Risico's Web 2.0

•

0 recomendaciones•435 vistas

hnzz pronk

Een korte overview van de risico aspecten van de brave new web 2.0 world.

Tecnología

Risico’s Web
2.0
INTEGRATION as the problem
to the answer…

© hans pronk 2008 (aka h@nzz.nl)

masters of integration or
the ultimate mash-up

trends in the new 2.0 era
social networks
writable web
AJAX deportalization
end of the walled garden SaaS
PaaS syndication
browser as THE ui: everywhere available
widgets
mash-ups the rise of the platform
user-centric identity user-centric

integration & security

control
complexity
data spills
new new new

complexity
platforms: the new paradigm:
Google | Amazon | Microsoft Live Core | Carolina |
Salesforce | 37Signals | (insert favourite platform
here)

complexity hiding
economics of scale
specialization

control & faith sharing
the ford firestone case

dealing with service levels / disaster
recovery
dealing with popularity
“The Remora Business Model”
syndication / rss / “dapper”

old school firewalls issues

complexity

“software is hard”
Donald E. Knuth

complexity
API design
architecture
scaling
inside versus outside
SOAP versus REST

“put it to REST”?

transport versus message security

complexity
(accidental)integration on the desktop
XSS/XSRF exploit of trust (user|web-
site)
JSON
(missing) tools
IDS for app servers

example xss/xsrf
http://www-
1.ibm.com/support/docview.wss?uid=swg21233077&loc=
%22%3Cbody%20onload=alert('OWNED')%3E%22

“<body onload=alert('OWNED‘)>”

<img src =
quot;http://bank.example/withdraw?account
=bob&amount=1000000&for=
malloryquot;>

data spills
identity management / privacy
Identity 2.0 aka “user centric identity
management” (dick hard)
casual versus strict privacy

the case for OAuth!

open social?

data hygiene
example: RSS-feeds

sharing with the world
(private) intel
profiling (ip-address?)

[Plaxo | LinkedIn | Hyves | Facebook | Qik | Trackr]
addresses
contacts
pictures
whereabouts…

new… newer… newest
AJAX
Ruby (on Rails) / RJS / python / …
lighttpd / mongrell
libraries, more libraries, and even
more libraries

web treaths
Web 2.0 is a success, as the activities
of the real world move online; the
criminals follow the money, and the
money is now online
credit card companies are still eating
the losses; but some areas are
making customers more liable for
losses

web treaths
from highly visible media events to
financially motivated threats
the true financial attacks don't want to
lose connectivity, so infrastructure
DDoS attacks are counterindicated
not just windows, now hitting Linux
and Mac as well, aiming to
compromise Linux servers

web treaths
large rise in misconfigured, rogue DNS
resolvers; estimated 300,000
compromised DNS servers
Google finding 180,000 web servers
serving malicious code in their crawls

wrapping-up…
“old” security mechanisms not
enough / counterproductive
reduce complexity /
decoupling
old principles are still true
be aware and…
be what you are

h@nzz.nl

www.twitter.com/hnzz

hnzz.jaiku.com

www.hnzz.nl

2008, © h@nzz.nl,

Más contenido relacionado

Similar a Risico's Web 2.0

Is the Web at Risk?

Carlos Serrao

What is web2.0

flyingsheep

Ria Meets Enteprise SOA

schennamaraja

Little.story.it.architecture

Éric Grall

Was asked by In-Q-Tel leadership to present on how Open Source competes with larger technology companies (e.g. VMWare) and how household cloud providers (SalesForce, Amazon...) are embedding open source for competitive advantages. Step through Navy CANES program as example of DoD usage. Covers IBM and DreamWorks commercial references. Illustrates DISA Anti-Drug Network (ADNET) and U.S. Intelligence Community Persons of Interest programs. Talk about Open Source initiatives at NGA lead by Bert Beaulieu (Director, Innovision, NGA) and Michael Cline (R&D Technologist, NGA).

2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...

Shawn Wells

Web of Things (wiring web objects with Node-RED)

Francesco Collova'

Computing in the cloud is fashionable and in many cases extremely cost-effective. But - considering a flawed execution model of rich Web 2.0 applications - will Web applications in the cloud fail to live up to the promise due to performance and security issues? In this presentation - I discuss security and performance issues of Web 2.0 apps in the cloud and talk about the kind of mistakes people make. I wrap up with some thoughts on the game changers

Will Web 2.0 applications break the cloud?

Flaskdata.io

Security concerns with SaaS layer of cloud computing

Clinton DSouza

agile microservices @scaibo

Ciro Donato Caiazzo

StackOverflow Architectural Overview

Folio3 Software

Internet 2.0: the future is already here

hnzz pronk

The client (or presentation) tier of our applications is taking on an increasingly important role. Users are expecting more compelling user interfaces, but they also want more functionality from their applications. In this ArcReady we examine how to design and deliver well architected client applications that will be easy to maintain and extend. Session 1: Trends and patterns on the client tier In our first session we will take a vendor and platform neutral look at some of the trends and emerging technologies that can be used on the client tier. We will look at techniques like Mashups, technologies like Natural User Interfaces (NUI) and the increasing importance of the mobile platform. We will also look at some common patterns that can be used in the architecture of the client tier. Session 2: Applying Microsoft technology on the client tier In our second session we will take some look at how we can use Microsoft technologies to create well architected and compelling client applications. We will look at technologies like Silverlight and WPF that can be used to create compelling clients. We will also look at technologies that can be used to make your applications more extensible for future development. We will also examine some architectural guidance developed by the Microsoft Patterns and Practices group.

ArcReady - Architecting For The Client Tier

Microsoft ArcReady

Detection of webshells in compromised perimeter assets using ML algorithms

Rod Soto

Web 2.0 and LiveQuotes Presentation

Jamie Thingelstad

Device+Cloud: come sviluppare App moderne ed interconnesse

Ninja Marketing

B&W Netsparker overview

Marusya Maruzhenko

Cyber forensics in cloud computing

Alexander Decker

11.cyber forensics in cloud computing

Alexander Decker

The Future of IT

Simon May

HTML5 and the dawn of rich mobile web applications pt 1

James Pearce

Similar a Risico's Web 2.0 (20)

Is the Web at Risk?

What is web2.0

Ria Meets Enteprise SOA

Little.story.it.architecture

2011-08-10 In-Q-Tel Technology Focus Day, Trends & Observations in Open Sourc...

Web of Things (wiring web objects with Node-RED)

Will Web 2.0 applications break the cloud?

Security concerns with SaaS layer of cloud computing

agile microservices @scaibo

StackOverflow Architectural Overview

Internet 2.0: the future is already here

ArcReady - Architecting For The Client Tier

Detection of webshells in compromised perimeter assets using ML algorithms

Web 2.0 and LiveQuotes Presentation

Device+Cloud: come sviluppare App moderne ed interconnesse

B&W Netsparker overview

Cyber forensics in cloud computing

11.cyber forensics in cloud computing

The Future of IT

HTML5 and the dawn of rich mobile web applications pt 1

Último

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Real Time Object Detection Using Open CV

Khem

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Risico's Web 2.0

2. pre-WEB 2.0 security & integration 2

3. masters of integration or the ultimate mash-up

6. trends in the new 2.0 era social networks writable web AJAX deportalization end of the walled garden SaaS PaaS syndication browser as THE ui: everywhere available widgets mash-ups the rise of the platform user-centric identity user-centric

7. integration & security control complexity data spills new new new

8. the visionair? right or wrong? ..

10. the new applications landscape

12.

13.

14.

15.

16.

17.

18.

19. control & faith sharing the ford firestone case dealing with service levels / disaster recovery dealing with popularity “The Remora Business Model” syndication / rss / “dapper” old school firewalls issues

20. complexity “software is hard” Donald E. Knuth

21. complexity API design architecture scaling inside versus outside SOAP versus REST “put it to REST”? transport versus message security

22. complexity (accidental)integration on the desktop XSS/XSRF exploit of trust (user|web- site) JSON (missing) tools IDS for app servers

23. example xss/xsrf http://www- 1.ibm.com/support/docview.wss?uid=swg21233077&loc= %22%3Cbody%20onload=alert('OWNED')%3E%22 “<body onload=alert('OWNED‘)>” <img src = quot;http://bank.example/withdraw?account =bob&amount=1000000&for= malloryquot;>

24. data spills identity management / privacy Identity 2.0 aka “user centric identity management” (dick hard) casual versus strict privacy the case for OAuth! open social? data hygiene example: RSS-feeds

25.

26.

28.

29.

30.

31.

32. new… newer… newest AJAX Ruby (on Rails) / RJS / python / … lighttpd / mongrell libraries, more libraries, and even more libraries

33. web treaths Web 2.0 is a success, as the activities of the real world move online; the criminals follow the money, and the money is now online credit card companies are still eating the losses; but some areas are making customers more liable for losses

34. web treaths from highly visible media events to financially motivated threats the true financial attacks don't want to lose connectivity, so infrastructure DDoS attacks are counterindicated not just windows, now hitting Linux and Mac as well, aiming to compromise Linux servers

35. web treaths large rise in misconfigured, rogue DNS resolvers; estimated 300,000 compromised DNS servers Google finding 180,000 web servers serving malicious code in their crawls

36. wrapping-up… “old” security mechanisms not enough / counterproductive reduce complexity / decoupling old principles are still true be aware and… be what you are

Risico's Web 2.0

Recomendados

Recomendados

Más contenido relacionado

Similar a Risico's Web 2.0

Similar a Risico's Web 2.0 (20)

Último

Último (20)

Risico's Web 2.0