Forem: José Manuel Ortega

Tecnologías para arquitecturas basadas en microservicios: Patrones y soluciones para aplicaciones desplegadas en contenedores

José Manuel Ortega — Sun, 05 Jul 2020 19:58:59 +0000

https://www.amazon.es/Tecnolog%C3%ADas-para-arquitecturas-basadas-microservicios-ebook/dp/B08CBDSCHV

El objetivo de este libro es presentar cómo desarrollar arquitecturas basadas en microservicios, conociendo los principales frameworks de desarrollo y herramientas orientadas al despliegue de las aplicaciones mediante el uso de contenedores y orquestadores. Gracias al uso de plataformas basadas en contenedores y orquestadores conseguimos alta disponibilidad, al tener varias instancias disponibles en distintas máquinas al mismo tiempo, escalabilidad, donde cada microservicio es capaz de escalar individualmente y despliegue de nuevas versiones en un tiempo mínimo.

El lector aprenderá los diferentes patrones que podemos utilizar cuando tenemos en mente el desarrollo de una aplicación basada en microservicios. El conocimiento de las buenas prácticas y patrones de desarrollo de software hace que los aplicaciones cumplan con todas las métricas de calidad de desarrollo como robustez, mantenibilidad, desacoplamiento y escalabilidad.
Introducción a las arquitecturas basadas en microservicios

Generadores de microservicios
Patrones de diseño
Microservicios en Java
Programación reactiva
Tecnologías basadas en contenedores
Introducción a Service mesh
Plataformas serverless
Arquitecturas basadas en eventos
Arquitecturas big data
Glosario de términos

SecDevOps containers

José Manuel Ortega — Sun, 05 Jul 2020 19:50:48 +0000

https://speakerdeck.com/jmortega/secdevops-containers

In this talk I will speak about main tips for integrating Security into DevOps. I will share my knowledge and experience and help people learn to focus more on DevOps Security. In addition to the so-called best practices, the development of efficient, readable, scalable and secure code, requires the right tools for security development.
These could be the main talking points:
-How to integrate security into iteration and pipeline application development with containers.
-How to secure development environments.
-DevOps security best practices

Python Memory Management 101.Deeping in Garbage collector

José Manuel Ortega — Sun, 05 Jul 2020 19:47:38 +0000

https://speakerdeck.com/jmortega/python-memory-management-101-dot-deeping-in-garbage-collector

In this talk I will try explain the memory internals of Python and discover how it handles memory management and object creation.
The idea is explain how objects are created and deleted in Python and how garbage collector(gc) functions to automatically release memory when the object taking the space is no longer in use.
I will review the main mechanisms for memory allocation and how the garbage collector works in conjunction with the memory manager for reference counting of the python objects.
Finally, I will comment the best practices for memory management such as writing efficient code in python scripts.
These could be the main talking points:
-Introduccition to memory management
-Garbage collector and reference counting with python
-Review the gc module for configuring the python garbage collector
-Best practices for memory managment

DevOps and Containers Security: Security and Monitoring in Docker Containers

José Manuel Ortega — Tue, 10 Mar 2020 23:09:46 +0000

https://www.amazon.es/dp/B085NMP3CV/

Through this book, we will introduce the DevOps tools ecosystem and the main containers orchestration tools through an introduction to some platforms such as Kubernetes, Docker Swarm, and OpenShift.
Among other topics, both good practices will be addressed when constructing the Docker images as well as best security practices to be applied at the level of the host in which those containers are executed, from Docker’s own daemon to the rest of the components that make up its technological stack.
We will review the topics such as static analysis of vulnerabilities on Docker images, the signing of images with Docker Content Trust and their subsequent publication in a Docker Registry will be addressed. Also, we will review the security state in Kubernetes.
In the last section, we will review container management and administration open source tools for IT organizations that need to manage and monitor container-based applications, reviewing topics such as monitoring, administration, and networking in Docker.
What will you learn
● Learn fundamental DevOps skills and tools, starting with the basic components and concepts of Docker.
● Learn about Docker as a platform for the deployment of containers and Docker images taking into account the security of applications.
● Learn about tools that allow us to audit the security of the machine where we execute Docker images, finding out how to secure your Docker host.
● Learn how to secure your Docker environment and discover vulnerabilities and threats in Docker images.
● Learn about creating and deploying containers in a security way with Docker and Kubernetes.
● Learn about monitoring and administration in Docker with tools such as cadvisor, sysdig, portainer, and Rancher.
Table of Contents

Getting started with DevOps
Container platforms
Managing Containers and Docker images
Getting started with Docker security
Docker host security
Docker images security
Auditing and analyzing vulnerabilities in Docker containers
Kubernetes security
Docker container networking
Docker container monitoring
Docker container administration

Desarrollo seguro en ingeniería del software. Aplicaciones seguras con Android, NodeJS, Python y C++

José Manuel Ortega — Tue, 10 Mar 2020 22:43:32 +0000

https://www.marcombo.com/desarrollo-seguro-en-ingenieria-del-software-aplicaciones-seguras-con-android-nodejs-python-y-c-9788426728005/

El desarrollo seguro de aplicaciones implica un cambio hacia un nuevo modelo de trabajo. Si quiere estar a la última sobre cómo mitigar errores comunes de programación y evitar posibles atacantes en sus aplicaciones, este es su libro.
El manual expone los procesos necesarios a seguir por todo desarrollador e ingeniero de software para disponer de buenas prácticas de seguridad desde las primeras fases del desarrollo. Gracias a los contenidos del libro:
o Conocerá el conjunto de tareas que minimizan, en la medida de lo posible, la exposición de la aplicación ante posibles ataques.
o Sabrá cómo mantener de manera eficiente los paquetes que se incorporan en las aplicaciones.
o Dominará las diferentes herramientas para analizar el código fuente desde un punto de vista estático y dinámico en aplicaciones basadas en Android, NodeJS, Python y C++, desde un enfoque teórico-práctico.
Además, a partir de los ejemplos prácticos que respaldan el libro, sacará el máximo provecho a las herramientas para analizar el código fuente de las aplicaciones.
Estar al día, está a su alcance. Consiga este libro, elija las herramientas y las metodologías adecuadas, y desarrolle aplicaciones de forma segura.

Machine learning para proyectos de seguridad(pycon)

José Manuel Ortega — Sun, 13 Oct 2019 16:49:16 +0000

https://speakerdeck.com/jmortega/machine-learning-para-proyectos-de-seguridad-pycon

En esta charla se explicarán los conceptos sobre el machine learning aplicados a la ciberseguridad a través de diferentes casos de uso y ejemplos. Además, se explicarán los principales algoritmos que podemos utilizar para comenzar a desarrollar sistemas de seguridad utilizando distintas técnicas como regresión, árboles de decisión y clustering. Finalmente se mostrará un caso de estudio aplicado a la detección de malware.

Machine learning para proyectos de seguridad

José Manuel Ortega — Sun, 29 Sep 2019 09:35:07 +0000

https://speakerdeck.com/jmortega/machine-learning-para-proyectos-de-seguridad

osint + python: extracting information from tor network and darkweb

José Manuel Ortega — Sat, 31 Aug 2019 23:48:24 +0000

https://speakerdeck.com/jmortega/osint-plus-python-extracting-information-from-tor-network-and-darkweb

The talk will start explaining how Tor project can help us to the research and development of tools for online anonymity and privacy of its users while surfing the Internet, by establishing virtual circuits between the different nodes that make up the Tor network. Later, we will review main tools for discover hidden services in tor network with osint tools. Finally we will use python for extracting information from tor network with specific modules like stem https://stem.torproject.org/

These could be the main points of the talk:

Introduction to Tor project and hidden services
Discovering hidden services with osint tools
Extracting information from tor network with python

Security in open source projects

José Manuel Ortega — Wed, 14 Aug 2019 02:23:38 +0000

In recent years, the amount of open source components used by developers has experienced significant growth. Millions of open source libraries are distributed through centralized systems such as Maven Central (Java), NPM (JavaScript) and GitHub (Go).
tags: security,open source

In this talk, I will present the common security problems faced by companies that use open source. We will also talk about how to manage the risks of open source software using people, processes and tools

[Slides]
https://www.slideshare.net/jmoc25/security-in-open-source-projects

[Video]
https://media.ccc.de/v/froscon2019-2361-security_in_open_source_projects

Testing python security

José Manuel Ortega — Mon, 27 May 2019 15:14:18 +0000

https://speakerdeck.com/jmortega/testing-python-security-pyconweb

Python is a language that in a easy way allows to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to introduce potential problems and vulnerabilities.In this talk José Manuel Ortega will talk about the common security problems in Python code, like remote command execution and SQL injections. Of course he'll show to to prevent against these and other types of vulnerabilities.

Darkweb + Python: discover, analyze and extract information from hidden services

José Manuel Ortega — Sun, 05 May 2019 08:48:05 +0000

https://es.slideshare.net/jmoc25/darkweb-python-discover-analyze-and-extract-information-from-hidden-services

In addition, we will review how Tor works from anonymity point of view, preventing websites from tracking you. Python help us to automate the process to search an discover hidden services thanks to packages like requests,requesocks and sockspy,At this point we will review the crawling process and show tools in python ecosystem available for this task(https://github.com/jmortega/python_dark_web)

These could be the talking points:

-Introduction to Tor project and hidden services
-Discovering hidden services.
-Modules and packages we can use in python for connecting with Tor network
-Tools that allow search hidden services and atomate the crawling process in Tor network

Machine learning y data science con scikit-learn y pyspark

José Manuel Ortega — Sat, 30 Mar 2019 20:29:26 +0000

https://udemy.com/machine-learning-y-data-science-con-scikit-learn-y-pyspark/