ATAGTR2017 Security Testing / IoT Testing in Real World
4 likes1,272 views
The document discusses the security testing challenges and threats associated with the Internet of Things (IoT), emphasizing the significant vulnerabilities in various IoT devices and their potential impact on privacy and safety. It highlights real-world examples of IoT breaches, including compromised industrial systems and healthcare devices, and suggests a multi-faceted approach for improving IoT security. The presentation concludes with recommendations for securing IoT deployments and staying informed about the latest threats and defenses.
1 of 43
![Agile Testing Alliance Global Testing Retreat 2017
• the interconnection via the Internet of
computing devices embedded in everyday
objects, enabling them to send and receive
data. [Wikipedia]
What is IOT ?](https://image.slidesharecdn.com/securitytesting-iottestinginrealworld-170321061720/85/ATAGTR2017-Security-Testing-IoT-Testing-in-Real-World-4-320.jpg)
![Agile Testing Alliance Global Testing Retreat 2017
• Experts estimate that the IoT will consist of
almost 50 billion objects by 2020. [Wikipedia]](https://image.slidesharecdn.com/securitytesting-iottestinginrealworld-170321061720/85/ATAGTR2017-Security-Testing-IoT-Testing-in-Real-World-5-320.jpg)
![Agile Testing Alliance Global Testing Retreat 2017
• In computing, a hacker is any highly skilled computer expert
capable of breaking into computer systems and networks using
bugs and exploits. [Wikipedia]
• A child playing with his remote control car gets curious to know
how it operates so, disintegrates the controller and toy car to
know about it’s working is also a hacker !
Who is a Hacker ?](https://image.slidesharecdn.com/securitytesting-iottestinginrealworld-170321061720/85/ATAGTR2017-Security-Testing-IoT-Testing-in-Real-World-18-320.jpg)
Ad
Recommended
ATAGTR2017 Static and dynamic code analysis for mobile applications - Act ear...
ATAGTR2017 Static and dynamic code analysis for mobile applications - Act ear...Agile Testing Alliance The document discusses the significance of static and dynamic code analysis for mobile applications, particularly focusing on Android, to identify hidden issues prior to testing. It outlines methods and tools such as lint and droidbox, highlighting the benefits of using these analyses to enhance application performance, security, and reliability. Additionally, it emphasizes the limitations of manual testing and advocates for incorporating these techniques into the testing phase for improved outcomes.
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...Agile Testing Alliance The document discusses approaches to cost-effective security testing for web, mobile, and enterprise applications, emphasizing the need for continuous engagement of security testing teams throughout the software development lifecycle (SDLC). It highlights the importance of understanding security requirements and enterprise security architecture to optimize testing efforts and tool selection. The document also reviews various open-source and commercial tools available for different types of security testing, along with strategies to minimize resource and tool costs.
ATAGTR2017 Test the REST
ATAGTR2017 Test the REST Agile Testing Alliance The document discusses REST (Representational State Transfer) as an architectural style for web service communication using HTTP protocols and various methods like GET and POST. It highlights the importance of API automation for early defect detection, contract validation, and faster results in CI/CD environments, emphasizing the role of the Rest Assured library for testing REST services in Java. Additionally, it provides a basic example of how to use Rest Assured for making HTTP GET requests.
ATAGTR2017 Bee-Hive approach for Big Data Testing [End to End Continuous Test...
ATAGTR2017 Bee-Hive approach for Big Data Testing [End to End Continuous Test...Agile Testing Alliance The document discusses big data testing methodologies presented at the Agile Testing Alliance Global Testing Retreat 2017, highlighting essential processes such as data extraction, transformation, analytics, and validation across various tools and platforms. It emphasizes the significance of big data in driving ROI through machine learning and artificial intelligence, focusing on how data engineering aids in improving decision-making. Additionally, it outlines testing strategies for functional, performance, and security aspects within a big data ecosystem.
ATAGTR2017 Security Test Driven Development (STDD)
ATAGTR2017 Security Test Driven Development (STDD)Agile Testing Alliance The document discusses the importance of security in agile development, highlighting methods such as dynamic and static application security testing. It emphasizes the need for implementing security measures within agile frameworks and mentions forensic analysis as essential. The content is part of the Agile Testing Alliance Global Testing Retreat 2017 event, featuring discussions on securing applications in agile environments.
ATAGTR2017 HikeRunner: Load Test Framework
ATAGTR2017 HikeRunner: Load Test FrameworkAgile Testing Alliance Hike Messenger, a messaging app launched in December 2012 with over 100 million users, utilizes an in-house load testing framework called HikeRunner to simulate user journeys and assess system performance under load. Key metrics analyzed include throughput, CPU utilization, memory consumption, and latency to identify bottlenecks and ensure scalability. The framework supports various testing scenarios and integrates with CI for comprehensive performance reporting.
ATAGTR2017 Wearable App Testing
ATAGTR2017 Wearable App TestingAgile Testing Alliance The document discusses wearable technology and the approach to testing wearable applications, focusing on their integration with sensors and connectivity to primary devices. It includes a case study on the Moto 360, outlining setup and debugging processes, as well as challenges faced during testing such as real-time data tracking, UI compatibility, and battery life. Key testing criteria mentioned include quality, platform, communication, and functionality.
ATAGTR2017 SPEAKING EYE for differently abled people to see the web content
ATAGTR2017 SPEAKING EYE for differently abled people to see the web contentAgile Testing Alliance The document discusses web accessibility for differently abled individuals, emphasizing its importance for equality and inclusion in accessing online content. It outlines key concepts such as assistive technologies, global standards like WCAG 2.0, and the need for accessibility testing in the software industry. The future challenges and trends in accessibility, including mobile devices and the Internet of Things, are also highlighted.
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingAgile Testing Alliance The document discusses challenges in IoT regression testing, particularly the cost and effort involved in replicating testing environments and obtaining test data. It presents a case for automating maintenance actions for machines by using a sensor simulator to reduce manual effort and improve testing efficiency. The proposed solution includes creating a tool that simulates sensor readings, integrating it with continuous testing, and ultimately reducing time and costs associated with real sensors.
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorDevSecCon This document discusses integrating application security testing (*AST) into continuous integration and continuous delivery (CI/CD) workflows. It outlines various *AST techniques like static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) and considers their speed, ease of integration, ease of use, relevance, and ability to drive remediation actions. The key to making it work is to leverage multiple technologies at different stages, prioritizing fast and integrated options, and defining practical risk-based policies to balance security and speed in a CI/CD environment.
ATAGTR2017 Testing of Connected Cars Based on IOT
ATAGTR2017 Testing of Connected Cars Based on IOTAgile Testing Alliance This document discusses the Internet of Things (IoT) and its application in connected cars, highlighting features, statistics, and technologies used in these vehicles. It covers topics such as wireless connectivity, in-vehicle safety systems, telematics, web services, and APIs, with an emphasis on testing methodologies for connected vehicles. The document serves as a comprehensive overview of the advancements in connected car technology and the importance of testing to ensure functionality and safety.
ATAGTR2017 Artificial Intelligence in Software Testing – Demystified
ATAGTR2017 Artificial Intelligence in Software Testing – DemystifiedAgile Testing Alliance The document discusses the integration of AI and robotics in software testing, highlighting the benefits of intelligent automation systems and their ability to enhance quality assurance through data analytics, machine learning, and autonomous frameworks. It emphasizes the need for organizations to adapt to evolving digital landscapes and implement smarter automation strategies amidst challenges such as requirement changes and data complexity. The future of QA involves a shift towards proactive, predictive analytics that optimize testing processes and improve overall efficiency.
From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaDevSecCon This document discusses establishing security champions within development teams to help integrate security practices into the software development lifecycle. It recommends recruiting 1-2 members from each product team as volunteers, providing them with security training, empowering them to take over security "grooming" responsibilities, setting goals for champions and their teams, and rewarding champions with additional training opportunities to encourage the program. The overall goal is to help scale application security practices across many teams with compressed development timelines.
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind SpotCigital The document discusses the challenges and solutions associated with using static analysis tools for application security, particularly focusing on issues related to static application security testing (SAST) and the limitations of these tools in understanding various frameworks and asynchronous programming. It details the importance of recognizing tainted data sources and the need for custom rules to enhance the performance of SAST tools, especially in contexts involving .NET web APIs. The author shares insights on overcoming specific obstacles faced during the implementation of SAST, including modifications to how generated code is analyzed, ensuring comprehensive security assessments.
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevSecCon This document discusses how DevOps presents both opportunities and challenges for application security. It describes how release timelines and team sizes have changed from waterfall to agile to DevOps approaches. It advocates for security teams to build relationships with developers, share accountability for security, provide training and remediation coaching. It also recommends strategies like appointing security champions, integrating right-sized security practices into the DevOps pipeline through techniques like static analysis, and adjusting security programs to the faster pace of DevOps.
Null application security in an agile world
Null application security in an agile worldStefan Streichsbier The document discusses the integration of application security (AppSec) within agile and DevOps frameworks, emphasizing its importance in enhancing business success alongside usability and performance. It highlights the evolution of AppSec, the challenges of traditional security practices, and proposes a collaborative, iterative approach that incorporates security seamlessly throughout the development lifecycle. Ultimately, it promotes a mindset shift towards continuous improvement, automation, and a culture of collaboration to address security needs effectively.
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)Qualitest The document discusses integrating security into the DevOps lifecycle, emphasizing that security is a collective responsibility across all stakeholders. It outlines the evolution of software delivery from traditional models to DevOps and suggests principles for embedding security early in the process, such as automation and building security champions within teams. The work highlights the need for collaboration between developers, security, and operations to protect applications effectively.
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier This document discusses application security in an agile development world. It begins with a brief history of application security and defines it as a quality aspect that contributes to business success like user experience and performance. Application security was traditionally handled by network teams but is now the responsibility of developers. The document advocates for adopting a DevSecOps approach where security is integrated into the development process through activities like threat modeling, design reviews, security testing, and monitoring. This allows catching issues earlier in the development cycle when they are cheaper to fix. The document provides examples of how to incorporate security into agile frameworks like Scrum.
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav The document summarizes Suman Sourav's presentation on application security at the OWASP Indonesia Day 2017 conference. It discusses DevSecOps which aims to shift security left in the SDLC by integrating security practices and tools into development. It also outlines people, processes, and technologies needed for a DevSecOps approach, including training developers, defining security metrics and roadmaps, and using tools that automate security testing throughout the development cycle.
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon The document discusses how security practices can be integrated further left into the software development lifecycle using a DevSecOps approach. It outlines how traditional security operated in silos separate from development. DevSecOps aims to break down these silos by integrating security activities like policy, reviews, and audits directly into development practices like coding, continuous integration, and deployment. This is achieved through automation and tools as well as collaborative environments to bring together stakeholders from security, development, and operations. The document concludes that a DevSecOps approach following principles from Agile and DevOps can help redefine security and establish new baselines.
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft The document discusses the challenges and strategies in continuous delivery and development, emphasizing the importance of quality assurance for application components that may not be ready simultaneously. It highlights testing strategies, such as static analysis and API testing, to address dependencies between components. Additionally, it introduces Parasoft's continuous testing platform and environment management tools to support efficient development and testing practices.
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Stefan Streichsbier The document discusses how to integrate security practices into DevOps workflows at speed. It recommends a three step approach: 1) Make security part of agile planning and processes like Scrum, including security training, requirements, testing and demos. 2) Implement a "DevSecOps" pipeline that automates security checks and testing at each stage of development. 3) Continuously measure and reduce security debt and improve app robustness and security skills over time. The goal is to shift security left and make it part of fast-paced DevOps cycles.
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityParasoft The document discusses the complexities and challenges of end-to-end testing in IoT systems, highlighting issues such as disparate technologies, limited testing strategies, and difficulties in automation. It suggests improving testing effectiveness through prioritization of automated tests, the use of service virtualization, and measuring test results comprehensively. The overarching theme emphasizes the need for reliable quality processes that enable organizations to assess modules and their interactions effectively.
A Secure DevOps Journey
A Secure DevOps JourneyVeracode Pete Chestna has 25 years of experience in enterprise software development and has worked at Veracode for over 10 years. He discusses the evolution from waterfall to agile to DevOps approaches. With waterfall, quality tasks like security occurred late in the process and were unpredictable. Agile broke down silos but security initially remained separate. DevOps integrates security throughout by automating tasks, enabling zero downtime upgrades, and embedding security into definitions of done. The journey requires revolution at a micro level and evolution at a macro level through continuous improvement and empathy.
The State of Testing 2017
The State of Testing 2017SmartBear The State of Testing 2017 report presents insights from a global survey conducted by SmartBear, highlighting key trends in testing methodologies, automation, and scripting proficiency. Key findings indicate a shift towards automation, with 82% of respondents focusing on API testing, and a majority emphasizing unit and performance testing. The report concludes that automation is expected to increase significantly within two years, suggesting a direct correlation between scripting skills and testing effectiveness.
Engineering Trust in Your Automated Tests
Engineering Trust in Your Automated TestsJyoti Mittal Automated testing is important for achieving speed and quality in software development. However, flaky tests can undermine trust in test results. The document discusses strategies for addressing flaky tests, including quarantining them, understanding their causes, improving test code quality, and rewriting tests if needed. The goal is to create reliable automated tests that build trust in the testing process.
Measuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarSauce Labs The document outlines key strategies for successful test automation, emphasizing the importance of measuring progress, effective resource utilization, and team performance monitoring. It presents insights from QASource, which boasts extensive experience and capabilities in automation, including over 100,000 automated test cases and 500 engineers. The content also highlights budgeting for automation and delivering measurable value to optimize efforts and support management decisions.
Maturing your path toward DevOps with Continuous Testing
Maturing your path toward DevOps with Continuous TestingPerfecto Mobile The document discusses continuous testing as a means to automate tests in the software delivery pipeline for fast feedback on business risks. It highlights common issues in test automation, such as instability and failure patterns, and emphasizes the need for a risk-based approach to improve testing efficiency. Additionally, it outlines the role of machine learning in test automation, including use cases for recognizing objects and making quality-related decisions based on data.
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati This document summarizes a presentation about security testing for Internet of Things (IoT) devices. It discusses how the proliferation of IoT devices has expanded the security perimeter and increased security concerns. Some key points made include that IoT devices are vulnerable to attacks due to weak security, lack of encryption, and inability to validate certificates. The document recommends testing practices for IoT security such as fuzz testing, security audits, blended volumetric attack testing, and quality of experience validation to identify vulnerabilities before customers are impacted.
Solnet dev secops meetup
Solnet dev secops meetuppbink DevSecOps aims to integrate security practices into DevOps workflows to deliver value faster and safer. It addresses challenges like keeping security practices aligned with continuous delivery models and empowered DevOps teams. DevSecOps incorporates security checks and tools into development pipelines to find and fix issues early. This helps prevent breaches like the 2017 Equifax hack, which exploited a known vulnerability. DevSecOps promotes a culture of collaboration, shared responsibility, and proactive security monitoring throughout the software development lifecycle.
More Related Content
What's hot (20)
ATAGTR2017 The way to recover the issue faced in IoT regression Testing
ATAGTR2017 The way to recover the issue faced in IoT regression TestingAgile Testing Alliance The document discusses challenges in IoT regression testing, particularly the cost and effort involved in replicating testing environments and obtaining test data. It presents a case for automating maintenance actions for machines by using a sensor simulator to reduce manual effort and improve testing efficiency. The proposed solution includes creating a tool that simulates sensor readings, integrating it with continuous testing, and ultimately reducing time and costs associated with real sensors.
Ast in CI/CD by Ofer Maor
Ast in CI/CD by Ofer MaorDevSecCon This document discusses integrating application security testing (*AST) into continuous integration and continuous delivery (CI/CD) workflows. It outlines various *AST techniques like static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) and considers their speed, ease of integration, ease of use, relevance, and ability to drive remediation actions. The key to making it work is to leverage multiple technologies at different stages, prioritizing fast and integrated options, and defining practical risk-based policies to balance security and speed in a CI/CD environment.
ATAGTR2017 Testing of Connected Cars Based on IOT
ATAGTR2017 Testing of Connected Cars Based on IOTAgile Testing Alliance This document discusses the Internet of Things (IoT) and its application in connected cars, highlighting features, statistics, and technologies used in these vehicles. It covers topics such as wireless connectivity, in-vehicle safety systems, telematics, web services, and APIs, with an emphasis on testing methodologies for connected vehicles. The document serves as a comprehensive overview of the advancements in connected car technology and the importance of testing to ensure functionality and safety.
ATAGTR2017 Artificial Intelligence in Software Testing – Demystified
ATAGTR2017 Artificial Intelligence in Software Testing – DemystifiedAgile Testing Alliance The document discusses the integration of AI and robotics in software testing, highlighting the benefits of intelligent automation systems and their ability to enhance quality assurance through data analytics, machine learning, and autonomous frameworks. It emphasizes the need for organizations to adapt to evolving digital landscapes and implement smarter automation strategies amidst challenges such as requirement changes and data complexity. The future of QA involves a shift towards proactive, predictive analytics that optimize testing processes and improve overall efficiency.
From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaDevSecCon This document discusses establishing security champions within development teams to help integrate security practices into the software development lifecycle. It recommends recruiting 1-2 members from each product team as volunteers, providing them with security training, empowering them to take over security "grooming" responsibilities, setting goals for champions and their teams, and rewarding champions with additional training opportunities to encourage the program. The overall goal is to help scale application security practices across many teams with compressed development timelines.
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind SpotCigital The document discusses the challenges and solutions associated with using static analysis tools for application security, particularly focusing on issues related to static application security testing (SAST) and the limitations of these tools in understanding various frameworks and asynchronous programming. It details the importance of recognizing tainted data sources and the need for custom rules to enhance the performance of SAST tools, especially in contexts involving .NET web APIs. The author shares insights on overcoming specific obstacles faced during the implementation of SAST, including modifications to how generated code is analyzed, ensuring comprehensive security assessments.
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevSecCon This document discusses how DevOps presents both opportunities and challenges for application security. It describes how release timelines and team sizes have changed from waterfall to agile to DevOps approaches. It advocates for security teams to build relationships with developers, share accountability for security, provide training and remediation coaching. It also recommends strategies like appointing security champions, integrating right-sized security practices into the DevOps pipeline through techniques like static analysis, and adjusting security programs to the faster pace of DevOps.
Null application security in an agile world
Null application security in an agile worldStefan Streichsbier The document discusses the integration of application security (AppSec) within agile and DevOps frameworks, emphasizing its importance in enhancing business success alongside usability and performance. It highlights the evolution of AppSec, the challenges of traditional security practices, and proposes a collaborative, iterative approach that incorporates security seamlessly throughout the development lifecycle. Ultimately, it promotes a mindset shift towards continuous improvement, automation, and a culture of collaboration to address security needs effectively.
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)Qualitest The document discusses integrating security into the DevOps lifecycle, emphasizing that security is a collective responsibility across all stakeholders. It outlines the evolution of software delivery from traditional models to DevOps and suggests principles for embedding security early in the process, such as automation and building security champions within teams. The work highlights the need for collaboration between developers, security, and operations to protect applications effectively.
Application Security in an Agile World - Agile Singapore 2016
Application Security in an Agile World - Agile Singapore 2016Stefan Streichsbier This document discusses application security in an agile development world. It begins with a brief history of application security and defines it as a quality aspect that contributes to business success like user experience and performance. Application security was traditionally handled by network teams but is now the responsibility of developers. The document advocates for adopting a DevSecOps approach where security is integrated into the development process through activities like threat modeling, design reviews, security testing, and monitoring. This allows catching issues earlier in the development cycle when they are cheaper to fix. The document provides examples of how to incorporate security into agile frameworks like Scrum.
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav The document summarizes Suman Sourav's presentation on application security at the OWASP Indonesia Day 2017 conference. It discusses DevSecOps which aims to shift security left in the SDLC by integrating security practices and tools into development. It also outlines people, processes, and technologies needed for a DevSecOps approach, including training developers, defining security metrics and roadmaps, and using tools that automate security testing throughout the development cycle.
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon London 2017: How far left do you want to go with security? by Javie...DevSecCon The document discusses how security practices can be integrated further left into the software development lifecycle using a DevSecOps approach. It outlines how traditional security operated in silos separate from development. DevSecOps aims to break down these silos by integrating security activities like policy, reviews, and audits directly into development practices like coding, continuous integration, and deployment. This is achieved through automation and tools as well as collaborative environments to bring together stakeholders from security, development, and operations. The document concludes that a DevSecOps approach following principles from Agile and DevOps can help redefine security and establish new baselines.
Deploy + Destroy Complete Test Environments
Deploy + Destroy Complete Test EnvironmentsParasoft The document discusses the challenges and strategies in continuous delivery and development, emphasizing the importance of quality assurance for application components that may not be ready simultaneously. It highlights testing strategies, such as static analysis and API testing, to address dependencies between components. Additionally, it introduces Parasoft's continuous testing platform and environment management tools to support efficient development and testing practices.
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Stefan Streichsbier The document discusses how to integrate security practices into DevOps workflows at speed. It recommends a three step approach: 1) Make security part of agile planning and processes like Scrum, including security training, requirements, testing and demos. 2) Implement a "DevSecOps" pipeline that automates security checks and testing at each stage of development. 3) Continuously measure and reduce security debt and improve app robustness and security skills over time. The goal is to shift security left and make it part of fast-paced DevOps cycles.
End-to-end Testing for IoT Integrity
End-to-end Testing for IoT IntegrityParasoft The document discusses the complexities and challenges of end-to-end testing in IoT systems, highlighting issues such as disparate technologies, limited testing strategies, and difficulties in automation. It suggests improving testing effectiveness through prioritization of automated tests, the use of service virtualization, and measuring test results comprehensively. The overarching theme emphasizes the need for reliable quality processes that enable organizations to assess modules and their interactions effectively.
A Secure DevOps Journey
A Secure DevOps JourneyVeracode Pete Chestna has 25 years of experience in enterprise software development and has worked at Veracode for over 10 years. He discusses the evolution from waterfall to agile to DevOps approaches. With waterfall, quality tasks like security occurred late in the process and were unpredictable. Agile broke down silos but security initially remained separate. DevOps integrates security throughout by automating tasks, enabling zero downtime upgrades, and embedding security into definitions of done. The journey requires revolution at a micro level and evolution at a macro level through continuous improvement and empathy.
The State of Testing 2017
The State of Testing 2017SmartBear The State of Testing 2017 report presents insights from a global survey conducted by SmartBear, highlighting key trends in testing methodologies, automation, and scripting proficiency. Key findings indicate a shift towards automation, with 82% of respondents focusing on API testing, and a majority emphasizing unit and performance testing. The report concludes that automation is expected to increase significantly within two years, suggesting a direct correlation between scripting skills and testing effectiveness.
Engineering Trust in Your Automated Tests
Engineering Trust in Your Automated TestsJyoti Mittal Automated testing is important for achieving speed and quality in software development. However, flaky tests can undermine trust in test results. The document discusses strategies for addressing flaky tests, including quarantining them, understanding their causes, improving test code quality, and rewriting tests if needed. The goal is to create reliable automated tests that build trust in the testing process.
Measuring your way_to_successful_automation_webinar
Measuring your way_to_successful_automation_webinarSauce Labs The document outlines key strategies for successful test automation, emphasizing the importance of measuring progress, effective resource utilization, and team performance monitoring. It presents insights from QASource, which boasts extensive experience and capabilities in automation, including over 100,000 automated test cases and 500 engineers. The content also highlights budgeting for automation and delivering measurable value to optimize efforts and support management decisions.
Maturing your path toward DevOps with Continuous Testing
Maturing your path toward DevOps with Continuous TestingPerfecto Mobile The document discusses continuous testing as a means to automate tests in the software delivery pipeline for fast feedback on business risks. It highlights common issues in test automation, such as instability and failure patterns, and emphasizes the need for a risk-based approach to improve testing efficiency. Additionally, it outlines the role of machine learning in test automation, including use cases for recognizing objects and making quality-related decisions based on data.
Similar to ATAGTR2017 Security Testing / IoT Testing in Real World (20)
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Sailaja Tennati This document summarizes a presentation about security testing for Internet of Things (IoT) devices. It discusses how the proliferation of IoT devices has expanded the security perimeter and increased security concerns. Some key points made include that IoT devices are vulnerable to attacks due to weak security, lack of encryption, and inability to validate certificates. The document recommends testing practices for IoT security such as fuzz testing, security audits, blended volumetric attack testing, and quality of experience validation to identify vulnerabilities before customers are impacted.
Solnet dev secops meetup
Solnet dev secops meetuppbink DevSecOps aims to integrate security practices into DevOps workflows to deliver value faster and safer. It addresses challenges like keeping security practices aligned with continuous delivery models and empowered DevOps teams. DevSecOps incorporates security checks and tools into development pipelines to find and fix issues early. This helps prevent breaches like the 2017 Equifax hack, which exploited a known vulnerability. DevSecOps promotes a culture of collaboration, shared responsibility, and proactive security monitoring throughout the software development lifecycle.
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys The document discusses the shortcomings of PCI and vulnerability assessments, emphasizing the need for greater focus on application security and proactive vulnerability management. It highlights that traditional assessment tools do not adequately cover custom applications or keep pace with new vulnerabilities, resulting in a reactive approach to security. The importance of a software bill of materials (SBOM) is stressed as a solution for visibility and ongoing risk monitoring in software development.
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes The document provides an overview of cybersecurity, covering its market growth, cyber crime statistics, and career opportunities in the field. It outlines key concepts such as the CIA triad of information security and includes demonstrations of security tools like Wireshark, Nmap, and Nessus. Additionally, it details various cybersecurity roles, their responsibilities, salaries, and necessary certifications.
Big Crypto for Little Things
Big Crypto for Little ThingsH4Diadmin The team proposes to develop encryption solutions suitable for common microcontrollers used in IoT devices. Their goal is to create transparent encryption that is easy for makers to implement. Their initial idea is an open source encryption library, educating the public, and a website hosting the libraries. They discuss alternative ideas like encrypted chips or an encryption software optimized for medical devices. Their final MVP is a communication system design service to improve cybersecurity in medical devices, with the goal of transitioning to other applications.
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc The document discusses using big data analytics to counter advanced cyber threats. It notes that traditional security information and event management (SIEM) systems have limitations in detecting advanced threats due to incomplete data collection and inflexible analytics. A big data solution collects data from all possible sources, including network, endpoint, mobile and cloud systems. It then applies analytics to identify anomalous patterns that may indicate advanced threat activity based on factors like unusual user behavior, network connections, or changes from normal baselines. This helps security teams more effectively detect threats that can evade traditional defenses and are difficult to identify with signature-based tools alone.
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada The document discusses Cisco's DNA Assurance solution. It provides an agenda that covers business requirements, context, learning, user requirements, technology requirements, and the various components of DNA Assurance including client assurance, network assurance, application assurance, and machine learning. It discusses challenges around network operations including time spent troubleshooting and replicating issues. It also covers how DNA Assurance uses concepts like context, learning, and design thinking to provide insights and automate remediation.
AI on Spark for Malware Analysis and Anomalous Threat Detection
AI on Spark for Malware Analysis and Anomalous Threat DetectionDatabricks The document presents an overview of how Avast employs AI and big data for malware analysis and threat detection, highlighting their structured streaming approach for fast threat identification. It details the machine learning pipeline used for malware classification and the advantages of structured streaming in handling large datasets for real-time anomaly detection. The session concludes with insights on collaboration between science and engineering teams and emphasizes the integration of machine learning tools for effective threat analysis.
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic The document discusses cybercrime threats in the cloud and how to defend against them. It notes that traditional on-premises threats are moving to the cloud, with web application attacks and brute force attacks being most common. Honeypots are used to gather intelligence on attacks by simulating vulnerable systems. Analysis of honeypot data found increases in brute force attacks and vulnerability scans in cloud environments. The document recommends best practices like secure coding, access management, patch management, log review, and tools like firewalls and intrusion detection to help secure cloud environments.
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA The document outlines Cisco's approach to security operations, emphasizing the importance of real-time analytics, anomaly detection, and the integration of various intelligence sources for effective threat management. It discusses the roles and responsibilities within security teams, the benefits and challenges of different analytical methods, and the strategies for maintaining a robust security operations center (SOC). Additionally, it highlights Cisco's extensive use of data science and machine learning for enhancing threat detection and response capabilities.
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA This document summarizes emerging cyber threats and strategies for defense. It shows that the most common threats are application attacks and brute force attacks. It then outlines best practices for cloud security, including securing code, access management, log review, and understanding shared security responsibilities between customers and cloud providers. The document advocates for a holistic security approach including tools like firewalls, backups, intrusion detection, and an awareness of the latest vulnerabilities and adversaries.
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs The document discusses the Internet of Things (IoT), highlighting significant growth in connected devices, estimated to reach 20 billion by 2020, and an associated market size of $267 billion. It emphasizes security and privacy issues inherent in IoT devices, such as vulnerabilities to hacking, the failure to use encryption, and the proliferation of unsecured protocols. Recommendations are presented for improving IoT device security and privacy, including the use of robust software practices, encryption, and the need for manufacturers to prioritize security in the design and lifecycle of these devices.
Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018aztechcouncil The document discusses the development of resilient smart city services, focusing on autonomic cyber security (ACS) methodologies to enhance cybersecurity in increasingly connected environments. It emphasizes the need for robust security solutions due to the proliferation of Internet of Things (IoT) devices and the limitations of current cybersecurity approaches. The document outlines various technologies and strategies, including continuous monitoring, anomaly detection, and the integration of big data analytics to ensure resilience against cyber threats.
SVA-Review-final-pjhjhfhjhsjdshublic.pptx
SVA-Review-final-pjhjhfhjhsjdshublic.pptxDevuDevugowda The document discusses a smart vulnerability assessment framework for various platforms, including OS/VM, GitHub, and IoT devices, developed by researchers from the University of Arizona and Indiana University. It outlines the importance of automated vulnerability assessments using AI techniques to prevent cyber-attacks, highlights previous work conducted in this area, and details specific modules for assessing vulnerabilities across different systems. The document also suggests future directions for expanding research in scientific cyberinfrastructure and application container technologies.
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...BAINIDA This document discusses using big data analytics to enhance security. It begins by defining big data analytics and describing security trends like the evolution from intrusion detection systems to security information and event management (SIEM) to next-generation SIEM using big data analytics. An example of an advanced persistent threat is provided. The document then discusses integrating security analytics with open source tools like SQRRL and Prelert. Finally, it covers how to apply these concepts by determining what security-related data can be collected and two options for implementing big data analytics in a security program.
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC The document discusses lessons learned from various cyber security incidents, highlighting case studies like the Colonial Pipeline ransomware attack and Pegasus spyware. Key takeaways include the importance of detection, robust backup policies, and the need for continuous improvements in security practices. It emphasizes understanding the implications of security breaches and the role of stakeholders in mitigating risks.
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPROIDEA The document discusses Cisco's active threat analytics within the Security Operations Center (SOC), including insights into various security incidents and the methodologies employed for threat detection and response. It highlights the importance of real-time analytics, anomaly detection, and a collaborative approach in cybersecurity operations, as well as specific case studies such as WannaCry and the BlueBorne vulnerability. The content emphasizes challenges in security management and the necessity for continuous improvement in analytical techniques and incident handling.
No Safety Without Security
No Safety Without SecuritySecurity Innovation The document discusses the vulnerabilities in the Internet of Things (IoT) and connected vehicles, emphasizing the necessity of integrating security with safety in modern technology. It highlights the importance of understanding hacker motivations, the role of users in securing their devices, and the evolution of safety practices in the automotive industry. The text also addresses the need for proactive measures in network security and the challenges posed by digital threats in both home and automotive contexts.
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
Ad
More from Agile Testing Alliance (20)
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...Agile Testing Alliance #Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to Great: Enhancing Testability in Software Testing " at ATAGTR2023
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...Agile Testing Alliance At the Global Testing Retreat 2023, Ajay Balamurugadas discussed the state of the testing industry, highlighting the need for real testing amidst the rise of AI, emphasizing the importance of understanding context and stakeholder needs. He pointed out issues such as the lack of shared experience reports and the focus on tools over skills, urging professionals to practice foundational skills. Balamurugadas suggested that testers should focus on problem-solving and effective communication rather than relying solely on AI demonstrations.
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...Agile Testing Alliance The document discusses leveraging Grafana and Selenium for real-time monitoring of web performance during the Global Testing Retreat #ATAGTR2023. It covers the automation of testing scenarios, including product checkout and invalid credential handling, and outlines the generation and processing of log files for performance analysis. The conclusion indicates that while this does not replace traditional performance testing, it helps identify potential issues early in the software development life cycle.
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...Agile Testing Alliance The document discusses the significance of IoT performance testing for ensuring the reliability and efficiency of IoT systems. It covers various topics including the differences between web-based and IoT performance testing, key focus areas and tools, non-functional requirements for different use cases, challenges, and best practices. Additionally, it highlights the importance of conducting thorough performance tests to identify potential issues before they affect users.
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...Agile Testing Alliance The document discusses the importance of storytelling for testers, highlighting how narratives can make testing results more engaging and impactful. It provides a framework for building compelling stories, including starting with a hook, establishing conflict, and resolving it, while emphasizing the roles of audience awareness and visual aids. Storytelling is presented as a powerful skill for testers to enhance communication and motivation within teams.
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.Agile Testing Alliance The document discusses the implementation of a catch-all mailbox solution for multi-factor authentication during testing, which allows for creating multiple valid email addresses without having to set up individual accounts. It details that all emails will be accessible through a single mailbox using Graph API and that this eliminates the need to share credentials. The document also outlines the architecture, permissions, and ease of use associated with this solution, enhancing efficiency for multiple test accounts.
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...Agile Testing Alliance The Global Testing Retreat (#ATAGTR2023), scheduled for December 2, 3, 8, and 9, 2023, focuses on enhancing test coverage through improved management of test data. Challenges faced by Agile teams include the need for high volumes of test data, duplication across teams, and issues related to third-party data sharing. Successful implementation of a Test Data Management framework has led to increased velocity, reduced rework, and more consistent test results.
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...Agile Testing Alliance The document discusses the evolving role of test leadership in the context of artificial intelligence (AI), emphasizing the need for adaptability and clarity in navigating changes brought by technological advancements. It highlights the transformative potential of AI in enhancing software testing processes and improving efficiencies through various tools and methodologies. The conclusion stresses that while AI can enhance capabilities, it is not a one-size-fits-all solution, and success requires proper planning, human capability, and stakeholder management.
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...Agile Testing Alliance The Global Testing Retreat #ATGTR2023, taking place on December 2, 3, 8, and 9, 2023, focuses on reducing, reusing, and recycling (RRR) test automation maintenance through practical strategies. Key agendas include developing robust automation frameworks, collaborating on test strategies, and ensuring continuous improvement in testing processes. Attendees will learn to implement best practices for efficient test scenarios and automation script development in a CI/CD environment.
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...Agile Testing Alliance The document discusses the development of a custom machine learning model for automating performance test script creation using JMeter. It outlines the challenges with existing NLP models and details the architecture involving data preprocessing, script correlation, and reporting. The proposed solution aims to improve efficiency and reduce turnaround time in performance testing while suggesting potential integration with language models for enhanced web UI automation.
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance The document discusses Kongsberg's proprietary approaches to quality assurance (QA) and quality engineering (QE) within remote Industrial Internet of Things (IIoT) systems, emphasizing the importance of testing and defect prevention throughout the software development lifecycle. It outlines challenges faced in automation and network performance, providing solutions for handling Linux and Windows interactivity, as well as file transfers between the two systems. Additionally, it highlights tools and commands for monitoring system performance and real-time data analysis.
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...Agile Testing Alliance The document discusses the importance of environment automation in strengthening testing oversight for software development amidst increasing complexity. It highlights the challenges organizations face, advocates for best practices like defining clear objectives and integrating frameworks, and outlines future trends such as AI-driven provisioning. Ultimately, the automation of testing environments leads to enhanced coverage, reduced testing durations, and improved software quality.
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...Agile Testing Alliance The document discusses the importance of generative AI (gen AI) application testing and how it differs from traditional software testing, emphasizing the need for enhanced quality assurance. It addresses challenges in testing, such as ensuring consistency, handling complex legal documents, and the use of snapshot testing for evaluation. The document also highlights future research areas and tools for testing generative AI models.
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...Agile Testing Alliance The document outlines the principles and practices discussed during the Global Testing Retreat 2023, highlighting the importance of embedding quality into the development process rather than relying on mass inspection. Key principles include ensuring effective flow of work and feedback, understanding the lifecycle of defects, and implementing methodologies such as Acceptance Test Driven Development (ATDD) and Test Driven Development (TDD) for increased efficiency. The presentation emphasizes collaboration among team members and the significant benefits seen in defect reduction and productivity.
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...Agile Testing Alliance The document discusses the evolving significance of blockchain technology, highlighting its potential to generate substantial business value and the widespread adoption by companies. It covers blockchain basics, including smart contracts and decentralized applications (DApps), while emphasizing the need for specialized testing methodologies unique to blockchain's architecture. Additionally, it outlines innovative testing techniques and best practices essential for ensuring security, performance, and user satisfaction in blockchain applications.
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...Agile Testing Alliance The document discusses various challenges and innovations in testing, including the use of selectors for different DOM elements like shadow DOM, iframes, and SVGs. It highlights the importance of writing effective locators and documenting test cases, especially when dealing with bugs in production. The content also emphasizes the need for a flexible approach in testing practices, catered to the user's requirements.
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.Agile Testing Alliance The document discusses themes from the Global Testing Retreat 2023, emphasizing the destructive use of scientific products within human culture. It highlights concepts of servant leadership, including empathy, stewardship, and a focus on all stakeholders, advocating for ethical practices and conscious leadership. Additionally, it mentions the influence of past organisms on present behaviors, promoting the idea of tapping into universal intelligence for future creation.
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...Agile Testing Alliance The document discusses advancements in security testing, particularly focusing on tackling common vulnerabilities that automated scans often miss, emphasizing the importance of manual checks. It highlights the use of machine learning for security, outlining its capabilities in anomaly detection and continuous learning to enhance security measures. Additionally, it covers the safe handling of sensitive data to prevent exposure and unauthorized manipulation.
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...Agile Testing Alliance The Global Testing Retreat 2023 focuses on immersive technologies such as augmented reality (AR), virtual reality (VR), and the metaverse, discussing their applications, market drivers, and associated challenges. Key topics include the shift in social attitudes towards digital experiences, innovative use cases in various sectors, and the complexities of testing these technologies for user immersion. The event will also showcase best-in-class quality assurance solutions for immersive applications.
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...Agile Testing Alliance This document discusses the application of Support Vector Machines (SVMs) in functional testing, particularly focusing on test case prioritization and defect prediction. It outlines the challenges in functional testing and describes how SVMs can optimize testing processes by using historical data to predict defects and prioritize test cases. Additionally, it covers the methodology for training SVM models, evaluates model performance through metrics like accuracy and precision, and highlights insights from the experimental results.
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...Agile Testing Alliance
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...Agile Testing Alliance
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...Agile Testing Alliance
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...Agile Testing Alliance
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...Agile Testing Alliance
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.Agile Testing Alliance
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...Agile Testing Alliance
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...Agile Testing Alliance
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...Agile Testing Alliance
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...Agile Testing Alliance
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...Agile Testing Alliance
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...Agile Testing Alliance
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...Agile Testing Alliance
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance –...Agile Testing Alliance
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...Agile Testing Alliance
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...Agile Testing Alliance
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...Agile Testing Alliance
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...Agile Testing Alliance
Ad
Recently uploaded (20)
Can We Use Rust to Develop Extensions for PostgreSQL? (POSETTE: An Event for ...
Can We Use Rust to Develop Extensions for PostgreSQL? (POSETTE: An Event for ...NTT DATA Technology & Innovation Can We Use Rust to Develop Extensions for PostgreSQL?
(POSETTE: An Event for Postgres 2025)
June 11, 2025
Shinya Kato
NTT DATA Japan Corporation
vertical-cnc-processing-centers-drillteq-v-200-en.pdf
vertical-cnc-processing-centers-drillteq-v-200-en.pdfAmirStern2 מכונות CNC קידוח אנכיות הן הבחירה הנכונה והטובה ביותר לקידוח ארונות וארגזים לייצור רהיטים. החלק נוסע לאורך ציר ה-x באמצעות ציר דיגיטלי מדויק, ותפוס ע"י צבת מכנית, כך שאין צורך לבצע setup (התאמות) לגדלים שונים של חלקים.
Reducing Conflicts and Increasing Safety Along the Cycling Networks of East-F...
Reducing Conflicts and Increasing Safety Along the Cycling Networks of East-F...Safe Software In partnership with the Belgian Province of East-Flanders this project aimed to reduce conflicts and increase safety along a cycling route between the cities of Oudenaarde and Ghent. To achieve this goal, the current cycling network data needed some extra key information, including: Speed limits for segments, Access restrictions for different users (pedestrians, cyclists, motor vehicles, etc.), Priority rules at intersections. Using a 360° camera and GPS mounted on a measuring bicycle, we collected images of traffic signs and ground markings along the cycling lanes building up mobile mapping data. Image recognition technologies identified the road signs, creating a dataset with their locations and codes. The data processing entailed three FME workspaces. These included identifying valid intersections with other networks (e.g., roads, railways), creating a topological network between segments and intersections and linking road signs to segments and intersections based on proximity and orientation. Additional features, such as speed zones, inheritance of speed and access to neighbouring segments were also implemented to further enhance the data. The final results were visualized in ArcGIS, enabling analysis for the end users. The project provided them with key insights, including statistics on accessible road segments, speed limits, and intersection priorities. These will make the cycling paths more safe and uniform, by reducing conflicts between users.
Viral>Wondershare Filmora 14.5.18.12900 Crack Free Download
Viral>Wondershare Filmora 14.5.18.12900 Crack Free DownloadPuppy jhon ➡ 🌍📱👉COPY & PASTE LINK👉👉👉 ➤ ➤➤ https://drfiles.net/
Wondershare Filmora Crack is a user-friendly video editing software designed for both beginners and experienced users.
Mastering AI Workflows with FME - Peak of Data & AI 2025
Mastering AI Workflows with FME - Peak of Data & AI 2025Safe Software Harness the full potential of AI with FME: From creating high-quality training data to optimizing models and utilizing results, FME supports every step of your AI workflow. Seamlessly integrate a wide range of models, including those for data enhancement, forecasting, image and object recognition, and large language models. Customize AI models to meet your exact needs with FME’s powerful tools for training, optimization, and seamless integration
Security Tips for Enterprise Azure Solutions
Security Tips for Enterprise Azure SolutionsMichele Leroux Bustamante Delivering solutions to Azure may involve a variety of architecture patterns involving your applications, APIs data and associated Azure resources that comprise the solution. This session will use reference architectures to illustrate the security considerations to protect your Azure resources and data, how to achieve Zero Trust, and why it matters. Topics covered will include specific security recommendations for types Azure resources and related network security practices. The goal is to give you a breadth of understanding as to typical security requirements to meet compliance and security controls in an enterprise solution.
Down the Rabbit Hole – Solving 5 Training Roadblocks
Down the Rabbit Hole – Solving 5 Training RoadblocksRustici Software Feeling stuck in the Matrix of your training technologies? You’re not alone. Managing your training catalog, wrangling LMSs and delivering content across different tools and audiences can feel like dodging digital bullets. At some point, you hit a fork in the road: Keep patching things up as issues pop up… or follow the rabbit hole to the root of the problems.
Good news, we’ve already been down that rabbit hole. Peter Overton and Cameron Gray of Rustici Software are here to share what we found. In this webinar, we’ll break down 5 training roadblocks in delivery and management and show you how they’re easier to fix than you might think.
“Why It’s Critical to Have an Integrated Development Methodology for Edge AI,...
“Why It’s Critical to Have an Integrated Development Methodology for Edge AI,...Edge AI and Vision Alliance For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2025/06/why-its-critical-to-have-an-integrated-development-methodology-for-edge-ai-a-presentation-from-lattice-semiconductor/
Sreepada Hegade, Director of ML Systems and Software at Lattice Semiconductor, presents the “Why It’s Critical to Have an Integrated Development Methodology for Edge AI” tutorial at the May 2025 Embedded Vision Summit.
The deployment of neural networks near sensors brings well-known advantages such as lower latency, privacy and reduced overall system cost—but also brings significant challenges that complicate development. These challenges can be addressed effectively by choosing the right solution and design methodology. The low-power FPGAs from Lattice are well poised to enable efficient edge implementation of models, while Lattice’s proven development methodology helps to mitigate the challenges and risks associated with edge model deployment.
In this presentation, Hegade explains the importance of an integrated framework that tightly consolidates different aspects of edge AI development, including training, quantization of networks for edge deployment, integration with sensors and inferencing. He also illustrates how Lattice’s simplified tool flow helps to achieve the best trade-off between power, performance and efficiency using low-power FPGAs for edge deployment of various AI workloads.
FIDO Seminar: Perspectives on Passkeys & Consumer Adoption.pptx
FIDO Seminar: Perspectives on Passkeys & Consumer Adoption.pptxFIDO Alliance FIDO Seminar: Perspectives on Passkeys & Consumer Adoption
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptxFIDO Alliance FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography
Creating Inclusive Digital Learning with AI: A Smarter, Fairer Future
Creating Inclusive Digital Learning with AI: A Smarter, Fairer FutureImpelsys Inc. Have you ever struggled to read a tiny label on a medicine box or tried to navigate a confusing website? Now imagine if every learning experience felt that way—every single day.
For millions of people living with disabilities, poorly designed content isn’t just frustrating. It’s a barrier to growth. Inclusive learning is about fixing that. And today, AI is helping us build digital learning that’s smarter, kinder, and accessible to everyone.
Accessible learning increases engagement, retention, performance, and inclusivity for everyone. Inclusive design is simply better design.
Bridging the divide: A conversation on tariffs today in the book industry - T...
Bridging the divide: A conversation on tariffs today in the book industry - T...BookNet Canada A collaboration-focused conversation on the recently imposed US and Canadian tariffs where speakers shared insights into the current legislative landscape, ongoing advocacy efforts, and recommended next steps. This event was presented in partnership with the Book Industry Study Group.
Link to accompanying resource: https://bnctechforum.ca/sessions/bridging-the-divide-a-conversation-on-tariffs-today-in-the-book-industry/
Presented by BookNet Canada and the Book Industry Study Group on May 29, 2025 with support from the Department of Canadian Heritage.
FIDO Seminar: New Data: Passkey Adoption in the Workforce.pptx
FIDO Seminar: New Data: Passkey Adoption in the Workforce.pptxFIDO Alliance FIDO Seminar: New Data: Passkey Adoption in the Workforce
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptxFIDO Alliance Securing Account Lifecycles in the Age of Deepfakes
FME for Distribution & Transmission Integrity Management Program (DIMP & TIMP)
FME for Distribution & Transmission Integrity Management Program (DIMP & TIMP)Safe Software Peoples Gas in Chicago, IL has changed to a new Distribution & Transmission Integrity Management Program (DIMP & TIMP) software provider in recent years. In order to successfully deploy the new software we have created a series of ETL processes using FME Form to transform our gas facility data to meet the required DIMP & TIMP data specifications. This presentation will provide an overview of how we used FME to transform data from ESRI’s Utility Network and several other internal and external sources to meet the strict data specifications for the DIMP and TIMP software solutions.
Providing an OGC API Processes REST Interface for FME Flow
Providing an OGC API Processes REST Interface for FME FlowSafe Software This presentation will showcase an adapter for FME Flow that provides REST endpoints for FME Workspaces following the OGC API Processes specification. The implementation delivers robust, user-friendly API endpoints, including standardized methods for parameter provision. Additionally, it enhances security and user management by supporting OAuth2 authentication. Join us to discover how these advancements can elevate your enterprise integration workflows and ensure seamless, secure interactions with FME Flow.
FME for Good: Integrating Multiple Data Sources with APIs to Support Local Ch...
FME for Good: Integrating Multiple Data Sources with APIs to Support Local Ch...Safe Software Have-a-skate-with-Bob (HASB-KC) is a local charity that holds two Hockey Tournaments every year to raise money in the fight against Pancreatic Cancer. The FME Form software is used to integrate and exchange data via API, between Google Forms, Google Sheets, Stripe payments, SmartWaiver, and the GoDaddy email marketing tools to build a grass-roots Customer Relationship Management (CRM) system for the charity. The CRM is used to communicate effectively and readily with the participants of the hockey events and most importantly the local area sponsors of the event. Communication consists of a BLOG used to inform participants of event details including, the ever-important team rosters. Funds raised by these events are used to support families in the local area to fight cancer and support PanCan research efforts to find a cure against this insidious disease. FME Form removes the tedium and error-prone manual ETL processes against these systems into 1 or 2 workbenches that put the data needed at the fingertips of the event organizers daily freeing them to work on outreach and marketing of the events in the community.
High Availability On-Premises FME Flow.pdf
High Availability On-Premises FME Flow.pdfSafe Software FME Flow is a highly robust tool for transforming data both automatically and by user-initiated workflows. At the Finnish telecommunications company Elisa, FME Flow serves processes and internal stakeholders that require 24/7 availability from underlying systems, while imposing limitations on the use of cloud based systems. In response to these business requirements, Elisa has implemented a high-availability on-premises setup of FME Flow, where all components of the system have been duplicated or clustered. The goal of the presentation is to provide insights into the architecture behind the high-availability functionality. The presentation will show in basic technical terms how the different parts of the system work together. Basic level understanding of IT technologies is required to understand the technical portion of the presentation, namely understanding the purpose of the following components: load balancer, FME Flow host nodes, FME Flow worker nodes, network file storage drives, databases, and external authentication services. The presentation will also outline our lessons learned from the high-availability project, both benefits and challenges to consider.
Can We Use Rust to Develop Extensions for PostgreSQL? (POSETTE: An Event for ...
Can We Use Rust to Develop Extensions for PostgreSQL? (POSETTE: An Event for ...NTT DATA Technology & Innovation
“Why It’s Critical to Have an Integrated Development Methodology for Edge AI,...
“Why It’s Critical to Have an Integrated Development Methodology for Edge AI,...Edge AI and Vision Alliance
ATAGTR2017 Security Testing / IoT Testing in Real World
- 1. #ATAGTR2017 16th 17th March Security Testing/ IoT Testing in Real World Aditya Upadhya
- 2. Agile Testing Alliance Global Testing Retreat 2017 Security testing Internet Of Things • Age of Information Warfare
- 3. Agile Testing Alliance Global Testing Retreat 2017 whoami Name : Aditya Upadhya Occupation: Information security consultant at Capgemini Location: Navi Mumbai OSCP certified
- 4. Agile Testing Alliance Global Testing Retreat 2017 • the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data. [Wikipedia] What is IOT ?
- 5. Agile Testing Alliance Global Testing Retreat 2017 • Experts estimate that the IoT will consist of almost 50 billion objects by 2020. [Wikipedia]
- 6. Agile Testing Alliance Global Testing Retreat 2017 Almost Everywhere! • Mobile devices, Health bands, sensors, GPS • Driverless cars/vehicles • Drones UAV • Daily life usage Household electronics (STB, refrigerators, smart automated home appliances, CCTV etc.) • Surveillance systems • Measuring pollution levels, water level alerts, earthquake and tectonic alerts • Industries: machine maintenance, tracking assets, quality check, safety checks, SCADA-PLC systems, smart grids, nuclear reactors . • POS machines , ATM, Routers. • Health industries. Uses of IOT ?
- 7. Agile Testing Alliance Global Testing Retreat 2017 Threats- IOT
- 8. Agile Testing Alliance Global Testing Retreat 2017 • Smartphone :- If Compromised can makes your location, your habits, and yourself more predictable , privacy compromised. • Smart home devices:- can be misused to play pranks, can make life miserable, or even be used to leverage anonymity of a hacker to perform illegal activities. • Driverless cars/vehicles - faulty protocols to failure of security compliance can be threat, vehicles manipulated controls overtaken, risk to life. • Surveillance access:- failure of security compliance, Information gathering made easy for terrorists if not secure. • Sensors: that helps during natural calamities if manipulated, can cause panic among people or reporting false normality in high alerts can be hazardous. Threats
- 9. Agile Testing Alliance Global Testing Retreat 2017 • Industrial devices :- nuclear reactor controllers , PLC – SCADA systems, Smart grid controllers, driverless trains and more such systems if compromised can cause a great deal of damage to property and life. • Healthcare :- an attacker can gain access to PHI and also manipulate the devices that control drug dosage • Future :- Nano bots in health cares Who knows ? May be they can be reprogrammed for malicious intent ? Threats
- 10. Agile Testing Alliance Global Testing Retreat 2017 Threats
- 11. Agile Testing Alliance Global Testing Retreat 2017 Business loss • 3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit -Economic times. • Ransom ware hits, guests locked in rooms hotel had to pay 1500 EU to save people : http://www.thelocal.at/20170128/hotel-ransomed-by- hackers-as-guests-locked-in-rooms Real life events
- 12. Agile Testing Alliance Global Testing Retreat 2017 •Stuxnet – case of attack on iran nuclear reactor https://en.wikipedia.org/wiki/Stuxnet •botnets and malwares caused billions of loss https://en.wikipedia.org/wiki/Mirai_(malware) The case of mirai botnet made giants like akamai fall on their knees (internal sources say) Real life events
- 13. Agile Testing Alliance Global Testing Retreat 2017 •Drones hacked https://packetstormsecurity.com/news/26287/NASA-Hack- AnonSec-Attempts-To-Crash-222m-Drone-Release-Secret- Flight-Videos-And-Employee-Data.html Real life events
- 14. Agile Testing Alliance Global Testing Retreat 2017 •Cars hacked: • https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ •https://www.theguardian.com/technology/2016/sep/20/tesla-model-s-chinese- hack-remote-control-brakes Real life events
- 15. Agile Testing Alliance Global Testing Retreat 2017 The Dangers of the Smart Grid • In 2012, the Department of Homeland Security discovered a flaw in hardened grid and router provider RuggedCom’s devices. • Ukraine power station hacked multiple times • https://motherboard.vice.com/en_us/article/ukrainian- power-station-hacking-december-2016-report Real life events
- 16. Agile Testing Alliance Global Testing Retreat 2017 •Health industry :- In April 2014, Scott Erven and his team of security researchers released the results of a two-year study on the vulnerability of medical devices. They found that they could remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators. •http://www.zdnet.com/article/st-jude-releases-security-patches-for-vulnerable- cardiac-devices/ http://m.healthcareitnews.com/news/massive-ddos-attack-harnesses-145000- hacked-iot-devices https://www.cbinsights.com/blog/iot-healthcare-market-map-company-list/ •Hacking blood pressure monitor https://www.edusteinhorst.com/hacking-a-blood-pressure-monitor/ Real life events
- 17. Agile Testing Alliance Global Testing Retreat 2017 • Shodan search engine has collection of open CCTVs, industrial devices, dumb boxes connected to internet • Thinkful, censys etc • https://thingful.net/adityaupadhya • Demo Search engines
- 18. Agile Testing Alliance Global Testing Retreat 2017 • In computing, a hacker is any highly skilled computer expert capable of breaking into computer systems and networks using bugs and exploits. [Wikipedia] • A child playing with his remote control car gets curious to know how it operates so, disintegrates the controller and toy car to know about it’s working is also a hacker ! Who is a Hacker ?
- 19. Agile Testing Alliance Global Testing Retreat 2017 • IOT security Break into several categories • Top 10 from owasp is available but top 10 are not everything. • No standard Methodology can be implemented as IOT is not one thing or framework. • Different (IOT)things has different approach • Analyzing hardware memory devices, wireless devices, and other components like JTAG, UART debugging interfaces • After gathering all information you can identify all attack surface, threat agents and document them. • Prepare a checklist of testing methods against the device and cross check with existing ones to identify if some thing is missing. • Identify vulnerabilities and see if you can exploit further more. • Research, learn and do more information gathering. For techies – how to attack ?
- 20. Agile Testing Alliance Global Testing Retreat 2017 • https://github.com/nebgnahz/awesome-iot-hacks • http://blog.j-michel.org/post/86992432269/from-nand-chip- to-files • Metasploit enters IOT https://community.rapid7.com/community/transpo- security/blog/2017/02/02/exiting-the-matrix • Defcon , blackhat, conference archives for reference some resources
- 21. Agile Testing Alliance Global Testing Retreat 2017 • Ensure CIA compliance • Secure by design approach to develop • Changing of default password on first use and strong password policy • Strong encryption mechanisms • Secure application interface • Firmware upgrades • Disable remote access whenever not required • Hardware security • Network layer security • Keep eye on latest security updates and patches For techies – how to defend?
- 22. Agile Testing Alliance Global Testing Retreat 2017 • Keep yourself such abreast of such developments • Explore insurance options • Have a robust strategy before rolling out the services that depends on IOT. • Lead your security team for attending more and more world hacking conferences like blackhat, defcon, HITB, nullcon etc • Encourage your team mate security testers to explore and research about IOT, learn new case studies and try to replicate. • Encourage them for Technical certifications like OSCP, OSCE etc. For CXO
- 23. Agile Testing Alliance Global Testing Retreat 2017 • My personal experience in IPTV set top box security testing. Was able to stream TV channels for free using VLC media player and much more… Case study
- 24. Agile Testing Alliance Global Testing Retreat 2017 Information gathering- Nmap
- 25. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 26. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 27. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 28. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 29. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 30. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 31. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 32. Agile Testing Alliance Global Testing Retreat 2017 MITM
- 33. Agile Testing Alliance Global Testing Retreat 2017 Local storage sqlite files
- 34. Agile Testing Alliance Global Testing Retreat 2017 Local storgae syslog file
- 35. Agile Testing Alliance Global Testing Retreat 2017 UART
- 36. Agile Testing Alliance Global Testing Retreat 2017 SQLi
- 37. Agile Testing Alliance Global Testing Retreat 2017 LFI
- 38. Agile Testing Alliance Global Testing Retreat 2017 Network local storage information
- 39. Agile Testing Alliance Global Testing Retreat 2017 • Started simply with nmap • Performing Arp poison with mitm revealed information flying around in GBs • From analysis we got authentication mechanism, types of servers and infrastructure design to some extent • Analyzing local storage device gave IP, channel, port, streaming address, SAP, middleware, backend servers and many other information Summary
- 40. Agile Testing Alliance Global Testing Retreat 2017 • After having as much as information gathered as possible time to exploit ! • Found LFI, SQLi, user:pass revealed in mitm, authentication mechanism easily bypassed, streaming for free, got ssl pem keys for infrastructure, access to server possible. (not shown in poc) Summary
- 41. Agile Testing Alliance Global Testing Retreat 2017 • Information gathering • Research • Analyze • Attack • Reform (new 0-day) • Analyze • Improvise • Defend and finally • Evolve. Summary
- 42. Agile Testing Alliance Global Testing Retreat 2017 Email: [email protected] Questions ?
- 43. Agile Testing Alliance Global Testing Retreat 2017 Thank you