SlideShare a Scribd company logo

When the CDN goes bananas

Gabor Szathmari
Gabor Szathmari

How to protect your website assets with Subresource Integrity The slides were first presented on the SecTalks Sydney Meetup: http://www.meetup.com/SecTalks/events/228854146/

Technology
1 of 51
Download to read offline
WHEN THE CDN GOES BANANAS SUBRESOURCE INTEGRITY
WHEN THE CDN GOES BANANAS me_irl • Gabor Szathmari • Information Security Professional Hacker Freelancer • Privacy Advocate
WHEN THE CDN GOES BANANAS I WILL BE TALKING ABOUT • JavaScript hosted by third-parties • Some scary bits • The Solution: Subresource Integrity ‣ What it does ‣ Tooling
THIRD-PARTY CODE ON MODERN WEBSITES
ANALYTICS
A/B TESTING
HEATMAPS
TAG MANAGERS
PRIVATE CDN
PUBLIC CDN
WHEN THE CDN GOES BANANAS MODERN WEBSITES • Third-party JavaScript
 (heatmaps, user tracking, analytics …) • Public CDNs
 (jsDelivr, ajax.googleapis.com, ajax.aspnetcdn.com …) • Private CDNs
 (S3, Akamai, CloudFront, Fastly …)
“YOU KNOW WHAT THEY SAY: LOVE* IS BLIND”* <script src=“”>
WHAT CAN GO WRONG?
WHEN THE CDN GOES BANANAS MODERN WEBSITES • Third-party JavaScript
 (heatmaps, user tracking, analytics …) • Public CDNs
 (jsDelivr, ajax.googleapis.com, ajax.aspnetcdn.com …) • Private CDNs
 (S3, Akamai, CloudFront, Fastly …) HACKED
window.location.href =
 "https://www.reddit.com/ r/badmemes"
WHEN THE CDN GOES BANANAS 🙀 🙀 🙀 • https://www.maxcdn.com/blog/bootstrapcdn-security-post-mortem/ • https://blog.pagefair.com/2015/halloween-security-breach/ • https://citizenlab.org/2015/04/chinas-great-cannon/ • http://securityaffairs.co/wordpress/31480/cyber-crime/afghanistan- cdn-network-hacked.html • https://medium.com/@FredericJacobs/the-reuters-compromise-by- the-syrian-electronic-army-6bf570e1a85b
REUTERS.COM SEA.SY
HTTP://CDN.TABOOLA.COM/LIBTRC/ REUTERS-NETWORK/LOADER.JS
WHEN THE CDN GOES BANANAS WHAT IS THE DAMAGE? • Unwanted redirection • Website defacement • Click fraud • Exploit kits (ransomware) • Cookie stealing, session hijacking • Keylogging • UI redressing (password stealing, OTP stealing)
WHAT CAN WE DO?
SUBRESOURCE INTEGRITY
 AKA. SRI
PROTECTS
 JAVASCRIPT
 INTEGRITY
PROTECTS
 CSS
 INTEGRITY
<script src="https:// cdn.jsdelivr.net/jquery/2.1.4/ jquery.min.js"
 integrity="sha256-ImQv...=" crossorigin="anonymous"
 ></script>
"TRUST, BUT VERIFY”
“Я НЕМНОГО ЧАЙНИКА”
<SCRIPT SRC=“HTTPS:// MAXCDN.BOOTSTRAPCDN.COM/.. ./BOOTSTRAP.MIN.JS” INTEGRITY=“SHA512-I3A1A…”
WHEN THE CDN GOES BANANAS BROWSER SUPPORT
WHEN THE CDN GOES BANANAS
TOOLING
MANUAL HASHING
WHEN THE CDN GOES BANANAS OPENSSL • openssl dgst -sha256 -binary jquery.min.js | openssl base64 -A • openssl dgst -sha384 -binary jquery.min.js | openssl base64 -A • openssl dgst -sha512 -binary jquery.min.js | openssl base64 -A
WHEN THE CDN GOES BANANAS OPENSSL • $ curl -s
 https://code.jquery.com/jquery-2.2.3.min.js |
 openssl dgst -sha512 -binary |
 openssl base64 -A
 
 SFaNb3xC08k/Wf6CRM1J+O/vv4YWyrPBSdy0o+1nqKzf +uLrIBnaeo8aYoAAOd31nMNHwX8zwVwTMbbCJjA8Kg==
 • <script src=“https://code.jquery.com/jquery-2.2.3.min.js” integrity=“sha512-SFaNb3xC08k/Wf…” […]
HOSTED TOOLS
SRIHASH.ORG REPORT-URI.IO JSDELIVR.COM
CMS
WHEN THE CDN GOES BANANAS PLUGINS • WordPress
 https://wordpress.org/plugins/wp-sri/ • Drupal
 https://www.drupal.org/project/advagg
WORKFLOW INTEGRATION
WHEN THE CDN GOES BANANAS WORKFLOW INTEGRATION
WHEN THE CDN GOES BANANAS WORKFLOW INTEGRATION
SCAN YOUR WEBSITE FOR SRI USAGE
SRITEST.IO
SRITEST.IO
WHEN THE CDN GOES BANANAS TOOLING • Manual • Hosted • CMS Plugins • Workflow Integration • sritest.io
WHEN THE CDN GOES BANANAS SUMMARY • Modern websites rely on JS/CSS • Hosted on CDNs / at third-parties • SRI protects from unexpected JS/CSS changes • Tooling is available
WHEN THE CDN GOES BANANAS FURTHER READING • https://www.owasp.org/index.php/ 3rd_Party_Javascript_Management_Cheat_Sheet • http://j.mp/cdn-goes-bananas • http://j.mp/new-sri2-features ‣ Enforce SRI with CSP ‣ Violation Reporting
WHEN THE CDN GOES BANANAS THANK YOU• @gszathmari • PGP: keybase.io/gszathmari

Recommended

Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defenseSecuRing
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
WSO2 API Management - UFF
WSO2 API Management - UFFWSO2 API Management - UFF
WSO2 API Management - UFFHugo Henley
 
Grabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceGrabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceJP Bourget
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
 

Recommended

Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defenseSecuRing
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
WSO2 API Management - UFF
WSO2 API Management - UFFWSO2 API Management - UFF
WSO2 API Management - UFFHugo Henley
 
Grabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceGrabbing Forensic Images from EC2/Rackspace
Grabbing Forensic Images from EC2/RackspaceJP Bourget
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019PeckaDesign.cz
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?SecuRing
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2Jim Manico
 
Shields Up! Securing React Apps
Shields Up! Securing React AppsShields Up! Securing React Apps
Shields Up! Securing React AppsZachary Klein
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Become an IAM Policy Ninja
Become an IAM Policy NinjaBecome an IAM Policy Ninja
Become an IAM Policy NinjaAmazon Web Services
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedTorsten Lodderstedt
 
Using Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud ServersUsing Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud Serversbanerjeea
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAdam Fokken
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAmazon Web Services
 
AWS Security
AWS SecurityAWS Security
AWS SecurityVijayendra Bhati
 
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPRafal Gancarz
 

More Related Content

What's hot

Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019PeckaDesign.cz
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?SecuRing
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2Jim Manico
 
Shields Up! Securing React Apps
Shields Up! Securing React AppsShields Up! Securing React Apps
Shields Up! Securing React AppsZachary Klein
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsBryant Poush
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Amazon Web Services
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMBrandon Wells
 
Using Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud ServersUsing Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud Serversbanerjeea
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAdam Fokken
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAmazon Web Services
 

What's hot (20)

Web content security policies
Web content security policiesWeb content security policies
Web content security policies
 
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
Péhápkaři v Pecce: Jak na bezpečnostní hlavičky – Marek Humpolík – 23. 1. 2019
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
Access Control Pitfalls v2
Access Control Pitfalls v2Access Control Pitfalls v2
Access Control Pitfalls v2
 
Shields Up! Securing React Apps
Shields Up! Securing React AppsShields Up! Securing React Apps
Shields Up! Securing React Apps
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScript
 
IAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with ConditionsIAM Deep Dive - Custom IAM Policies with Conditions
IAM Deep Dive - Custom IAM Policies with Conditions
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennai
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)Introduction to Identity and Access Management (IAM)
Introduction to Identity and Access Management (IAM)
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAMAWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
AWS Windsor User Group - June 7th 2018 - Amazon Web Services IAM
 
Become an IAM Policy Ninja
Become an IAM Policy NinjaBecome an IAM Policy Ninja
Become an IAM Policy Ninja
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
Using Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud ServersUsing Behavior to Protect Cloud Servers
Using Behavior to Protect Cloud Servers
 
AWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep DiveAWS Twin Cities Meetup - IAM Deep Dive
AWS Twin Cities Meetup - IAM Deep Dive
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets Mallory
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS Security
 
AWS Security
AWS SecurityAWS Security
AWS Security
 

Similar to When the CDN goes bananas

AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...Amazon Web Services
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPRafal Gancarz
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesBrad Hill
 
Delivering Javascript to World+Dog
Delivering Javascript to World+DogDelivering Javascript to World+Dog
Delivering Javascript to World+DogKyle Randolph
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleChris Farris
 
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...Andrey Devyatkin
 
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...Andrey Devyatkin
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSTeri Radichel
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Jay Zarfoss
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJSThang Chung
 
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)Amazon Web Services
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
How elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroomHow elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroomGraham Tackley
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
 
Living on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian ColeLiving on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian Colejaxconf
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 

Similar to When the CDN goes bananas (20)

AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
AWS re:Invent 2016: Life Without SSH: Immutable Infrastructure in Production ...
 
Securing Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTPSecuring Microservices using Play and Akka HTTP
Securing Microservices using Play and Akka HTTP
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
 
Delivering Javascript to World+Dog
Delivering Javascript to World+DogDelivering Javascript to World+Dog
Delivering Javascript to World+Dog
 
Building A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for ScaleBuilding A Cloud Security Strategy for Scale
Building A Cloud Security Strategy for Scale
 
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
 
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
2020-02-20 - HashiTalks 2020 - HashiCorp Vault configuration as code via Hash...
 
Automated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWSAutomated Intrusion Detection and Response on AWS
Automated Intrusion Detection and Response on AWS
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Secure Coding for NodeJS
Secure Coding for NodeJSSecure Coding for NodeJS
Secure Coding for NodeJS
 
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
 
performance.ppt
performance.pptperformance.ppt
performance.ppt
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
How elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroomHow elasticsearch powers the Guardian's newsroom
How elasticsearch powers the Guardian's newsroom
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
Living on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian ColeLiving on the edge at Netflix - Adrian Cole
Living on the edge at Netflix - Adrian Cole
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 

More from Gabor Szathmari

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmGabor Szathmari
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesGabor Szathmari
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsiblyGabor Szathmari
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsGabor Szathmari
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenchesGabor Szathmari
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Gabor Szathmari
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopGabor Szathmari
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introductionGabor Szathmari
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists IntroductionGabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)Gabor Szathmari
 

More from Gabor Szathmari (13)

Iron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firmIron Bastion: Preventing business email compromise fraud at your firm
Iron Bastion: Preventing business email compromise fraud at your firm
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Hacking law firms with abandoned domain names
Hacking law firms with abandoned domain namesHacking law firms with abandoned domain names
Hacking law firms with abandoned domain names
 
How to manage your client's data responsibly
How to manage your client's data responsiblyHow to manage your client's data responsibly
How to manage your client's data responsibly
 
How to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scamsHow to protect your clients and your law firm from money transfer scams
How to protect your clients and your law firm from money transfer scams
 
Phishing stories from the trenches
Phishing stories from the trenchesPhishing stories from the trenches
Phishing stories from the trenches
 
Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017Help! I am an Investigative Journalist in 2017
Help! I am an Investigative Journalist in 2017
 
CryptoParty Tor Relay Workshop
CryptoParty Tor Relay WorkshopCryptoParty Tor Relay Workshop
CryptoParty Tor Relay Workshop
 
Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introduction
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)
 

Recently uploaded

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

When the CDN goes bananas