Shift Left Testing in Microservices Environments
The waterfall model of development involved the explicit passing of
responsibilities between highly specialized design, development, QA, and release
teams. It also involved lengthy feedback loops. Scrum and agile methodologies
made the entire SDLC more flexible and nimble by introducing sprints and
allowing more frequent iterative development and delivery. Further, DevOps and
DevSecOps focus on removing the silos between development, operations, and
security through tooling and automation. As a result, the time to market and
quality have improved dramatically. Adding shift left testing into the mix
better positions teams to handle the broad range of responsibilities from the
design stage through the maintenance stage as effectively as possible. Shift
left testing focuses on prevention rather than detection. Shift left benefits
include the following:Increase efficiency by eliminating bugs earlier in the
SDLC: Reduce human errors and associated costs; Increase delivery speed and
reduce the time between releases; Improve the quality of
software; Gain a competitive advantage.
Cyber Security Blue Team: Roles, Exercise, Tools & Skills
The blue teams are responsible for establishing security measures around an
organization's key assets. Therefore, the blue team conducts a risk assessment
by identifying threats and weaknesses these threats can exploit after obtaining
data and documenting what needs to be protected. Blue teams perform risk
assessments. They identify critical assets, determine what impact their absence
will have on the business, and document the importance of these assets.
Following that, employees are educated on security procedures, and stricter
password policies are implemented to tighten access to the system. A monitoring
tool is often installed to log and check access to systems. As part of regular
maintenance, blue teams will perform DNS audits, scan internal and external
networks for vulnerabilities, and capture network traffic samples. Senior
management has a crucial role in this stage since only they can accept a risk or
implement mitigating controls. As a result, security controls are often selected
based on their cost-benefit ratio.
An AI-Stretch Of The Imagination
Think about yourself as a customer for a moment, about how many businesses have
your personal information housed in their data warehouses. Even if they have
your permission to store your details and notify you of relevant promotional
offers, this does not guarantee your information will not be leaked at some
point. Data leaks are not going away any time soon, so businesses focused on
enhancing personal and relevant customer experiences—while remaining committed
to protecting your privacy—are fast waking up to the value of synthesizing their
structured data. By structured data, I mean the hundreds/thousands/millions of
rows of data that live in places like databases or CSV files. We’re talking
about billions of data points, and this number continues to grow. Here, AI
trains on the original data and generates a synthetic version of that data which
is privacy safe, with zero links back to any original data points. Not only is
it statistically representative, but the data can be modified during the
synthesization process; for example, an existing bias can be corrected to
produce a more balanced data set.
DNS Is Conduit Into Air-Gapped Networks, Say Researchers
An air-gapped network's DNS server connected to the enterprise IT system has
connections to the public DNS system on the internet even if it's kept behind a
firewall. That's because of the nature of the DNS system, Uriel Gabay, a Pentera
security researcher, tells Information Security Media Group. The DNS is the
decentralized system that translates domain names into the numerical IP
addresses needed for routing across a network. A large majority of organizations
surveyed by IDC earlier this year said they experienced some type of DNS attack
in 2022. Most DNS traffic is sent over the UDP protocol, meaning there isn't
built-in error detection for packets sent and received as there is in TCP. It's
the "received" part of a DNS response that poses a risk. Given the possibility
for a DNS request to trace the hops from an air-gapped network to the enterprise
network to a public DNS server, a datagram originating from outside the air gap
is ultimately received by a computer on the inside. "You allow the response to
come into your organization because this is the meaning of allowing the
protocol.
10 Most-Liked Programming Languages that Humans Will Use in 2050
JavaScript is a powerful programming languages that is a vital part of the World
Wide Web. 98 percent of several sites use it as a client-side programming
language. Originally utilized only to build internet browsers, JavaScript is
currently used for server-side website deployments and non-internet browser
applications. ... Java is a Most Liked programming language that is
widely utilized for creating client-server applications. The main benefit of
Java is that it is treated as a loosely connected programming language that can
be simply worked on any platform and can support Java. Due to this, Java is
referred to as the programming language that enable its users to “write once and
implement anyplace.” ... Python is simply to learn, object-oriented, and
flexible language. It is the best choice of most developers who wish to work on
Machine Learning and Artificial Intelligence. It is even utilized for frontend
and backend development, web robotization, PC vision, and code testing. With the
growth in prerequisite and demand for Data Science and Artificial Intelligence,
Python is popular for the upcoming years.
3 types of channels in Microsoft Teams
Private Channels can be accessed by those members of the team who were
included in the Private Channel. And this is very critical and important to
understand. You cannot invite just about anyone into Private Channel. You can
only invite users who are already a member of the overall Team. In other
words, using the example I mentioned above, I can only include John and Mary
in the private channel, who are already members of the Team. I cannot invite
David, who is not part of my Team in the first place. So think of Private
Channels as almost a separate membership roster available in the overall Team
roster (membership). ... The Shared Channel is represented by a “shared” icon
on the channel name and is only visible to the members of that shared channel
only. It would be invisible to the users who are regular team members and who
are not members of that channel. ... You probably already guessed that the
file management model for the Shared Channel resembles that of a Private
Channel. Just like with Private Channel, a separate SharePoint site is
created. It has the same naming convention: [name of the team]-[name of the
shared channel].
Accenture shares 9 cybersecurity predictions for 2023
“As the cyber threat landscape evolves, we will see the number of cyber events
and organizations held to ransom continue to rise,” said James Nunn-Price,
growth markets security lead at Accenture. “With this increase, organizations
will continue to make significant investments in their situational awareness,
threat-based security monitoring, incident response and crisis management
practices.” However, many organizations, including those with mature
practices, are still overly reliant on people, and that can slow detection and
responses, he said. For example, Accenture found that even when security
monitoring teams took action to mitigate attacks, it was still too late to
stop data exfiltration. Attackers are using the latest tools and automated
technologies to strike fast and hard — to exfiltrate key data and damage
infrastructure within minutes. “In 2023, more organizations will prioritize
fully automated response technology, as the impacts from a successful breach
now far outweigh the risks of these newer technologies, which in turn, frees
their people up to focus on how the business can become more cyber resilient,
said Nunn-Price.
Meta's Data2vec 2.0: Second time around is faster
The second time around, Meta's scientists made the program faster and, in a
few cases, more accurate on benchmark tests of machine learning tasks.
"Data2vec 2.0 shows that the training speed of self-supervised learning can be
substantially improved with no loss in downstream task accuracy," write
authors Alexei Baevski, Arun Babu, Wei-Ning Hsu, and Michael Auli, four of the
authors of the original Data2vec paper, in this new work, Efficient
Self-supervised Learning with Contextualized Target Representations for
Vision, Speech and Language, posted on arXiv. The singular accomplishment of
this second Data2vec is to reduce the time it takes to train Data2vec.
Training a neural net is typically measured in terms of "epochs," meaning the
number of times the neural net is given the training examples. It can also be
measured by the wall clock time, the literal hours, minutes, and days counted
from start to finish. "Experiments show that Data2vec 2.0 can reach the same
accuracy as many popular existing algorithms in 2-16x the training speed,"
they write.
How The Metaverse Could Impact Businesses In The Not-Too-Distant Future
For engineering, procurement and construction (EPC) companies like my company,
Black & Veatch (BV), the metaverse opens a door of opportunity. By placing
a top priority on developing and maintaining a strong safety culture, these
new technologies provide virtual training experiences that can be designed to
closely match real-world situations. Using a game-styled approach, workers can
practice safety procedures in the metaverse and be better prepared to work on
construction sites. The metaverse can be a new creative way for companies to
address a variety of hiring and retention challenges in today’s changing work
world. According to Indeed, 88% of employers say they now conduct video
interviews with candidates. Most companies said this provides them with an
opportunity to engage more leaders in the interview process and allows for
more flexibility in scheduling. Another way the metaverse could impact talent
management is by using virtual worlds to assess and test skills and
performance.
Dozens of cybersecurity efforts included in this year’s US NDAA
FedRAMP Authorization Act - The bill includes a provision to codify into law
and update the Federal Risk and Authorization Management Program (FedRAMP).
The FedRAMP program is operated by the General Services Administration (GSA)
to provide a standardized, government-wide approach to security assessment,
authorization, and continuous monitoring for cloud products and services used
by federal government agencies. Protection of critical infrastructure - This
provision enhances the military’s ability to step to conduct actions in
defense of attacks on critical infrastructure. It states that if “the
President determines that there is an active, systematic, and ongoing campaign
of attacks in cyberspace by a foreign power against the Government or the
critical infrastructure of the United States,” the President may authorize the
secretary of defense, acting through the commander of Cybercom, to conduct
military cyber activities or operations pursuant to existing statutory war
powers in foreign cyberspace to deter, safeguard, or defend against such
attacks.
Quote for the day:
"Leadership is based on a spiritual
quality; the power to inspire, the power to inspire others to follow." --
Vince Lombardi
No comments:
Post a Comment