Security Automation in Agile SDLC Real World Cases

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security Automation in Agile SDLC Real World Cases"

Transcription

1 Security Automation in Agile SDLC Real World Cases Ofer Maor Director of Security Strategy, Synopsys AppSec California, January 2016

2 Speaker Security Strategy at Synopsys Founder of Seeker / Pioneer of IAST Hacker at Heart Longtime OWASPer Over 20 Years in Cybersecurity Avid Photographer Yes, Agile can bite

3 The Agile Security Challenge Too Much Data Prioritizing Risk Understanding the Pain Security by Developers Short Cycles Rapid Delivery

4 Automation Automated, Continuous, Practical Testing

5 Case I Insurance Company Transforming to Agile

6 Case I Background Insurance Company Agile Maturity: In Transition Automation Maturity: Starting AppSec Maturity: Medium Insurance Company. Home grown apps ~15 different systems (Customer/Agent/Internal) Varying level of agile maturity & transformation CI-Only to Full-Agile Focus on new systems

7 Case I Challenges Insurance Company Agile Maturity: In Transition Automation Maturity: Starting AppSec Maturity: Medium Limited security background for developers, no existing process Different Agile Maturity No one process fits all Insufficient test automation (coverage) Limited security resources Strong regulatory requirements Various technologies (.Net, Java, Legacy MF, more )

8 Case I Process Insurance Company Agile Maturity: In Transition Automation Maturity: Starting AppSec Maturity: Medium Creating strong cooperation (R&D/DevOps/Security) Security visibility into R&D bugs Weekly approval committee R&D Training (Basic!) Risk Policy (adapting risks, High only blocks) Multiple output channels (tickets, reports, etc.)

9 Case I Existing CI/DevOps Insurance Company Agile Maturity: In Transition Automation Maturity: Starting AppSec Maturity: Medium CI Jenkins. Pulls code from Java/.NET Repositories Ticket Tracking HP QC Static Analysis (mainly for quality). Not integrated into the process Artifacts deployed to test env (permanent static) Test automation basic (in progress) Functionality testing mostly manual

10 Case I Security Automation Insurance Company Agile Maturity: In Transition Automation Maturity: Starting AppSec Maturity: Medium Integrate to launch from CI Integration with both automated (speed) and manual testing (coverage) Multiple Outputs: Jenkins Integration High breaks build (response + HTML data) QC Integration Bug Tracking and Remediation PDF Report for auditing and committee review

11

12 Case II UK Retailer, Established Agile Shop

13 Case II Background UK Retailer Agile Maturity: High Automation Maturity: High AppSec Maturity: Low UK Retailer with ecommerce Platform Single Platform, 5 Flavors (Customer facing) Run of the mill Agile Shop: Scrum based 3-Weeks long sprints. Strict enforcement Strong automation

14 Case II Challenges UK Retailer Agile Maturity: High Automation Maturity: High AppSec Maturity: Low Response to an incident Minimal existing security No security background for developers. Limited security resources No existing process between security & R&D Very strict 3 weeks sprints

15 Case II Process UK Retailer Agile Maturity: High Automation Maturity: High AppSec Maturity: Low Process driven by R&D, with security supervision Security Workflow created, testing once a week Week 1 & 2 to identify vulnerabilities in new code Week 3 test provides verification Breaking (Medium or higher) on verification feature pushed out of version Weekly reports (PDF) to security group for auditing

16 Case II Existing CI/DevOps UK Retailer Agile Maturity: High Automation Maturity: High AppSec Maturity: Low CI Jenkins. Ticket Tracking JIRA All testing environment is done in cloud (Amazon) Dynamic orchestration of test env new environments every week (4 servers/instance) Automated deployment of build artifacts alongside testing framework (Selenium) Daily execution of test automation (functionality)

17 Case II Security Automation UK Retailer Agile Maturity: High Automation Maturity: High AppSec Maturity: Low Dedicated security environment Adaption of orchestration scripts (for deploying security testing software) Integration with Selenium Weekly orchestration test environment and execution of tests Tests integrated into CI HTML reports for Jenkins viewing. PDF Reports for processing and audit

18

19

20 Case III ecommerce Giant, Continuous Delivery

21 Case III Background ecommerce Giant Agile Maturity: Very High Automation Maturity: Very High AppSec Maturity: Very High In Top 10 largest ecommerce sites Following a long, cross-organization Agile Transformation process Highly advanced Agile/DevOps process Modular site with multiple front-end and back-end components Hundreds of engineers (Dev, QA, DevOps, etc.) Heavy investment in security already using various tools

22 Case III Challenges ecommerce Giant Agile Maturity: Very High Automation Maturity: Very High AppSec Maturity: Very High Introduction of security automation in QA/DevOps Multiple components for multiple teams Extremely dynamic testing environments (dynamically orchestrated and changing) Home-Grown DevOps Cloud, CI, Testing, Orchestration, etc. Highly Agile/Rapid environment Continuous Delivery with daily artifacts Security cannot be involved in the daily process

23 Case III Process ecommerce Giant Agile Maturity: Very High Automation Maturity: Very High AppSec Maturity: Very High Process initiated by the security group, with DevOps cooperation QA/DevOps training on process (rather than security) Security tests to run as part as other testing, on a daily basis Prioritization policy Medium or higher blocks. Low scheduled for next version. Verification Metrics Usage of another tool in production must return clean. Security group supervises the process and has visibility to reports.

24 Case III Existing CI/DevOps ecommerce Giant Agile Maturity: Very High Automation Maturity: Very High AppSec Maturity: Very High Homegrown CI/Orchestration/Cloud Ticket Tracking - JIRA Daily builds creation Daily creation of cloud environments with various server roles and elastic scaling Daily orchestration of latest builds and latest test automation versions Hybrid Automation Selenium for web/front-end, Homegrown for WS

25 Case III Security Automation ecommerce Giant Agile Maturity: Very High Automation Maturity: Very High AppSec Maturity: Very High Orchestration adapted to deploy security testing software as part of existing testing env Full CI integration All existing automation directed to integrate with security testing Security tests run daily Full JIRA bug tracking integration with automated delivery per team Running of additional blackbox scanner on production for reverification

26 Thank You! Questions?

Agile Software Factory: Bringing the reliability of a manufacturing line to software development

Agile Software Factory: Bringing the reliability of a manufacturing line to software development Agile Software Factory: Bringing the reliability of a manufacturing line to software development Today s businesses are complex organizations that must be agile across multiple channels in highly competitive

More information

Continuous Application Delivery From concept to reality. Carsten Lentz Sr. Solution strategist carsten.lentz@ca.com

Continuous Application Delivery From concept to reality. Carsten Lentz Sr. Solution strategist carsten.lentz@ca.com Continuous Application Delivery From concept to reality Carsten Lentz Sr. Solution strategist carsten.lentz@ca.com Agenda - Introduction to customer case A Danish insurance company started the journey,

More information

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Cenzic Product Guide. Cloud, Mobile and Web Application Security Cloud, Mobile and Web Application Security Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous

More information

Continuous Integration Optimizing Your Release Management Process

Continuous Integration Optimizing Your Release Management Process Continuous Integration Optimizing Your Release Management Process Continuous Integration? Why should I care? What s in it for me? Continuous Integration? Why should I care? What s in it for me? The cost

More information

SAS in clinical trials A relook at project management,

SAS in clinical trials A relook at project management, SAS in clinical trials A relook at project management, tools and software engineering Sameera Nandigama - Statistical Programmer PhUSE 2014 AD07 2014 inventiv Health. All rights reserved. Introduction

More information

IT Home 2015 DevOps 研 討 會

IT Home 2015 DevOps 研 討 會 IT Home 2015 DevOps 研 討 會 百 人 工 研 院 團 隊 如 何 落 實 CI 雙 子 星 雲 端 運 算 公 司 符 儒 嘉 執 行 長 http://www.geminiopencloud.com GOCC Internal Use Only Agenda DevOps What does it mean? From Agile to DevOps ITRI Cloud OS

More information

Jenkins World Tour 2015 Santa Clara, CA, September 2-3

Jenkins World Tour 2015 Santa Clara, CA, September 2-3 1 Jenkins World Tour 2015 Santa Clara, CA, September 2-3 Continuous Delivery with Container Ecosystem CAD @ Platform Equinix - Overview CAD Current Industry - Opportunities Monolithic to Micro Service

More information

What s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing

What s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing What s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing Today s agenda A new world order for applications impact on QA HP s response announcement

More information

Continuous Integration (CI) for Mobile Applications

Continuous Integration (CI) for Mobile Applications Continuous Integration (CI) for Mobile Applications Author: Guy Arieli, CTO, Experitest Table of Contents: What Continuous Integration Adds to the Mobile Development Process 2 What is Continuous Integration?

More information

101-301 Guide to Mobile Testing

101-301 Guide to Mobile Testing 101-301 Guide to Mobile Testing Perfecto Mobile & Toronto Association of System and Software Eran Kinsbruner & Joe Larizza 2014 What To Do? Great News Your first Mobile Project has arrived! You have been

More information

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app

More information

Continuous Integration Processes and SCM To Support Test Automation

Continuous Integration Processes and SCM To Support Test Automation Continuous Integration Processes and SCM To Support Test Automation SIGIST Conference, July 2013 Gal Fatal Gal.fatal@ATT.com 054-342-3864 AT&T Israel Center of Excellence AT&T Worldwide One of the largest

More information

Building QA Automation Using Agile. October 2, 2009

Building QA Automation Using Agile. October 2, 2009 Building QA Automation Using Agile October 2, 2009 Introduction Topic: Building QA Automation Using Agile Automated testing is a key requirement for effective Agile development teams. Automated regression

More information

Intel IT Cloud Extending OpenStack* IaaS with Cloud Foundry* PaaS

Intel IT Cloud Extending OpenStack* IaaS with Cloud Foundry* PaaS Intel IT Cloud Extending OpenStack* IaaS with Cloud Foundry* PaaS Speaker: Catherine Spence, IT Principal Engineer, Cloud Computing Acknowledgements: Aaron Huber, Jon Price November 2014 Legal Notices

More information

How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell

How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell SESSION ID: ASEC-R03 Yair Rovek Security Specialist LivePerson @lione_heart Challenged by Agile In the Next 45 Min LivePerson and Application

More information

Paul Barham (pabarham@microsoft.com) Program Manager - Java. David Staheli (dastahel@microsoft.com) Software Development Manager - Java

Paul Barham (pabarham@microsoft.com) Program Manager - Java. David Staheli (dastahel@microsoft.com) Software Development Manager - Java Paul Barham (pabarham@microsoft.com) Program Manager - Java David Staheli (dastahel@microsoft.com) Software Development Manager - Java to empower every person and every organization on the planet to achieve

More information

DJANGOCODERS.COM THE PROCESS. Core strength built on healthy process

DJANGOCODERS.COM THE PROCESS. Core strength built on healthy process DJANGOCODERS.COM THE PROCESS This is a guide that outlines our operating procedures and coding processes. These practices help us to create the best possible software products while ensuring a successful

More information

www.hcltech.com Business Assurance & Testing QEx Automation Platform

www.hcltech.com Business Assurance & Testing QEx Automation Platform www.hcltech.com Business Assurance & Testing QEx Automation Platform MARKET NEED Increasing application complexities and shorter release cycles have made it imperative to test new features whilst performing

More information

Continuous Delivery for Alfresco Solutions. Satisfied customers and happy developers with!! Continuous Delivery!

Continuous Delivery for Alfresco Solutions. Satisfied customers and happy developers with!! Continuous Delivery! Continuous Delivery for Alfresco Solutions Satisfied customers and happy developers with!! Continuous Delivery! About me Roeland Hofkens #rhofkens roeland.hofkens@westernacher.com http://opensource.westernacher.com

More information

HP Application Lifecycle Management

HP Application Lifecycle Management HP Application Lifecycle Management Overview HP Application Lifecycle Management is a software solution expressly designed to allow your team to take control of the application lifecycle while investing

More information

Best Overall Use of Technology. Jaspersoft

Best Overall Use of Technology. Jaspersoft Best Overall Use of Technology Jaspersoft Kerstin Klein Manager, Engineering Processes/ Infrastructure, Jaspersoft From requirements to release QA centric development From Requirement to Release QA-Centric

More information

Demystifying DevOps. - Uday Kumar.

Demystifying DevOps. - Uday Kumar. Demystifying DevOps - Uday Kumar About Addteq DevOps & ALM Specialists SDLC Process Experts Automation Experts System Integrators Configuration Management Experts Atlassian Partners ( Platinum ) Jenkins

More information

WebGoat for testing your Application Security tools

WebGoat for testing your Application Security tools WebGoat for testing your Application Security tools NAISG-DFW February 28 th, 2012 Michael A Ortega, CISSP CEH CISM GCFA Sr Application Security Professional IBM Security Systems 312.523.1538 maortega@us.ibm.com

More information

Web UI & Functional Test Automation for Continuous Agile Deliveries

Web UI & Functional Test Automation for Continuous Agile Deliveries Web UI & Functional Test Automation for Continuous Agile Deliveries Web Mobile API Database Date: 19 th Jan, 2016 Webinar Presentation by, Premal Dave, TestingWhiz About TestingWhiz TestingWhiz offers

More information

Collaborating for Quality in Agile Application Development From Beginning to End

Collaborating for Quality in Agile Application Development From Beginning to End Collaborating for Quality in Agile Application Development From Beginning to End + 1 Agenda Application Development Challenges Meeting the Challenge in the Enterprise End-to-End HP/CollabNet Solution Agile

More information

Federal Secure Cloud Testing as a Service - TaaS Center of Excellence (CoE) Robert L. Linton

Federal Secure Cloud Testing as a Service - TaaS Center of Excellence (CoE) Robert L. Linton Session 5: Federal Secure Cloud Testing as a Service - TaaS Center of Excellence (CoE) Robert L. Linton Agenda HP ALM Solution Review HP Cloud Potential Cloud Portal HP ALM Solutions in a virtual environment

More information

Practicing Continuous Delivery using Hudson. Winston Prakash Oracle Corporation

Practicing Continuous Delivery using Hudson. Winston Prakash Oracle Corporation Practicing Continuous Delivery using Hudson Winston Prakash Oracle Corporation Development Lifecycle Dev Dev QA Ops DevOps QA Ops Typical turn around time is 6 months to 1 year Sprint cycle is typically

More information

Servers. Servers. NAT Public Subnet: 172.30.128.0/20. Internet Gateway. VPC Gateway VPC: 172.30.0.0/16

Servers. Servers. NAT Public Subnet: 172.30.128.0/20. Internet Gateway. VPC Gateway VPC: 172.30.0.0/16 .0 Why Use the Cloud? REFERENCE MODEL Cloud Development April 0 Traditionally, deployments require applications to be bound to a particular infrastructure. This results in low utilization, diminished efficiency,

More information

Fundamentals of Continuous Integration

Fundamentals of Continuous Integration Zend Blueprint for Delivery Fundamentals of Jenkins with and server by Slavey Karadzhov Introduction Delivery is a methodology, a mindset change and a leadership practice that focuses on how to achieve

More information

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be

More information

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications

More information

Starting your Software Security Assurance Program. May 21, 2015 ITARC, Stockholm, Sweden

Starting your Software Security Assurance Program. May 21, 2015 ITARC, Stockholm, Sweden Starting your Software Security Assurance Program May 21, 2015 ITARC, Stockholm, Sweden Presenter Max Poliashenko Chief Enterprise Architect Wolters Kluwer, Tax & Accounting Max leads the Enterprise Architecture

More information

SOFTWARE CONFIGURATION MANAGEMENT AT NATIONAL CANCER INSTITUTE. Sarah Elkins USENIX UCMS 14 June 19, 2014

SOFTWARE CONFIGURATION MANAGEMENT AT NATIONAL CANCER INSTITUTE. Sarah Elkins USENIX UCMS 14 June 19, 2014 SOFTWARE CONFIGURATION MANAGEMENT AT NATIONAL CANCER INSTITUTE Sarah Elkins USENIX UCMS 14 June 19, 2014 AGENDA Introductions SCM at NCI Process Flow to Production Technologies and Integration Capabilities

More information

November 12 th 13 th London: Mastering Continuous Integration with Jenkins

November 12 th 13 th London: Mastering Continuous Integration with Jenkins 1. Course Objectives Students will walk away with a solid understanding of how to implement a Continuous Integration (CI) environment, including: Setting up a production-grade instance of a Jenkins server,

More information

Testing Lifecycle: Don t be a fool, use a proper tool.

Testing Lifecycle: Don t be a fool, use a proper tool. Testing Lifecycle: Don t be a fool, use a proper tool. Zdenek Grössl and Lucie Riedlova Abstract. Show historical evolution of testing and evolution of testers. Description how Testing evolved from random

More information

Automation and Virtualization, the pillars of Continuous Testing

Automation and Virtualization, the pillars of Continuous Testing HP Software: Apps meet Ops 2015 Automation and Virtualization, the pillars of Continuous Testing Jerry Saelemakers/ April 2 nd, 2015 Today s business initiatives demand a balance between velocity and quality

More information

On the Edge of Mobility Building a Bridge to Quality October 22, 2013

On the Edge of Mobility Building a Bridge to Quality October 22, 2013 Copyright 2013 Vivit Worldwide On the Edge of Mobility Building a Bridge to Quality October 22, 2013 Brought to you by Copyright 2013 Vivit Worldwide Hosted by Stephanie Konkoy Americas Chapter/SIG Liaison

More information

Better Software Though Expertise, Collaboration & Automation. BDD, DevOps and Testing

Better Software Though Expertise, Collaboration & Automation. BDD, DevOps and Testing Better Software Though Expertise, Collaboration & Automation BDD, DevOps and Testing CONTENTS 1 MAGENTYS... 3 2 TESTING SERVICES... 4 2.1 Test Automation... 5 2.1.1 Test Automation Framework and Automated

More information

DevOps. Jesse Pai Robert Monical 8/14/2015

DevOps. Jesse Pai Robert Monical 8/14/2015 DevOps Jesse Pai Robert Monical 8/14/2015 Agile Software Development 8/14/2015 2015 SGT Inc. 2 Agile Practices Adaptive planning Acceptance of changes in requirements and adapting to said changes Close

More information

HP ALM11 & MS VS/TFS2010

HP ALM11 & MS VS/TFS2010 Comparison Test Management Tools HP ALM11 & MS VS/TFS2010 22 mei 2012 voordracht georganiseerd door Discussiegroep Software Testing met de steun van Ingenieurshuis, Antwerpen 24/05/2012 HP ALM 11 Microsoft

More information

Software Continuous Integration & Delivery

Software Continuous Integration & Delivery November 2013 Daitan White Paper Software Continuous Integration & Delivery INCREASING YOUR SOFTWARE DEVELOPMENT PROCESS AGILITY Highly Reliable Software Development Services http://www.daitangroup.com

More information

Continuous Integration. Wellcome Trust Centre for Gene Regulation & Expression College of Life Sciences, University of Dundee Dundee, Scotland, UK

Continuous Integration. Wellcome Trust Centre for Gene Regulation & Expression College of Life Sciences, University of Dundee Dundee, Scotland, UK Continuous Integration Wellcome Trust Centre for Gene Regulation & Expression College of Life Sciences, University of Dundee Dundee, Scotland, UK 1 Plan 1. Why OME needs Continuous Integration? 1. OME

More information

2015 IBM Continuous Engineering Open Labs Target to better LEARNING

2015 IBM Continuous Engineering Open Labs Target to better LEARNING 2015 IBM Continuous Engineering Open Labs Target to better LEARNING (NO COST - not a substitute for full training courses) Choose from one or more of these Self-Paced, Hands-On Labs: DMT 3722 - Learn to

More information

The AppSec How-To: Achieving Security in DevOps

The AppSec How-To: Achieving Security in DevOps The AppSec How-To: Achieving Security in DevOps How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

The Continuous Delivery Tool Chain: So Many Choices!

The Continuous Delivery Tool Chain: So Many Choices! The Continuous Delivery Tool Chain: So Many Choices! Mark Sigler Senior Director, Product Management CA Technologies June 2014 2013 CA. All rights reserved. Biography Mark Sigler is CA Technologies Senior

More information

Key Benefits of Microsoft Visual Studio Team System

Key Benefits of Microsoft Visual Studio Team System of Microsoft Visual Studio Team System White Paper November 2007 For the latest information, please see www.microsoft.com/vstudio The information contained in this document represents the current view

More information

! Resident of Kauai, Hawaii

! Resident of Kauai, Hawaii SECURE SDLC Jim Manico @manicode! OWASP Volunteer! Global OWASP Board Member! Manager of several OWASP secure coding projects! Security Instructor, Author! 17 years of web-based, databasedriven software

More information

Turning the Battleship: How to Build Secure Software in Large Organizations. Dan Cornell May 11 th, 2006

Turning the Battleship: How to Build Secure Software in Large Organizations. Dan Cornell May 11 th, 2006 Turning the Battleship: How to Build Secure Software in Large Organizations Dan Cornell May 11 th, 2006 Overview Background and key questions Quick review of web application security The web application

More information

Bridging Development and Operations: The Secret of Streamlining Release Management

Bridging Development and Operations: The Secret of Streamlining Release Management Bridging Development and Operations: The Secret of Streamlining Release Management Mark Levy, Product Manager Serena Software SERENA SOFTWARE INC. Release Management Goal Deploy application changes into

More information

Accenture Digital Testing and Omni Channel Testing Platform

Accenture Digital Testing and Omni Channel Testing Platform Accenture Testing Symposium June 2-3, 2016 Melbourne, Australia Accenture Digital Testing and Omni Channel Testing Platform June 2016 Accenture, its logo, and High Performance Delivered are trademarks

More information

Agile Delivery Framework Automation & Deployment With Puppet

Agile Delivery Framework Automation & Deployment With Puppet 2015 2015 Agile Delivery Framework Automation & Deployment With Puppet Karthiga Sadasivan https://www.linkedin.com/in/karthisadasivan Email ID: Karthiga.Sadasivan@happiestminds.com Blog : www.happiestminds.com/blogs/category/devops

More information

A Sumo Logic White Paper. Harnessing Continuous Intelligence to Enable the Modern DevOps Team

A Sumo Logic White Paper. Harnessing Continuous Intelligence to Enable the Modern DevOps Team A Sumo Logic White Paper Harnessing Continuous Intelligence to Enable the Modern DevOps Team As organizations embrace the DevOps approach to application development they face new challenges that can t

More information

DevOps: Old-School IT lessons for a New-World of IT Opportunities. February 16, 2012

DevOps: Old-School IT lessons for a New-World of IT Opportunities. February 16, 2012 DevOps: Old-School IT lessons for a New-World of IT Opportunities February 16, 2012 Brought to you by Vivit DevOps Special Interest Group (SIG) Your input is welcomed on new topics! We hope you ll consider

More information

DevOps: Multiplatform Application Deployment

DevOps: Multiplatform Application Deployment DevOps: Multiplatform Application Deployment Insert Custom Session QR if Desired Rosalind Radcliffe Distinguished Engineer Chief Architect for DevOps and CLM IBM Academy of Technology rradclif@us.ibm.com

More information

Application Portfolio Risk Ranking Banishing FUD With Structure and Numbers

Application Portfolio Risk Ranking Banishing FUD With Structure and Numbers Application Portfolio Risk Ranking Banishing FUD With Structure and Numbers Dan Cornell OWASP AppSec DC 2010 November 11 th, 2010 Overview The Problem Information Gathering Application Scoring Risk Rank

More information

Copyrighted www.eh1infotech.com +919780265007, 0172-5098107 Address :- EH1-Infotech, SCF 69, Top Floor, Phase 3B-2, Sector 60, Mohali (Chandigarh),

Copyrighted www.eh1infotech.com +919780265007, 0172-5098107 Address :- EH1-Infotech, SCF 69, Top Floor, Phase 3B-2, Sector 60, Mohali (Chandigarh), Content of 6 Months Software Testing Training at EH1-Infotech Module 1: Introduction to Software Testing Basics of S/W testing Module 2: SQA Basics Testing introduction and terminology Verification and

More information

CLOUD MANAGED SERVICES FRAMEWORK E-BOOK

CLOUD MANAGED SERVICES FRAMEWORK E-BOOK CLOUD MANAGED SERVICES FRAMEWORK E-BOOK TABLE OF CONTENTS 1 Introduction 2 2 Operational Insight 3 3 Cloud Management Process Control 4 4 Infrastructure, Application & Data Security 5 5 Continuous Improvement

More information

Integrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis

Integrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Integrating Security into the Application Development Process Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Agenda Seek First to Understand Source Code Security AppSec and SQA Analyzing

More information

Service Orchestration

Service Orchestration June 2015 Service Orchestration Infos and Use Cases Falko Dautel Robert Thullner Agenda + Overview + Use Cases & Demos VM Provisioning with ServiceNow Employee Onboarding + Summary + Questions & Answers

More information

Getting Started with Web Application Security

Getting Started with Web Application Security Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled

More information

TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION

TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION www.wipro.com TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION Renaissance Delivery Experience Ecosystem Sabir Ahmad Senior Architect ... Table of Content Introduction 3 Driving Transformational

More information

White Paper. The Importance of Automating the End to End Pipeline for Continuous Delivery

White Paper. The Importance of Automating the End to End Pipeline for Continuous Delivery White Paper The Importance of Automating the End to End Pipeline for Continuous Delivery The Importance of Automating the End to End Pipeline for Continuous Delivery Executive Summary Continuous Delivery

More information

Continuous Delivery for Force.com

Continuous Delivery for Force.com Continuous Delivery for Force.com Achieve higher release velocity (shorten release cycles) & reduced Time to Market by 40% info@autorabit.com AutoRABIT a product of TechSophy, Inc. www.autorabit.com Continuous

More information

BMC Service Assurance. Proactive Availability and Performance Management Capacity Optimization

BMC Service Assurance. Proactive Availability and Performance Management Capacity Optimization BMC Service Assurance Proactive Availability and Performance Management Capacity Optimization BSM enables cross-it workflow Proactive Operations Initiatives Incident Management Proactive Operations REQUEST

More information

Developing Oracle Fusion Middleware Applications in the Cloud

Developing Oracle Fusion Middleware Applications in the Cloud Developing Oracle Fusion Middleware Applications in the Cloud Antony Reynolds Matt Wright Ramkumar Menon 1 Who We Are Antony Reynolds Product Strategy Director, Oracle Author SOA Suite 11g Developers Cookbook

More information

Mastering Continuous Integration with Jenkins

Mastering Continuous Integration with Jenkins 1. Course Objectives Students will walk away with a solid understanding of how to implement a Continuous Integration (CI) environment with Jenkins, including: Setting up a production-grade instance of

More information

MANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum

MANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum App user analytics and performance monitoring for the business, development, and operations teams CA Mobile App Analytics for endto-end visibility CA Mobile App Analytics WWW.OVUM.COM Written by: Michael

More information

Development Testing for Agile Environments

Development Testing for Agile Environments Development Testing for Agile Environments November 2011 The Pressure Is On More than ever before, companies are being asked to do things faster. They need to get products to market faster to remain competitive

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

HP Application Security Center

HP Application Security Center HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and

More information

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility

More information

DevOps: Development Challenges and New Approaches

DevOps: Development Challenges and New Approaches DevOps: Development Challenges and New Approaches Chris Sharp STSM, Chief Architect SWG Europe DevOps IBM Master Inventor, Member of IBM Academy of Technology Agenda The Problem and the Need for Change

More information

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Mobility Exploiting and Maintaining the New Face of Engagement Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained

More information

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support

Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support Demand & Requirements Management Software Development QA & Test Management IT Operations & DevOps Change Management Agile, SAFe, Waterfall Support Overview codebeamer is a single-repository Application

More information

Increasing Business Efficiency and Agility for ATGbased. Systems. the business challenge: upgrading the development pipeline

Increasing Business Efficiency and Agility for ATGbased. Systems. the business challenge: upgrading the development pipeline Increasing Business Efficiency and Agility for ATGbased ecommerce Systems This case study follows a Tier 1 retailer migrating to an ATG-based ecommerce platform and upgrading its software development process

More information

Learning objectives for today s session

Learning objectives for today s session Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify

More information

Continuous Delivery Benefits, Best Practices and Practical Advice

Continuous Delivery Benefits, Best Practices and Practical Advice Continuous Delivery Benefits, Best Practices and Practical Advice Jeffrey Hammond Forrester Research Ajit Zadgaonkar Edmunds.com Mark Warren Perforce Software Continuous Delivery: A Key Enabler of Feedback

More information

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National

More information

The Web AppSec How-to: The Defenders Toolbox

The Web AppSec How-to: The Defenders Toolbox The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware

More information

The Virtualization Practice

The Virtualization Practice The Virtualization Practice White Paper: Managing Applications in Docker Containers Bernd Harzog Analyst Virtualization and Cloud Performance Management October 2014 Abstract Docker has captured the attention

More information

HP ALM Masters 2014 Performance testing Modern Applications

HP ALM Masters 2014 Performance testing Modern Applications HP ALM Masters 2014 Performance testing Modern Applications HP Apps 12 Application Delivery Management in the new style of IT We enable you to deliver high performance applications with unprecedented velocity

More information

Your guide to building great apps. Upgrade your skills and update your tools to create the next great app

Your guide to building great apps. Upgrade your skills and update your tools to create the next great app Your guide to building great apps Upgrade your skills and update your tools to create the next great app Introduction Visual Studio 2015 helps you turn great ideas into great business applications. Our

More information

"Cloud Computing: Powering the Future of Testing"

Cloud Computing: Powering the Future of Testing W5 Class 10/5/2011 11:30 AM "Cloud Computing: Powering the Future of Testing" Presented by: Sundar Raghavan Skytap Brought to you by: 340 Corporate Way, Suite 300, Orange Park, FL 32073 888 268 8770 904

More information

DevOps: Advances in release management and automation

DevOps: Advances in release management and automation ANALYST INSIGHT DevOps: Advances in release management and automation The Ovum rainbow map for DevOps solutions comparing 11 vendors Reference Code: OI00172-072 Publication Date: September 2011 Author:

More information

DevOps for CA Plex Automated Testing

DevOps for CA Plex Automated Testing DevOps for CA Plex Automated Testing Agenda DevOps Agile ALM CM MatchPoint Automated Testing Worksoft Certify DevOps Agile - DevOps Source: IBM SoftwareTechnical White Paper DevOps Lifecycle DevOps CA

More information

Client Overview. Engagement Situation. Key Requirements

Client Overview. Engagement Situation. Key Requirements Client Overview Our client is the leading provider of health insurance related solutions for providing online and easy access to health insurance. Our client offers these services to a range of consumers

More information

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments

Orchestrated. Release Management. Gain insight and control, eliminate ineffective handoffs, and automate application deployments Orchestrated Release Management Gain insight and control, eliminate ineffective handoffs, and automate application deployments Solution Brief Challenges Release management processes have been characterized

More information

Brakeman and Jenkins: The Duo Detects Defects in Ruby on Rails Code

Brakeman and Jenkins: The Duo Detects Defects in Ruby on Rails Code Brakeman and Jenkins: The Duo Detects Defects in Ruby on Rails Code Justin Collins Tin Zaw AppSec USA September 23, 2011 About Us Justin Collins - @presidentbeef Tin Zaw - @tzaw Our Philosophy: Light Touch

More information

AppDynamics Fall 14' Release: Revolutionizing APM! p r e s e n t e d b y :

AppDynamics Fall 14' Release: Revolutionizing APM! p r e s e n t e d b y : AppDynamics Fall 14' Release: Revolutionizing APM! p r e s e n t e d b y : Bill AppDynamics Hayden Fall &'14 Marcus Release: Revolutionizing Sarmento APM! Orasi Software at a Glance Corporate Overview

More information

Bridge Development and Operations for faster delivery of applications

Bridge Development and Operations for faster delivery of applications Technical white paper Bridge Development and Operations for faster delivery of applications HP Continuous Delivery Automation software Table of contents Application lifecycle in the current business scenario

More information

Mobile App Development: The CD Recipe Jenkins + Functional and Non-functional Testing + Real Devices. Carlo Cadet, Director, Technical Evangelists

Mobile App Development: The CD Recipe Jenkins + Functional and Non-functional Testing + Real Devices. Carlo Cadet, Director, Technical Evangelists Mobile App Development: The CD Recipe Jenkins + Functional and Non-functional Testing + Real Devices Carlo Cadet, Director, Technical Evangelists Introducing Perfecto Mobile Enabling manual and automated

More information

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment CloudCenter Full Lifecycle Management An application-defined approach to deploying and managing applications in any datacenter or cloud environment CloudCenter Full Lifecycle Management Page 2 Table of

More information

MagenTys Testing Services Page 2

MagenTys Testing Services Page 2 Testing Services CONTENTS 1 MAGENTYS... 3 2 COMPANY DETAILS... 4 2.1 Overview... 4 2.2 ETHICS and values... 4 3 Services... 5 3.1 Test Automation... 5 3.1.1 Test Automation Framework and Automated Test

More information

CMDB Essential to Service Management Strategy. All rights reserved 2007

CMDB Essential to Service Management Strategy. All rights reserved 2007 CMDB: Essential to the Service Management strategy Business Proposition: This white paper describes how the CMDB is an essential component of the IT Service Management Strategy, and why the FrontRange

More information

Assuring Application Security: Deploying Code that Keeps Data Safe

Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe 2 Introduction There s an app for that has become the mantra of users,

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

Journey to the Cloud and Application Release Automation Shane Pearson VP, Portfolio & Product Management

Journey to the Cloud and Application Release Automation Shane Pearson VP, Portfolio & Product Management Journey to the Cloud and Application Release Automation Shane Pearson VP, Portfolio & Product Management Hybrid Delivery: The right IT strategy Creating the optimal mix of traditional IT and cloud services

More information

Develop better, Deliver Faster with DevOps: The CA LISA Product Suite. John Boebinger Senior Principal Consultant

Develop better, Deliver Faster with DevOps: The CA LISA Product Suite. John Boebinger Senior Principal Consultant Develop better, Deliver Faster with DevOps: The CA LISA Product Suite John Boebinger Senior Principal Consultant Today s reality 2 Copyright 2013 CA. All rights reserved. Does Any of This Sound Familiar?

More information