The document discusses SSL/TLS security issues including: - Common vulnerabilities in SSL/TLS implementations like Heartbleed, POODLE, and FREAK. - Tools for analyzing SSL/TLS server configurations like Qualys SSL Labs and its new API. - Issues caused by third parties like browser-trusted certificate authorities (CAs) improperly issuing certificates or companies pre-installing software like Superfish that undermine SSL/TLS encryption.
This document discusses best practices for designing, scaling, and maintaining large-scale web applications. Some of the key points made include: having a consistent and flexible data model, loosely coupling components for easier testing and replacement, using caching strategies like page fragments and memcached, and emphasizing development practices like version control, testing, and monitoring performance. The document advocates for a modular architecture with components like load balancers, reverse proxies, caching layers, and asynchronous job queues.
Messaging is the backbone of many top enterprises. It affords reliable, asynchronous data passing to achieve loosely coupled, highly scalable distributed systems. As enterprises large and small become more interconnected, demand for remote and limited devices to be integrated with enterprise systems is surging. Come see how the most widely used, open-source messaging broker, Apache ActiveMQ, fits nicely and how it supports polyglot messaging.
Presented at CloudStack Days Austin. How to succeed in your private cloud project by simplifying networking
The security experts from Cloudflare and WP Engine help you navigate the security landscape for your web infrastructure. Register to watch the on-demand webinar: https://hs.wpengine.com/webinar-securing-web-infrastructure
GlassFish Performance Tuning Tips: 1. Use asadmin commands to discover the GlassFish configuration and identify performance bottlenecks like resource limitations. 2. The tuning process involves measuring performance, analyzing the data to identify issues, generating hypotheses for fixes, changing configurations, and retesting. 3. Standard JVM tools and the GlassFish monitoring interface can be used to measure performance and identify issues like garbage collection delays. 4. Potential configuration changes include JVM tuning, modifying default settings, Grizzly HTTP tuning, logging reductions, and datasource optimizations.
This document discusses automating the measurement of web performance metrics and CDN performance. It outlines how to measure metrics using tools like PhantomJS and Grafana. Metrics like page load time and number of uncompressed assets will be collected from various CDNs using PhantomJS scripts run from AWS instances in different regions. The data will be sent to Graphite and displayed in Grafana dashboards to analyze and compare CDN performance.
Tue, August 23, 12:00pm – 12:30pm Youtube: https://youtu.be/RCjS2SuiGZM First Name: Seth Last Name: Berman Email: sberman@instantiations.com Title: Security with VA Smalltalk Type: Talk Abstract: In response to customer demand, Instantiations has continued to enhance the SSL/TLS and Cryptographic libraries for the next release of VA Smalltalk. In this talk, I will provide a brief overview of the design of these libraries, as well as the tools they provide to help our customers build modern secure software. We have added support for the latest OpenSSL 1.1.0 and with it, some great new features which I will cover, as well. Bio: Before joining Instantiations in May of 2011, Seth spent 10 years developing software for the U.S. government. During this time he worked in a variety of domains to include stochastic simulation, operations research, grid computing and link analysis. Seth is currently the Vice President of Engineering at Instantiations focusing on product development of VA Smalltalk. He has a B.S. in Computer Science and an M.S. in Software Engineering.
This document provides an overview of Chris Wahl and his expertise in networking and virtualization. It summarizes his background as a VMware Certified Design Expert and Pluralsight author. The bulk of the document then summarizes key concepts regarding software-defined networking and how NSX implements networking, security and virtualization services in a virtualized environment in 3 sentences or less per section. It also briefly outlines example use cases and approaches to infrastructure as code and network automation using NSX.
On the eve of what was hoped to be of the biggest traffic days for New York Magazine’s sites, the company was the target of a DDoS attack that caused their sites to go dark. New York quickly turned to Fastly to deflect and overcome the attack. Larry discusses how New York Mag went from zero page views per second to getting back online and recording one of their biggest traffic days of the year with the aid of Fastly’s team and tech. In addition he discusses how New York is leveraging Fastly as part of a larger strategy of performance improvements to deliver the build a better web and deliver the best premium content experience in the context of alternative distribution and consumption channels, such as Google Amp and FB Instant Article.
Giancarlo Gomez presented on using websockets for realtime applications with ColdFusion. He began by explaining what websockets are and how they allow for bidirectional messaging with low latency compared to HTTP polling techniques. He then demonstrated how to enable and use websockets in ColdFusion, including securing connections and using websockets in a clustered environment. Finally, he discussed real world uses of websockets and issues to consider like network connections and application reloads.
WordPress Security Presentation by Jason Conroy (from Finding Simple - http://findingsimple.com) for the March 2013 WordPress Canberra Meetup (http://wpcanberra.com.au)
Presented at the CloudStack Silicon Valley User Group in September 2015 at Nuage Networks. Discussed impact of containers, emerging software defined networking platforms, NFV, IPv6 and performance.
The document describes a "candy shell" security assessment performed by CandyShell Security on an example infrastructure. It identifies numerous common security problems found in the target infrastructure such as privileged accounts, weak passwords, lack of logging and monitoring. It then details how an attacker could potentially compromise various systems by exploiting these issues and gain escalating levels of access. Finally, it discusses some high-level solutions that could help strengthen security.
This document provides an agenda and overview for a presentation on network automation using APIs, Ansible, and Python. The presentation introduces network programmability and automation tools like Ansible, discusses using infrastructure as code approaches, and provides examples of automating network device configurations and modules using Python and Jinja templates. It aims to help network engineers get started with network automation.
This document discusses digital forensics as a service in the cloud. It begins with an introduction to challenges of digital forensics in and of the cloud. It then provides an example architecture diagram of an AWS deployment and discusses common attacks and incidents seen in cloud environments. Finally, it covers topics like evidence acquisition from AWS, tools for incident response and forensics in the cloud, and hardening strategies for cloud assets and networks.
The PowerShell ecosystem continues to grow in size and depth as a popular tool for vSphere administrators, especially alongside the robust PowerCLI modules provided by VMware. But how do you version, share, and contribute your code to the community? Join Chris Wahl for a TechTalk demo showing the setup and configuration of PowerShell ISE and Git Shell for building snazzy scripts that enhance collaboration across internal and external teams.
This document discusses optimizing performance when using SPDY and SSL. It describes how SPDY works by encapsulating HTTP requests within a single encrypted SSL connection. It focuses on setting up a valid SSL connection that supports SPDY and optimizing SSL handshakes, certificates, and encryption to improve performance. Specific techniques discussed include resuming SSL sessions, avoiding delays from certificate validation, using appropriate encryption algorithms and keys, and ensuring all traffic is redirected to HTTPS. Tools for analyzing SSL/SPDY configuration like SSL Labs and SPDYCheck are also mentioned.
Presented at the Atlanta Web Performance Meetup Group on June 2014, Billy Hoffman from Zoompf shows how to improve the performance of your website using SPDY and SSL and discusses SSL issues such as Heartbleed and CRIME
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding. Panel of CASC members: • Robin Alden- Comodo • Jeremy Rowley- DigiCert • Bruce Morton- Entrust • Rick Andrews- Symantec • Wayne Thayer- Go Daddy Watch the recording: http://bit.ly/1jAQCtk
This document provides a summary of checks that a pentester should perform when evaluating the security of SSL/TLS implementations. It discusses checking for support of outdated and insecure protocols like SSLv2 and SSLv3. It also recommends validating support for newer, more secure versions like TLSv1.1 and TLSv1.2. The document outlines steps to check for vulnerabilities like Heartbleed, BEAST, and CRIME. It also provides guidance on evaluating certificate validity, cipher suites, and renegotiation support. Web application considerations like mixed content and HTTP Strict Transport Security are also covered at a high level. The presenter provides these checks and recommendations from the perspective of a pentester to identify potential issues to consider reporting
The document provides an overview of the OWASP Cheat Sheet Series, which aims to collect useful information about web application security in one place. It lists several active and draft cheat sheet topics, including authentication, input validation, SQL injection, session management, and secure coding. One sample cheat sheet discussed in more detail is about transport layer protection, covering benefits, requirements, rules, and testing of TLS/SSL. The logging cheat sheet section discusses logging purposes, event sources, where and what events to log, what not to log, and testing considerations.
Nikto is a popular webserver assessment tool that scans for over 6700 potentially dangerous files and programs, checks for outdated server versions of over 1250 servers, and identifies version-specific problems on 270+ servers. It identifies vulnerabilities very quickly but is not stealthy, making the scans obvious in server logs. Nikto allows tuning scans to specific categories like file uploads, information disclosure, or SQL injection, and has features like SSL support, HTTP proxy support, customizable reports, and host authentication.
Presentation delivered on UKOUG conference in December 2019. Abstract: Nowadays database installations are required to use secure connections to communicate with clients, from connecting to the database listener to interact with external services (for example to send emails from the database). Also since a couple of years ago, it has been required to use stronger protocols like TLS 1.2 (SHA2 algorithm), which requires extra configuration in older database releases. This presentation shows how SSL certificates work from a DBA perspective, which tools are available and examples of configuring and troubleshooting their usage from the Oracle database. It also explores the implications and how to implement TLS 1.2 and common errors found in real life usage.
The document discusses SSL/TLS trends, practices, and futures. It covers global SSL encryption trends and drivers like increased spending on security and regulatory pressure. It discusses SSL best practices like enabling TLS 1.2, disabling weak protocols, using strong cipher strings, and enabling HTTP Strict Transport Security. The document also looks at solutions from F5 like hardware security modules, advanced key and certificate management, and market leading encryption support. It explores emerging standards like TLS 1.3 and topics like elliptic curve cryptography. Finally, it discusses what's next such as OCSP stapling and F5's SSL everywhere architecture.
- The document discusses securing Rails web applications by improving on the framework's default security settings. - It emphasizes using HTTPS to encrypt traffic, securing certificates with tools like Let's Encrypt, and strengthening configurations using the Mozilla SSL Configuration Generator. - Content Security Policies provide an added layer of security by restricting what content can be loaded from external sources, reducing vulnerabilities, though they require careful configuration. - HTTP Public Key Pinning can lock users out if misconfigured, so caution is advised. Overall, the talk provides guidance on tightening security beyond Rails defaults.
Join Jeremy Daggett, Solutions Architect at Lightbend, to see how Fortify SCA for Scala works differently from existing Static Code Analysis tools to help you uncover security issues early in the SDLC of your mission-critical applications.
精彩內容包括如何使用 AWS Web Application Firewall (AWS WAF) 和 CloudFront去保護您的網站﹑CloudFront在背後保障內容傳輸安全性的各種方法﹑使用CloudFront來達到端對端且安全的內容傳輸﹑控制內容使用權﹑在網絡上隱藏內容的原點和在 SSL labs上得到A+的評級。 講師: Eric Chu, Senior A.V.P., eCloudValley
За последние годы разными специалистами и компаниями (от Google до Сноудена) был проделан колоссальный объём работы с целью популяризации протокола SSL, а позже и TLS. Дорабатывались протоколы и шифры, обнаруживались десятки уязвимостей, криптографические библиотеки форкались и проводили аудиты, правозащитные фонды выдавали сотни миллионов сертификатов "забесплатно". В конце концов, TLS явочным порядком, в обход стандарта, стал обязательным для HTTP/2-серверов. Так много сил было приложено, что просто-напросто уже невежливо всё это игнорировать. Однако процесс внедрения TLS за это время, как это ни удивительно, не стал проще ни на йоту. Сисадмины, приступающие к развёртыванию TLS, вынуждены столкнуться с классификацией типов сертификатов, с множеством центров сертификации (которые непонятно, чем друг друга лучше) и с великим множеством дополнительных заголовков и "ручек", каждую из которых можно подёргать с непредсказуемым результатом. В результате даже крупные компании при внедрении TLS допускают ошибки той или иной степени серьёзности (включая, но не ограничиваясь масштабным даунтаймом клиентов GlobalSign), а небольшие стартапы предпочитают, вообще, обходить криптографию стороной. За отведённые на доклад 45 минут мы постараемся дать описание каждой из пресловутых "ручек" и рекомендации по их [не]применению, а также дадим рекомендации по развёртыванию TLS на крупной инфраструктуре.
Презентация с выступления Артема Гавриченкова, CTO Qrator Labs, на конференции для разработчиков высоконагруженных систем Highload++ 2016
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things Amazon CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. You will also learn how you can use AWS Web Application Firewall (AWS WAF) with CloudFront to protect your site. Finally, we will share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting an A+ on SSL labs.
The document discusses various security risks and best practices for securing applications and data in the AWS cloud using a DevOps model. It covers topics like data breaches, weak identity and access management, insecure APIs, system vulnerabilities, account hijacking, and malicious insiders. For each risk, it provides examples of real security incidents and recommendations like implementing least privilege access with IAM, using services like AWS KMS and Secrets Manager for credential storage, enabling MFA, monitoring with GuardDuty and Inspector, and segmenting access. The overall message is that security must be automated, monitored, and built into DevOps workflows from the start when developing in AWS.
This document summarizes DreamObjects, an object storage platform powered by Ceph. It discusses the hardware used in storage and support nodes, including Intel and AMD processors, RAM, disks, and networking components. The document also provides details on Ceph configuration including replication, CRUSH mapping, OSD configuration, and application tuning. Monitoring tools discussed include Chef, pdsh, Sensu, collectd, graphite, logstash, Jenkins and future plans.