SlideShare una empresa de Scribd logo

Open Source for Cyber Security

Prabath Siriwardena
Prabath Siriwardena

Open Source for Cyber Security : Presentation at 4th Annual National Conference on Cyber Security - 19th Oct 2011

Tecnología
1 de 21
Descargar para leer sin conexión
Prabath Siriwardena Software Architect & Senior manager, WSO2
Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right   to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  ¡  The  freedom  to  run  the  program  for  any  purpose   ¡  The  freedom  to  study  and  modify  the  program   ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor   ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  ¡   The  license  should  not  prohibit  free  redistribution   ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form   ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software   ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software   ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
    ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor   ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties   ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution   ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software   ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
http://news.netcraft.com/archives/2011/01/12/january-­‐2011-­‐web-­‐server-­‐survey-­‐4.html  
http://www.securityspace.com/s_survey/data/man.201007/mxsurvey.html  
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers  
  Lot’s  of  eye  balls  
  Lot’s  of  [Expert]  eye  balls  
  Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  Money  can’t  buy  the  best  evaluation  
  Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  ¡  Absence  of  meticulous  evaluation     ¡  Spurious  open  source   ¡  Lack  of  sponsorship   ¡  Lack  of  proper  documentation  
  ¡  Nessus   ¡  Snort   ¡  Nagios   ¡  SpamAssasssin   ¡  ClamAV   ¡  OpenSSL   ¡  OpenSSH   ¡  Ossec  HIDS   ¡  Wireshark  
Open Source for Cyber Security

Recomendados

Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
Mykhailo Antonishyn
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
Rashid Khatmey
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
Prathan Phongthiproek
 
Understanding Open Source
Understanding Open SourceUnderstanding Open Source
Understanding Open Source
Jody Garnett
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
Tjylen Veselyj
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
Ezhilan Elangovan (Eril)
 

Recomendados

Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
Mykhailo Antonishyn
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
Abdelhamid Limami
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 
4 . future uni presentation
4 . future uni presentation4 . future uni presentation
4 . future uni presentation
Rashid Khatmey
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
Prathan Phongthiproek
 
Understanding Open Source
Understanding Open SourceUnderstanding Open Source
Understanding Open Source
Jody Garnett
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
Tjylen Veselyj
 
Security-testing presentation
Security-testing presentationSecurity-testing presentation
Security-testing presentation
Ezhilan Elangovan (Eril)
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testing
Mykhailo Antonishyn
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
OWASPKerala
 
Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014
Dan BerghJohnsson
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Derrick Hunter
 
Android security
Android securityAndroid security
Android security
Mobile Rtpl
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
Sorina Chirilă
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
Websecurify
 
Security Testing
Security TestingSecurity Testing
Security Testing
Qualitest
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Micho Hayek
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
ClubHack
 
Open source security
Open source securityOpen source security
Open source security
lrigknat
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
Shane Coughlan
 

Más contenido relacionado

La actualidad más candente

Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 

La actualidad más candente (20)

security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Android application security testing
Android application security testingAndroid application security testing
Android application security testing
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014Domain Driven Security at Internetdagarna-2014
Domain Driven Security at Internetdagarna-2014
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
 
Android security
Android securityAndroid security
Android security
 
Security testing
Security testingSecurity testing
Security testing
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Security hole #5 application security science or quality assurance
Security hole #5 application security science or quality assuranceSecurity hole #5 application security science or quality assurance
Security hole #5 application security science or quality assurance
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
 
Web Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security ToolkitWeb Application Security 101 - 03 Web Security Toolkit
Web Application Security 101 - 03 Web Security Toolkit
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 

Destacado

Open source security
Open source securityOpen source security
Open source security
lrigknat
 
Open source technology
Open source technologyOpen source technology
Open source technology
aparnaz1
 

Destacado (14)

Open source security
Open source securityOpen source security
Open source security
 
(In)security in Open Source
(In)security in Open Source(In)security in Open Source
(In)security in Open Source
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 
Open Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and SecurityOpen Source Software (OSS/FLOSS) and Security
Open Source Software (OSS/FLOSS) and Security
 
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, SecurityWeb Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
 
Application Security in the Age of Open Source
Application Security in the Age of Open SourceApplication Security in the Age of Open Source
Application Security in the Age of Open Source
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Open Source in Application Security
Open Source in Application SecurityOpen Source in Application Security
Open Source in Application Security
 
RFID security ppt
RFID security pptRFID security ppt
RFID security ppt
 
Power Point Presentation on Open Source Software
Power Point Presentation on Open Source Software Power Point Presentation on Open Source Software
Power Point Presentation on Open Source Software
 
Open Source Software Presentation
Open Source Software PresentationOpen Source Software Presentation
Open Source Software Presentation
 
Open source technology
Open source technologyOpen source technology
Open source technology
 
OPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATIONOPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATION
 
Open Source Technology
Open Source TechnologyOpen Source Technology
Open Source Technology
 

Similar a Open Source for Cyber Security

Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Inman News
 
foss-30oct-2012
foss-30oct-2012foss-30oct-2012
foss-30oct-2012
S Sridhar
 
Craig The apache Way
Craig The apache Way Craig The apache Way
Craig The apache Way
jixuan1989
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterprise
Marcel de Vries
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
Rogue Wave Software
 
Open source technology
Open source technologyOpen source technology
Open source technology
Rohit Kumar
 

Similar a Open Source for Cyber Security (20)

Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
 
foss-30oct-2012
foss-30oct-2012foss-30oct-2012
foss-30oct-2012
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
 
Open Source In Education
Open Source In EducationOpen Source In Education
Open Source In Education
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
 
Open Source SW Business
Open Source SW Business Open Source SW Business
Open Source SW Business
 
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
 
Open Source Shareware Freeware
Open Source Shareware FreewareOpen Source Shareware Freeware
Open Source Shareware Freeware
 
Open Source Software
Open Source SoftwareOpen Source Software
Open Source Software
 
Craig The apache Way
Craig The apache Way Craig The apache Way
Craig The apache Way
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
Benefits of Using Open Source Technology for Web Development.pptx
Benefits of Using Open Source Technology for Web Development.pptxBenefits of Using Open Source Technology for Web Development.pptx
Benefits of Using Open Source Technology for Web Development.pptx
 
Best practices for using open source software in the enterprise
Best practices for using open source software in the enterpriseBest practices for using open source software in the enterprise
Best practices for using open source software in the enterprise
 
Open Source
Open SourceOpen Source
Open Source
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Open source licenses training
Open source licenses trainingOpen source licenses training
Open source licenses training
 
Aliens in Your Apps!
Aliens in Your Apps!Aliens in Your Apps!
Aliens in Your Apps!
 
Foss introduction and history
Foss introduction and historyFoss introduction and history
Foss introduction and history
 
Open source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the detailsOpen source software for IoT – The devil’s in the details
Open source software for IoT – The devil’s in the details
 
Open source technology
Open source technologyOpen source technology
Open source technology
 

Más de Prabath Siriwardena

Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
Prabath Siriwardena
 
Connected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesConnected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & Challenges
Prabath Siriwardena
 

Más de Prabath Siriwardena (20)

Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Identity is Eating the World!
Identity is Eating the World!Identity is Eating the World!
Identity is Eating the World!
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
OAuth 2.0 Threat Landscape
OAuth 2.0 Threat LandscapeOAuth 2.0 Threat Landscape
OAuth 2.0 Threat Landscape
 
GDPR for Identity Architects
GDPR for Identity ArchitectsGDPR for Identity Architects
GDPR for Identity Architects
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat Landscapes
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
 
Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
 
Connected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesConnected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & Challenges
 
The Evolution of Internet Identity
The Evolution of Internet IdentityThe Evolution of Internet Identity
The Evolution of Internet Identity
 
Next-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and CloudNext-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and Cloud
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Open Source for Cyber Security

  • 1. Prabath Siriwardena Software Architect & Senior manager, WSO2
  • 2. Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right   to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  • 3.   ¡  The  freedom  to  run  the  program  for  any  purpose   ¡  The  freedom  to  study  and  modify  the  program   ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor   ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  • 4.   ¡   The  license  should  not  prohibit  free  redistribution   ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form   ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software   ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software   ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
  • 5.     ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor   ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties   ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution   ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software   ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.   Lot’s  of  eye  balls  
  • 15.   Lot’s  of  [Expert]  eye  balls  
  • 16.   Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  • 17.   Money  can’t  buy  the  best  evaluation  
  • 18.   Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  • 19.   ¡  Absence  of  meticulous  evaluation     ¡  Spurious  open  source   ¡  Lack  of  sponsorship   ¡  Lack  of  proper  documentation  
  • 20.   ¡  Nessus   ¡  Snort   ¡  Nagios   ¡  SpamAssasssin   ¡  ClamAV   ¡  OpenSSL   ¡  OpenSSH   ¡  Ossec  HIDS   ¡  Wireshark