Tech IT Easy x DevTalk : "Secure Your Coding with OWASP"

Download as pptx, pdf

0 likes274 views

The document discusses secure coding practices, focusing on web application vulnerabilities highlighted by the OWASP Top 10 list, including SQL injection and session fixation. It emphasizes the importance of addressing both security and performance issues, along with practical exercises to understand and mitigate these vulnerabilities. Additionally, the document includes resources for further exploration and suggests measures to prevent exploitation of these vulnerabilities.

Technology

Secure Coding
the bare minimum – understand the problem

Introduction
• Andi R Djunaedi
• Software Engineer at blibli.com since March 2014
• https://www.linkedin.com/in/andird
• https://github.com/andirdju
• https://github.com/bliblidotcom

Overview – understand the problem
• Theory
• Code
• Web application -> we’ll talk about this
• Operating System
• Network
• Other?
• Importance
• Practice, get your laptop, pc or whatever
• How it works

Theory - Code
• Web Applications
• OWASP Top 10 List - new list every 3 years
• https://www.owasp.org/index.php/Top_10_2013-Top_10
• https://www.owasp.org/index.php/Top_10_2010-Main
• Top 3 - Samples
• SQL Injection
• Arbitrary SQL query execution
• Session Fixation
• Assume other’s Identity
• Cross Site Scripting
• Arbitrary client code (javascript, html) execution

Importance – Non Security
• Performance
• poor user experience
• redesign, refactor, make it faster
• Code coverage
• buggy, spent more time on fixing bug
• stop the leak
• When
• next iteration

Importance – Security
• How to fix security incidents ???
• Personal/Financial data stolen
• Data deleted
• When
• NOW !!!

Practice – Understand the problem
• Run bad web app
• OWASP Top 3 Sample
• SQL Injection
• Session Fixation
• Cross Site Scripting
• Exercise

Run – web app
• Git, Jdk 8, Maven
• https://github.com/bliblidotcom/sample-basic-secure-coding
• In memory H2 database
• Embedded server
• mvn spring-boot:run
• http://localhost:8080

Get your laptop – SQL Injection
• Demo – Valid use case is only find one record by id
• Read all records
• Insert new records
• Delete all records

Get your laptop – Session Fixation
• Demo - session info only known to the user
• Bad person(A) create new session
• Persuade unsuspecting person(B) via phishing
• Bad person(A) get session information of other person(B)

Get your laptop – Cross Site Scripting
• Demo – valid use case only displays list of data
• Can be done via the same SQL injection
• Html
• Add html form
• Javascript
• Add pop up
• Add redirect

What’s Next
• Crack the other API
• it have similar problems
• Fix the exploit
• Don’t repeat yourself by creating custom solutions
• SQL named parameter
• Regenerate session id
• Content escaping

This document discusses enterprise Node.js development using the FeedHenry platform. It covers FeedHenry customers, the platform itself, best practices for Node.js development including functional programming and microservices. It also discusses testing strategies and tools like Turbo, Istanbul, and Proxyquire. Microservices architectures are described as having smaller, independently deployable services that communicate over APIs or message buses. The document concludes with information on private NPM registries, Docker containers, and using API Blueprint to document APIs.

Penny coventry fiddler-spsbe23BIWUG

This document is a presentation about Fiddler, a free HTTP/HTTPS debugging tool developed by Eric Lawrence and frequently used by developers, support teams, and SharePoint administrators. It provides capabilities for capturing, viewing, and manipulating web traffic, along with various features for filtering and exporting session data. Resources for further exploration of Fiddler's functionalities and community support are also included.

SenchaCon 2016: Being Productive with the New Sencha Fiddle - Mitchell Simoens Sencha

The document discusses the evolution of Sencha Fiddle, emphasizing the limitations of the previous versions and the improvements made in Fiddle 2. Key updates include a more user-friendly interface, support for real network requests, enhanced file loading, and integration with Sencha Inspector. Overall, these advancements aim to enhance productivity and issue reproduction for developers using the platform.

Getting Started with ASP.NET 5Brij Mishra

This document provides an overview of getting started with ASP.NET 5. It discusses some of the key problems with previous versions of ASP.NET like long loading times and lack of cross-platform support. ASP.NET 5 addresses these issues by using a smaller core CLR, running on .NET Core which allows cross-platform deployment. It features side-by-side versioning of .NET, simplifies dependencies with NuGet, and improved request pipelines. The document demonstrates setting up a basic ASP.NET MVC 6 project and highlights how Visual Studio compiles and runs code much faster with ASP.NET 5. While Web Forms is still supported, ASP.NET 5 unites MVC and Web API into a single framework

Building rest services using aspnetwebapiBrij Mishra

10 tips to make your ASP.NET Apps FasterBrij Mishra

10 tips to make ASP.NET apps faster including: 1. Enabling kernel caching in IIS for static and dynamic content to reduce context switches. 2. Using asynchronous code, handlers, and modules to prevent thread blocking on I/O-bound operations. 3. Configuring the CLR thread pool to optimize thread usage. 4. Switching to integrated pipeline mode for a unified request processing pipeline. 5. Optimizing static file handling by selectively running managed modules. 6. Understanding the ASP.NET pipeline and placing modules strategically. 7. Avoiding direct SQL connections by using a data source. 8. Removing unused view engines to reduce overhead. 9. Avoiding

Writing power shell the right tool for the jobJaap Brasser

The document discusses various tools for PowerShell development, with a focus on Visual Studio Code (VSCode) and the PowerShell ISE, including their differences, configurations, and features. It covers the installation and functionalities of the ISE Steroids module, which enhances the PowerShell ISE, and provides resources for further learning. The document also outlines demonstrations of using these tools effectively for PowerShell scripting.

Apply chat automation today - work smarter tomorrowJaap Brasser

CrossWorlds: Unleash the Power of Domino for Connections Development LetsConnect

The document discusses Crossworlds, a flexible integration solution combining IBM Domino with WebSphere Liberty, designed to enhance application development. It highlights the advantages of both platforms, including Domino's strong security and workflow capabilities, and Liberty's fast performance and extensibility. Additionally, it touches on flexible authentication and storage options, emphasizing the framework's ability to handle modern web applications.

SenchaCon 2016: Turbocharge your Ext JS App - Per Minborg, Anselm McClain, Jo...Sencha

The document outlines the features and advantages of Ext JS and Ext Speeder, demonstrating how these tools enhance back-end development efficiency and application performance. It describes the automated processes involved in using Ext Speeder for quick back-end setup and real-time data management, alongside performance testing examples. Additionally, it includes details about maintenance support, pricing, and integration with various Java EE application servers.

O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfNCCOMMS

This document discusses efficient code sharing in organizations using private npm packages and Azure Artifacts. It describes creating a private npm feed in Azure Artifacts to host internal packages. This allows teams to publish packages for use by other projects while avoiding issues of public registries. The document demonstrates configuring a pipeline in Azure DevOps to build, release and install packages from the private feed.

Secure your environment by automationJaap Brasser

The PowerShell Conference Asia in Singapore 2017 focused on automating security through PowerShell, featuring various demonstrations on topics like remote PowerShell, error stream redirection, and querying registry information. Several demos highlighted the use of PowerShell to retrieve hotfix information, manage outputs, and recreate objects from binary data. Attendees were encouraged to engage with speakers and share their experiences on social media.

Automating security with PowerShellJaap Brasser

Paint it blue with PowerShellJaap Brasser

TDD a REST API With Node.js and MongoDBValeri Karpov

This document discusses developing and testing a MongoDB and Node.js REST API. It introduces MongoDB and Node.js, and then covers building an API with the following parts: using Mongoose to define schemas for products, categories, and users; building routes with Express; and testing with Mocha and Superagent. Key topics include schema design principles, building RESTful routes, and testing the API end-to-end. The goal is to learn how to structure APIs on MongoDB with Node.js and ensure quality with testing.

Apply chat automation today - work smarter tomorrowJaap Brasser

The document discusses the implementation of chat automation using various tools and configurations, specifically focusing on PowerShell, VSCode, and PoshBot. It outlines an agenda that covers differences between editors, setup procedures, demos, and security considerations, culminating in practical examples of chat automation deployment. Key references and resources are also provided for further exploration.

Building your own JEA ConfigurationJaap Brasser

The document discusses Just Enough Administration (JEA), which enhances PowerShell's security by limiting administrative privileges and auditing user actions. It includes demos on creating role-based configurations and JEA endpoints for various administrative roles, emphasizing the flexibility and automation capabilities of JEA. Future steps include a break and information about the upcoming PSConf.eu event in April 2018.

Manage your infrastructure with PowerShellJaap Brasser

The document outlines a PowerShell-based workshop focused on managing system infrastructure, highlighting various demonstrations including retrieving hostname, system domain, OS information, memory, timezone, system disk size, and pagefile details from the registry. Each demo showcases specific PowerShell commands and techniques to gather system information, such as using Get-WmiObject, Get-CimInstance, and working with formatted output. Additionally, the document concludes with a discussion on creating a custom PowerShell function to automate the retrieval of comprehensive computer information.

Reach the next level with PowerShellJaap Brasser

This document outlines a PowerShell training session on retrieving system information using PowerShell. The agenda includes demonstrating how to retrieve the hostname, domain, OS information, memory details, time zone, system disk size, pagefile details, and creating a function to consolidate the information. Each demo section summarizes the steps taken to retrieve the specific piece of system information using PowerShell commands like Get-CimInstance and Get-ItemProperty.

Saving Time By Testing With JestBen McCormick

Ben McCormick gave a presentation on how to save time by testing with Jest. He began with an introduction and explained that Jest is a JavaScript testing framework developed by Facebook that aims to solve common testing problems. He then demonstrated how Jest saves time through fast setup, writing tests quickly using familiar syntax and APIs, running tests in parallel and with a smart watch mode, and providing clear errors to fix tests fast. He concluded with a demo of Jest's features and took questions.

SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...DIWUG

This document discusses the SharePoint Framework (SPFx) which provides a new model for client-side development in SharePoint. It addresses issues with previous development models like farm solutions and uncontrolled JavaScript. SPFx uses modern web tools and frameworks and provides controls for tenant administrators. The document covers SPFx tools, deployment using package files, governance through approval processes, security considerations, and using a CDN for assets. It emphasizes that SPFx gives more freedom but also requires embracing new techniques and tools.

Chat automation in a Modern IT environmentJaap Brasser

Next generation frontend toolingpksjce

The document discusses modern JavaScript tooling and trends. It outlines problems with existing tools like slow performance and poor source mapping. Emerging tools like Vitejs and Snowpack are faster and support ES modules and features like instant loading and HMR. The document argues the JavaScript ecosystem is entering a third age driven by ESM, Rust/Go for tooling, and emerging technologies like Deno. Resources are provided to learn more about Vitejs, Snowpack, and trends in frontend tooling.

Code review and security audit in private cloud - Arief Karfiantoidsecconf

This document discusses implementing code review and security in a private cloud environment. It outlines some common problems that occur during app development like bugs, errors, and lack of version control. The document then proposes hosting source code in a private cloud repository for improved security, availability, and compliance. It describes using tools like Git, Gitweb and VPN access to implement a flexible source code management system in the cloud with role-based access control and snapshot capabilities.

Planidoo & ZotonicDavid de Boer

David de Boer presented on his work with Planidoo, an event organization platform built using Zotonic and other technologies. The current architecture uses two separate APIs and data stacks that interconnect data between Zotonic and other services like Elasticsearch. De Boer discussed potential solutions to streamline the architecture including using Elasticsearch as a single data source or rebuilding the system entirely in Erlang. He also emphasized the importance of building community around new projects through stability, documentation, and approachability.

Design for scaleDoug Lampe

The document discusses principles of designing scalable systems, emphasizing the need to prepare for both performance scaling up and instance scaling out. It highlights the importance of utilizing proper design patterns like repositories and patterns for asynchronous operations, alongside considerations for testing and integration with different authentication methods. Additionally, it advocates for a fault-tolerant architecture and the use of interfaces and dependency injection to ensure decoupled and replaceable services.

Porting ASP.NET applications to Windows AzureGunnar Peipman

The document presents a guide by Gunnar Peipman on porting ASP.NET applications to Windows Azure, addressing key issues with classic web applications and emphasizing a shift in mindset towards cloud architecture. It outlines sample solutions for file storage integration and session management, while advocating for the use of distributed services instead of relying on local databases and session data. Upcoming events related to web development and SQL are also mentioned.

From zero to hero – learn how to automate from the guiJaap Brasser

The document is an agenda for a workshop focused on PowerShell automation, detailing sessions on PowerShell logging, editor configurations, and the use of Procmon for data gathering. It includes live demos, explanations of logging methods, and the setup of various development environments, such as Visual Studio Code and the Integrated Scripting Environment (ISE). Participants are encouraged to fill out evaluation forms at the end of the event.

Android lessons you won't learn in schoolMichael Galpin

This document discusses several lessons about Android development that are not typically covered in school. It covers architectural changes in Android over time, security best practices, techniques for logging user activity and crash reports, strategies for building hybrid mobile-web applications, considerations for creating mobile SDKs, and approaches for testing Android apps on multiple device configurations.

Debugging the Web with FiddlerIdo Flatow

Fiddler is a free web debugging proxy that monitors and manipulates HTTP/HTTPS traffic between a computer and the Internet. It can inspect traffic, set breakpoints, and modify requests and responses. Fiddler functions as a reverse proxy by capturing and reconstructing messages passing through it. This allows developers to debug web applications, analyze performance issues, and test servers. It supports common protocols and can debug services running as Windows services. Fiddler is extensible through scripting and has use cases for traffic inspection, performance analysis, debugging, and testing.

More Related Content

What's hot (20)

CrossWorlds: Unleash the Power of Domino for Connections Development LetsConnect

SenchaCon 2016: Turbocharge your Ext JS App - Per Minborg, Anselm McClain, Jo...Sencha

O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfNCCOMMS

Secure your environment by automationJaap Brasser

Automating security with PowerShellJaap Brasser

Paint it blue with PowerShellJaap Brasser

TDD a REST API With Node.js and MongoDBValeri Karpov

Apply chat automation today - work smarter tomorrowJaap Brasser

Building your own JEA ConfigurationJaap Brasser

Manage your infrastructure with PowerShellJaap Brasser

Reach the next level with PowerShellJaap Brasser

Saving Time By Testing With JestBen McCormick

SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...DIWUG

Chat automation in a Modern IT environmentJaap Brasser

Next generation frontend toolingpksjce

Code review and security audit in private cloud - Arief Karfiantoidsecconf

Planidoo & ZotonicDavid de Boer

Design for scaleDoug Lampe

Porting ASP.NET applications to Windows AzureGunnar Peipman

From zero to hero – learn how to automate from the guiJaap Brasser

CrossWorlds: Unleash the Power of Domino for Connections Development LetsConnect

SenchaCon 2016: Turbocharge your Ext JS App - Per Minborg, Anselm McClain, Jo...Sencha

O365Con19 - Sharing Code Efficiently in your Organisation - Elio StruyfNCCOMMS

Secure your environment by automationJaap Brasser

Automating security with PowerShellJaap Brasser

Paint it blue with PowerShellJaap Brasser

TDD a REST API With Node.js and MongoDBValeri Karpov

Apply chat automation today - work smarter tomorrowJaap Brasser

Building your own JEA ConfigurationJaap Brasser

Manage your infrastructure with PowerShellJaap Brasser

Reach the next level with PowerShellJaap Brasser

Saving Time By Testing With JestBen McCormick

SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...DIWUG

Chat automation in a Modern IT environmentJaap Brasser

Next generation frontend toolingpksjce

Code review and security audit in private cloud - Arief Karfiantoidsecconf

Planidoo & ZotonicDavid de Boer

Design for scaleDoug Lampe

Porting ASP.NET applications to Windows AzureGunnar Peipman

From zero to hero – learn how to automate from the guiJaap Brasser

Similar to Tech IT Easy x DevTalk : "Secure Your Coding with OWASP" (20)

Android lessons you won't learn in schoolMichael Galpin

Debugging the Web with FiddlerIdo Flatow

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan KuštInfinum

This document outlines the development process of Android applications at Infinum, highlighting the challenges faced and the improvements made in implementation, testing, and release processes. It discusses the adoption of the MVP architecture, dependency injection, and various testing frameworks, emphasizing the importance of continuous integration and code quality checks. Additionally, it notes the establishment of internal analytics and app store solutions to enhance the overall development workflow.

Introduction to cypress in Angular (Chinese)Hong Tat Yew

This document provides an introduction to Cypress end-to-end (e2e) testing in Angular, outlining its advantages over manual testing and older frameworks like Protractor. It details the configuration, installation, and usage of Cypress for effective testing, including command examples and best practices for selecting elements. Additionally, it discusses future plans for Angular's testing ecosystem and provides links to detailed resources for implementation.

External JavaScript Widget Development Best Practices (updated) (v.1.1) Volkan Özçelik

The document discusses best practices for developing JavaScript widgets. It covers challenges like versioning, cross-domain restrictions, cookies, security, and performance. Versioning can be handled through URL parameters or initializing with a version number. Cross-domain issues can be addressed using techniques like CORS, postMessage, or JSONP. Security requires sanitizing inputs, whitelisting domains, and handling risks like XSS and CSRF. Performance involves minimizing payload size and network requests.

The Python in the ApplezeroSteiner

This document summarizes Spencer McIntyre's presentation on using Python and Meterpreter's Railgun functionality to integrate with and execute code on Apple devices. It discusses how Railgun allows calling native library functions in memory on Windows targets. The presentation demonstrates extending this capability to macOS by using Python ctypes to interface with Objective-C and macOS APIs like Foundation and libobjc, enabling tasks like running AppleScript code directly from memory without writing to disk. Example code is provided and potential issues around memory operations and segmentation faults are addressed.

Practical solutions for connections administrators liteSharon James

The document provides practical tips and scripts for administrators managing IBM Connections, focusing on installation, configuration, performance tuning, and troubleshooting across various IBM products. Key topics include autostart procedures, user synchronization, and J2EE security roles, emphasizing the importance of careful implementation and documentation. It also includes resources for downloadable scripts and highlights the need for backups and testing in a controlled environment.

Do you lose sleep at night?Nathan Van Gheem

The document is a presentation on common web security issues and vulnerabilities, highlighting the importance of security for website owners and developers. It details the top five security risks, including SQL injection, Denial of Service, Cross-Site Scripting, Cross-Site Request Forgery, and access control, along with prevention solutions for each. Additionally, the document discusses caching, load balancing, database selection, performance, monitoring, and the role of add-ons in maintaining web security.

OpenShift Origin: Build a PaaS Just Like Red HatsMark Atwood

Red Hat is introducing OpenShift Origin, an open source Platform as a Service (PaaS) based on the components of Red Hat's OpenShift product. OpenShift Origin allows users to deploy their own open source PaaS on their own infrastructure and customize it to meet their needs without vendor lock-in. It includes components for managing applications and containers as well as REST APIs and a command line client. Red Hat developed OpenShift Origin to share their PaaS technology openly via an open source project while still offering a hosted version as a product.

Building RESTful APIsSilota Inc.

The document discusses the essentials of building RESTful APIs using Python, highlighting key concepts such as the definition of APIs, the principles of REST, and best practices for API design. It emphasizes the importance of intuitive documentation, error handling, and security measures while also advocating the use of Django REST Framework for effective API development. The presentation includes examples and resources to aid in understanding API functionality and implementation.

Node and AzureJason Gerard

Node.js is a platform for building scalable network applications using JavaScript. It uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, especially for real-time web applications with many simultaneous connections. Node.js applications are written in JavaScript and can be run on Windows, Linux, and macOS. Common uses of Node.js include building web servers, real-time web applications, IoT applications, and microservices. Node.js applications are deployed to cloud platforms like Heroku, Nodejitsu, and Microsoft Azure.

External JavaScript Widget Development Best PracticesVolkan Özçelik

The document outlines best practices for JavaScript widget development, covering topics such as types of widgets, versioning, and security measures. It emphasizes the need for performance optimization, cross-domain compatibility, and careful handling of cookies and security vulnerabilities. Key recommendations include minimizing initial payloads, asynchronous initialization, and thorough sanitization of input to prevent security issues.

Java scriptwidgetdevelopmentjstanbul2012Volkan Özçelik

This document discusses best practices for developing JavaScript widgets. It begins by introducing widgets and their types, then discusses challenges like versioning, cross-domain restrictions, shared environments, and security. It provides recommendations for handling these challenges, such as using cache-revalidating scripts for versioning, cross-domain messaging for communication, and sanitization for security. The document concludes by addressing widget performance, emphasizing minimizing payload size, lazy loading, and yielding to avoid blocking.

Creating a Documentation PortalSteve Anderson

This document discusses creating a documentation portal. It begins by introducing the speaker and defining what a documentation portal is. The speaker then discusses why one would create a portal, noting that it requires an ongoing commitment. Various planning steps are outlined, including defining problems, requirements and prototypes. The remainder of the document provides a workshop example for creating a portal using an open source project on GitHub called Red Sofa. Steps are outlined for setting up accounts on Heroku and Cloudant, cloning the project, uploading content and reviewing the portal. Additional topics covered include simple configuration, updating content and metadata, customization, and usability testing.

How to Contribute to Apache UsergridDavid M. Johnson

MEAN Stack WeNode Barcelona WorkshopValeri Karpov

This document provides an overview of a guided hackathon to build a single page application using the MEAN stack (MongoDB, Express, AngularJS, Node.js) in 2 hours. It outlines the concepts that will be covered, including API testing, DOM integration testing, build systems, and more. Attendees will build a package manager for the Go programming language, creating the server with Express and Mongoose, and the client with AngularJS and Browserify. Testing will be done with Mocha, Karma, and other tools.

OpenIDM - Flexible Provisioning Platform - April 28 WebinarForgeRock

The document outlines an overview of ForgeRock's OpenIDM, a flexible provisioning platform designed for identity management with a focus on extensibility and customization. It details the platform's architecture, technical aspects, and a specific demo on a password checkout service that showcases its capabilities. Additionally, it highlights the benefits of adopting OpenIDM, including rapid deployment, cost-effectiveness, and advanced workflow integration.

Extending WordPress as a proMarko Heijnen

Highlights from microsoft ignite 2015Kim Frehe

The document provides a summary of highlights from the Ignite 2015 conference. It discusses upcoming releases of products like SharePoint Server 2016, Windows Server 2016, SQL Server 2016, and Office 2016. Keynotes focused on team productivity, mobility, content co-creation, and security. Windows 10 and cloud computing were emphasized. Updates to SharePoint include new limits, Groups, video portals, and Delve integration. Developers were excited about Xamarin for cross-platform mobile apps and updates to Entity Framework and .NET. Resources for learning more about the conference sessions and products were provided.

Node.js to the rescueMarko Heijnen

Marko Heijnen discusses the benefits of using Node.js alongside WordPress to handle tasks that WordPress may not manage efficiently. He outlines how Node.js can improve performance through microservices, reducing server load and enhancing scalability. The presentation emphasizes using Node.js for various applications such as checksum retrieval, real-time support, and simplified integration of APIs.

Android lessons you won't learn in schoolMichael Galpin

Debugging the Web with FiddlerIdo Flatow

Infinum Android Talks #13 - Developing Android Apps Like Navy Seals by Ivan KuštInfinum

Introduction to cypress in Angular (Chinese)Hong Tat Yew

External JavaScript Widget Development Best Practices (updated) (v.1.1) Volkan Özçelik

The Python in the ApplezeroSteiner

Practical solutions for connections administrators liteSharon James

Do you lose sleep at night?Nathan Van Gheem

OpenShift Origin: Build a PaaS Just Like Red HatsMark Atwood

Building RESTful APIsSilota Inc.

Node and AzureJason Gerard

External JavaScript Widget Development Best PracticesVolkan Özçelik

Java scriptwidgetdevelopmentjstanbul2012Volkan Özçelik

Creating a Documentation PortalSteve Anderson

How to Contribute to Apache UsergridDavid M. Johnson

MEAN Stack WeNode Barcelona WorkshopValeri Karpov

OpenIDM - Flexible Provisioning Platform - April 28 WebinarForgeRock

Extending WordPress as a proMarko Heijnen

Highlights from microsoft ignite 2015Kim Frehe

Node.js to the rescueMarko Heijnen

Recently uploaded (20)

The Growing Value and Application of FME & GenAISafe Software

With the cost of using Generative AI services dropping exponentially and the array of available models continually expanding, integrating AI into FME workflows has become inexpensive, accessible and effective. This presentation explores how GenAI within FME can cost-effectively transform data workflows by automating data extraction, validation, classification and augmentation tasks. We’ll discuss how FME’s no-code flexibility enables users to combine Generative AI and Computer Vision tools that create efficient workflows tailored to specific challenges. Using recent practical examples, we’ll demonstrate how these integrations can simplify complex tasks, save time and enhance data quality.

9-1-1 Addressing: End-to-End Automation Using FMESafe Software

This session will cover a common use case for local and state/provincial governments who create and/or maintain their 9-1-1 addressing data, particularly address points and road centerlines. In this session, you'll learn how FME has helped Shelby County 9-1-1 (TN) automate the 9-1-1 addressing process; including automatically assigning attributes from disparate sources, on-the-fly QAQC of said data, and reporting. The FME logic that this presentation will cover includes: Table joins using attributes and geometry, Looping in custom transformers, Working with lists and Change detection.

Techniques for Automatic Device Identification and Network Assignment.pdfPriyanka Aash

Agentic AI for Developers and Data Scientists Build an AI Agent in 10 Lines o...All Things Open

Presented at All Things Open RTP Meetup Presented by William Hill - Developer Advocate, NVIDIA Title: Agentic AI for Developers and Data Scientists Build an AI Agent in 10 Lines of Code and the Concepts Behind the Code Abstract: In this talk we will demonstrate building a working data science AI agent in 10 lines of basic Python code in a Colab notebook. Our AI Agent will perform LLM prompt-driven visual analysis using open-source libraries. In this session we will show how to develop an AI Agent using GPUs through NVIDIA’s developer program and Google Colab notebooks. After coding our AI Agent, we will break down the 10 lines of code. We will show the key components and open source library integrations that enable the agent's functionality, focusing on practical implementation details and then the theoretical concepts. The presentation concludes with a survey of current LLM technologies and the latest trends in developing AI applications for enthusiasts and enterprises

"Scaling in space and time with Temporal", Andriy Lupa.pdfFwdays

Design patterns like Event Sourcing and Event Streaming have long become standards for building real-time analytics systems. However, when the system load becomes nonlinear with fast and often unpredictable spikes, it's crucial to respond quickly in order not to lose real-time operating itself. In this talk, I’ll share my experience implementing and using a tool like Temporal.io. We'll explore the evolution of our system for maintaining real-time report generation and discuss how we use Temporal both for short-lived pipelines and long-running background tasks.

Enhance GitHub Copilot using MCP - Enterprise version.pdfNilesh Gule

AI vs Human Writing: Can You Tell the Difference?Shashi Sathyanarayana, Ph.D

“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2025/06/mpu-a-transformative-solution-for-next-gen-ai-at-the-edge-a-presentation-from-fotonation/ Petronel Bigioi, CEO of FotoNation, presents the “MPU+: A Transformative Solution for Next-Gen AI at the Edge” tutorial at the May 2025 Embedded Vision Summit. In this talk, Bigioi introduces MPU+, a novel programmable, customizable low-power platform for real-time, localized intelligence at the edge. The platform includes an AI-augmented image signal processor that enables leading image and video quality. In addition, it integrates ultra-low-power object and motion detection capabilities to enable always-on computer vision. A programmable neural processor provides flexibility to efficiently implement new neural networks. And additional specialized engines facilitate image stabilization and audio enhancements.

The Future of Product Management in AI ERA.pdfAlyona Owens

Hi, I’m Aly Owens, I have a special pleasure to stand here as over a decade ago I graduated from CityU as an international student with an MBA program. I enjoyed the diversity of the school, ability to work and study, the network that came with being here, and of course the price tag for students here has always been more affordable than most around. Since then I have worked for major corporations like T-Mobile and Microsoft and many more, and I have founded a startup. I've also been teaching product management to ensure my students save time and money to get to the same level as me faster avoiding popular mistakes. Today as I’ve transitioned to teaching and focusing on the startup, I hear everybody being concerned about Ai stealing their jobs… We’ll talk about it shortly. But before that, I want to take you back to 1997. One of my favorite movies is “Fifth Element”. It wowed me with futuristic predictions when I was a kid and I’m impressed by the number of these predictions that have already come true. Self-driving cars, video calls and smart TV, personalized ads and identity scanning. Sci-fi movies and books gave us many ideas and some are being implemented as we speak. But we often get ahead of ourselves: Flying cars,Colonized planets, Human-like AI: not yet, Time travel, Mind-machine neural interfaces for everyone: Only in experimental stages (e.g. Neuralink). Cyberpunk dystopias: Some vibes (neon signs + inequality + surveillance), but not total dystopia (thankfully). On the bright side, we predict that the working hours should drop as Ai becomes our helper and there shouldn’t be a need to work 8 hours/day. Nobody knows for sure but we can require that from legislation. Instead of waiting to see what the government and billionaires come up with, I say we should design our own future. So, we as humans, when we don’t know something - fear takes over. The same thing happened during the industrial revolution. In the Industrial Era, machines didn’t steal jobs—they transformed them but people were scared about their jobs. The AI era is making similar changes except it feels like robots will take the center stage instead of a human. First off, even when it comes to the hottest space in the military - drones, Ai does a fraction of work. AI algorithms enable real-time decision-making, obstacle avoidance, and mission optimization making drones far more autonomous and capable than traditional remote-controlled aircraft. Key technologies include computer vision for object detection, GPS-enhanced navigation, and neural networks for learning and adaptation. But guess what? There are only 2 companies right now that utilize Ai in drones to make autonomous decisions - Skydio and DJI.

Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdfPriyanka Aash

"Database isolation: how we deal with hundreds of direct connections to the d...Fwdays

What can go wrong if you allow each service to access the database directly? In a startup, this seems like a quick and easy solution, but as the system scales, problems appear that no one could have guessed. In my talk, I'll share Solidgate's experience in transforming its architecture: from the chaos of direct connections to a service-based data access model. I will talk about the transition stages, bottlenecks, and how isolation affected infrastructure support. I will honestly show what worked and what didn't. In short, we will analyze the controversy of this talk.

cnc-processing-centers-centateq-p-110-en.pdfAmirStern2

מרכז עיבודים תעשייתי בעל 3/4/5 צירים, עד 22 החלפות כלים עם כל אפשרויות העיבוד הדרושות. בעל שטח עבודה גדול ומחשב נוח וקל להפעלה בשפה העברית/רוסית/אנגלית/ספרדית/ערבית ועוד.. מסוגל לבצע פעולות עיבוד שונות המתאימות לענפים שונים: קידוח אנכי, אופקי, ניסור, וכרסום אנכי.

Mastering AI Workflows with FME by Mark DöringSafe Software

Harness the full potential of AI with FME: From creating high-quality training data to optimizing models and utilizing results, FME supports every step of your AI workflow. Seamlessly integrate a wide range of models, including those for data enhancement, forecasting, image and object recognition, and large language models. Customize AI models to meet your exact needs with FME’s powerful tools for training, optimization, and seamless integration

Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdfPriyanka Aash

Salesforce Summer '25 Release Frenchgathering.pptx.pdfyosra Saidani

From Manual to Auto Searching- FME in the Driver's SeatSafe Software

Finding a specific car online can be a time-consuming task, especially when checking multiple dealer websites. A few years ago, I faced this exact problem while searching for a particular vehicle in New Zealand. The local classified platform, Trade Me (similar to eBay), wasn’t yielding any results, so I expanded my search to second-hand dealer sites—only to realise that periodically checking each one was going to be tedious. That’s when I noticed something interesting: many of these websites used the same platform to manage their inventories. Recognising this, I reverse-engineered the platform’s structure and built an FME workspace that automated the search process for me. By integrating API calls and setting up periodic checks, I received real-time email alerts when matching cars were listed. In this presentation, I’ll walk through how I used FME to save hours of manual searching by creating a custom car-finding automation system. While FME can’t buy a car for you—yet—it can certainly help you find the one you’re after!

A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdfPriyanka Aash

WebdriverIO & JavaScript: The Perfect Duo for Web Automationdigitaljignect

In today’s dynamic digital landscape, ensuring the quality and dependability of web applications is essential. While Selenium has been a longstanding solution for automating browser tasks, the integration of WebdriverIO (WDIO) with Selenium and JavaScript marks a significant advancement in automation testing. WDIO enhances the testing process by offering a robust interface that improves test creation, execution, and management. This amalgamation capitalizes on the strengths of both tools, leveraging Selenium’s broad browser support and WDIO’s modern, efficient approach to test automation. As automation testing becomes increasingly vital for faster development cycles and superior software releases, WDIO emerges as a versatile framework, particularly potent when paired with JavaScript, making it a preferred choice for contemporary testing teams.

GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdfPriyanka Aash

Connecting Data and Intelligence: The Role of FME in Machine LearningSafe Software

In this presentation, we want to explore powerful data integration and preparation for Machine Learning. FME is known for its ability to manipulate and transform geospatial data, connecting diverse data sources into efficient and automated workflows. By integrating FME with Machine Learning techniques, it is possible to transform raw data into valuable insights faster and more accurately, enabling intelligent analysis and data-driven decision making.