How npm is making JavaScript safe for everyone
0 likes171 views
This document discusses making JavaScript safe for everyone. It provides an overview of open source software (OSS) and software supply chains, and how their large surface areas create security risks. It notes that traditional security approaches are often portrayed as impediments and are ineffective. The document advocates for a "new" security approach called DevSecOps that embeds security teams in developer teams. It also discusses automation of security processes using free tools. Finally, it announces that npm is building a Security Insights API to publish security data publicly and help the community and npm's security team be more effective.
1 of 74
Download to read offline
Ad
Recommended
Dmytro Kochergin “Autotest with CYPRESS”
Dmytro Kochergin “Autotest with CYPRESS”LogeekNightUkraine Cypress is an open source JavaScript testing framework for testing web applications. It allows for running automated tests directly in the browser without any build step required. Some key features of Cypress include time travel debugging, automatic waiting, running tests headlessly on CI, and generating screenshots and videos. The document discusses using Cypress to test an application and some issues faced, such as tests not restarting on file save and emulating a mobile browser. It provides solutions for some problems like uploading files and handling CORS errors. Overall reproducing test data across environments remains an unresolved challenge.
DevSecCon London 2017: Threat modeling in a CI environment by Steven Wierckx
DevSecCon London 2017: Threat modeling in a CI environment by Steven WierckxDevSecCon Threat modeling can be challenging in agile environments where processes need to be lightweight and adaptable. The presentation discusses the OWASP STAYPUFT methodology for integrating threat modeling into agile development. It involves three phases - ascertain threats from user stories, identify threats to components, and select mitigations from common controls. Examples are given for how threat modeling can be incorporated into scrum and kanban processes by updating diagrams and assumptions during planning and reviews. The goal is to perform threat modeling iteratively to keep security risks understood and addressed throughout development.
Ivan Dryzhyruk “Ducks Don’t Like Bugs”
Ivan Dryzhyruk “Ducks Don’t Like Bugs”LogeekNightUkraine This document discusses software testing techniques and best practices. It covers test design techniques like equivalence partitioning and boundary value analysis. It emphasizes the importance of tests being fast, isolated, repeatable, self-validating, and thorough. The testing pyramid hierarchy of tests is explained. Test-driven development and various test utilities are also outlined. The conclusions emphasize that tests help increase confidence in code, prevent accidental breaks, and ensure documentation remains relevant.
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.
GNUCITIZEN Dwk Owasp Day September 2007
GNUCITIZEN Dwk Owasp Day September 2007guest20ab09 The document discusses challenges with automated web application security testing tools and introduces the Technika Security Framework as a potential solution. It notes that over 90% of applications have vulnerabilities and most attacks now target the client-side. Automated tools have limitations around business logic, custom URLs, and false positives/negatives. A hybrid approach combining automated scanning and manual testing is suggested. The Technika Framework includes tools like a DOM spider, form parser, and mini-Nikto for automated scanning within a browser environment.
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
Reversing & malware analysis training part 1 lab setup guide
Reversing & malware analysis training part 1 lab setup guidesecurityxploded This presentation is part of our Reverse Engineering & Malware Analysis Training program.
For more details refer our Security Training page
http://securityxploded.com/security-training.php
OWASP AppSec Cali 2018 - Enabling Product Security With Culture and Cloud (As...
OWASP AppSec Cali 2018 - Enabling Product Security With Culture and Cloud (As...Patrick Thomas Abstract from OWASP AppSec California 2018:
----------------------------
What would it look like if security never had to say “no”?
This talk explores that counter-intuitive premise, and shows how it is not just possible but *necessary* to discard many traditional security behaviors in order to support modern high-velocity, cloud-centric engineering teams. For the product security team at Netflix, this is the logical implication of a cultural commitment to enabling the organization.
Attendees will learn how to replace heavy-handed gating with an automation-first approach, and build powerful security capabilities on top of cloud deployment primitives. Specific examples including provable application identity, immutable and continuous deployment, and secret bootstrapping illustrate how this approach balances security impact with engineering enablement.
Contact:
@astha_singhal
@coffeetocode
Version with speaker notes: https://www.slideshare.net/coffeetocode/owasp-appsec-cali-2018-enabling-product-security-with-culture-and-cloud-astha-singhal-patrick-thomas-with-speaker-notes-public
Fine line between performance and security
Fine line between performance and securityAlmudena Vivanco Spectre and Meltdown are security vulnerabilities that break the isolation between different applications and between applications and the operating system. This allows confidential information like passwords, browser history and banking details to be accessed from other applications. Spectre is more difficult to exploit but also more difficult to mitigate than Meltdown. Software patches have been released to address the issues but they can impact performance, with some applications seeing degradations of 5-30%. Benchmarking tools are being used to better understand and mitigate the performance impacts.
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
Dev{sec}ops
Dev{sec}opsSteven Carlson Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileOleg Gryb Your security processes are just as good as its level of integration with SDLC. If your SDLC is agile, so should be security.
Making Security Agile
Making Security AgileOleg Gryb Security process should be integrated with SDLC well to be successful. While many companies have already moved from Waterfall to Agile methodologies security remains behind more often than not. We have demonstrated in our presentation how security can move to agile by utilizing open source tools, customizing them to meet our needs and to implement a continuos security testing using dynamic scanners as well as manual testing.
It’s very important also to assure that false positives are not fed to the developers bug tracking systems and to assign a severity for each finding correctly. To make it happen we import all our findings to a security dashboard and review them before exporting to a bug tracking system.
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Dennis de Greef This document discusses profiling PHP applications. It defines profiling as dynamic program analysis that measures things like memory or time complexity during program execution. Both static and dynamic analysis are covered, with dynamic analysis involving actually executing the program to observe its behaviors. Specific tools for PHP profiling are discussed, including Xdebug for active profiling during development and XHProf for passive, production profiling. XHProf data can be viewed through the XHGui interface which shows call stacks and graphs. Other profiling tools mentioned include Link0 Profiler and New Relic. Profiling helps optimize applications by identifying slow functions, classes or code sections.
DevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain DevSecOps enables organizations to deliver secure software at DevOps speed.
Development - Software releases and updates
Operations - Reliability Performance & Scaling
Security - Confidentiality, Availability, Integrity
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Phil Agcaoili The document provides an overview of a live event discussing the Software Assurance Marketplace (SWAMP) project. It includes:
1) An agenda for the event with presentations on the SWAMP overview, an executive insight, and Q&A session.
2) Descriptions of the SWAMP project, which is a $23 million, 5-year effort to build a facility for testing open source software for vulnerabilities. It will provide tools, resources, and results reporting to support software assurance.
3) Details on the SWAMP's vision to help developers integrate security testing early and often through continuous assurance in their development cycles. This will help find and fix vulnerabilities before they become serious problems.
Secure development in .NET with EPiServer Solita
Secure development in .NET with EPiServer SolitaJoona Immonen The document discusses secure development practices for .NET applications. It covers topics like threat modeling, hosting perspectives, and continuous integration tools. The presenter recommends that developers take on security testing roles and provides an "onion model" to conceptualize defense in depth strategies with tools mapped at different layers. Continuous security is emphasized through the development lifecycle.
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?Izar Tarandach The document discusses continuous threat modeling and what works. It begins by introducing the speaker and stating the talk will cover level setting on threat modeling, how security is currently done wrong and training is wrong, and how continuous threat modeling can help solve these issues. It then defines threat modeling and discusses how security is currently failing due to lack of threat modeling adoption, training developers, and testing tool limitations. It proposes conducting threat modeling for every story using subject areas, checklists, and maintaining findings to help security become continuous. Tools like PyTM are presented that can help automate and integrate threat modeling into the development process.
Practical Chaos Engineering
Practical Chaos EngineeringSIGHUP Practical Chaos Engineering will show how to start running chaos experiments in your infrastructure and will try to guide your through the principles of chaos.
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier - Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays apidays LIVE New York - API for Legacy Industries: Banking, Insurance, Healthcare and Retail
Navigating the Sea of Javascript Tools to Discover Scalable Tools for Continuous Delivery
Menelaos Kotsollaris, Senior Software Engineer
Viki Green, Senior Software Developer at Trulioo
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor Our technology, work processes, and activities all depend on if we trust our software to be developed in a safe and secure manner. Join us virtually for our upcoming "Secure Your DevOps Pipeline: Best Practices" Meetup to learn how to integrate security in the development process, DevSecOps advance methods, manage the implement secure coding analysis and how to manage software security risks.
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Chetan Khatri The document discusses information security for data-driven platforms and open source projects. It motivates the importance of security through examples of data breaches. It covers topics like encryption, authentication, vulnerabilities in open source code, and how to evaluate open source libraries for security issues. The document demonstrates penetration testing tools like Vega and SQLMap to find vulnerabilities like SQL injection in web applications.
Synergy of Human and Artificial Intelligence in Software Engineering
Synergy of Human and Artificial Intelligence in Software EngineeringTao Xie Keynote Talk by Tao Xie at International NSF sponsored Workshop on Realizing Artificial Intelligence Synergies in Software Engineering (RAISE 2013) http://promisedata.org/raise/2013/
Profiling PHP - AmsterdamPHP Meetup - 2014-11-20
Profiling PHP - AmsterdamPHP Meetup - 2014-11-20Dennis de Greef Your application needs to be fast nowadays in order to stand out from the crowd. Study has shown that application performance has a psychological effect on customer satisfaction. Profiling can give you more insight in how your application really works internally. It gives you an overview of where the resource bottlenecks in your application reside. In this talk, I am going to give an overview of some profiling methods that exist today, and where I think we should be heading. After this talk, you will be able to use some basic profiling tricks to analyse the performance constraints in your application.
http://www.meetup.com/AmsterdamPHP/events/168161882/
How to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsDevOps.com In this webinar, we’ll explore how to navigate the tension between speed and security when it comes to open source languages.
Enterprises are challenged by conflicting interests:
Engineering teams want more time to focus on code quality, but product managers want to ship faster.
Developers want the best tool for the job, but companies resist adding more technology stacks to their growing tech debt.
Retrofitting for security and vulnerabilities after the fact becomes a big blocker for Development and Engineering teams. Enterprises are challenged with resolving new threats and vulnerabilities at the pace at which they crop up. And yet, speed wins over security because faster time-to-market takes a greater priority over fixing vulnerabilities.
Our expert panel will cover how to resolve the tension between speed and security by practices which:
Minimize DevOps overhead from retrofitting programming languages with new versions, dependencies, security patches, etc.
Enable Continuous Builds to keep up with your continuous deployments
Use Build Validation to vet your continuous builds against smoke tests
Introduction to Node.js
Introduction to Node.jsAMD Developer Central This is the slide deck from the popular "Introduction to Node.js" webinar with AMD and DevelopIntelligence, presented by Joshua McNeese. Watch our AMD Developer Central YouTube channel for the replay at https://www.youtube.com/user/AMDDevCentral.
Agentic AI: Beyond the Buzz- LangGraph Studio V2
Agentic AI: Beyond the Buzz- LangGraph Studio V2Shashikant Jagtap Presentation given at the LangChain community meetup London
https://lu.ma/9d5fntgj
Coveres
Agentic AI: Beyond the Buzz
Introduction to AI Agent and Agentic AI
Agent Use case and stats
Introduction to LangGraph
Build agent with LangGraph Studio V2
More Related Content
Similar to How npm is making JavaScript safe for everyone (20)
Fine line between performance and security
Fine line between performance and securityAlmudena Vivanco Spectre and Meltdown are security vulnerabilities that break the isolation between different applications and between applications and the operating system. This allows confidential information like passwords, browser history and banking details to be accessed from other applications. Spectre is more difficult to exploit but also more difficult to mitigate than Meltdown. Software patches have been released to address the issues but they can impact performance, with some applications seeing degradations of 5-30%. Benchmarking tools are being used to better understand and mitigate the performance impacts.
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
Dev{sec}ops
Dev{sec}opsSteven Carlson Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileOleg Gryb Your security processes are just as good as its level of integration with SDLC. If your SDLC is agile, so should be security.
Making Security Agile
Making Security AgileOleg Gryb Security process should be integrated with SDLC well to be successful. While many companies have already moved from Waterfall to Agile methodologies security remains behind more often than not. We have demonstrated in our presentation how security can move to agile by utilizing open source tools, customizing them to meet our needs and to implement a continuos security testing using dynamic scanners as well as manual testing.
It’s very important also to assure that false positives are not fed to the developers bug tracking systems and to assign a severity for each finding correctly. To make it happen we import all our findings to a security dashboard and review them before exporting to a bug tracking system.
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Dennis de Greef This document discusses profiling PHP applications. It defines profiling as dynamic program analysis that measures things like memory or time complexity during program execution. Both static and dynamic analysis are covered, with dynamic analysis involving actually executing the program to observe its behaviors. Specific tools for PHP profiling are discussed, including Xdebug for active profiling during development and XHProf for passive, production profiling. XHProf data can be viewed through the XHGui interface which shows call stacks and graphs. Other profiling tools mentioned include Link0 Profiler and New Relic. Profiling helps optimize applications by identifying slow functions, classes or code sections.
DevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain DevSecOps enables organizations to deliver secure software at DevOps speed.
Development - Software releases and updates
Operations - Reliability Performance & Scaling
Security - Confidentiality, Availability, Integrity
Good Security Starts with Software Assurance - Software Assurance Market Plac...
Good Security Starts with Software Assurance - Software Assurance Market Plac...Phil Agcaoili The document provides an overview of a live event discussing the Software Assurance Marketplace (SWAMP) project. It includes:
1) An agenda for the event with presentations on the SWAMP overview, an executive insight, and Q&A session.
2) Descriptions of the SWAMP project, which is a $23 million, 5-year effort to build a facility for testing open source software for vulnerabilities. It will provide tools, resources, and results reporting to support software assurance.
3) Details on the SWAMP's vision to help developers integrate security testing early and often through continuous assurance in their development cycles. This will help find and fix vulnerabilities before they become serious problems.
Secure development in .NET with EPiServer Solita
Secure development in .NET with EPiServer SolitaJoona Immonen The document discusses secure development practices for .NET applications. It covers topics like threat modeling, hosting perspectives, and continuous integration tools. The presenter recommends that developers take on security testing roles and provides an "onion model" to conceptualize defense in depth strategies with tools mapped at different layers. Continuous security is emphasized through the development lifecycle.
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?
O'Reilly SACon 2019 - (Continuous) Threat Modeling - What works?Izar Tarandach The document discusses continuous threat modeling and what works. It begins by introducing the speaker and stating the talk will cover level setting on threat modeling, how security is currently done wrong and training is wrong, and how continuous threat modeling can help solve these issues. It then defines threat modeling and discusses how security is currently failing due to lack of threat modeling adoption, training developers, and testing tool limitations. It proposes conducting threat modeling for every story using subject areas, checklists, and maintaining findings to help security become continuous. Tools like PyTM are presented that can help automate and integrate threat modeling into the development process.
Practical Chaos Engineering
Practical Chaos EngineeringSIGHUP Practical Chaos Engineering will show how to start running chaos experiments in your infrastructure and will try to guide your through the principles of chaos.
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier - Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays apidays LIVE New York - API for Legacy Industries: Banking, Insurance, Healthcare and Retail
Navigating the Sea of Javascript Tools to Discover Scalable Tools for Continuous Delivery
Menelaos Kotsollaris, Senior Software Engineer
Viki Green, Senior Software Developer at Trulioo
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor Our technology, work processes, and activities all depend on if we trust our software to be developed in a safe and secure manner. Join us virtually for our upcoming "Secure Your DevOps Pipeline: Best Practices" Meetup to learn how to integrate security in the development process, DevSecOps advance methods, manage the implement secure coding analysis and how to manage software security risks.
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...
Demystify Information Security & Threats for Data-Driven Platforms With Cheta...Chetan Khatri The document discusses information security for data-driven platforms and open source projects. It motivates the importance of security through examples of data breaches. It covers topics like encryption, authentication, vulnerabilities in open source code, and how to evaluate open source libraries for security issues. The document demonstrates penetration testing tools like Vega and SQLMap to find vulnerabilities like SQL injection in web applications.
Synergy of Human and Artificial Intelligence in Software Engineering
Synergy of Human and Artificial Intelligence in Software EngineeringTao Xie Keynote Talk by Tao Xie at International NSF sponsored Workshop on Realizing Artificial Intelligence Synergies in Software Engineering (RAISE 2013) http://promisedata.org/raise/2013/
Profiling PHP - AmsterdamPHP Meetup - 2014-11-20
Profiling PHP - AmsterdamPHP Meetup - 2014-11-20Dennis de Greef Your application needs to be fast nowadays in order to stand out from the crowd. Study has shown that application performance has a psychological effect on customer satisfaction. Profiling can give you more insight in how your application really works internally. It gives you an overview of where the resource bottlenecks in your application reside. In this talk, I am going to give an overview of some profiling methods that exist today, and where I think we should be heading. After this talk, you will be able to use some basic profiling tricks to analyse the performance constraints in your application.
http://www.meetup.com/AmsterdamPHP/events/168161882/
How to Manage the Risk of your Polyglot Environments
How to Manage the Risk of your Polyglot EnvironmentsDevOps.com In this webinar, we’ll explore how to navigate the tension between speed and security when it comes to open source languages.
Enterprises are challenged by conflicting interests:
Engineering teams want more time to focus on code quality, but product managers want to ship faster.
Developers want the best tool for the job, but companies resist adding more technology stacks to their growing tech debt.
Retrofitting for security and vulnerabilities after the fact becomes a big blocker for Development and Engineering teams. Enterprises are challenged with resolving new threats and vulnerabilities at the pace at which they crop up. And yet, speed wins over security because faster time-to-market takes a greater priority over fixing vulnerabilities.
Our expert panel will cover how to resolve the tension between speed and security by practices which:
Minimize DevOps overhead from retrofitting programming languages with new versions, dependencies, security patches, etc.
Enable Continuous Builds to keep up with your continuous deployments
Use Build Validation to vet your continuous builds against smoke tests
Introduction to Node.js
Introduction to Node.jsAMD Developer Central This is the slide deck from the popular "Introduction to Node.js" webinar with AMD and DevelopIntelligence, presented by Joshua McNeese. Watch our AMD Developer Central YouTube channel for the replay at https://www.youtube.com/user/AMDDevCentral.
Recently uploaded (20)
Agentic AI: Beyond the Buzz- LangGraph Studio V2
Agentic AI: Beyond the Buzz- LangGraph Studio V2Shashikant Jagtap Presentation given at the LangChain community meetup London
https://lu.ma/9d5fntgj
Coveres
Agentic AI: Beyond the Buzz
Introduction to AI Agent and Agentic AI
Agent Use case and stats
Introduction to LangGraph
Build agent with LangGraph Studio V2
“How Qualcomm Is Powering AI-driven Multimedia at the Edge,” a Presentation f...
“How Qualcomm Is Powering AI-driven Multimedia at the Edge,” a Presentation f...Edge AI and Vision Alliance For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2025/06/how-qualcomm-is-powering-ai-driven-multimedia-at-the-edge-a-presentation-from-qualcomm/
Ning Bi, Vice President of Engineering at Qualcomm Technologies, presents the “How Qualcomm Is Powering AI-driven Multimedia at the Edge” tutorial at the May 2025 Embedded Vision Summit.
In this talk, Bi explores the evolution of multimedia processing at the edge, from simple early use cases such as audio and video processing powered by algorithm-centric approaches to modern sophisticated capabilities such as digital human avatars that are transmitted over the communication channel, powered by data-driven AI. He explains how Qualcomm is applying AI and generative AI technologies on the edge to enrich computer vision for new and high-quality visual solutions. He also shows how Qualcomm enables a broad range of OEMs, ODMs and third-party developers to harness innovative technologies via initiatives such as the Qualcomm AI Hub, which provides a library of optimized machine learning models to enable developers to quickly incorporate AI into their applications.
7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdfMinuscule Technologies Discover 7 best practices for Salesforce Data Cloud to clean, integrate, secure, and scale data for smarter decisions and improved customer experiences.
Mastering AI Workflows with FME - Peak of Data & AI 2025
Mastering AI Workflows with FME - Peak of Data & AI 2025Safe Software Harness the full potential of AI with FME: From creating high-quality training data to optimizing models and utilizing results, FME supports every step of your AI workflow. Seamlessly integrate a wide range of models, including those for data enhancement, forecasting, image and object recognition, and large language models. Customize AI models to meet your exact needs with FME’s powerful tools for training, optimization, and seamless integration
Introduction to Typescript - GDG On Campus EUE
Introduction to Typescript - GDG On Campus EUEGoogle Developer Group On Campus European Universities in Egypt Interested in leveling up your JavaScript skills? Join us for our Introduction to TypeScript workshop.
Learn how TypeScript can improve your code with dynamic typing, better tooling, and cleaner architecture. Whether you're a beginner or have some experience with JavaScript, this session will give you a solid foundation in TypeScript and how to integrate it into your projects.
Workshop content:
- What is TypeScript?
- What is the problem with JavaScript?
- Why TypeScript is the solution
- Coding demo
Jira Administration Training – Day 1 : Introduction
Jira Administration Training – Day 1 : IntroductionRavi Teja This presentation covers the basics of Jira for beginners. Learn how Jira works, its key features, project types, issue types, and user roles. Perfect for anyone new to Jira or preparing for Jira Admin roles.
Down the Rabbit Hole – Solving 5 Training Roadblocks
Down the Rabbit Hole – Solving 5 Training RoadblocksRustici Software Feeling stuck in the Matrix of your training technologies? You’re not alone. Managing your training catalog, wrangling LMSs and delivering content across different tools and audiences can feel like dodging digital bullets. At some point, you hit a fork in the road: Keep patching things up as issues pop up… or follow the rabbit hole to the root of the problems.
Good news, we’ve already been down that rabbit hole. Peter Overton and Cameron Gray of Rustici Software are here to share what we found. In this webinar, we’ll break down 5 training roadblocks in delivery and management and show you how they’re easier to fix than you might think.
Integration of Utility Data into 3D BIM Models Using a 3D Solids Modeling Wor...
Integration of Utility Data into 3D BIM Models Using a 3D Solids Modeling Wor...Safe Software Jacobs has developed a 3D utility solids modelling workflow to improve the integration of utility data into 3D Building Information Modeling (BIM) environments. This workflow, a collaborative effort between the New Zealand Geospatial Team and the Australian Data Capture Team, employs FME to convert 2D utility data into detailed 3D representations, supporting enhanced spatial analysis and clash detection.
To enable the automation of this process, Jacobs has also developed a survey data standard that standardizes the capture of existing utilities. This standard ensures consistency in data collection, forming the foundation for the subsequent automated validation and modelling steps. The workflow begins with the acquisition of utility survey data, including attributes such as location, depth, diameter, and material of utility assets like pipes and manholes. This data is validated through a custom-built tool that ensures completeness and logical consistency, including checks for proper connectivity between network components. Following validation, the data is processed using an automated modelling tool to generate 3D solids from 2D geometric representations. These solids are then integrated into BIM models to facilitate compatibility with 3D workflows and enable detailed spatial analyses.
The workflow contributes to improved spatial understanding by visualizing the relationships between utilities and other infrastructure elements. The automation of validation and modeling processes ensures consistent and accurate outputs, minimizing errors and increasing workflow efficiency.
This methodology highlights the application of FME in addressing challenges associated with geospatial data transformation and demonstrates its utility in enhancing data integration within BIM frameworks. By enabling accurate 3D representation of utility networks, the workflow supports improved design collaboration and decision-making in complex infrastructure projects
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdf
How Advanced Environmental Detection Is Revolutionizing Oil & Gas Safety.pdfRejig Digital Unlock the future of oil & gas safety with advanced environmental detection technologies that transform hazard monitoring and risk management. This presentation explores cutting-edge innovations that enhance workplace safety, protect critical assets, and ensure regulatory compliance in high-risk environments.
🔍 What You’ll Learn:
✅ How advanced sensors detect environmental threats in real-time for proactive hazard prevention
🔧 Integration of IoT and AI to enable rapid response and minimize incident impact
📡 Enhancing workforce protection through continuous monitoring and data-driven safety protocols
💡 Case studies highlighting successful deployment of environmental detection systems in oil & gas operations
Ideal for safety managers, operations leaders, and technology innovators in the oil & gas industry, this presentation offers practical insights and strategies to revolutionize safety standards and boost operational resilience.
👉 Learn more: https://www.rejigdigital.com/blog/continuous-monitoring-prevent-blowouts-well-control-issues/
cnc-drilling-dowel-inserting-machine-drillteq-d-510-english.pdf
cnc-drilling-dowel-inserting-machine-drillteq-d-510-english.pdfAmirStern2 CNC מכונות קידוח drillteq d-510
If You Use Databricks, You Definitely Need FME
If You Use Databricks, You Definitely Need FMESafe Software DataBricks makes it easy to use Apache Spark. It provides a platform with the potential to analyze and process huge volumes of data. Sounds awesome. The sales brochure reads as if it is a can-do-all data integration platform. Does it replace our beloved FME platform or does it provide opportunities for FME to shine? Challenge accepted
Data Virtualization: Bringing the Power of FME to Any Application
Data Virtualization: Bringing the Power of FME to Any ApplicationSafe Software Imagine building web applications or dashboards on top of all your systems. With FME’s new Data Virtualization feature, you can deliver the full CRUD (create, read, update, and delete) capabilities on top of all your data that exploit the full power of FME’s all data, any AI capabilities. Data Virtualization enables you to build OpenAPI compliant API endpoints using FME Form’s no-code development platform.
In this webinar, you’ll see how easy it is to turn complex data into real-time, usable REST API based services. We’ll walk through a real example of building a map-based app using FME’s Data Virtualization, and show you how to get started in your own environment – no dev team required.
What you’ll take away:
-How to build live applications and dashboards with federated data
-Ways to control what’s exposed: filter, transform, and secure responses
-How to scale access with caching, asynchronous web call support, with API endpoint level security.
-Where this fits in your stack: from web apps, to AI, to automation
Whether you’re building internal tools, public portals, or powering automation – this webinar is your starting point to real-time data delivery.
Improving Developer Productivity With DORA, SPACE, and DevEx
Improving Developer Productivity With DORA, SPACE, and DevExJustin Reock Ready to measure and improve developer productivity in your organization?
Join Justin Reock, Deputy CTO at DX, for an interactive session where you'll learn actionable strategies to measure and increase engineering performance.
Leave this session equipped with a comprehensive understanding of developer productivity and a roadmap to create a high-performing engineering team in your company.
6th Power Grid Model Meetup - 21 May 2025
6th Power Grid Model Meetup - 21 May 2025DanBrown980551 6th Power Grid Model Meetup
Join the Power Grid Model community for an exciting day of sharing experiences, learning from each other, planning, and collaborating.
This hybrid in-person/online event will include a full day agenda, with the opportunity to socialize afterwards for in-person attendees.
If you have a hackathon proposal, tell us when you register!
About Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....
ELNL2025 - Unlocking the Power of Sensitivity Labels - A Comprehensive Guide....Jasper Oosterveld Sensitivity labels, powered by Microsoft Purview Information Protection, serve as the foundation for classifying and protecting your sensitive data within Microsoft 365. Their importance extends beyond classification and play a crucial role in enforcing governance policies across your Microsoft 365 environment. Join me, a Data Security Consultant and Microsoft MVP, as I share practical tips and tricks to get the full potential of sensitivity labels. I discuss sensitive information types, automatic labeling, and seamless integration with Data Loss Prevention, Teams Premium, and Microsoft 365 Copilot.
Azure vs AWS Which Cloud Platform Is Best for Your Business in 2025
Azure vs AWS Which Cloud Platform Is Best for Your Business in 2025Infrassist Technologies Pvt. Ltd. Azure vs. AWS is a common comparison when businesses evaluate cloud platforms for performance, flexibility, and cost-efficiency.
LSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection FunctionTakahiro Harada Neural representations have shown the potential to accelerate ray casting in a conventional ray-tracing-based rendering pipeline. We introduce a novel approach called Locally-Subdivided Neural Intersection Function (LSNIF) that replaces bottom-level BVHs used as traditional geometric representations with a neural network. Our method introduces a sparse hash grid encoding scheme incorporating geometry voxelization, a scene-agnostic training data collection, and a tailored loss function. It enables the network to output not only visibility but also hit-point information and material indices. LSNIF can be trained offline for a single object, allowing us to use LSNIF as a replacement for its corresponding BVH. With these designs, the network can handle hit-point queries from any arbitrary viewpoint, supporting all types of rays in the rendering pipeline. We demonstrate that LSNIF can render a variety of scenes, including real-world scenes designed for other path tracers, while achieving a memory footprint reduction of up to 106.2x compared to a compressed BVH.
https://arxiv.org/abs/2504.21627
Oracle Cloud Infrastructure Generative AI Professional
Oracle Cloud Infrastructure Generative AI ProfessionalVICTOR MAESTRE RAMIREZ Oracle Cloud Infrastructure Generative AI Professional
DevOps in the Modern Era - Thoughtfully Critical Podcast
DevOps in the Modern Era - Thoughtfully Critical PodcastChris Wahl https://youtu.be/735hP_01WV0
My journey through the world of DevOps! From the early days of breaking down silos between developers and operations to the current complexities of cloud-native environments. I'll talk about my personal experiences, the challenges we faced, and how the role of a DevOps engineer has evolved.
“How Qualcomm Is Powering AI-driven Multimedia at the Edge,” a Presentation f...
“How Qualcomm Is Powering AI-driven Multimedia at the Edge,” a Presentation f...Edge AI and Vision Alliance
Introduction to Typescript - GDG On Campus EUE
Introduction to Typescript - GDG On Campus EUEGoogle Developer Group On Campus European Universities in Egypt
Azure vs AWS Which Cloud Platform Is Best for Your Business in 2025
Azure vs AWS Which Cloud Platform Is Best for Your Business in 2025Infrassist Technologies Pvt. Ltd.
Ad
How npm is making JavaScript safe for everyone
- 1. How is making JavaScript safe for everyone Daniel Sauble // @djsauble
- 2. Product management at npm Puppet and Sonatype alumni Grad student (and TA) at Harvard ~ other stuff ~ Data science Software development UX design Ultras About me
- 3. Photo by Awar Meman on Unsplash
- 4. Photo by Vlad Shapochnikov on Unsplash
- 5. Photo by Casey Horner on Unsplash
- 6. Photo by Tuce on Unsplash
- 7. Today’s agenda • OSS • Software supply chains • “Old” security • “New” security • Something new we’re building at npm.
- 8. OSS = free, quality, reusable software
- 10. …but a web of trust enables security risks
- 11. To understand these risks, you must understand the software supply chain
- 13. 97% Percentage of code in a typical web app that comes from npm npm (2019): https://medium.com/npm-inc/methodology-of-the-2018-2019-javascript-ecosystem-survey-and-results-b1cef1b83f10
- 21. The npm CLI caches automatically
- 23. CI/CD pipelines usually purge cache
- 25. Finally, you can deploy those build artifacts
- 27. This large surface area creates security risk.
- 28. Registries and repository managers can be compromised 1
- 29. Packages can be typo squatted or have publish credentials stolen 2
- 30. Malware can be inserted via dependencies in your dependency tree 3
- 31. Code can drift between your packages and your source code 4
- 32. Repository managers can mask the true upstream package 5
- 33. Maintainers can transfer ownership to others with potentially malicious intent 6
- 36. …but it is portrayed as an impediment…
- 37. …and unfortunately this is often accurate.
- 40. Us vs. them culture
- 41. It doesn’t have to be this way.
- 42. Accelerate
- 44. Shift-left
- 46. Embed security and ops people in your dev teams
- 47. Encourage them to write code, not just consult!
- 49. Take baby steps
- 50. Small wins always beat the large projects you never finish
- 51. Automate
- 52. Manual security processes are slow
- 53. This is a problem because the attackers are no longer doing their work manually
- 56. Lots of free tools and data exist to help you automate research and remediation
- 59. Publish info
- 60. query { package(name: "pg", version: "7.12.0") { publicationInfo { username tor tfa } } } GraphQL request
- 61. { "data": { "package": { "publicationInfo": { "username": "brianc", "tor": false, "tfa": true } } } } GraphQL response
- 62. Malware
- 63. query { malwarePackage(name: "a", version: "1") { name version payloads { path obfuscated md5 } getNetworkIOC { value } getFileIOC: { name sha256 } } }
- 64. Soon: package behavior on install or require
- 65. Why an API?
- 66. Security data should be public
- 67. We want to enable the community
- 69. We’re also building this for ourselves
- 70. To make our security team more effective
- 71. To enhance the npmjs.com experience
- 72. Sign up to learn when it ships: go.npmjs.com/npm-insights-beta
- 73. In summary • OSS is valuable • Software supply chains are vulnerable • “Old” security is slow, siloed, and ineffective • “New” security improves quality and productivity • Security Insights API is coming soon!
- 74. Thanks! Daniel Sauble // @djsauble