Managing Software Risk at the System Level. Making code quality work for the business
|
|
- Vivian Boone
- 7 years ago
- Views:
Transcription
1 Managing Software Risk at the System Level Making code quality work for the business
2 Architectural complexity cause business disruptions Architecturally Complex Violations are structural flaws involving interactions among components that reside in different application layers. Although they constitute only 8% of the vulnerabilities in an application, they represent: 52% of the repair effort and require 20 times more changes to fix! 8 times more likely to escape into testing and 6 times more likely to escape into operations. SYSTEM LEVEL FLAWS 8 % 52 % 90 % Downtime caused by system-level flaws! Effective Software Risk Prevention: Focus on critical violations that matter Focus resources on area of highest impact not highest volume 92 % of all defects 48 % of total repair effort 10 % UNIT LEVEL FLAWS Tracking programming practices at the Unit Level alone may not translate into the anticipated business impact, most devastating defects can only be detected at the System Level. - OMG
3 The goal of system quality Control the software characteristics that have the greatest impact on the business! Software Characteristic RELIABILITY PERFORMANCE EFFICIENCY SECURITY MAINTAINABILITY Rules/Best-Practices No error handling along the call chain Typecast mismatching along the call chain Mis-configured frameworks (e.g., update trigger in Hibernate) Expensive loops, with indirect calls involved Incorrect use of indices Multiple performance violations along the call chain Input validation, SQL injection, Cross-site scripting Failure to use vetted libraries or frameworks Secure architecture design compliance Excessive horizontal layers Code duplication business logic vs. exact code comparison Strict hierarchy of calling between architectural layers
4 SAM solution must match the business need Enterprise-wide solutions measure system level structural characteristics such as Reliability, Performance Efficiency, Security and Maintainability Developer-centric tools monitor code quality of individual components at unit level, these are language-specific and narrowly focused.
5 Architecture Compliance System & unit level analysis is a MUST for real insight System / Application Value Web Services APIs Java COBOL JSP Java ASP.NET C++ C# VB Integration quality Architectural compliance Risk propagation simulation Application security Resiliency checks Transaction integrity Automated Function Point / EFP Counting Effort estimation Data access control SDK versioning Calibration across technologies Risk Management Reliability Security Performance Productivity Measurement Vendor Management IT Measurement & Governance Hibernate Messaging Spring Struts.NET Module Value Oracle EJB PL/SQL SQL Server T/SQL COBOL Intra-technology architecture Intra-layer dependencies Module complexity & cohesion Design & structure Inter-program invocation Security Vulnerabilities Rules Compliance Defect Reduction Sybase DB2 IMS Program/Unit Transaction Risk Data Flow Code style & layout Propagation Risk Code documentation Class or program design Basic coding standards Value Comments Hygiene 4
6 Comparison of enterprise & developer-centric SAM solutions Developer-Centric tools are focused on code hygiene Research shows that 90% of defects found in production and 60% of defects found in QA are related to cross component or cross technology interactions which require Enterprise solutions to detect! SDLC Stage Type of Rules CAST AIP (JEE/RDBMS) Open Source at IDE 4 Results per KLOC Structural Defects 3 % in QA % in PROD Component level code hygiene 25 ~ s Development Component level best practices 109 ~ s 40% 10% Integration & System Testing System Level - Framework compliance - Architectural checks - Cross technology - Security - Transaction s 60% 90% 1) Majority of these are related to XML which don t result in any defects CAST Application Intelligence Platform 2) Naming conventions and basic code hygiene don t necessarily result in defects, may make it hard to maintain and change 3) Based on a study of defect profiles by CAST Research Labs from ten major corporations worldwide 4) This analysis adds all the checks in the popular tools PMD, Check Style, FindBugs, and JDepend
7 CAST AIP vs. code analyzer CAST Application Intelligence Platform Code Analyzers System level analysis Unit/program level analysis Analysis occurs at build or integration phase Analysis occurs locally at developer workstation Ensures architectural, structural and programming best practices Ensures basic programming best practices Prevention of serious reliability, performance, security issues Prevents TCO growth over time by proactive preventing the system from becoming brittle, complex, undocumented, and architectural unsound to modify Holistic view of system that pinpoints critical defect while imparting software engineering advice Checks for good code hygiene, readability and cleanliness Prevents error prone programming, complexity of unit algorithmic complexity at unit level..etc Code level view that flags poor coding hygiene and non-conformance to coding standards 6
8 Only CAST s systems level analysis can Provide deep architectural visibility through cross layer / technology analysis Analyze systems composed of multiple technologies: SAP,.NET, Business Objects, C/C++, COBOL, Borland Delphi, Java, PowerBuilder, IBM SQL-PSM, Oracle Forms, Oracle PL/SQL, J2EE Frameworks Struts, Hibernate, JavaScript, HTML,.ASP, Sybase T-SQL, T-SQL, Microsoft SQL Server, Tibco BusinessWorks, Visual Basic, PeopleSoft, Siebel, PL1, Fortran, Flex, RPG, EGL Detect critical vulnerabilities that will disrupt business critical systems and processes. Generate actionable metrics and remediation plans that make development teams better and systems more reliable. Aggregation & Consolidation Static Analysis Dynamic Analysis Function Points Transaction Finder System Level Analysis Dependencies Code Pattern Scanning Rule Engine Architecture Checker Data Flow
9 CAST AIP holistic system analysis Tech coverage: Support all technologies in the application context Behavior Simulation - emulate run-time behaviors of components Dependencies - analyze cross-layer / technology links between app components Code Pattern Scanning - scan pattern and anti-pattern in application control flow Content Updater - adjust analysis results to match application advanced behaviors Data Flow Analysis - track along static and dynamic call stacks the use of the content of variables Architecture Checking - identify invalid calls and references between architectural Layers Transaction Finder - identify cross-layer / technology transactions from UI to data entities Static Analysis Aggregation & Consolidation Dynamic Analysis Function Points Transaction Finder Rule Engine System Level Analysis Data Flow Dependencies Code Pattern Scanning Architecture Checker 8
10 "The Whole Is Greater Than The Sum Of Its Parts A CASE STUDY
11 Global insurance company situation Global Insurance company with +150k employees and USD 30 billion in revenues attempted to build an in-house system level software analysis and measurement solution. The goal Combat system reliability issues and increasing costs in critical systems. Management visibility and control of technical quality of in house and service providers IT Ecosystem Oracle, Peoplesoft and Java, VB,.NET, C, C++,C# applications, Multiple systems integrators: Oracle, Capgemini, Accenture Solution Develop in-house analysis and measurement capability with open source tools (Jdepend, PMD, CheckStyle, FxCop and commercial tools (DevPartner (Performance) and McCabe (Metrics). 10
12 Global insurance company result After 3 years, 4 in-house developers and systems integrator s support staff deployed a solution at a cost of $1.5M. Challenges Delivered a partial solution Lacked ability to analyze SQL, no inter-component analysis Unable to aggregate analysis at portfolio level and no diagnostics Partially adopted by organization because the solution Didn t cover all systems in the portfolio Provide an incomplete view of systems Unable to support decisions No training, documentation of deployed solution Partial funded only funded development Requires substantial resource and financial investment 4 FTEs to fix bugs and adopt technology evolution Unable to upgrade new version of open source tools No further R&D and evolution of the product. 11
13 Global insurance company hidden cost of free software Licensing In-house solution using open source* Free Open source based aggregator solution (Sonar)* $780,000 (2 instance of base product + 2 instances of plug ins for 5 years) Maintenance Free Included in base fee Administration $500,000 (1 FTE for 5 years) $500,000 (1 FTE for 5 years) Hardware Budget Development/ Integration $100,000 (Dev and production environments) $1,000,000 (2 FTEs for 5 years) $50,000 (Production Environment) $250,000 (.5 FTEs for 5 years) 5 Year Cost $1.5M $1.6M Costs not consider by the client Identify needs, research and investigate Open Source solutions Select analyzers and develop tools to integrate with OS analyzers Build and maintain dashboards Test and certify deployments to production Apply patches for bug fixes Maintaining the integration of all parsers into one dashboard Create custom rules Calibrate data across parsers Track of development/ roadmap of each parser Create training material and conducting training for various stake holders Ongoing support for developers and administrators 12
14 Global insurance company lessons learned Home grown efforts become another development project Difficult to contain costs, schedule, scope creep Developer level tools cobbled together does not result in system level capability or support enterprise level decision making. Grossly underestimated Total Ownership Cost Open source Licensing can create licensing infringement risks Brain Drain Organization spends time and money to train in-house to become experts, resources leave and take the knowledge with them Unreliable Technical Support Open source development is not accountable to respond to urgent technical issues (security breaches) Unpredictable development of future components (new analyzers, upgrades) 13
15 Implementing a Code Quality Management initiative HOW TO BEGIN
16 The recognized leader for SAM in IT for many years WE KNOW HOW TO INTRODUCE CODE QUALITY MANAGEMENT INTO LOW MATURITY ORGANIZATIONS Prioritize Identify Hotspots Automate Stabilize Measure Educate Optimize Eliminate Run an initial measurement across the affected applications. Find where the biggest structural weaknesses and architectural hotspots are in these applications. Baseline the key applications along the most important application health parameters. Ensure they don t deteriorate, especially with respect to critical violations. Implement a continuous measure of structural quality, with a direct feedback loop to developers. Track asset improvement and identify risk as early as possible in SDLC. Key Success Factor Prioritize output to only relevant software flaws, by: - Propagation risk - Transaction risk - Critical violation density Key Success Factor Focus efforts on the businessrelevant characteristics - Stability & resilience - Performance efficiency - Security & software risk Key Success Factor Rely on measurement platform that remains consistent - Over time, for trending - Across apps portfolio - With industry standards
17 CAST approach to code quality management in SDLC Senior architect for program oversight Leverage the architect office to scale reuse, frameworks, and best practice across teams Data aggregation & measurement Stabilize measurement model for inclusion into IT dashboards, vendor SLAs, and team tracking Build-stage Global Analysis Use CAST for rules that require system-level context Use Unit-level or CAST for all other rules Unit-level Local Online Analysis Analyze hygiene and simple best practice rules at the IDE, for direct feedback that doesn t require context 16
18 Don t wait for an outage to manage software risk The time to repair the roof is when the sun is shining. -John F. Kennedy 17
8 Steps to Measure ADM Vendor Deliverables
White Paper 8 Steps to Measure ADM Vendor Deliverables Ensure Structural Quality with Software Analysis & Measurement As enterprise IT departments increasingly move towards multi-sourcing environments,
More informationProduct Roadmap. Sushant Rao Principal Product Manager Fortify Software, a HP company
Product Roadmap Sushant Rao Principal Product Manager Fortify Software, a HP company Agenda Next Generation of Security Analysis Future Directions 2 Currently under investigation and not guaranteed to
More informationIBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationContinuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app
More informationIBM Rational AppScan Source Edition
IBM Software November 2011 IBM Rational AppScan Source Edition Secure applications and build secure software with static application security testing Highlights Identify vulnerabilities in your source
More informationMicroStrategy Course Catalog
MicroStrategy Course Catalog 1 microstrategy.com/education 3 MicroStrategy course matrix 4 MicroStrategy 9 8 MicroStrategy 10 table of contents MicroStrategy course matrix MICROSTRATEGY 9 MICROSTRATEGY
More informationEstablishing a business performance management ecosystem.
IBM business performance management solutions White paper Establishing a business performance management ecosystem. IBM Software Group March 2004 Page 2 Contents 2 Executive summary 3 Business performance
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationApplication Code Development Standards
Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards
More informationImplement a unified approach to service quality management.
Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional
More informationIs your software secure?
Is your software secure? HP Fortify Application Security VII konferencja Secure 2013 Warsaw - October 9, 2013 Gunner Winkenwerder Sales Manager Fortify CEE, Russia & CIS HP Enterprise Security +49 (172)
More information5 Partner Benefits and Requirements... 8 5.1 Benefits... 8 5.2 Requirements... 8
Table of Contents Table of Contents... 2 1 Overview & Presentation... 4 2 Partner Communications... 5 2.1 Partner channels... 5 2.2 Kiuwan Representatives... 5 3 About Kiuwan... 6 4 Partner Types... 7
More informationWhite Paper. Software Development Best Practices: Enterprise Code Portal
White Paper Software Development Best Practices: Enterprise Code Portal An Enterprise Code Portal is an inside the firewall software solution that enables enterprise software development organizations
More informationInteractive Application Security Testing (IAST)
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
More informationAn Oracle White Paper June, 2013. Enterprise Manager 12c Cloud Control Application Performance Management
An Oracle White Paper June, 2013 Enterprise Manager 12c Cloud Control Executive Overview... 2 Introduction... 2 Business Application Performance Monitoring... 3 Business Application... 4 User Experience
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIT Operations Management: A Service Delivery Primer
IT Operations Management: A Service Delivery Primer Agile Service Delivery Creates Business Value Today, IT has to innovate at an ever- increasing pace to meet accelerating business demands. Rapid service
More informationSoftware Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security
Software Code Quality Checking (SCQC) No Clearance for This Secret: Information Assurance is MORE Than Security Nominee International Security Executives (ISE ) Information Security Project of the Year
More informationPut a Firewall in Your JVM Securing Java Applications!
Put a Firewall in Your JVM Securing Java Applications! Prateep Bandharangshi" Waratek Director of Client Security Solutions" @prateep" Hussein Badakhchani" Deutsche Bank Ag London Vice President" @husseinb"
More informationWhite Paper 6 Steps to Enhance Performance of Critical Systems
White Paper 6 Steps to Enhance Performance of Critical Systems Despite the fact that enterprise IT departments have invested heavily in dynamic testing tools to verify and validate application performance
More informationDeveloping ASP.NET MVC 4 Web Applications MOC 20486
Developing ASP.NET MVC 4 Web Applications MOC 20486 Course Outline Module 1: Exploring ASP.NET MVC 4 The goal of this module is to outline to the students the components of the Microsoft Web Technologies
More informationELOGIX SOFTWARE BUSINESS ADVANTAGE DELIVERED PRACTICE DETAILS
ELOGIX SOFTWARE BUSINESS ADVANTAGE DELIVERED PRACTICE DETAILS BACKGROUND 10 years of experience Maintain a center for excellence that perpetuates the learning process and keeps the team abreast of latest
More informationMove beyond monitoring to holistic management of application performance
Move beyond monitoring to holistic management of application performance IBM SmartCloud Application Performance Management: Actionable insights to minimize issues Highlights Manage critical applications
More informationSTATE OF WASHINGTON DEPARTMENT OF SOCIAL AND HEALTH SERVICES P.O. Box 45810, Olympia, Washington 98504 5810. October 21, 2013
STATE OF WASHINGTON DEPARTMENT OF SOCIAL AND HEALTH SERVICES P.O. Box 45810, Olympia, Washington 98504 5810 October 21, 2013 To: RE: All Vendors Request for Information (RFI) The State of Washington, Department
More informationExpanding Uniformance. Driving Digital Intelligence through Unified Data, Analytics, and Visualization
Expanding Uniformance Driving Digital Intelligence through Unified Data, Analytics, and Visualization The Information Challenge 2 What is the current state today? Lack of availability of business level
More informationGetting started with API testing
Technical white paper Getting started with API testing Test all layers of your composite applications, not just the GUI Table of contents Executive summary... 3 Introduction... 3 Who should read this document?...
More informationNetwork Test Labs (NTL) Software Testing Services for igaming
Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs
More information<Insert Picture Here> Oracle Premier Support Il Supporto di Oracle sulla Tecnologia e sulle Applicazioni
Oracle Premier Support Il Supporto di Oracle sulla Tecnologia e sulle Applicazioni Gianfranco Dragone Premier Support Senior Sales Manager Oracle Corporation Scale $24.2B in TTM revenue
More informationStrategies for Monitoring Large Data Centers with Oracle Enterprise Manager. Ana McCollum Consulting Product Manager
Strategies for Monitoring Large Data Centers with Oracle Enterprise Manager Ana McCollum Consulting Product Manager The following is intended to outline our general product direction. It is intended for
More informationDeveloping ASP.NET MVC 4 Web Applications Course 20486A; 5 Days, Instructor-led
Developing ASP.NET MVC 4 Web Applications Course 20486A; 5 Days, Instructor-led Course Description In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5
More informationSWASCAN ALL in ONE. SWASCAN Web Application SWASCAN Network SWASCAN Code Review
SWASCAN ALL in ONE SWASCAN Web Application SWASCAN Network SWASCAN Code Review SWASCAN at a Glance The first Cloud Suite Security Platform The right way to manage the Security Risk, both for web and mobile
More informationAPPLICATION SECURITY: ONE SIZE DOESN T FIT ALL
APPLICATION SECURITY: ONE SIZE DOESN T FIT ALL Charles Henderson Trustwave SpiderLabs Session ID: Session Classification: SPO2-W25 Intermediate AGENDA One size rarely fits all Sizing up an application
More informationJBoss EntErprisE ApplicAtion platform migration guidelines www.jboss.com
JBoss Enterprise Application Platform Migration Guidelines This document is intended to provide insight into the considerations and processes required to move an enterprise application from a JavaEE-based
More informationDevOps Best Practices for Mobile Apps. Sanjeev Sharma IBM Software Group
DevOps Best Practices for Mobile Apps Sanjeev Sharma IBM Software Group Me 18 year in the software industry 15+ years he has been a solution architect with IBM Areas of work: o DevOps o Enterprise Architecture
More informationSoftware Code Quality Checking (SCQC) No Clearance for This Secret: Software Assurance is MORE Than Security
Software Code Quality Checking (SCQC) No Clearance for This Secret: Software Assurance is MORE Than Security Nominee International Security Executives (ISE ) Information Security Project of the Year North
More informationApplication Security Testing Powered by HPE Fortify on Demand. Managed application security testing available on demand
Application Security Testing Powered by HPE Fortify on Demand Managed application security testing available on demand Powered by HPE Fortify on Demand, Sogeti Application security testing is a managed
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationEstablish and maintain Center of Excellence (CoE) around Data Architecture
Senior BI Data Architect - Bensenville, IL The Company s Information Management Team is comprised of highly technical resources with diverse backgrounds in data warehouse development & support, business
More informationJBOSS ENTERPRISE APPLICATION PLATFORM MIGRATION GUIDELINES
JBOSS ENTERPRISE APPLICATION PLATFORM MIGRATION GUIDELINES This document is intended to provide insight into the considerations and processes required to move an enterprise application from a JavaEE-based
More informationNet Developer Role Description Responsibilities Qualifications
Net Developer We are seeking a skilled ASP.NET/VB.NET developer with a background in building scalable, predictable, high-quality and high-performance web applications on the Microsoft technology stack.
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationGECKO Software. Introducing FACTORY SCHEMES. Adaptable software factory Patterns
Introducing FACTORY SCHEMES Adaptable software factory Patterns FACTORY SCHEMES 3 Standard Edition Community & Enterprise Key Benefits and Features GECKO Software http://consulting.bygecko.com Email: Info@gecko.fr
More informationEffective and Best practices of load and performance testing Oracle Applications using BSD Oracle plug-in for Rational Performance Tester
Effective and Best practices of load and performance testing Oracle Applications using BSD Oracle plug-in for Rational Performance Tester Anitha P Somanathan & Krishna Murthy ISSR IBM India Pvt Ltd Rational
More informationFrequently Asked Questions Plus What s New for CA Application Performance Management 9.7
Frequently Asked Questions Plus What s New for CA Application Performance Management 9.7 CA Technologies is announcing the General Availability (GA) of CA Application Performance Management (CA APM) 9.7
More informationApplication Security Center overview
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationOverview and Frequently Asked Questions
Overview and Frequently Asked Questions OVERVIEW Oracle is pleased to announce that we have completed our acquisition of Siebel Systems and we are now operating as one. As the leader in customer relationship
More informationMigrations from Oracle/Sybase/DB2 to Microsoft SQL Server it s easy!
Migrations from Oracle/Sybase/DB2 to Microsoft SQL Server it s easy! January 2010 Dmitry Balin dmitry@dbbest.com Academy Enterprise Partner Group Successful migrations DB Best Technologies about us Established
More informationDelivering Cost Effective IT Services
M2 Technology Delivering Cost Effective IT Services Defense agencies have been directed to move towards cloud and shared service models by the Federal Data Center Consolidation Initiative (FDCCI), the
More informationIBM Security AppScan Source
Source Secure traditional and mobile applications and build secure software with static application security testing Highlights Identify vulnerabilities in your source code, review data and call flows,
More informationDeveloping ASP.NET MVC 4 Web Applications
Course M20486 5 Day(s) 30:00 Hours Developing ASP.NET MVC 4 Web Applications Introduction In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5 tools
More informationTake full advantage of IBM s IDEs for end- to- end mobile development
Take full advantage of IBM s IDEs for end- to- end mobile development ABSTRACT Mobile development with Rational Application Developer 8.5, Rational Software Architect 8.5, Rational Developer for zenterprise
More informationHow to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP
How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright
More informationNow Is the Time for Security at the Application Level
Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now
More informationThe Evolution of Load Testing. Why Gomez 360 o Web Load Testing Is a
Technical White Paper: WEb Load Testing To perform as intended, today s mission-critical applications rely on highly available, stable and trusted software services. Load testing ensures that those criteria
More informationActiveMatrix Extending Virtualization benefits over Your Service Architecture. Joaquim F. Carvalho Senior Solution Consultant TIBCO Software Inc.
ActiveMatrix Extending Virtualization benefits over Your Service Architecture Joaquim F. Carvalho Senior Solution Consultant TIBCO Software Inc. The Business/IT Gap Business Needs Service Management Customer
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationIntegrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
More informationJAVA/J2EE DEVELOPER RESUME
1 of 5 05/01/2015 13:22 JAVA/J2EE DEVELOPER RESUME Java Developers/Architects Resumes Please note that this is a not a Job Board - We are an I.T Staffing Company and we provide candidates on a Contract
More informationProduction Security and the SDLC. Mark Kraynak Sr. Dir. Strategic Marketing Imperva mark@imperva.com
Production Security and the SDLC Mark Kraynak Sr. Dir. Strategic Marketing Imperva mark@imperva.com Building Security Into the Development Process Production Test existing deployed apps Eliminate security
More informationHP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security
HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications
More informationzenterprise The Ideal Platform For Smarter Computing Developing Hybrid Applications For zenterprise
zenterprise The Ideal Platform For Smarter Computing Developing Hybrid Applications For zenterprise Smarter Computing Is Redefining The Data Center Consolidate Infrastructure Optimize to data center Eliminate
More informationSoftware Supply Chains: Another Bug Bites the Dust.
SESSION ID: STR-T08 Software Supply Chains: Another Bug Bites the Dust. Todd Inskeep 1 Global Security Assessments VP Samsung Business Services @Todd_Inskeep Series of Recent, Large, Long-term Security
More informationSAST, DAST and Vulnerability Assessments, 1+1+1 = 4
SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges
More informationJava Monitoring. Stuff You Can Get For Free (And Stuff You Can t) Paul Jasek Sales Engineer
Java Monitoring Stuff You Can Get For Free (And Stuff You Can t) Paul Jasek Sales Engineer A Bit About Me Current: Past: Pre-Sales Engineer (1997 present) WaveMaker Wily Persistence GemStone Application
More informationJAVA Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications
SOFTWARE ENGINEERING TRACK JAVA Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office
More informationThe Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationUsers. Extending Visibility Across Your TIBCO Infrastructure and Beyond
White Paper Application Performance Management (APM) for TIBCO Users Extending Visibility Across Your TIBCO Infrastructure and Beyond Publication Date: October 2008 Abstract: TIBCO users may wish to expand
More informationA Technical Roadmap for Oracle Fusion Middleware, E-Business Suite Release 12 and Oracle Fusion Applications
A Technical Roadmap for Oracle Fusion Middleware, E-Business Suite Release 12 and Oracle Fusion Applications John Stouffer Oracle E-Business ACE Independent Consultant 214 535 6847 john.w.stouffer@gmail.com
More information<Insert Picture Here> Slavko Rožič
Slavko Rožič Support Director, Oracle Customer Services Slavko.rozic@oracle.com Novosti u Oracle Podršci Software Configuration Manager podrška za Oracle VM i Unbreakable Linux Lifetime
More informationHow To Use Ibm Tivoli Monitoring Software
Monitor and manage critical resources and metrics across disparate platforms from a single console IBM Tivoli Monitoring Highlights Help improve uptime and shorten Help optimize IT service delivery by
More informationMainframe Managed Tools as a Service (MFMTaaS) Accelerating Growth
June 2012 Mainframe Managed s as a Service (MFMTaaS) Accelerating Growth 2 CONTENTS PURPOSE 2 BACKGROUND 2 FEATURES OF MFMTAAS 3 MFMTAAS PRICING MODELS 3 BENEFITS OF MFMTAAS 4 MFMTAAS VISION 5 BUSINESS
More informationSenior Oracle Developer Call us today to schedule this resource. CORP: (214) 245-4580. CENDIEN http://www.cendien.com
Senior Oracle Developer Cendien Oracle Experts Oracle Professional Services Over Nine years of experience in IT as a Oracle Developer providing extensive support in analysis, design, development, testing
More informationBringing Security Testing to Development. How to Enable Developers to Act as Security Experts
Bringing Security Testing to Development How to Enable Developers to Act as Security Experts Background: SAP SE SAP SE Business Software Vendor Over 68000 employees Worldwide development Myself Security
More informationAn ITIL Perspective for Storage Resource Management
An ITIL Perspective for Storage Resource Management BJ Klingenberg, IBM Greg Van Hise, IBM Abstract Providing an ITIL perspective to storage resource management supports the consistent integration of storage
More informationData Warehouse and Business Intelligence Testing: Challenges, Best Practices & the Solution
Warehouse and Business Intelligence : Challenges, Best Practices & the Solution Prepared by datagaps http://www.datagaps.com http://www.youtube.com/datagaps http://www.twitter.com/datagaps Contact contact@datagaps.com
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationApplication Performance Management. Java EE.Net, Databases Message Queue Transaction, Web Servers End User Experience
Application Performance Management Java EE.Net, Databases Message Queue Transaction, Web Servers End User Experience InfoPulse A part of the Partner Nordic IT group EVRY Company brief BMS Consulting is
More informationMVC pattern in java web programming
MVC pattern in java web programming Aleksandar Kartelj, Faculty of Mathematics Belgrade DAAD workshop Ivanjica 6. -11.9.2010 Serbia September 2010 Outline 1 2 3 4 5 6 History Simple information portals
More informationCisco Process Orchestrator Adapter for Cisco UCS Manager: Automate Enterprise IT Workflows
Solution Overview Cisco Process Orchestrator Adapter for Cisco UCS Manager: Automate Enterprise IT Workflows Cisco Unified Computing System and Cisco UCS Manager The Cisco Unified Computing System (UCS)
More informationMonitoring, Managing and Supporting Enterprise Clouds with Oracle Enterprise Manager 12c Name, Title Oracle
Monitoring, Managing and Supporting Enterprise Clouds with Oracle Enterprise Manager 12c Name, Title Oracle Complete Cloud Lifecycle Management Optimize Plan Meter & Charge Manage Applications and Business
More informationHow to Maximise ROI and drive IT Governance with Visual Studio Team System
How to Maximise ROI and drive IT Governance with Visual Studio Team System The Power of an Integrated ALM Solution Julio Fernández-Gayoso Sales manager for Development Tools Western European Microsoft
More informationShorten your 11i Upgrade and Patching Cycles with Automated Testing. Rod Lehman Senior Director of Product Marketing
Shorten your 11i Upgrade and Patching Cycles with Automated Testing Rod Lehman Senior Director of Product Marketing Can You Make an Informed Go-Live Decision? Go / No-go? Go Will the application work as
More informationPractical Approaches for Securing Web Applications across the Software Delivery Lifecycle
Across the Software Deliver y Lifecycle Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle Contents Executive Overview 1 Introduction 2 The High Cost of Implementing
More informationMigration to SQL Server With Ispirer SQLWays 6.0
Migration to SQL Server With Ispirer SQLWays 6.0 About Ispirer Systems Ispirer Systems has been offering solutions for database and application migration since 1999 More than 400 companies worldwide from
More informationChapter 13 Computer Programs and Programming Languages. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 13 Computer Programs and Programming Languages Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Differentiate between machine and assembly languages Identify
More informationCoverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects
Effective Management of Static Analysis Vulnerabilities and Defects Introduction According to a recent industry study, companies are increasingly expanding their development testing efforts to lower their
More informationApproach to Service Management
Approach to Service Management In SOA Space Gopala Krishna Behara & Srikanth Inaganti Abstract SOA Management covers the Management and Monitoring of applications, services, processes, middleware, infrastructure,
More informationComplete Web Application Security. Phase1-Building Web Application Security into Your Development Process
Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle
More informationBlu Age Overview. It is not about changing the platform it is about business agility! HP Non Stop. Modernization Evolution Automation
Blu Age Overview It is not about changing the platform it is about business agility! HP Non Stop October 17 th, 2013 f.vermenouze@bluage.com Mark.Flanigan@hp.com Modernization Evolution Automation 1 2013
More informationCA Repository for z/os r7.2
PRODUCT SHEET CA Repository for z/os CA Repository for z/os r7.2 CA Repository for z/os is a powerful metadata management tool that helps organizations to identify, understand, manage and leverage enterprise-wide
More informationCrossing the DevOps Chasm
SOLUTION BRIEF Application Delivery Solutions from CA Technologies Crossing the DevOps Chasm Can improved collaboration and automation between Development and IT Operations deliver business value more
More informationQuality Testing. Assured.
Quality Testing. Assured. Applications can make or break your business Quality an imperative for success Reliability in quality assurance and control, challenges in adapting to changing benchmarks in delivery
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More information<Insert Picture Here> Oracle BI Standard Edition One The Right BI Foundation for the Emerging Enterprise
Oracle BI Standard Edition One The Right BI Foundation for the Emerging Enterprise Business Intelligence is the #1 Priority the most important technology in 2007 is business intelligence
More informationChoosing A Load Testing Strategy Why and How to Optimize Application Performance
Choosing A Load Testing Strategy Why and How to Optimize Application Performance What Is Load Testing? Systematic exposure of an application to real world, expected usage conditions before deployment Analyzes
More informationTri-Force Consulting Services, Inc. Case Studies
Tri-Force Consulting Services, Inc. Case Studies Tri-Force s Model Addresses Application Outsourcing and System Integration Application Development Application Management Maintenance, Enhancements, Re-engineering
More informationHow To Set Up An Outsourcing Center In China
HJSOFT Business Outsourcing Proposal Introduction... 2 Business Outsourcing Focus... 2 Standard and Unified Development Process... 3 Standardized Testing Procedures... 4 Price reference... 5 1 Introduction
More information