Technology Standardization for Security
|
|
- Milo Houston
- 8 years ago
- Views:
Transcription
1 IBM Software Group Technology Standardization for Security testing ti across SDLC Security Testing a STeP-IN Theme Conference Dated: 17 th April 2009, Pune By : Randeep S. Chhabra & Satya Shukla IBM Corporation IBM Software Group software Executive Summary Application security continues to be a top security threat Regulatory Compliance (PCI), user demand (Web 2.0) and Enterprise Modernization (SOA) are driving awareness and action for security testing The cost and lack of coverage of reactive security is driving companies towards proactive measures building security into the application development process Traditional approaches make it unlikely that development will support security testing due to schedule risks and potential project failure IBM is focused on evolving new innovative approach for integrating security testing into application development providing the most accurate and easy to use solution for non-security professionals Cost / Complexity Time Security Team Operations / Infrastructure 2
2 IBM Software Group software Business challenges in today s environment Market Share Increase Customer Satisfaction; Lower cost of Customer Acquisition ; Faster Time to Market. Drive value Reduce the costs of operating a secure, resilient business and improve information that maintains the security of your business. Manage business risks Improve the consistent enforcement of corporate security policies and regulatory compliance requirements with fewer resources. Block security threats Anticipate vulnerabilities and risk. Reduce exposure to external and internal threats. 3 IBM Software Group software Current Market Drivers Increase in vulnerabilities / disclosures Application security has become the top threat Regulatory Compliance Requirements such as PCI, HIPAA, GLBA, etc User demand For rich applications is pushing development to advanced code techniques Web 2.0 introducing more risks to threats Enterprise Modernization Driving traditional applications to online world (SOA), increasing corporate risk Cost cutting in current economic climate Demands increased efficiencies Source: IBM ISS Threat Report 4
3 IBM Software Group software What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the coding phase $25/defect During the build phase $100/defect During the QA/Testing phase $450/defect Once released as a product $16,000/defect The increasing costs of fixing a defect. 5 IBM Software Group software Typical Customer Adoption To Date QA Testing team Information Security Group Market Maturity Build security testing into the IDE Automate Security / Compliance testing in the Build Process Security / compliance testing incorporated into testing & remediation workflows Security and Compliance Testing, oversight, control, policy, in-depth tests Code Build QA Security 6
4 IBM Software Group software Security Testing Within the Software Lifecycle SDLC Coding Build QA Security Production Developers Developers Developers Application Security Testing Maturity 7 IBM Software Group software Enabling the Operationalization of Security Testing Customers are addressing Web Application Security in three ways: Enable the Security Embed Security Testing Organization Testing in the SDLC Requires web application security subject matter expertise testing solution for select stakeholders Testing Implement environment-specific security Single-step security testing (no additional oversight required as expertise is built-in) Eliminates training requirements for non-security experts Alleviates security testing bottleneck downstream Increases security awareness across the organization (code security improvement, vulnerability awareness) Enables a more efficient process for ontime and on-budget application development Outsource Security Testing Outsource web application security infrastructure or testing Enables immediate identification for sources of online risk without the necessary time and investment for in-house training and resources Express Edition Standard Edition Enterprise Edition Developer Edition Build Edition Tester Edition Standard Edition Reporting Console OnDemand Security Consulting Control, Monitor, Collaborate and Report Web Application Security Testing 8
5 IBM Software Group software Tester Hacker A tester has more in common with a hacker than you think Input mangling Boundary checks, garbage g input, malformed data, brute force Error condition exploitation Exception scenarios, ungraceful failures, misconfiguration, missing/altered/malformed dependencies "Stress" tests Resource starvation, denial of service, spawning multiple instances, tightly looping execution Discovering and exploiting Logic holes; unintended consequences and behaviors; weakest links Circumventing controls Security, application, system, auditing, logging, etc. Checking for leakages Data, logic, system hooks; in logs and traces Creativity Use it in ways it was never design to be used 9 IBM Software Group software Tester - Responsibilities Must work with developers on items that cannot be directly tested No direct or external interface/method suitable for exploitation or verification Get engaged early in the development cycle Before an initial draft of specification/design available Testers can and should provide insight Point out what s not clear, missing, or incomplete Request additional information/depth of details Be willing to dig deep; go beyond what s given Mustn t be afraid to challenge developers Worst case: You re wrong (it happens) and you ve learned something Best case: You re right and you ve prevented a field issue Be professional, courteous, respectful Don t be arrogant 10
6 IBM Software Group software Designer and Developer - Responsibilities Designer/architect, Developer/Coder Must work with testers on adequate code coverage Help identify where code is security sensitive Indicate what can and cannot be directly tested Provide precedence (logic) outline of behavior related to: Authentication, authorization, error handling/recovery, data processing combinations, etc. Clearly document all: Input/output operations, interfaces, dependencies in libraries and external programs, environment variables, valid and invalid configuration states Mustn t be afraid to listen to testers Worst case: A flaw in your code is found (it happens) and re-work is needed Best case: It s not a flaw and a better understanding is established Be professional, courteous, respectful Don t be dismissive 11 IBM Software Group software Tester and Developer - Symbiotic OPEN feed-back is a must A climate of superiority must not be tolerated Don t accept the do your job and I ll do mine attitude 12
7 IBM Software Group software Embedding Security in the Development Lifecycle Primary goals for Web Application Security 1. Manage Online risk with security audits 2. Realize process efficiencies with testing coverage occurring early in the development lifecycle Emerging focus Security Auditors Challenge Accountable for managing organizational risk through on-line activity Limited resources (by budget or skillset) to provide timely security testing coverage The result is a bottleneck that impacts development release cycles The Solution Engage seamlessly more testers earlier in the development lifecycle 13 IBM Software Group software Challenge: Building software securely from the ground up Security Auditors need to enable more testers in the process, but software developers are not trained to be security experts, nor can they meet new development demands Niche security testing teams have been performing audits before code can pass to production These teams cannot keep up with the demand from hundreds of developers pushing new applications frequently > as a result software releases are delayed or risk is introduced Need to engage more testers earlier in the process Need to make it simple for non-security professionals How do we get more resources to provide more security testing for our applications How do we make it easier to identify security vulnerabilities? How can I ensure our developers are implementing our corporate policies? Development does not like us halting releases due to security issues. How can I give them back control? 14
8 IBM Software Group software Solution: Utilize offerings designed for the development environment to identify and fix security issues early in the development process, and turn the security audit into the final check, not the first step Developer Edition & Build Edition provide security and compliance checks Combination of Static Code Analysis and Dynamic Analysis provide non-security professionals in development the ability to accurately check for security defects in code Designed for the developers uses case to seamlessly fit security testing into the development workflow Build Edition embeds automated security testing into the build process Provides remediation advice to simplify ability to fix security issues High accuracy security issue identification that developers can understand and fix Includes embedded security issue training Bite-sized training modules allow developers to quickly understand the security issue and make appropriate fix Facilitates non-disruptive adoption of security testing solutions to improve application IBM Developer Edition IBM Build Edition 15 IBM Software Group software Security Testing Technologies Primer Static Code Analysis <> Whitebox - Looking at the code for issues (codelevel scanning) Dynamic Analysis <> Blackbox - Sending tests to a functioning application Composite Analysis - Blend of all testing techniques for improved accuracy of reporting - Leverage strengths and overcomes weaknesses of each individual technique - Akin to SPI s Hybrid Analysis WhiteBox (WB) vs BlackBox (BB) WB: The ability to see inside the box to see the inner workings of the machine BB: Can t see inside as it s a closed off object, need to test its response to actions String Analysis - IBM patent pending code analysis technique - Code analysis version of Scan Expert for efficient configuration of scan to enable accurate results Runtime Analysis - Monitoring behavior for feedback while application is running at a detailed level to tell where a vulnerability exists in the execution code 16
9 IBM Software Group software Enabling Business and Technology Experts to Collaborate Traceability of Requirements to Security needs to be achieved Rich text Requirements Business Objectives Business Processes Storyboards & Sketches Requirements Definition Requirements Composer Elicit, capture, elaborate, review and discuss requirements Industry & Domain Models Use Cases Prototypes Text to visual transformation Requirements Management RequisitePro Search, filter on attributes Traceability between related artifacts Impact & Coverage analysis 17 IBM Software Group software Quality Manager Tester needs a central hub for business-driven software quality across Security, Functional and Performance Testing Catch quality issues early reducing cost and risk Stakeholder and team coordination Fewer meetings, less rework using a dynamic test plan Automated process workflow Reduce labor-intensive tasks, improve cycle time Upstream and downstream quality Enforce standards at coding and deployment IBM Quality Manager Accelerate time to market & Improve flexibility Make confident decisions with effortless reporting Lab efficiency and asset utilization Save 30-40% testing time overall Test coverage optimization across environments 95% confidence on optimal coverage Industry leading lifecycle coverage System z, System i, SAP and.net Ongoing process improvement and analytics Version history and trending within and across projects Proactive risk management and decision-making Automated, filtered and prioritized reporting Protect existing investments, deliver greater predictability Adopt successful deployment patterns, map to operational KPIs CONTINUOUS test plan participate AUTOMATED context GOVERNANCE use case distributed access dashboards synchronize EASY HANDOFF trace LAB UTILIZATION functional PERFORMANCE security compliance 18
10 IBM Software Group software Quality management offerings summary Test Management and Lab Management Quality Manager Standard Edition Quality Manager Express Edition NEW Test Lab Manager Offerings Domain-specific testing Static analysis: Software Analyzer Security: Tester Edition Performance: Application Performance Analyzer Functional: Functional Tester Performance: Performance Tester SOA: Service Tester for SOA Quality Code quality: Test RealTime Services Measured Capability Improvement Framework Assessments 19 IBM Software Group software 2008: Introducing the first wave of Jazz offerings Team Concert Core team collaboration at o "Think and work" in unison and provide real-time project heath Requirements Composer Business expert collaboration Elicit, capture, elaborate, discuss and review requirements Quality Manager Quality team collaboration Coordinate quality assurance plans, processes and resources Team Concert offering offering Requirements Composer offering Quality Manager Business Partner Jazz Offerings Best Practice Processes Search And Query Security Dashboards Team Awareness Events Notification Collaboration JAZZ TEAM SERVER ClearQuest ClearCase Build Forge Open Lifecycle Service Integrations Powered by RequisitePro Asset Manager Integrations Software Architect Application Developer and tester portfolio enterprise modernization including system z and i support 20
11 IBM Software Group software Centralized test management reduces risk and cost Supporting a wide variety of platforms across the lifecycle IBM Collaborative Application Lifecycle Management Quality Manager Quality Dashboard Requirements Test Management & Execution Defect Tracking Requirements Composer Create Plan Build Tests Manage Test Lab Best Practice Processes Report Results Team Concert Open Platform Software Analyzer SAP Java Functional Tester JAZZ TEAM SERVER Open Lifecycle Service Integrations Services Tester for SOA Performance Tester System z, i.net homegrown 21 IBM Software Group software Developer & Build Editions raise the industry bar Delivering security-focused solutions across the development lifecycle CISO Dashboard provides filtered relevant data for more informed decision-making Tester Seamlessly add security testing alongside functional & performance testing Developer Embed security testing into the development environment and workflow All test assets and results in one repository Quality process enactment Build Manager QA Manager Automated security tests embedded into the build process Full traceability for security issue prioritization 22
12 IBM Software Group software IBM Ecosystem Enterprise / Reporting Console Developer Ed (desktop) Ent. QuickScan (web client) Build Ed (scanning agent) (scanning agent) (QA clients) Tester Ed Enterprise user (web client) Standard Ed (desktop) Application Developer Software Analyzer ClearCase BuildForge Quality Manager Express (desktop) ClearQuest est / Defect Management CODE Build security testing into the IDE* BUILD Automate Security / Compliance testing in the Build Process QA Security / compliance testing incorporated into testing & remediation workflows SECURITY Security & Compliance Testing, oversight, control, policy, audits IBM Web Based Training for 23 IBM Software Group software The New IBM Ecosystem Enterprise / Reporting Console Developer Ed (desktop) Ent. QuickScan (web client) Build Ed (scanning agent) (scanning agent) (QA clients) Tester Ed Enterprise user (web client) Standard Ed (desktop) Application Developer Software Analyzer ClearCase BuildForge Quality Manager Express (desktop) ClearQuest est / Defect Management Code Build security testing into the IDE* Build Automate Security / Compliance testing in the Build Process QA Security / compliance testing incorporated into testing & remediation workflows Security Security & Compliance Testing, oversight, control, policy, audits IBM Web Based Training for 24
13 IBM Software Group software IBM Ecosystem Enterprise / Reporting Console White Box + String Analysis Ent. Developer Ed QuickScan (desktop) (web client) Application Developer Black Box + Runtime Analysis Software Analyzer Composite Analysis White Box + String Analysis ClearCase Build Ed (scanning agent) Black Box + Runtime Analysis BuildForge (scanning agent) Black Box (QA clients) Tester Ed Composite Quality Manager Analysis ClearQuest est / Defect Management Black Box Black Box Enterprise user (web client) Standard Ed (desktop) Black Box Express (desktop) CODE Build security testing into the IDE* BUILD Automate Security / Compliance testing in the Build Process QA Security / compliance testing incorporated into testing & remediation workflows IBM Web Based Training for SECURITY Security & Compliance Testing, oversight, control, policy, audits 25 IBM Software Group software Black Box DE White Box Accuracy Source free Code coverage HTTP awareness only Multi components support Code/path coverage Limited to given code More than HTTP validations Support partial applications Support per language/framework Requires deployed application Few Prerequisites Works as a remote attacker No need to deploy application Over approximation Integration/deployment issues 26
14 String Analysis IBM Software Group software IBM patent-pending technology Potentially ygame-changing g g technology in code-analysis Existing white-box offerings use Taint Analysis Requires configuration, dependent on both knowledge of code & security expertise to be done accurately Inaccurate configuration results in volumes of false positives String Analysis automates configuration Removes largest driver of inaccurate results of static code analysis Simplifies use for developers (for non-security experts) Taint analysis measures whether an input is tainted, string analysis can determine exactly how it is tainted 27 IBM Software Group software What is Developer Edition? Overview A solution created to empower developers with the ability to invoke Web application security testing within their development environment Designed as a complement to the family of security testing solutions, it enables the development organization to address the volumes of security issues that can be introduced in code. Supports existing developer and build environment use cases for efficient and non-disruptive adoption of security testing with IDE & build server integrations What does it do? Provides security and compliance checks using static code analysis for security vulnerabilities, Enables developers (who are not security experts) address security defects early in development process where the cost of fixing issues is least expensive Highlights Comprehensive Security Analysis Next-Generation Accuracy Unparalleled Ease of Use Identification of line-of-code Self-Serve Security Testing for Developers Seamless Integration into the Development Process Complete the End-to-End security solution 28
15 IBM Software Group software What is Build Edition? Overview A solution created to embed automated Web application security into the build process Designed as a complement to the family of security testing solutions, it enables the development organization to address the volumes of security issues that can be introduced in code. Supports existing developer and build environment use cases for efficient and non-disruptive adoption of security testing with IDE & build server integrations What does it do? Allow scans from Standard Edition or Developer Ed to be processed in a non-ui / scriptable mode Provides simple/generic command line support for integration into most build environments, with an additional adaptor for BuildForge Highlights Automated Security Testing in the Development Process Comprehensive Security Analysis Next-Generation Accuracy Code Coverage Identification of line-of-code Seamless Integration into the Development Process Complete the Endto-End security solution 29 IBM Software Group software Security in the Build Process Goal: Merge into the existing process Use Static Analysis when compilation completes Use Dynamic Analysis when app is deployed Log Results into the existing system Adjust to Build System environment Limit scan depth based on allotted time & resources Support Constantly Changing Applications Functionality Overview Run existing scans Evaluate scan results to report problems to stakeholders Collect scan results information in summary reports Integrate with build environments, including, Apache Ant, Build Forge, and command line based builds Export scan report (or report data) to other systems, including ASE Simplify/Support the integration with bug tracking systems 30
16 IBM Software Group software Value Propositions For Security Team For Development Customer Pain: Client has acquired a web application testing desktop point product being run by a security auditor. Limited licenses or resources performing the testing have created a bottleneck by the security team, and it is impeding the deployment of applications. Value for Customer IBM portfolio of web application security testing solutions enables software development stakeholders from development, build management and QA to share in the security testing responsibility and alleviated the resource limitations of the security team. Unique Proposition IBM s investment in security which allows IBM to lead with the broadest and most advanced security testing. Customer Pain: Client needs the development organization to address the process inefficiencies and project delays resulting from security testing bottleneck occurring late in the development process. Value for Customer IBM Developer Ed and Build Ed provide security testing solutions that are designed for development use cases to enable security testing for nonsecurity experts The offerings allow for the identification and remediation of security issues much earlier in the development process, resulting in a more efficient process and projects delivered on time. Unique Proposition Breadth and strength of testing techniques to provide the necessary efficiencies and accuracy for development to be successful with security testing 31 IBM Software Group software Q&A 32
Operationalizing Application Security & Compliance
IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationIBM Rational AppScan: enhancing Web application security and regulatory compliance.
Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationHP Fortify application security
HP Fortify application security Erik Costlow Enterprise Security The problem Cyber attackers are targeting applications Networks Hardware Applications Intellectual Property Security Measures Switch/Router
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationApplication Security Center overview
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &
More informationYour world runs on applications. Secure them with Veracode.
Application Risk Management Solutions Your world runs on applications. Secure them with Veracode. Software Security Simplified Application security risk is inherent in every organization that relies on
More informationModernizing enterprise application development with integrated change, build and release management.
Change and release management in cross-platform application modernization White paper December 2007 Modernizing enterprise application development with integrated change, build and release management.
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationIBM Rational AppScan Source Edition
IBM Software November 2011 IBM Rational AppScan Source Edition Secure applications and build secure software with static application security testing Highlights Identify vulnerabilities in your source
More informationEnhance visibility into and control over software projects IBM Rational change and release management software
Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software
More informationKey Benefits of Microsoft Visual Studio Team System
of Microsoft Visual Studio Team System White Paper November 2007 For the latest information, please see www.microsoft.com/vstudio The information contained in this document represents the current view
More informationPractical Approaches for Securing Web Applications across the Software Delivery Lifecycle
Across the Software Deliver y Lifecycle Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle Contents Executive Overview 1 Introduction 2 The High Cost of Implementing
More informationSolutions for Quality Management in a Agile and Mobile World
Solutions for Quality Management in a Agile and Mobile World with IBM Rational Quality Management Solutions Realities can stall software-driven innovation Complexities in software delivery compounded by
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationDevelop enterprise mobile applications with IBM Rational software
Develop enterprise mobile applications with IBM software Providing comprehensive mobile application development and lifecycle management solutions Highlights Helps streamline and optimize the software
More informationHP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security
HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationMinimizing code defects to improve software quality and lower development costs.
Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari
More informationImplement a unified approach to service quality management.
Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional
More informationSuccessfully managing geographically distributed development
IBM Rational SCM solutions for distributed development August 2004 Successfully managing geographically distributed development Karen Wade SCM Product Marketing Manager IBM Software Group Page 2 Contents
More informationBlack Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be
More informationInteractive Application Security Testing (IAST)
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
More informationWhite Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security
White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review
More informationGlobal Software Change Management for PVCS Version Manager
Global Software Change Management for PVCS Version Manager... www.ikanalm.com Summary PVCS Version Manager is considered as one of the leading versioning tools that offers complete versioning control.
More informationPervasive Software + NetSuite = Seamless Cloud Business Processes
Pervasive Software + NetSuite = Seamless Cloud Business Processes Successful integration solution between cloudbased ERP and on-premise applications leveraging Pervasive integration software. Prepared
More informationHow Virtual Compilation Transforms Code Analysis
How Virtual Compilation Transforms Code Analysis 2009 Checkmarx. All intellectual property rights in this publication are owned by Checkmarx Ltd. and are protected by United States copyright laws, other
More informationContinuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app
More informationHP Application Lifecycle Management
HP Application Lifecycle Management Overview HP Application Lifecycle Management is a software solution expressly designed to allow your team to take control of the application lifecycle while investing
More informationUsing DeployR to Solve the R Integration Problem
DEPLOYR WHITE PAPER Using DeployR to olve the R Integration Problem By the Revolution Analytics DeployR Team March 2015 Introduction Organizations use analytics to empower decision making, often in real
More informationModern SOA Testing. A Practitioners Guide to. July 2011
A Practitioners Guide to Modern SOA Testing Gaurish Hattangadi Abstract Today s dynamic business needs are shaping the modern IT industry. Lower costs and faster time to market have propelled forward market-changing
More informationLearning objectives for today s session
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify
More informationIBM Rational ClearCase, Version 8.0
IBM Rational ClearCase, Version 8.0 Improve software and systems delivery with automated software configuration management solutions Highlights Improve software delivery and software development life cycle
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationBusiness Process Management Tampereen Teknillinen Yliopisto
Business Process Management Tampereen Teknillinen Yliopisto 31.10.2007 Kimmo Kaskikallio IT Architect IBM Software Group IBM SOA 25.10.2007 Kimmo Kaskikallio IT Architect IBM Software Group Service Oriented
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationTest management best practices
Test management best practices Introduction Purpose Few people can argue against the need for improved quality in software development. Users of technology that utilizes software have come to expect various
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationSeven Practical Steps to Delivering More Secure Software. January 2011
Seven Practical Steps to Delivering More Secure Software January 2011 Table of Contents Actions You Can Take Today 3 Delivering More Secure Code: The Seven Steps 4 Step 1: Quick Evaluation and Plan 5 Step
More informationSoftware development for the on demand enterprise. Building your business with the IBM Software Development Platform
Software development for the on demand enterprise Building your business with the IBM Software Development Platform An on demand business is an enterprise whose business processes integrated end-to-end
More informationThe Worksoft Suite. Automated Business Process Discovery & Validation ENSURING THE SUCCESS OF DIGITAL BUSINESS. Worksoft Differentiators
Automated Business Process Discovery & Validation The Worksoft Suite Worksoft Differentiators The industry s only platform for automated business process discovery & validation A track record of success,
More information2015 IBM Continuous Engineering Open Labs Target to better LEARNING
2015 IBM Continuous Engineering Open Labs Target to better LEARNING (NO COST - not a substitute for full training courses) Choose from one or more of these Self-Paced, Hands-On Labs: DMT 3722 - Learn to
More informationOrchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments
Orchestrated Release Management Gain insight and control, eliminate ineffective handoffs, and automate application deployments Solution Brief Challenges Release management processes have been characterized
More informationBuilding Security into the Software Life Cycle
Building Security into the Software Life Cycle A Business Case Marco M. Morana Senior Consultant Foundstone Professional Services, a Division of McAfee Outline» Glossary» What is at risk, what we do about
More informationHow to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck
How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationIBM Tivoli Netcool network management solutions for enterprise
IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals
More informationFaster Development Through Virtualization
SAP Brief SAP Extensions SAP Service Virtualization by HP Objectives Faster Development Through Virtualization Remove the obstacles that slow down application delivery Remove the obstacles that slow down
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More informationRealtests.M2140-648.67 questions M2140-648. IBM Rational IT Sales Mastery Test v2
Realtests.M2140-648.67 questions Number: M2140-648 Passing Score: 800 Time Limit: 120 min File Version: 5.0 M2140-648 IBM Rational IT Sales Mastery Test v2 I'm sure glad that I used it. Even though I knew
More informationDatabricks. A Primer
Databricks A Primer Who is Databricks? Databricks vision is to empower anyone to easily build and deploy advanced analytics solutions. The company was founded by the team who created Apache Spark, a powerful
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationFireScope + ServiceNow: CMDB Integration Use Cases
FireScope + ServiceNow: CMDB Integration Use Cases While virtualization, cloud technologies and automation have slashed the time it takes to plan and implement new IT services, enterprises are still struggling
More informationBetter management through process automation.
Process management with IBM Rational ClearQuest software White paper Better management through process automation. David Lawrence, technical marketing specialist May 2006 Page 2 Contents 2 Introduction
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationIntegrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper
Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationAgile Development with Jazz and Rational Team Concert
Agile Development with Jazz and Rational Team Concert Mayank Parikh mayank.parikh.@in.ibm.com Acknowledgements: Thanks to Khurram Nizami for some of the slides in this presentation Agile Values: A Foundation
More informationeffective performance monitoring in SAP environments
WHITE PAPER September 2012 effective performance monitoring in SAP environments Key challenges and how CA Nimsoft Monitor helps address them agility made possible table of contents executive summary 3
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationFive best practices for deploying a successful service-oriented architecture
IBM Global Services April 2008 Five best practices for deploying a successful service-oriented architecture Leveraging lessons learned from the IBM Academy of Technology Executive Summary Today s innovative
More informationAPI Management: Powered by SOA Software Dedicated Cloud
Software Dedicated Cloud The Challenge Smartphones, mobility and the IoT are changing the way users consume digital information. They re changing the expectations and experience of customers interacting
More informationTEST MANAGEMENT SOLUTION Buyer s Guide WHITEPAPER. Real-Time Test Management
TEST MANAGEMENT SOLUTION Buyer s Guide WHITEPAPER Real-Time Test Management How to Select the Best Test Management Vendor? The implementation of a Test Management system to automate business processes
More informationMeister Going Beyond Maven
Meister Going Beyond Maven A technical whitepaper comparing OpenMake Meister and Apache Maven OpenMake Software 312.440.9545 800.359.8049 Winners of the 2009 Jolt Award Introduction There are many similarities
More informationIKAN ALM and Collabnet TeamForge
IKAN ALM and Collabnet TeamForge Where Development, Testing and Operations meet Table of contents Executive summary...3 Problem statement...4 Solution Description...4 TeamForge and IKAN ALM...5 Versioning...5
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
WHITE PAPER Improving Software Quality to Drive Business Agility Sponsored by: Coverity Inc. Melinda-Carol Ballou June 2008 IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200
More informationApplication Code Development Standards
Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards
More informationDatabricks. A Primer
Databricks A Primer Who is Databricks? Databricks was founded by the team behind Apache Spark, the most active open source project in the big data ecosystem today. Our mission at Databricks is to dramatically
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationEl costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationEnabling Continuous Delivery by Leveraging the Deployment Pipeline
Enabling Continuous Delivery by Leveraging the Deployment Pipeline Jason Carter Principal (972) 689-6402 Jason.carter@parivedasolutions.com Pariveda Solutions, Inc. Dallas,TX Table of Contents Matching
More informationOverview. Microsoft Office Enterprise Project Management Solution. In this article
Microsoft Office Enterprise Project Management Solution Overview Applies to: Microsoft Office Project 2007 Project Server 2007 In this article Manage and control all types of work Improve visibility and
More informationRequirements Management im Kontext von DevOps
IBM Software Group Rational software Requirements Management im Kontext von DevOps DI Steindl Wolfgang https://www.xing.com/profiles/wolfgang_steindl Senior IT Specialist wolfgang.steindl@at.ibm.com http://lnkd.in/tpzrug
More informationAugmented Search for Software Testing
Augmented Search for Software Testing For Testers, Developers, and QA Managers New frontier in big log data analysis and application intelligence Business white paper May 2015 During software testing cycles,
More informationIBM Rational Asset Manager
Providing business intelligence for your software assets IBM Rational Asset Manager Highlights A collaborative software development asset management solution, IBM Enabling effective asset management Rational
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationSoftware change and release management White paper June 2008. Extending open source tools for more effective software delivery.
Software change and release management White paper June 2008 Extending open source tools for more Page 2 Contents 2 Integrating and complementing open source tools 2 Trends in business shape software development
More informationCA Vulnerability Manager r8.3
PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL
More informationWhat s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing
What s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing Today s agenda A new world order for applications impact on QA HP s response announcement
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationBusiness Process Management Enabled by SOA
Business Process Management Enabled by SOA Jyväskylä 8.5.2007 Kimmo Kaskikallio IT Architect IBM Software Brands Five middleware product lines designed to work together Service-Oriented Architecture (SOA)
More informationApplication Security 101. A primer on Application Security best practices
Application Security 101 A primer on Application Security best practices Table of Contents Introduction...1 Defining Application Security...1 Managing Risk...2 Weighing AppSec Technology Options...3 Penetration
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationEnabling Data Quality
Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationIBM Software Integrated Service Management: Visibility. Control. Automation.
IBM Software Integrated Service Management: Visibility. Control. Automation. Enabling service innovation 2 Integrated Service Management: Visibility. Control. Automation. Every day, the world is becoming
More informationAgenda. How Process & Decision Management Help to Increase Business Value? WebSphere Business Process Management
提 升 企 業 營 運 價 值 即 時 行 銷 及 時 調 校 企 業 體 質 高 效 優 化 Katrina Li WebSphere Client Technical Professional yili@tw.ibm.com Agenda How Process & Decision Management Help to Increase Business Value? WebSphere Business
More informationTrack-It! 8.5. The World s Most Widely Installed Help Desk and Asset Management Solution
The World s Most Widely Installed Help Desk and Asset Management Solution Key Benefits Easy to use! Gain full control of your IT assets, hardware and software Simplify software license management Save
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More information