How LinkedIn changed its security model in order to offer an API

Oct 28, 200819 likes8,922 views

LinkedIn changed its security model from a simple permission-based model to a more complex role-based access control (RBAC) model to allow third-party partners to access its API on behalf of LinkedIn members. It also adopted an Amazon-style authorization approach for its API that signs requests rather than using expiring session IDs. Finally, it extended these concepts to its website by signing browser cookies in the same manner.

How LinkedIn changed its security model in order to offer an API

Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.

OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuAntonio Sanso

The document provides an introduction to OAuth 2.0 and the Apache Oltu framework for implementing OAuth in Java. It discusses the traditional OAuth authorization code grant "dance" involving a client, authorization server, and resource server. It also summarizes some common attacks like confused deputy and redirect URI exploitation. The document concludes with an overview of OAuth 2.0 for server to server authorization without user consent.

Advanced CSRF and Stateless Anti-CSRFjohnwilander

This document discusses using invisible iframes to conduct multi-step cross-site request forgery (CSRF) attacks in a deterministic manner. It demonstrates how an iframe can be used to conduct a GET CSRF attack by dynamically creating an image tag with the vulnerable URL as the source. It also shows how a hidden form can be submitted from an iframe to conduct a POST CSRF attack. JavaScript code examples are provided for the GET and POST attacks to ensure the iframes communicate with the main page between steps.

OAuth - Open API Authenticationleahculver

Restful api designMizan Riqzia

This document discusses best practices for designing RESTful web APIs. It covers topics such as using HTTP verbs for actions, providing sensible resource names, using response codes to indicate status, offering both JSON and XML formats, creating fine-grained resources, considering connectivity between resources, handling errors properly, using versioning, supporting pagination and partial responses, including timestamps in requests and responses, and authenticating via methods such as OAuth2. The document provides examples from existing APIs at companies like Facebook, Twilio, and LinkedIn.

Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia

Have you ever wondered how single-sign-on on sites like Google and Facebook works? Are you a fan of stateless application architectures? Do you want to learn how to put together a modern security approach for your next Spring Boot project? If the answer is yes, to anything above, then this session is for you. Dmitry will explain what is OAuth 2.0 and JWT, why are they popular, and how to integrate them in Java project.

testuploadadmiralderp

This document discusses unifying authentication and delegated API access using OpenID Connect and OAuth2. It provides an overview of typical application scenarios and the security protocols used, and describes some of the limitations of SAML and OAuth2. The document then introduces OpenID Connect as an authentication layer on top of OAuth2 that defines identity tokens, cryptography, and flows for native, browser-based, and server-based applications. It provides examples of the implicit and authorization code flows, how scopes are used, and how OpenID Connect can be implemented in Katana middleware to unify authentication and API access in a single sign-on flow.

Being A Salesforce JediBohdan Dovhań

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

Sdfc forbidden and advanced techniquesBohdan Dovhań

This document discusses several forbidden or advanced techniques in Salesforce including screen scraping, debugging gacks, reverse engineering managed packages, URL hacking, and automating Salesforce UI requests. It provides examples of how to prepopulate fields and modify settings via URL hacking. The document argues that while fragile, it is possible to integrate any functionality exposed through the Salesforce UI using a combination of these techniques. It describes approaches for local and cross-org screen scraping as well as handling confirmation tokens and limit exceptions.

OAuth2 AuthenticationIsmael Costa

The document discusses the history and evolution of OAuth authentication standards. It describes OAuth1 which introduced the concept of authorizing access to user accounts without sharing usernames and passwords. OAuth2 improved on OAuth1 by supporting additional platforms beyond web and allowing additional user information to be stored by the authorization server. OAuth2 defines common grant types like authorization code, password, and client credentials flows. It also outlines the basic request and response formats involving access tokens.

Pentesting RESTful webservicesMohammed A. Imran

REST API Design & DevelopmentAshok Pundit

The document discusses demystifying APIs. It begins with an introduction to APIs, including their evolution and benefits. It then discusses RESTful APIs and their key aspects like uniform interface and use of HTTP methods. The document outlines best practices for API design, development, and challenges. It provides examples of designing APIs using Node.js and Hapi.js and discusses challenges like security, authentication, rate limiting, and scalability. Tools mentioned include Express, Swagger, Postman, and Kong.

Best Practices in Building an API Security EcosystemPrabath Siriwardena

Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.

OAuth2 - IntroductionKnoldus Inc.

Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran

UAA, as a core component of Cloud Foundry, is responsible for authenticating and authorizing requests between platform users (e.g. those that push apps) and platform components (e.g. the cloud controller). But when it came to doing auth for the apps you push and the end users of those apps, using the built-in UAA wasn't the best fit, and you could easily end up shooting yourself in the foot. Until now. This talk will guide you though UAA's new multi-tenancy features, and show you how to use the built-in UAA to create arbitrary authorization scenarios for your products without the danger of affecting the security of the core platform. With this level of freedom, you'll have complete and fine-grained control over who is allowed to access your product's components, and how those components are allowed to interact with one another.

Oauth 2.0 securityvinoth kumar

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

In graph we trust: Microservices, GraphQL and security challenges - Mohammed A. Imran Microservices, RESTful and API-first architectures are rage these days and rightfully so, they solve some of the challenges of modern application development. Microservices enable organisations in shipping code to production faster and is accomplished by dividing big monolithic applications into smaller but specialised applications. Though they provide great benefits, they are difficult to debug and secure in complex environments (different API versions, multiple API calls and frontend/backend gaps etc.,). GraphQL provides a powerful way to solve some of these challenges but with great power, comes great responsibility. GraphQL reduces the attack surface drastically(thanks to LangSec) but there are still many things which can go wrong. This talk will cover the risks associated with GraphQL, challenges and solutions, which help in implementing Secure GraphQL based APIs. We will start off with introduction to GraphQL and its benefits. We then discuss the difficulty in securing these applications and why traditional security scanners don’t work with them. At last, we will cover solutions which help in securing these API by shifting left in DevOps pipeline. We will cover the following as part of this presentation: GraphQL use cases and how unicorns use them Benefits and security challenges with GraphQL Authentication and Authorisation Resource exhaustion Backend complexities with microservices Need for tweaking conventional DevSecOps tools for security assurance Security solutions which works with GraphQL

REST full API DesignChristian Guenther

OAuth2 and Spring SecurityOrest Ivasiv

The document discusses OAuth2 and Spring Security. It provides an overview of OAuth2 concepts including the four main roles (resource owner, resource server, client, and authorization server), four common grant types (authorization code, implicit, resource owner password credentials, and client credentials), and how to implement OAuth2 flows in Spring Security. Sample OAuth2 applications using Spring Security are also mentioned.

An Introduction to OAuth 2Aaron Parecki

The document provides an overview of the history and development of OAuth standards for authorization. It describes some of the issues with early implementations that prompted the creation of OAuth 1.0, including services storing user passwords and lack of ability to revoke access. OAuth 1.0 introduced signatures to address these issues. OAuth 2.0 replaced signatures with HTTPS and defines common flows for different use cases, including authorization code, implicit, password, and client credentials grants.

Creating RESTful API’s with Grails and Spring SecurityAlvaro Sanchez-Mariscal

In this talk I will cover how to create a REST API using Grails 2.3 to support single-page applications, exploring all the possible alternatives. Code is available at https://github.com/alvarosanchez/restful-grails-springsecurity-greach2014 I will also explain how to integrate Spring Security using the spring-security-rest plugin I recently created, to implement a stateless, token-based, RESTful authentication.

(1) OAuth 2.0 Overviewanikristo

OAuth 2.0 provides several authorization flows for developers including the web server flow. It has advantages like wide adoption and new authorization types but also disadvantages such as lack of interoperability between implementations and potential security issues if SSL is not used. The web server flow involves authenticating the client, obtaining an authorization code from the resource owner, exchanging the code for an access token, using the access token to access resources, and refreshing tokens as needed. OAuth 1.0 adds security features like digital signatures and nonces/timestamps but requires more complex implementation.

Using & Abusing APIs: An Examination of the API Attack SurfaceCA API Management

Single-Page-Application & REST securityIgor Bossenko

The document discusses various authentication and authorization methods for REST APIs, including API keys, signatures, OAuth 1.0, and OAuth 2.0. It provides details on implementing authentication with an API key, secret key, or signature for identity and authorization. The document contrasts OAuth 1.0 and 2.0, covering their concepts, authentication flows, and differences. It also discusses using OAuth for SSO, refreshing tokens, and consuming secured RSS/ATOM feeds, as well as validating state, data consistency, and enforcing authorization with REST services.

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell

This document provides an overview of OAuth 2.0 and how it can be used to securely authorize access to APIs from mobile applications. It begins with an introduction to OAuth and discusses how it addresses issues with directly sharing passwords between applications. The document then outlines the basic OAuth flow, including key concepts like access tokens, authorization codes, and refresh tokens. It provides code snippets demonstrating an example OAuth flow for both Android and iOS, showing the HTTP requests and responses at each step.

JSON SQL Injection and the Lessons LearnedKazuho Oku

This document discusses JSON SQL injection and lessons learned from vulnerabilities in SQL query builders. It describes how user-supplied JSON input containing operators instead of scalar values could manipulate queries by injecting conditions like id!='-1' instead of a specific id value. This allows accessing unintended data. The document examines how SQL::QueryMaker and a strict mode in SQL::Maker address this by restricting query parameters to special operator objects or raising errors on non-scalar values. While helpful, strict mode may break existing code, requiring changes to parameter handling. The vulnerability also applies to other languages' frameworks that similarly convert arrays to SQL IN clauses.

Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Codemotion

The document discusses OAuth2 and OpenId Connect protocols for securing web applications. It provides an overview of how OAuth2 is used to get tokens in exchange for secrets to allow software access to resources without revealing the secret. OpenId Connect extends OAuth2 to provide authentication by using OAuth tokens to identify users. The document outlines common scenarios and actors in the protocols, describes different token types and flows, and demonstrates how to implement OAuth2 and OpenId Connect.

How to build Simple yet powerful API.pptxChanna Ly

Cqcon2015Antonio Sanso

This document discusses cryptography and security in Adobe Experience Manager (AEM). It introduces the presenters Damien Antipa and Antonio Sanso and defines cryptography. It then discusses encryption, integrity protection, and different cryptographic techniques like AES, RSA, HMAC, and JSON Web Tokens. The document also covers use cases for AEM like encapsulating tokens and preventing CSRF attacks. It explains how CSRF protection works transparently in AEM using JSON Web Tokens signed with an HMAC key to ensure integrity and allow caching.

More Related Content

What's hot (20)

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

Sdfc forbidden and advanced techniquesBohdan Dovhań

OAuth2 AuthenticationIsmael Costa

Pentesting RESTful webservicesMohammed A. Imran

REST API Design & DevelopmentAshok Pundit

Best Practices in Building an API Security EcosystemPrabath Siriwardena

OAuth2 - IntroductionKnoldus Inc.

Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran

Oauth 2.0 securityvinoth kumar

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

REST full API DesignChristian Guenther

OAuth2 and Spring SecurityOrest Ivasiv

An Introduction to OAuth 2Aaron Parecki

Creating RESTful API’s with Grails and Spring SecurityAlvaro Sanchez-Mariscal

(1) OAuth 2.0 Overviewanikristo

Using & Abusing APIs: An Examination of the API Attack SurfaceCA API Management

Single-Page-Application & REST securityIgor Bossenko

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell

JSON SQL Injection and the Lessons LearnedKazuho Oku

Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Codemotion

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

Sdfc forbidden and advanced techniquesBohdan Dovhań

OAuth2 AuthenticationIsmael Costa

Pentesting RESTful webservicesMohammed A. Imran

REST API Design & DevelopmentAshok Pundit

Best Practices in Building an API Security EcosystemPrabath Siriwardena

OAuth2 - IntroductionKnoldus Inc.

Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran

Oauth 2.0 securityvinoth kumar

In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran

REST full API DesignChristian Guenther

OAuth2 and Spring SecurityOrest Ivasiv

An Introduction to OAuth 2Aaron Parecki

Creating RESTful API’s with Grails and Spring SecurityAlvaro Sanchez-Mariscal

(1) OAuth 2.0 Overviewanikristo

Using & Abusing APIs: An Examination of the API Attack SurfaceCA API Management

Single-Page-Application & REST securityIgor Bossenko

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell

JSON SQL Injection and the Lessons LearnedKazuho Oku

Securing your apps with OAuth2 and OpenID Connect - Roland Guijt - Codemotion...Codemotion

Similar to How LinkedIn changed its security model in order to offer an API (20)

How to build Simple yet powerful API.pptxChanna Ly

Cqcon2015Antonio Sanso

API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy

The document discusses modern application security issues related to APIs. It begins with an overview of common API security risks like SQL injection, XSS, and CSRF. It then focuses on how application security has changed with the transition to modern architectures that are API-focused, use cloud infrastructure, and follow DevOps practices. Key changes discussed include less abstraction layers, clients handling more responsibility, and APIs exposing more data and endpoints directly. The document also summarizes the OWASP API security project and proposed API security top 10 risks. Real attack examples are provided to illustrate broken authorization and authentication vulnerabilities.

You wanna crypto in AEMDamien Antipa

This document introduces cryptography concepts like encryption, integrity protection, and digital signatures. It discusses how Adobe Experience Manager (AEM) implements cryptography to encrypt tokens and protect against CSRF attacks. Specifically, AEM uses JSON Web Tokens (JWTs) to encapsulate tokens, signs them with an HMAC key for integrity, and includes the token in non-GET requests to prevent CSRF without requiring changes to application code or dependencies on server-side sessions. Developers do not need to handle the CSRF token explicitly in their JavaScript code.

Abusing bleeding edge web standards for appsec gloryPriyanka Aash

"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose. In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)." (Source: Black Hat USA 2016, Las Vegas)

Araport Workshop Tutorial 2: Authentication and the Agave Profiles Servicestevemock

API SECURITYTubagus Rizky Dharmawan

This document discusses API security and provides examples of common API attacks and defenses. It covers API fingerprinting and discovery, debugging APIs using proxies, different authentication methods like basic auth, JWTs, and OAuth, and risks of attacking deprecated or development APIs. Specific attacks explained include parameter tampering, bypassing JWT signature validation, OAuth login flows being vulnerable to CSRF, and chaining multiple issues to perform account takeovers. The document emphasizes the importance of API security and provides mitigation strategies like input validation, secret management, rate limiting, and updating old APIs.

Hacking Ruby on Rails at Railswaycon09heikowebers

This document discusses various security vulnerabilities in Ruby on Rails applications and provides recommendations for mitigating risks. It covers issues like cross-site scripting, mass assignment vulnerabilities, privilege escalation, sensitive data exposure, weak authentication practices, and risks associated with file uploads. Recommendations include sanitizing user input, using strong encryption and authentication, carefully validating file types and metadata, and following security best practices for admin panels. The goal is to help Rails developers build more secure applications by closing common security holes.

Protecting Your APIs Against Attack & Hijack CA API Management

Secure Enterprise APIs for Mobile, Cloud & Open Web APIs present enterprises with many business opportunities but they also create new attack vectors that hackers can potentially exploit. APIs share many of the same threats that plague the Web but APIs are fundamentally different from Web sites and have an entirely unique risk profile that must be addressed. By adopting a secure API architecture from the beginning, it is possible to address both old and new threats. In this webinar, Scott Morrison – CTO at Layer 7 Technologies – will explain in detail how an enterprise can pursue its API publishing strategy without compromising the security of its on-premise systems and data. You Will Learn How APIs increase the attack surface What key types of risk are introduced by APIs How enterprises can mitigate each of these risks Why it is crucial to separate API implementation and security into distinct tiers Presented By Scott Morrison, CTO, Layer 7 Technologies

Application Services On The Web Sales ForcecomQConLondon2008

The document discusses Force.com, a platform as a service (PaaS) offering from Salesforce.com. Force.com allows developers to build and host web applications in the cloud without having to manage infrastructure. Key features mentioned include the use of Apex code to build applications, a metadata data model, and APIs to integrate applications. Security features like single sign-on and IP restrictions are also summarized.

Let's Jira do the workFrank Ittermann

iPhone Development For Experienced Web Developerslisab517

This document discusses iPhone development for experienced web developers. It begins with an introduction and poll questions. The main differences from web development are then outlined, such as slower processors, latency considerations, and Objective C. Tools like Xcode and Cocoa are also introduced. The presenters then discuss their project, which uses RESTful web services and JSON. Code examples and concepts like MVC are provided. Memory management, testing, and distribution challenges are also covered. In the end, the presenters discuss what they like and don't like about iPhone development.

Checkmarx meetup API Security - API Security in depth - Inon ShkedyAdar Weidman

The document discusses modern application security challenges with APIs, provides real world examples of API vulnerabilities, and discusses solutions. It begins by introducing common API security issues like object level authorization (BOLA) and function level authorization (BFLA). It then details two real attacks - one on a food delivery app that allowed account takeover via phone number verification, and one on a social network that allowed email updating due to inconsistent authorization. The document advocates for proper authorization mechanisms and expanding the attack surface to find vulnerabilities.

CGI PresentationSopan Shewale

The document provides an overview of CGI (Common Gateway Interface) and how it enables dynamic web content. It discusses how CGI works, alternatives like PHP and Java servlets, configuring Apache web server for CGI, programming CGI applications using Perl and the CGI.pm module, handling input/output and errors. It also includes an example CGI application in Perl for counting button clicks using sessions and cookies to manage state.

REST APIsArthur De Magalhaes

This document discusses RESTful microservices and best practices for designing REST APIs. It covers topics like why REST is important for API design, common REST principles, naming conventions, resource relationships, security, versioning, documentation, and management of REST APIs. It also provides examples of how various companies implement practices like filtering, searching, paging, and error handling in their REST APIs. Finally, it discusses how the WebSphere Liberty application server supports REST APIs through features like API discovery and collective APIs.

Meetup callbackWayne Scarano

The document discusses serverless computing and the callback server architecture used by Veracode for dynamic application security testing. It summarizes the advantages of replacing the existing callback server with EC2 and Postgres with a serverless architecture using AWS Lambda, API Gateway, and DynamoDB. While the serverless approach provided benefits like automatic scaling and lower costs, it required learning new skills and significantly more effort on devops tasks for deployment automation compared to development. Security best practices like monitoring, access control, and dependency scanning were also emphasized for serverless architectures.

Dave Carroll Application Services Salesforcedeimos

The document discusses enterprise grade business application services provided through the Force.com platform as a service (PaaS). It provides an overview of Force.com's capabilities including building any type of business application, flexibility to integrate with other systems, security, and trust due to many customers and developers using the platform. Key aspects of Force.com covered include the multi-tenant architecture, APIs for development, and security options like single sign-on and two-factor authentication.

Hacking Client Side Insecuritiesamiable_indian

The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.

Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108

The document discusses web application security testing. It introduces web application penetration testing and the OWASP Top 10 security vulnerabilities like injection and XSS. It provides examples of SQL injection vulnerabilities and how to exploit URLs. It discusses how to prevent these vulnerabilities through input validation, output encoding and using parameterized queries. It also covers session management vulnerabilities and the importance of authentication and authorization for application resources.

phpbhuvana553

Web development involves creating websites for the Internet. Web pages can be static, with fixed content, or dynamic, where content can change on the client side. HTML5 is the latest version of HTML and introduces new markup elements, input types, and form attributes. It also supports audio and video elements. CSS3 adds new selectors, properties and values for styling and layout. PHP is a server-side scripting language commonly used for web development. Popular PHP frameworks like Yii, CodeIgniter and Zend help support the development of dynamic websites and applications.

How to build Simple yet powerful API.pptxChanna Ly

Cqcon2015Antonio Sanso

API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy

You wanna crypto in AEMDamien Antipa

Abusing bleeding edge web standards for appsec gloryPriyanka Aash

Araport Workshop Tutorial 2: Authentication and the Agave Profiles Servicestevemock

API SECURITYTubagus Rizky Dharmawan

Hacking Ruby on Rails at Railswaycon09heikowebers

Protecting Your APIs Against Attack & Hijack CA API Management

Application Services On The Web Sales ForcecomQConLondon2008

Let's Jira do the workFrank Ittermann

iPhone Development For Experienced Web Developerslisab517

Checkmarx meetup API Security - API Security in depth - Inon ShkedyAdar Weidman

CGI PresentationSopan Shewale

REST APIsArthur De Magalhaes

Meetup callbackWayne Scarano

Dave Carroll Application Services Salesforcedeimos

Hacking Client Side Insecuritiesamiable_indian

Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108

phpbhuvana553

Recently uploaded (20)

ISOIEC 42005 Revolutionalises AI Impact Assessment.pptxAyilurRamnath1

DevOps in the Modern Era - Thoughtfully Critical PodcastChris Wahl

Agentic AI: Beyond the Buzz- LangGraph Studio V2Shashikant Jagtap

MCP vs A2A vs ACP: Choosing the Right Protocol | BluebashBluebash

Jira Administration Training – Day 1 : IntroductionRavi Teja

Data Virtualization: Bringing the Power of FME to Any ApplicationSafe Software

Imagine building web applications or dashboards on top of all your systems. With FME’s new Data Virtualization feature, you can deliver the full CRUD (create, read, update, and delete) capabilities on top of all your data that exploit the full power of FME’s all data, any AI capabilities. Data Virtualization enables you to build OpenAPI compliant API endpoints using FME Form’s no-code development platform. In this webinar, you’ll see how easy it is to turn complex data into real-time, usable REST API based services. We’ll walk through a real example of building a map-based app using FME’s Data Virtualization, and show you how to get started in your own environment – no dev team required. What you’ll take away: -How to build live applications and dashboards with federated data -Ways to control what’s exposed: filter, transform, and secure responses -How to scale access with caching, asynchronous web call support, with API endpoint level security. -Where this fits in your stack: from web apps, to AI, to automation Whether you’re building internal tools, public portals, or powering automation – this webinar is your starting point to real-time data delivery.

Co-Constructing Explanations for AI Systems using ProvenancePaul Groth

Explanation is not a one off - it's a process where people and systems work together to gain understanding. This idea of co-constructing explanations or explanation by exploration is powerful way to frame the problem of explanation. In this talk, I discuss our first experiments with this approach for explaining complex AI systems by using provenance. Importantly, I discuss the difficulty of evaluation and discuss some of our first approaches to evaluating these systems at scale. Finally, I touch on the importance of explanation to the comprehensive evaluation of AI systems.

Boosting MySQL with Vector Search -THE VECTOR SEARCH CONFERENCE 2025 .pdfAlkin Tezuysal

As the demand for vector databases and Generative AI continues to rise, integrating vector storage and search capabilities into traditional databases has become increasingly important. This session introduces the *MyVector Plugin*, a project that brings native vector storage and similarity search to MySQL. Unlike PostgreSQL, which offers interfaces for adding new data types and index methods, MySQL lacks such extensibility. However, by utilizing MySQL's server component plugin and UDF, the *MyVector Plugin* successfully adds a fully functional vector search feature within the existing MySQL + InnoDB infrastructure, eliminating the need for a separate vector database. The session explains the technical aspects of integrating vector support into MySQL, the challenges posed by its architecture, and real-world use cases that showcase the advantages of combining vector search with MySQL's robust features. Attendees will leave with practical insights on how to add vector search capabilities to their MySQL systems.

Evaluation Challenges in Using Generative AI for Science & Technical ContentPaul Groth

Evaluation Challenges in Using Generative AI for Science & Technical Content. Foundation Models show impressive results in a wide-range of tasks on scientific and legal content from information extraction to question answering and even literature synthesis. However, standard evaluation approaches (e.g. comparing to ground truth) often don't seem to work. Qualitatively the results look great but quantitive scores do not align with these observations. In this talk, I discuss the challenges we've face in our lab in evaluation. I then outline potential routes forward.

The case for on-premises AIPrincipled Technologies

Exploring the advantages of on-premises Dell PowerEdge servers with AMD EPYC processors vs. the cloud for small to medium businesses’ AI workloads AI initiatives can bring tremendous value to your business, but you need to support your new AI workloads effectively. That means choosing the best possible infrastructure for your needs—and many companies are finding that the cloud isn’t right for them. According to a recent Rackspace survey of IT executives, 69 percent of companies have moved some of their applications on-premises from the cloud, with half of those citing security and compliance as the reason and 44 percent citing cost. On-premises solutions provide a number of advantages. With full control over your security infrastructure, you can be certain that all compliance requirements remain firmly in the hands of your IT team. Opting for on-premises also gives you the ability to design your infrastructure to the precise needs of that team and your new AI workloads. Depending on the workload, you may also see performance benefits, along with more predictable costs. As you start to build your next AI initiative, consider an on-premises solution utilizing AMD EPYC processor-powered Dell PowerEdge servers.

ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....Jasper Oosterveld

Sensitivity labels, powered by Microsoft Purview Information Protection, serve as the foundation for classifying and protecting your sensitive data within Microsoft 365. Their importance extends beyond classification and play a crucial role in enforcing governance policies across your Microsoft 365 environment. Join me, a Data Security Consultant and Microsoft MVP, as I share practical tips and tricks to get the full potential of sensitivity labels. I discuss sensitive information types, automatic labeling, and seamless integration with Data Loss Prevention, Teams Premium, and Microsoft 365 Copilot.

Azure vs AWS Which Cloud Platform Is Best for Your Business in 2025Infrassist Technologies Pvt. Ltd.

Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateVICTOR MAESTRE RAMIREZ

How to Detect Outliers in IBM SPSS Statistics.pptxVersion 1 Analytics

7 Salesforce Data Cloud Best Practices.pdfMinuscule Technologies

soulmaite review - Find Real AI soulmate reviewSoulmaite

Looking for an honest take on Soulmaite? This Soulmaite review covers everything you need to know—from features and pricing to how well it performs as a real AI soulmate. We share how users interact with adult chat features, AI girlfriend 18+ options, and nude AI chat experiences. Whether you're curious about AI roleplay porn or free AI NSFW chat with no sign-up, this review breaks it down clearly and informatively.

Your startup on AWS - How to architect and maintain a Lean and Mean account J...angelo60207

Prevent infrastructure costs from becoming a significant line item on your startup’s budget! Serial entrepreneur and software architect Angelo Mandato will share his experience with AWS Activate (startup credits from AWS) and knowledge on how to architect a lean and mean AWS account ideal for budget minded and bootstrapped startups. In this session you will learn how to manage a production ready AWS account capable of scaling as your startup grows for less than $100/month before credits. We will discuss AWS Budgets, Cost Explorer, architect priorities, and the importance of having flexible, optimized Infrastructure as Code. We will wrap everything up discussing opportunities where to save with AWS services such as S3, EC2, Load Balancers, Lambda Functions, RDS, and many others.

Oracle Cloud Infrastructure AI FoundationsVICTOR MAESTRE RAMIREZ

Scaling GenAI Inference From Prototype to Production: Real-World Lessons in S...Anish Kumar

Presented by: Anish Kumar LinkedIn: https://www.linkedin.com/in/anishkumar/ This lightning talk dives into real-world GenAI projects that scaled from prototype to production using Databricks’ fully managed tools. Facing cost and time constraints, we leveraged four key Databricks features—Workflows, Model Serving, Serverless Compute, and Notebooks—to build an AI inference pipeline processing millions of documents (text and audiobooks). This approach enables rapid experimentation, easy tuning of GenAI prompts and compute settings, seamless data iteration and efficient quality testing—allowing Data Scientists and Engineers to collaborate effectively. Learn how to design modular, parameterized notebooks that run concurrently, manage dependencies and accelerate AI-driven insights. Whether you're optimizing AI inference, automating complex data workflows or architecting next-gen serverless AI systems, this session delivers actionable strategies to maximize performance while keeping costs low.

Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdfSOFTTECHHUB