You Gonna Call? Software Concepts Business Needs Constraints Craftmanship
© 2012 Who You Gonna Call? • How to fill the concept-to-code knowledge gap? • Google can help • Stack Overflow can help a lot • But… There’s more than one way to do it™ http://www.spidereyeballs.com/os5/perl/small_os5_r23_1542.html
© 2012 Who You Gonna Call?
© 2012 Who You Gonna Call?
© 2012 Who You Gonna Call?
© 2012 Who You Gonna Call? • Official documentation should be the most trustworthy source of information • We don’t want to know just any “how to do it” • We want to know “how to do it in a secure way” http://www.themahoganyblog.com/2012/04/attention-music-imposter/laptop-thief/ <3 Stack Overflow!
© 2012© 2012 How are vendors providing information on the security aspects of their tools, APIs and frameworks?
© 2012© 2012 Official Documentation
© 2012 Official Documentation - Java http://docs.oracle.com/javase/7/docs/api/java/io/File.html#toURL()
© 2012 Official Documentation - Java • Pros • Use of annotations to indicate deprecated APIs • Compiler warnings • Clear indication of reason for deprecation • Security aspects mixed with functional description • Cons • Deprecation is not a security-oriented feature
© 2012 Official Documentation - .NET http://msdn.microsoft.com/en-us/library/system.collections.caseinsensitivehashcodeprovider.aspx
© 2012 Official Documentation - .NET • Pros • Use of annotations to indicate deprecated APIs • Compiler warnings • Cons • No indication of reason for deprecation • Deprecation is not a security-oriented feature
© 2012 Official Documentation • What about code samples? http://msdn.microsoft.com/en-us/library/system.io.file.aspx Race condition in sample code?
© 2012 Official Documentation • It’s not only about documentation in web pages • manpages are very inconsistent in their presentation of security-relevant information • Shame on us, F/LOSS developers
© 2012 Official Documentation
© 2012 Official Documentation
© 2012 Official Documentation
© 2012 Official Documentation
© 2012 Official Documentation http://memegenerator.net/instance/37529225
© 2012© 2012 Sometimes it’s not just incompetence or laziness, but intentionally harmful documentation
© 2012 Official Documentation http://docs.oracle.com/cd/E13222_01/wls/docs81b/secintro/archtect.html#1033713 Are you f*cking kidding me, Oracle?
© 2012© 2012 What Can We Do About It?
© 2012 What Can We Do About It? • We = security professionals – Ignorance != incompetence – Assume developers are unaware of their mistakes – Avoid confrontation • Do proper secure SDLC and be involved in ALL stages of development – Help developers make the right choices instead of just vetoing them – Easier said than done, unfortunately
© 2012 What Can We Do About It? • We = developers – Developers write tools for developers – Add consistent and comprehensive security information to documentation – Help fellow developers make the right choices • Deprecate what needs deprecation • Remove what is too dangerous
© 2012© 2012 Conclusion
© 2012 Conclusion • Developers need training – Obviously • Vendor documentation MUST improve – Even trained developers need context to guide their choices • Developers are easy targets after a breach – Their work takes months or years, breaches happen in the blink of an eye
© 2012 Conclusion • MOAR ACCOUNTABILITY! MOAR RESOURCES! – Train your teams – Assess your results and ACT on them • Security people need to position themselves as facilitators rather than opponents – Who enjoys having their work vetoed after months working on it?
© 2012© 2012 Questions?
© 2012 Trustwave SpiderLabs SpiderLabs is an elite team of ethical hackers at Trustwave advancing the security capabilities of leading businesses and organizations throughout the world. More Information: Web: https://www.trustwave.com/spiderlabs Blog: http://blog.spiderlabs.com Twitter: @SpiderLabs

Recomendados

SmartTV Security
SmartTV SecuritySmartTV Security
SmartTV Security
Ulisses Albuquerque
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
Priyanka Aash
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Vulnerability management and threat detection by the numbers
Vulnerability management and threat detection by the numbersVulnerability management and threat detection by the numbers
Vulnerability management and threat detection by the numbers
Eoin Keary
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 

Recomendados

SmartTV Security
SmartTV SecuritySmartTV Security
SmartTV Security
Ulisses Albuquerque
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
Priyanka Aash
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Vulnerability management and threat detection by the numbers
Vulnerability management and threat detection by the numbersVulnerability management and threat detection by the numbers
Vulnerability management and threat detection by the numbers
Eoin Keary
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Stefan Streichsbier
 
Your Open Source Program Office
Your Open Source Program OfficeYour Open Source Program Office
Your Open Source Program Office
Gil Yehuda
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
Archana Joshi
 
[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides
TI Safe
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
Denim Group
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
Tom Stiehm
 
162 the technologist of the future
162 the technologist of the future162 the technologist of the future
162 the technologist of the future
Peter Varhol
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
Priyanka Aash
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
Denim Group
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOps
WhiteSource
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
Tom Stiehm
 
CV
CVCV
CV
Ehab Al-Qabbani
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
IT Governance and Compliance in an Agile World
IT Governance and Compliance in an Agile WorldIT Governance and Compliance in an Agile World
IT Governance and Compliance in an Agile World
TechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
NetIQ
 

Mais conteúdo relacionado

Mais procurados

Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
Denim Group
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
Denim Group
 
CV
CVCV
CV
Ehab Al-Qabbani
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With Confidence
WhiteSource
 

Mais procurados (19)

Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
 
Your Open Source Program Office
Your Open Source Program OfficeYour Open Source Program Office
Your Open Source Program Office
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides[CLASS 2014] Palestra Técnica - Alexandre Euclides
[CLASS 2014] Palestra Técnica - Alexandre Euclides
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
Building a Mobile Security Program
Building a Mobile Security ProgramBuilding a Mobile Security Program
Building a Mobile Security Program
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
 
162 the technologist of the future
162 the technologist of the future162 the technologist of the future
162 the technologist of the future
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOps
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
CV
CVCV
CV
 
Empowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With ConfidenceEmpowering Financial Institutions to Use Open Source With Confidence
Empowering Financial Institutions to Use Open Source With Confidence
 

Semelhante a Better Do What They Told Ya

Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
 
IT Governance and Compliance in an Agile World
IT Governance and Compliance in an Agile WorldIT Governance and Compliance in an Agile World
IT Governance and Compliance in an Agile World
TechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
NetIQ
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
TechWell
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
Denim Group
 
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Zivtech, LLC
 
Eight Steps to Kanban
Eight Steps to KanbanEight Steps to Kanban
Eight Steps to Kanban
TechWell
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 
Scaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development FlowScaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development Flow
TechWell
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
Denim Group
 
Bridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapBridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On Gap
OracleIDM
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
TechWell
 
Ciw going mobile
Ciw going mobileCiw going mobile
Ciw going mobile
r82093403
 

Semelhante a Better Do What They Told Ya (20)

Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for ApplicationsTop Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
 
IT Governance and Compliance in an Agile World
IT Governance and Compliance in an Agile WorldIT Governance and Compliance in an Agile World
IT Governance and Compliance in an Agile World
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
Open Source isn't Just Good, it's Good Business - DrupalCamp Colorado 2014
 
Eight Steps to Kanban
Eight Steps to KanbanEight Steps to Kanban
Eight Steps to Kanban
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 
Scaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development FlowScaling Agile with the Lessons of Lean Product Development Flow
Scaling Agile with the Lessons of Lean Product Development Flow
 
Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?Software Security for Project Managers: What Do You Need To Know?
Software Security for Project Managers: What Do You Need To Know?
 
Devsec ops
Devsec opsDevsec ops
Devsec ops
 
Just4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applicationsJust4Meeting 2012 - How to protect your web applications
Just4Meeting 2012 - How to protect your web applications
 
Bridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On GapBridging the Cloud Sign-On Gap
Bridging the Cloud Sign-On Gap
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
IT Security As A Service
IT Security As A ServiceIT Security As A Service
IT Security As A Service
 
Ciw going mobile
Ciw going mobileCiw going mobile
Ciw going mobile
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Better Do What They Told Ya

Notas do Editor

  1. Google Oriented Programming = busca no Google, tentafazerigual, se funcionarpassapara o próximoproblema
  2. As respostasmaisóbvias de “comofazer” tambémsãofontes de informaçãofáceisparaosatacantesO atacantenão tem nada a perder
  3. Adicionaranimaçãoparatransicionar entre pros e cons
  4. Adicionaranimaçãoparatransicionar entre pros e cons
  5. De acordo com o estudo da Whitehat Security, 27% dos desenvolvedoresnuncativeramtreinamento de desenvolvimentoseguro, e 32% tiveramaté 3 diasapenas