My Bug Hunting With Open Source
3 likes1,787 views
This talk is going to talk about how I got 50 CVE's in a week. I used to play bug bounties and other security penetration testing challenges. After realization I started contributing to Open Source Community and found several critical bugs and got proper satisfaction for the work. Then I met like minded people and started bug hunter with Code Vigilant (http://codevigilant.com), Project for Securing Open Source Software.
1 of 26
Downloaded 11 times
Recommended
Fun & profit with bug bounties
Fun & profit with bug bountiesn|u - The Open Security Community
油
- The document discusses bug bounty programs, which allow security researchers to find vulnerabilities in software and websites for rewards. It provides tips on how to get started with bug bounty hunting, including learning about common vulnerability types, using tools like Burp Suite and custom scripts, and starting with smaller sites before tackling larger targets. The author shares their experience starting as a novice and eventually contributing some vulnerabilities to open source projects. They conclude that bug bounties are a good way to learn about new attacks beyond just the rewards.How you can become a hacker with no security experience
How you can become a hacker with no security experienceAvdnei Andrei
油
This document discusses how someone with no security experience can become a hacker. It begins with short biographies of the author and defines hackers. It distinguishes between white hat and black hat hackers and provides examples of security exploits like password resets, phishing, malware, wifi sniffing, and hacking websites. It notes many tools are available for free or cheaply and warns that these simple hacks can compromise accounts and websites. The document advises readers on safety measures like using strong passwords, antivirus software, and VPNs. It concludes by asking if the reader has any questions.Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
油
The document discusses an "Android Fight Club" session focused on analyzing and hacking Android applications for security. It provides an overview of static and dynamic analysis techniques, tools like ADB, Drozer, and QARK that can be used, and common Android vulnerabilities like insecure storage, transport issues, and insecure app components that may be found. The document also includes discussion prompts and breaks for questions, as well as tips for setting up an Android lab environment and bypassing protections like SSL pinning.DEF CON 23 - Ryan Mitchell - separating bots from humans
DEF CON 23 - Ryan Mitchell - separating bots from humansFelipe Prado
油
This document summarizes a talk on separating bots from humans. The speaker is a software engineer and author who has written books on web scraping. He discusses the history of bots and scrapers, why they are important, and methods used on both the defense and attack sides to identify and bypass bots. On the defense side, he covers techniques like robots.txt files, terms of service, headers, CAPTCHAs, honeypots, behavioral patterns, and IP blocking. On the attack side, he discusses targeted vs non-targeted attacks, OCR, JavaScript execution, and honeypot avoidance. He concludes by suggesting it may be better to stop trying to bot-proof sites and make data available through APIs instead.WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress Coding
WordCamp Milwaukee 2012 - Aaron Saray - Secure Wordpress CodingAaron Saray
油
Secure Wordpress Coding
The document provides an overview of secure coding practices for Wordpress websites. It discusses common security vulnerabilities like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). It emphasizes the importance of filtering user input to prevent exploits. The document also covers secure theme development practices, such as using built-in Wordpress functions and filters. Maintaining and updating Wordpress core, plugins, and themes is key to keeping sites secure.舒亶从亳 亰 仗仂亢亠亢仆仂亞仂 亟亠仗仂 舒弍仂 磻 仗舒ム Big Data 于 Sigma Software, 亠仆亳 亳于,
舒亶从亳 亰 仗仂亢亠亢仆仂亞仂 亟亠仗仂 舒弍仂 磻 仗舒ム Big Data 于 Sigma Software, 亠仆亳 亳于,Sigma Software
油
This document provides advice for teams working on big data projects. It discusses the importance of knowing and trusting your team members, not over-relying on any single person, being aware of risks posed by the technical platform, learning your product inside and out, and securely handling credentials and access. Specific recommendations include listening to engineers, allowing flexibility in work, having backup plans, experimenting with default settings, monitoring data flows, and using information security best practices like separating code and credentials.Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMEjeffmcjunkin
油
Jeff McJunkin discusses various information security specializations including penetration testing, forensics, incident response, systems administration, audit, management, and legal. He provides an overview of the skills needed for each specialization and next steps one can take to develop those skills and become employable in that field. Some key specializations he highlights are penetration testing, computer forensics, and intrusion analysis which often involve consulting work. He emphasizes getting hands-on experience through challenges, labs, and internships to develop skills for these careers.Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
油
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and Abroad
http://blog.mazinahmed.net/2016/10/bug-bounty-hunting-swiss-cyber-storm.htmlContributing to an Open Source Project 101
Contributing to an Open Source Project 101POSSCON
油
Greg Sheremeta
Red Hat - Senior Software Engineer
POSSCON
4/14/2015
Open 101 Track - 1:00 PM TalkC, C++, Java, Python, PHP, JavaScript and Linux For Beginners
C, C++, Java, Python, PHP, JavaScript and Linux For BeginnersManjunath.R -
油
An ideal addition to your personal elibrary. With the aid of this indispensable reference book, you may quickly gain a grasp of Python, Java, JavaScript, C, C++, CSS, Data Science, HTML, LINUX and PHP. It can be challenging to understand the programming language's distinctive advantages and charms. Many programmers who are familiar with a variety of languages frequently approach them from a constrained perspective rather than enjoying their full expressivity. Some programmers incorrectly use Programmatic features, which can later result in serious issues. The programmatic method of writing programsthe ideal approach to use programming languagesis explained in this book. This book is for all programmers, whether you are a novice or an experienced pro. Its numerous examples and well paced discussions will be especially beneficial for beginners. Those who are already familiar with programming will probably gain more from this book, of course. I want you to be prepared to use programming to make a big difference.The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
油
The document provides an overview of the game of bug bounty hunting, including a brief history of bug bounty programs, the present state of platforms like HackerOne and BugCrowd, tips for getting started, techniques for finding different types of vulnerabilities, examples of famous bounty submissions, and potential drama one may face. It also includes suggestions for resources, tools, blogs, and people to follow to continue learning and developing skills in bug bounty hunting.Linux Commands, C, C++, Java and Python Exercises For Beginners
Linux Commands, C, C++, Java and Python Exercises For BeginnersManjunath.R -
油
An approachable manual for new and experienced programmers that introduces the programming languages C, C++, Java, and Python. This book is for all programmers, whether you are a novice or an experienced pro. It is designed for an introductory course that provides beginning engineering and computer science students with a solid foundation in the fundamental concepts of computer programming. It also offers valuable perspectives on important computing concepts through the development of programming and problem-solving skills using the languages C, C++, Java, and Python. The beginner will find its carefully paced exercises especially helpful. Of course, those who are already familiar with programming are likely to derive more benefits from this book. After reading this book you will find yourself at a moderate level of expertise in C, C++, Java and Python, from which you can take yourself to the next levels. The command-line interface is one of the nearly all well built trademarks of Linux. There exists an ocean of Linux commands, permitting you to do nearly everything you can be under the impression of doing on your Linux operating system. However, this, at the end of time, creates a problem: because of all of so copious commands accessible to manage, you don't comprehend where and at which point to fly and learn them, especially when you are a learner. If you are facing this problem, and are peering for a painless method to begin your command line journey in Linux, you've come to the right place-as in this book, we will launch you to a hold of well liked and helpful Linux commands. This book gives a thorough introduction to the C, C++, Java, and Python programming languages, covering everything from fundamentals to advanced concepts. It also includes various exercises that let you put what you learn to use in the real world.Leading an open source project as a startup
Leading an open source project as a startupNicolas Garnier
油
際際滷s from my talk at Pycon.it about doing open source as a company or startup, sharing what we learnt at Mailjet from open sourcing MJML. Leading An Open Source Project As A Startup
Leading An Open Source Project As A StartupMailjet
油
際際滷s from Nicolas Garnier's talk at Pycon.it about doing open source as a company or startup, sharing what we learnt at Mailjet from open sourcing MJML.
Nicolas Garnier is the MJML Product Lead at Mailjet.Mobile Web Compatibility @ Code Camp Cluj
Mobile Web Compatibility @ Code Camp ClujIoana Chiorean
油
Many users nowadays connect to the web directly from mobile skipping any desktop experience. So why would you risk using them? Learn from the web-bugs we found and give a fair and beautiful experience to your users!Tenants for Going at DevSecOps Speed - LASCON 2023
Tenants for Going at DevSecOps Speed - LASCON 2023Matt Tesauro
油
Youre tasked with doing DevSecOps for your company and youve got more apps and issues than you know how to deal with. How do you make sense of the different tool outputs for all your different apps let alone shrink the pile of work already on your plate? In this talk, well discuss the key decision points and requirements to set up a program that moves as fast as it needs to without your team burning out. Learn how to keep moving forward while keeping your sanity.
After learning to be nimble from dealing with teams that are doing 75 production deployments per week, the surviving ideas have been distilled into a collection of tenants. Well cover: How to handle CI/CD tests versus traditional security assessments? How to best manage SLAs? How to keep data for auditors and regulatory requirements while also doing continuous testing? Understanding health checks versus continuous testing versus manual testing. How to deal with false positives, risk acceptances and the lifecycle of a security issue? By using these tenants, security assessments at one company grew from 44 to 414 in 2 years or 9.4 times all while losing some headcount. Time to turn chaos into calm and distress into success.Lvl.up
Lvl.upswee meng ng
油
This document provides an introduction to connecting devices to the internet using microcontrollers like Arduino. It discusses why microcontrollers are useful for this compared to computers or phones. It then lists several popular microcontroller boards and development environments. The document recommends online resources for learning and components. It provides examples of internet of things projects and emphasizes exploring and making things to learn.Preparing for the WebGeek DevCup
Preparing for the WebGeek DevCupbryanbibat
油
The document provides tips for preparing for a hackathon event called the WebGeek DevCup. It recommends preparing your application framework ahead of time by choosing technologies and setting up modules like authentication, but not completing the full application. It also suggests preparing your development environment, using version control, potentially deploying code, and ensuring good team communication and self-care during the event. The goal is to minimize time spent on setup during the hackathon in order to focus on coding the full application within the limited timeframe.BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
油
Bug bounty roadmap covers various techniques for finding vulnerabilities such as understanding the target application flow, using passive reconnaissance tools to discover assets, hacking with Burp Suite to find bugs like XSS and SQLi, and keeping up with new trends to improve bounty hunting. The presentation emphasizes thorough preparation and research to avoid duplicate reports and better understand the target before launching attacks. It also provides tips for writing high-quality bug reports to build good relationships with security teams.Michael Widenius
Michael WideniusCodeFest
油
Michael Widenius provided an overview of how to successfully create an open source project. He discussed the importance of having an active community, transparency in development, and getting the product used in production early on. Widenius also covered different business models for open source like dual licensing, services models, and donations/crowdfunding. The key is finding a sustainable way to fund development while allowing users freedom under an open source license.Services, tools & practices for a software house
Services, tools & practices for a software houseParis Apostolopoulos
油
An overview of simple tools, practises and services any software house or development team should consider - add to its work cycle.Pentester++
Pentester++CTruncer
油
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.Year Zero
Year Zeroleifdreizler
油
This document summarizes best practices for building an application security program at a startup. It recommends getting organizational buy-in, building a security team by networking and attending events, and shifting security left by training developers. It also discusses implementing threat modeling, carefully vetting security vendors, embedding security engineers with developer teams, and continuing to improve processes over time. The overall message is that security is a collaborative effort involving the whole company.The benefits of contributing to open source
The benefits of contributing to open sourceJonathan Bossenger
油
In this talk I gave to the PHP Cape Town meetup group, I discussed the 3 main benefits I've found from actively contributing to open source communities (specifically WordPress) over the last 3 years.Open Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Strategy Forum
油
The document discusses open source horror stories and lessons learned from managing open source programs at large companies. It provides tips for creating practices that match open source policies to build trust, conducting rational audits of build processes to address legal and security issues, and establishing fast approval processes for contributor license agreements to avoid barriers. The key takeaway is that companies need coordinated open source programs to help engineers ask for guidance and implement proper processes that enable speed while ensuring better long-term technical and legal outcomes.OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)FINOS
油
Gil Yehuda, Oath: Open Source Horror Stories (and lessons learned).
Open Source is not just about unicorns and rainbows where nice developers give you free code and fix it for you. This talk will feature a few cringeworthy but real-world stories of open source situations gone bad. Well talk about cases where people published things they should not have, licenses with terms youd never agree with, employees who forget who signs their paychecks, DMCA takedowns that kill your code, and situations where you now own someone elses mistakes. Names and some details will be withheld to protect the innocent and guilty alike. But each case points to a policy which you should put in place to protect your projects and your interests in the world of open source. At the end of this talk youll see why many companies manage an open source program the way they do.5 unspoke rules of contributing to open source software
5 unspoke rules of contributing to open source softwareMike Nelson
油
The document outlines 5 unspoken rules for contributing to open source software: 1) Justify your proposed changes, 2) Be willing to discuss and revise your contributions, 3) Be positive and grateful, 4) Make small, focused changes that are easier to review and accept, and 5) It's often easier to create companion software rather than modify existing code. The document provides examples and explanations for each rule to help new contributors successfully participate in open source projects.Buddy navigator
Buddy navigatorRishabh Gupta
油
This document outlines a proposal for a mobile application called Buddy Navigator that allows users to see the locations of nearby friends and connect with acquaintances. The proposal discusses the objectives of allowing users to view friend locations via GPS and message friends when nearby. It addresses issues like privacy, compatibility and map updates. It provides a risk analysis, methodology with phases for planning, coding, permissions and testing. It includes a budget section noting the low cost to develop since tools are downloaded, and outlines benefits like safety, parental controls and assistance for travelers.April Patch Tuesday
April Patch TuesdayIvanti
油
Ivantis Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There well do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities. 
More Related Content
Similar to My Bug Hunting With Open Source (20)
Contributing to an Open Source Project 101
Contributing to an Open Source Project 101POSSCON
油
Greg Sheremeta
Red Hat - Senior Software Engineer
POSSCON
4/14/2015
Open 101 Track - 1:00 PM TalkC, C++, Java, Python, PHP, JavaScript and Linux For Beginners
C, C++, Java, Python, PHP, JavaScript and Linux For BeginnersManjunath.R -
油
An ideal addition to your personal elibrary. With the aid of this indispensable reference book, you may quickly gain a grasp of Python, Java, JavaScript, C, C++, CSS, Data Science, HTML, LINUX and PHP. It can be challenging to understand the programming language's distinctive advantages and charms. Many programmers who are familiar with a variety of languages frequently approach them from a constrained perspective rather than enjoying their full expressivity. Some programmers incorrectly use Programmatic features, which can later result in serious issues. The programmatic method of writing programsthe ideal approach to use programming languagesis explained in this book. This book is for all programmers, whether you are a novice or an experienced pro. Its numerous examples and well paced discussions will be especially beneficial for beginners. Those who are already familiar with programming will probably gain more from this book, of course. I want you to be prepared to use programming to make a big difference.The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
油
The document provides an overview of the game of bug bounty hunting, including a brief history of bug bounty programs, the present state of platforms like HackerOne and BugCrowd, tips for getting started, techniques for finding different types of vulnerabilities, examples of famous bounty submissions, and potential drama one may face. It also includes suggestions for resources, tools, blogs, and people to follow to continue learning and developing skills in bug bounty hunting.Linux Commands, C, C++, Java and Python Exercises For Beginners
Linux Commands, C, C++, Java and Python Exercises For BeginnersManjunath.R -
油
An approachable manual for new and experienced programmers that introduces the programming languages C, C++, Java, and Python. This book is for all programmers, whether you are a novice or an experienced pro. It is designed for an introductory course that provides beginning engineering and computer science students with a solid foundation in the fundamental concepts of computer programming. It also offers valuable perspectives on important computing concepts through the development of programming and problem-solving skills using the languages C, C++, Java, and Python. The beginner will find its carefully paced exercises especially helpful. Of course, those who are already familiar with programming are likely to derive more benefits from this book. After reading this book you will find yourself at a moderate level of expertise in C, C++, Java and Python, from which you can take yourself to the next levels. The command-line interface is one of the nearly all well built trademarks of Linux. There exists an ocean of Linux commands, permitting you to do nearly everything you can be under the impression of doing on your Linux operating system. However, this, at the end of time, creates a problem: because of all of so copious commands accessible to manage, you don't comprehend where and at which point to fly and learn them, especially when you are a learner. If you are facing this problem, and are peering for a painless method to begin your command line journey in Linux, you've come to the right place-as in this book, we will launch you to a hold of well liked and helpful Linux commands. This book gives a thorough introduction to the C, C++, Java, and Python programming languages, covering everything from fundamentals to advanced concepts. It also includes various exercises that let you put what you learn to use in the real world.Leading an open source project as a startup
Leading an open source project as a startupNicolas Garnier
油
際際滷s from my talk at Pycon.it about doing open source as a company or startup, sharing what we learnt at Mailjet from open sourcing MJML. Leading An Open Source Project As A Startup
Leading An Open Source Project As A StartupMailjet
油
際際滷s from Nicolas Garnier's talk at Pycon.it about doing open source as a company or startup, sharing what we learnt at Mailjet from open sourcing MJML.
Nicolas Garnier is the MJML Product Lead at Mailjet.Mobile Web Compatibility @ Code Camp Cluj
Mobile Web Compatibility @ Code Camp ClujIoana Chiorean
油
Many users nowadays connect to the web directly from mobile skipping any desktop experience. So why would you risk using them? Learn from the web-bugs we found and give a fair and beautiful experience to your users!Tenants for Going at DevSecOps Speed - LASCON 2023
Tenants for Going at DevSecOps Speed - LASCON 2023Matt Tesauro
油
Youre tasked with doing DevSecOps for your company and youve got more apps and issues than you know how to deal with. How do you make sense of the different tool outputs for all your different apps let alone shrink the pile of work already on your plate? In this talk, well discuss the key decision points and requirements to set up a program that moves as fast as it needs to without your team burning out. Learn how to keep moving forward while keeping your sanity.
After learning to be nimble from dealing with teams that are doing 75 production deployments per week, the surviving ideas have been distilled into a collection of tenants. Well cover: How to handle CI/CD tests versus traditional security assessments? How to best manage SLAs? How to keep data for auditors and regulatory requirements while also doing continuous testing? Understanding health checks versus continuous testing versus manual testing. How to deal with false positives, risk acceptances and the lifecycle of a security issue? By using these tenants, security assessments at one company grew from 44 to 414 in 2 years or 9.4 times all while losing some headcount. Time to turn chaos into calm and distress into success.Lvl.up
Lvl.upswee meng ng
油
This document provides an introduction to connecting devices to the internet using microcontrollers like Arduino. It discusses why microcontrollers are useful for this compared to computers or phones. It then lists several popular microcontroller boards and development environments. The document recommends online resources for learning and components. It provides examples of internet of things projects and emphasizes exploring and making things to learn.Preparing for the WebGeek DevCup
Preparing for the WebGeek DevCupbryanbibat
油
The document provides tips for preparing for a hackathon event called the WebGeek DevCup. It recommends preparing your application framework ahead of time by choosing technologies and setting up modules like authentication, but not completing the full application. It also suggests preparing your development environment, using version control, potentially deploying code, and ensuring good team communication and self-care during the event. The goal is to minimize time spent on setup during the hackathon in order to focus on coding the full application within the limited timeframe.BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
油
Bug bounty roadmap covers various techniques for finding vulnerabilities such as understanding the target application flow, using passive reconnaissance tools to discover assets, hacking with Burp Suite to find bugs like XSS and SQLi, and keeping up with new trends to improve bounty hunting. The presentation emphasizes thorough preparation and research to avoid duplicate reports and better understand the target before launching attacks. It also provides tips for writing high-quality bug reports to build good relationships with security teams.Michael Widenius
Michael WideniusCodeFest
油
Michael Widenius provided an overview of how to successfully create an open source project. He discussed the importance of having an active community, transparency in development, and getting the product used in production early on. Widenius also covered different business models for open source like dual licensing, services models, and donations/crowdfunding. The key is finding a sustainable way to fund development while allowing users freedom under an open source license.Services, tools & practices for a software house
Services, tools & practices for a software houseParis Apostolopoulos
油
An overview of simple tools, practises and services any software house or development team should consider - add to its work cycle.Pentester++
Pentester++CTruncer
油
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.Year Zero
Year Zeroleifdreizler
油
This document summarizes best practices for building an application security program at a startup. It recommends getting organizational buy-in, building a security team by networking and attending events, and shifting security left by training developers. It also discusses implementing threat modeling, carefully vetting security vendors, embedding security engineers with developer teams, and continuing to improve processes over time. The overall message is that security is a collaborative effort involving the whole company.The benefits of contributing to open source
The benefits of contributing to open sourceJonathan Bossenger
油
In this talk I gave to the PHP Cape Town meetup group, I discussed the 3 main benefits I've found from actively contributing to open source communities (specifically WordPress) over the last 3 years.Open Source Horror Stories and Lessons Learned
Open Source Horror Stories and Lessons LearnedOpen Source Strategy Forum
油
The document discusses open source horror stories and lessons learned from managing open source programs at large companies. It provides tips for creating practices that match open source policies to build trust, conducting rational audits of build processes to address legal and security issues, and establishing fast approval processes for contributor license agreements to avoid barriers. The key takeaway is that companies need coordinated open source programs to help engineers ask for guidance and implement proper processes that enable speed while ensuring better long-term technical and legal outcomes.OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)
OPEN SOURCE HORROR STORIES (AND LESSONS LEARNED)FINOS
油
Gil Yehuda, Oath: Open Source Horror Stories (and lessons learned).
Open Source is not just about unicorns and rainbows where nice developers give you free code and fix it for you. This talk will feature a few cringeworthy but real-world stories of open source situations gone bad. Well talk about cases where people published things they should not have, licenses with terms youd never agree with, employees who forget who signs their paychecks, DMCA takedowns that kill your code, and situations where you now own someone elses mistakes. Names and some details will be withheld to protect the innocent and guilty alike. But each case points to a policy which you should put in place to protect your projects and your interests in the world of open source. At the end of this talk youll see why many companies manage an open source program the way they do.5 unspoke rules of contributing to open source software
5 unspoke rules of contributing to open source softwareMike Nelson
油
The document outlines 5 unspoken rules for contributing to open source software: 1) Justify your proposed changes, 2) Be willing to discuss and revise your contributions, 3) Be positive and grateful, 4) Make small, focused changes that are easier to review and accept, and 5) It's often easier to create companion software rather than modify existing code. The document provides examples and explanations for each rule to help new contributors successfully participate in open source projects.Buddy navigator
Buddy navigatorRishabh Gupta
油
This document outlines a proposal for a mobile application called Buddy Navigator that allows users to see the locations of nearby friends and connect with acquaintances. The proposal discusses the objectives of allowing users to view friend locations via GPS and message friends when nearby. It addresses issues like privacy, compatibility and map updates. It provides a risk analysis, methodology with phases for planning, coding, permissions and testing. It includes a budget section noting the low cost to develop since tools are downloaded, and outlines benefits like safety, parental controls and assistance for travelers.Recently uploaded (20)
April Patch Tuesday
April Patch TuesdayIvanti
油
Ivantis Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There well do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities. Commit Conf 2025 Bitnami Charts with Kubescape
Commit Conf 2025 Bitnami Charts with KubescapeAlfredo Garc鱈a Lavilla
油
En esta charla compartiremos la experiencia del equipo de Bitnami en la mejora de la seguridad de nuestros Helm Charts y Contenedores utilizando Kubescape como herramienta principal de validaci坦n. Exploraremos el proceso completo, desde la identificaci坦n de necesidades hasta la implementaci坦n de validaciones automatizadas, incluyendo la creaci坦n de herramientas para la comunidad.
Compartiremos nuestra experiencia en la implementaci坦n de mejoras de seguridad en Charts y Contenedores, bas叩ndonos en las mejores pr叩cticas del mercado y utilizando Kubescape como herramienta de validaci坦n. Explicaremos c坦mo automatizamos estas validaciones integr叩ndolas en nuestro ciclo de vida de desarrollo, mejorando significativamente la seguridad de nuestros productos mientras manten鱈amos la eficiencia operativa.
Durante la charla, los asistentes aprender叩n c坦mo implementar m叩s de 60 validaciones de seguridad cr鱈ticas, incluyendo la configuraci坦n segura de contenedores en modo no privilegiado, la aplicaci坦n de buenas pr叩cticas en recursos de Kubernetes, y c坦mo garantizar la compatibilidad con plataformas como OpenShift. Adem叩s, demostraremos una herramienta de self-assessment que desarrollamos para que cualquier usuario pueda evaluar y mejorar la seguridad de sus propios Charts bas叩ndose en esta experiencia.
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdf
2025-04-05 - Block71 Event - The Landscape of GenAI and Ecosystem.pdfIvan Tang
油
The different layers of GenAI stack.Codequiry: A Code Similarity Checker Every Developer Should Know
Codequiry: A Code Similarity Checker Every Developer Should KnowCode Quiry
油
Every developer values originalityand Codequiry makes it easy to protect it. This powerful code similarity checker analyzes structure, logic, and syntax to detect plagiarism with precision. With support for 50+ programming languages and in-depth comparison across web, peer, and internal sources, Codequiry is an essential tool for anyone serious about writing clean, authentic, and uncompromised code.
Meet CrewAI The Framework Powering Agentic AI (2).pdf
Meet CrewAI The Framework Powering Agentic AI (2).pdf Yodaplus Technologies Private Limited
油
Agentic AI is the future but building intelligent systems where AI agents collaborate effectively? Thats where CrewAI steps in.
In this presentation, we introduce CrewAI, an open-source framework that brings role-based architecture and real-time communication to AI agents. From equity research bots to agentic DevOps pipelines, discover how CrewAI enables coordinated, goal-driven execution across multiple agents.
Learn about CrewAIs building blocks, its unique features like Agent-to-Agent Protocols (A2AP), and how Yodaplus is leveraging it in real-world BFSI and supply chain solutions using GenAI tools like GenRPT and DataClip.
Whether youre exploring agent ecosystems or hands-on implementation, this deck is your quick guide to the emerging world of Agentic AI frameworks.All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-World
All-Data, Any-AI Integration: FME & Amazon Bedrock in the Real-WorldSafe Software
油
Join us for an exclusive webinar featuring special guest speakers from Amazon, Amberside Energy, and Avineon-Tensing as we explore the power of Amazon Bedrock and FME in AI-driven geospatial workflows.
Discover how Avineon-Tensing is using AWS Bedrock to support Amberside Energy in automating image classification and streamlining site reporting. By integrating Bedrocks generative AI capabilities with FME, image processing and categorization become faster and more efficient, ensuring accurate and organized filing of site imagery. Learn how this approach reduces manual effort, standardizes reporting, and leverages AWSs secure AI tooling to optimize their workflows.
If youre looking to enhance geospatial workflows with AI, automate image processing, or simply explore the potential of FME and Bedrock, this webinar is for you!Artificial Neural Networks, basics, its variations and examples
Artificial Neural Networks, basics, its variations and examplesanandsimple
油
The slides describe basics of Artificial Neural Networks, its variations and examples in details.San Francisco Atlassian ACE - Mar 27 2025.pdf
San Francisco Atlassian ACE - Mar 27 2025.pdfMatt Doar
油
際際滷s from 7 vendors at. the Atlassian ACE event in SF on March 27th 2025Convert EML files to PST on Mac operating system
Convert EML files to PST on Mac operating systemRachel Walker
油
Mailvita EML to PST Converter for Mac is a useful program for Mac users, it can easily change several EML files into Outlook PST files with all attachments. This tool works with a lot of email programs, like Windows Live Mail, Thunderbird, and others. With its simple GUI, it's easy for both technical and non-technical people to convert files. Visit the official website to learn more about this program.
visit here: https://www.mailvita.com/eml-to-pst-converter-for-mac/Smarter RAG Pipelines: Scaling Search with Milvus and Feast
Smarter RAG Pipelines: Scaling Search with Milvus and FeastZilliz
油
About this webinar
Learn how Milvus and Feast can be used together to scale vector search and easily declare views for retrieval using open source. Well demonstrate how to integrate Milvus with Feast to build a customized RAG pipeline.
Topics Covered
- Leverage Feast for dynamic metadata and document storage and retrieval, ensuring that the correct data is always available at inference time
- Learn how to integrate Feast with Milvus to support vector-based retrieval in RAG systems
- Use Milvus for fast, high-dimensional similarity search, enhancing the retrieval phase of your RAG modelEvaluating Global Load Balancing Options for Kubernetes in Practice (Kubermat...
Evaluating Global Load Balancing Options for Kubernetes in Practice (Kubermat...Tobias Schneck
油
https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-europe-london-2025/talk/UFZNVH/
Load Balancing is a critical aspect of modern cloud deployments, and its especially tricky and misunderstood in hybrid environments that span across public clouds and private datacenters on premise. Designing a future-proof solution that is scalable, robust, fast and includes automatic failovers for different disaster cases, is a challenge we need to tackle. Therefore, our evaluation focused on two base technologies: Multi-Cluster Meshes and DNS based Global Load Balancing.
Join us on our journey of evaluating the two CNCF projects Cilium and K8GB against real-world scenarios with complex multi-cloud deployments. Learn about the benefits, challenges and trade-offs you should expect when choosing a hybrid cloud strategy with Kubernetes!
A practical live demo will share our hands-on experience, pros and cons, alongside use-case-specific solution recommendations for your hybrid-cloud journey.Network_Packet_Brokers_Presentation.pptx
Network_Packet_Brokers_Presentation.pptxKhushi Communications
油
Most people might think of a water faucet or even the tap on a keg of beer. But in the world of networking, "TAP" stands for "Traffic Access Point" or "Test Access Point." It's not a beverage or a sink fixture, but rather a crucial tool for network monitoring and testing. Khushi Communications is a top vendor in India, providing world-class Network TAP solutions. With their expertise, they help businesses monitor, analyze, and secure their networks efficiently.Least Privilege AWS IAM Role Permissions
Least Privilege AWS IAM Role PermissionsChris Wahl
油
RECORDING: https://youtu.be/hKepiNhtWSo
Hello innovators! Welcome to the latest episode of My Essentials Course series. In this video, we'll delve into the concept of least privilege for IAM roles, ensuring roles have the minimum permissions needed for success. Learn strategies to create read-only, developer, and admin roles. Discover tools like IAM Access Analyzer, Pike, and Policy Sentry for generating efficient IAM policies. Follow along as we automate role and policy creation using Pike with Terraform, and test our permissions using GitHub Actions. Enhance your security practices by integrating these powerful tools. Enjoy the video and leave your feedback in the comments!Innovative Web Design | Malachite Technologies
Innovative Web Design | Malachite Technologiesmalachitetechnologie1
油
Elevate your online presence with Malachite Technologies where creativity meets technology. Our web design experts craft visually stunning and interactive websites that not only capture your brands essence but also enhance user engagement.
ScotSecure Cyber Security Summit 2025 Edinburgh
ScotSecure Cyber Security Summit 2025 EdinburghRay Bugg
油
Scot-Secure is Scotlands largest annual cyber security conference. The event brings together senior InfoSec personnel, IT leaders, academics, security researchers and law enforcement, providing a unique forum for knowledge exchange, discussion and high-level networking.
The programme is focussed on improving awareness and best practice through shared learning: highlighting emerging threats, new research and changing adversarial tactics, and examining practical ways to improve resilience, detection and response.HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptx
HHUG-04-2025-Close-more-deals-from-your-existing-pipeline-FOR SLIDESHARE.pptxHampshireHUG
油
Struggling to get real value from HubSpot Sales Hub? Learn 5 mighty methods to close more deals without more leads or headcount (even on Starter subscriptions)!
These slides accompanied a webinar run by Hampshire's HubSpot User Group (HUG) on 2nd April, 2025.
HubSpot subscribers can watch the recording here: https://events.hubspot.com/events/details/hubspot-hampshire-presents-5-ways-to-close-more-deals-from-your-existing-sales-pipeline/
ABOUT THE EVENT:
Unlock hidden revenue in your CRM with our practical HubSpot tactics
Are you struggling to get real value from your HubSpot Sales Hub?
If your HubSpot feels like more of an admin burden than a revenue enabler, youre not alone. Many sales leaders find that their team isn't updating records consistently, pipeline visibility is poor, and reporting doesnt deliver the insights they need to drive strategy.
The good news? You dont need to upgrade your HubSpot subscription to sort these issues.
Join us for this webinar to learn 5 mighty tactics that will help you streamline your sales process, improve pipeline visibility, and extract more revenue from your existing pipeline, without spending more on marketing or hiring extra sales reps.
What Youll Learn
Customising Records Increase sales momentum with more useful CRM data for your salespeople
Pipeline Rules Improve deal stage consistency and data accuracy for improved prioritisation and forecasting
Team Permissions & Defaults Control access and streamline processes. Spend more time selling, less on admin
Pipeline View Customisation Get clearer sales insights, faster, to deal with revenue leaks
Simple Sales Reports Build actionable dashboards to drive strategy with data
Bonus: Successful Sales Hub users will share their experiences and the revenue impact it has delivered for them.
Who is this webinar for?
Sales leaders using HubSpot Sales Hub Starter, or those new to HubSpot
Sales managers who need better CRM adoption from their team
Anyone struggling with pipeline visibility, reporting, or forecasting
Teams who want to close more deals without extra sales headcount Recruiting Tech: A Look at Why AI is Actually OG
Recruiting Tech: A Look at Why AI is Actually OGMatt Charney
油
A lot of recruiting technology vendors out there are talking about how they're offering the first ever (insert AI use case here), but turns out, everything they're selling as innovative or cutting edge has been around since Yahoo! and MySpace were category killers. Here's the receipts.Cloudflares Game-Changing Move The First Remote MCP Server for AI Agent Deve...
Cloudflares Game-Changing Move The First Remote MCP Server for AI Agent Deve...davidandersonofficia
油
Discover how Cloudflares groundbreaking remote MCP server, launched April 7, 2025, is revolutionizing AI agent development. Paired with Durable Workflows and a free Durable Objects tier, this innovation simplifies building secure, scalable AI solutions. Learn why it matters, what you can create, and how to get started with Cloudflares game-changing tools.Cloudflares Game-Changing Move The First Remote MCP Server for AI Agent Deve...
Cloudflares Game-Changing Move The First Remote MCP Server for AI Agent Deve...davidandersonofficia
油
My Bug Hunting With Open Source
- 1. My Bug Hunting With Open Source Madhu Akula Information Security Enthusiastic
- 2. root@localhost:~# whoami in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula Network Security Consultant @Payatu Chapter lead at null Cr3w Member at Nullcon Contributor @ Codevigilant Bug Huner & Opensource Contributor Never ending Learner !
- 3. Agenda My journey so far in the world of bug finding This is all about how I have done and how you can also do
- 4. History Started hunting for bugs on several bug bounty programs for
- 9. Realization It's enough I'm wasting everyday 2hrs Luck is the best kick Started as noob and got some experience with app security Increased friends network
- 10. Then what's next ???
- 12. After some days... I am not the only person thinking this, Found something similar
- 13. What is Code Vigilnat A community collaboration effort to make opensource softwares secure. Finding bugs and responsibly disclosing them to respective author and preferable getting software updated. Responsible disclosure on website after sufficient interval.
- 14. About Code Vigilant Anant Shrivastava Prajal Kulkarni Chaitu Madhu Akula
- 15. Target A EcoSystem We Picked WordPress Ecosystem which meant WordPress Plugins (current focus) WordPress Themes (current Focus) WordPress Core (future check) Pick an ecosystem which you think is near and dear to you and the language which you can easily understand.
- 16. Why 60 million websites world wide Current stable release 4.0
- 17. Why Wordpress ?
- 18. Let's Find Zero Days
- 19. Feedback
- 20. Let's Automate
- 21. Result More than 50 CVE's in 1 Week
- 22. Expectation We are seeking for more volunteers to come forward and help us make opensource softwares a more secure plateform.
- 23. For 'U' Appeal to use codevigilant plateform You find flaws Either join our team and do continuous contribution You get an authors page at codevigilant If you get any bounty for the bug you keep it. Send Details as one off cases of finding We will do co-ordination with third party We will try to get it patched or remove it from internet if not patched. We will publish advisory on website with yours and co-ordinators name in advisory.
- 24. For 'U' If you want a open source product tested contact us and we will see what we can do about it. If you want quick tests you can think about donating to the project.
- 25. Code Vigilant http://www.codevigilant.com https://github.com/Codevigilant https://facebook.com/Codevigilant https://twitter.com/Codevigilant
- 26. Thanks