#IstioCon Taming Istio Configuration with Helm Ryan Michela / @ryanmichela / Salesforce #IstioCon In this talk This is a talk about using Helm with Istio ● Look at helm from a new perspective DEMO #IstioCon Demo - Bookinfo What did we see? ● Single entry point for each service’s configuration ● Install each service with a single command ● Single source of truth for auth and egress policy Everything you need to run a service in the mesh ● Ingress-service ○ Add’s ingress gateway configuration to mesh-service ● Mesh-egress ○ Configures TLS egress and policy ● Auth-policy ○ Configures

PRESENTS Vitess security audit In collaboration with the Vitess maintainers, Open Source Technology Improvement Fund and The Linux Foundation Authors Adam Korczynski David Korczynski com> Date: June 5, 2023 This report is licensed under Creative Commons 4.0 (CC BY 4.0) Vitess Security Audit, 2023 Table of contents Table of contents 1 Executive summary 2 Notable findings 3 Project found 16 SLSA review 38 Conclusions 40 1 Vitess Security Audit, 2023 Executive summary In March and April 2023, Ada Logics carried out a security audit of Vitess. The primary focus of the audit was

Istio Security Assessment Google August 6, 2020 – Version 1.1 Prepared for Arun Kumar R Prepared by Mark Manning Jeff Dileo Divya Natesan Andy Olsen Feedback on this project? https://my.nccgroup assessment was to identify security issues related to the Istio code base, highlight high risk configurations commonly used by administrators, and provide perspective on whether security features sufficiently Networking controls allowing inbound and outbound access of Istio services. • Istio Envoy Usage: The configuration and implemen- tation of Envoy within Istio (NOTE: Envoy itself was not part of the assessment)

получении запроса на соединение процесс сервера удостоверяет пользователя по базе данных безопасности (security database). После успешного удостоверения сервер разрешает приложению (пользователю) произвести безопасности, то даже хорошее шифрование становится немного больше, чем “безопасностью по неясности” (security by obscurity). 4.2.2. Ограничение распространения данных Некоторые просят шифровать данные базы “безопасности по неясности” Предлагаются и различные другие формы “безопасности по неясности” (security by obscurity). Например, специальные события, возникающие в моменты входа/подключения и отключения

A Security Guide for otlin Developers I N D E X Overview..................................................................1 Kotlin’s Security Profile............................................2 Most Common Security Attacks...............................3 Top Kotlin Security Risk...........................................5 OWASP Mobile TOP 10 Mobile Risks..........................10 Protect developers and other key decision makers in software security and software supply chain vulnerabilities with information regarding the top security risks they can expect to face — from inherent weaknesses

Firebird File and Metadata Security Geoff Worboys Version 0.6, 30 June 2020 Table of Contents 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 7. Acceptable Low Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . page and don’t know about Firebird, see this link: www.firebirdsql.org This article discusses the security of Firebird database files and in particular access to the metadata stored in those files. It has

C and C++: A Security Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Hoffmann Security Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond yearsMax Hoffmann Security Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory

Embracing an Adversarial Mindset for C++ Security Amanda Rousseau 9/18/2024 This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY1 Strategies for Secure C++ DevelopmentWHOAMI 0x401006 Microsoft 0x40100C Offensive 0x40100F Research & Security 0x401018 Engineering 0x40101A (MORSE) CURRENT 0x401000 MALWARE UNICORN AMANDA ROUSSEAU 0x402001 perspectiveFactors Influencing Trends Increased Security Awareness and Practices Adoption of Modern Technologies •secure coding, regular patching, comprehensive security testing •Improved Discovery Methods -

Spring Security Shiro Plugin - Reference Documentation Burt Beckwith Version 3.1.2.BUILD-SNAPSHOT Table of Contents 1. Introduction to the Spring Security Shiro Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chapter 1. Introduction to the Spring Security Shiro Plugin The Spring Security Shiro plugin adds some support for using a hybrid approach combining Spring Security and Shiro. It currently only supports