IBM SAP International Competence Center IBM Rational AppScan deployed by SAP AG
|
|
- Abner Cox
- 7 years ago
- Views:
Transcription
1 IBM SAP International Competence Center IBM Rational AppScan deployed by SAP AG SAP AG / Wolfram Scheible
2 With IBM Rational AppScan we have efficiently automated the process of weak-point analysis. Michael Neumaier Senior Quality Specialist SAP AG IBM Rational AppScan not only helps us to avoid costs related to hacking attacks, but also reduces the manual effort needed for analysis and the costs for testing. Michael Neumaier Senior Quality Specialist SAP AG
3 IBM Rational AppScan deployed by SAP AG About this paper Experts estimate that the global damage caused by cyber criminals could be as much as 100 billion a year. Almost as soon as any new Web application goes online, it is registered and analyzed by automatic hacker tools. The applications and the data behind them are rarely protected by technologies such as firewalls, network scanners and intrusion detection systems. This paper looks at the steps taken by SAP AG to protect its applications using IBM Rational AppScan. Customer objectives Protect online applications by ensuring that vulnerabilities are identified and removed before deployment Cut the costs of remedial action by enhancing prerelease quality Increase customer confidence in the security of online applications Learn how to improve application design for the future IBM solution IBM Rational AppScan Standard 8.0 Customer benefits IBM Rational AppScan covers all of SAP s security test requirements and has hugely expanded its test capabilities Manual testing is being phased out, and a regular process for checking and reviewing test cases has been implemented. IBM Rational AppScan has integrated seamlessly into SAP s quality assurance processes, because it automates a component of existing workflows rather than requiring an overall process change. 3
4 Background, starting point and objectives SAP developers work on some 190 products, with more than 25 industry solutions in over 30 languages. Approximately 500 developers work in parallel on each new solution release. SAP has moved to a global process for software development and release, based on four business principles: Changing conditions for software development: Changed product portfolio, from a single product to a portfolio of different products. Global organization with distributed development in multiple international locations. Improved communication between customers, partners and SAP: Provide one common and consistent approach to the roll-in of customer requirements. Reflect industry scenario orientation and focus on customer business needs. Ensure alignment between internal and external stakeholders on development priorities. Industrialization of software development & re-use: The service oriented architecture fosters reuse at various levels. Aligned processes and organizations must reflect this reuse. Never-ending quality improvement: Adapted processes for a high level of software quality and optimized TCO, while at the same time reducing time-tomarket. Build the right things the right way, with planned quality along the entire product lifecycle. Business challenges and project objectives With more SAP applications being designed for use over the Internet, the company has a pressing requirement to help ensure Web application security. For the SAP team, it was important to handle the increasing volume of test work while maintaining the very high quality of the results. With manual testing, without automation, it was clear that the workload could easily become unmanageable, resulting in increased costs and carrying the risk of incorrectly tested software being brought to market. If the team could automate most of the testing procedures, this would accelerate throughput and increase testing validity. In turn, IT staff could be released to work on more important software development projects. While searching for suitable tools to test its applications predeployment, the SAP team identified a list of core requirements, including: Up-to-date functionality, including ability to combat current attack methods and vulnerability classes. Quality of the scanning technology and its ability to uncover security issues. Reliability and accuracy of the findings generated by the scanner, including false-positive handling. Usability and handling of the configuration of the scanner for very large software projects. Display and filtering of the findings, and ability to interpret findings easily. Support in the debugging, elimination or other resolution of identified vulnerabilities. Extensive reporting for different risk and compliance reports. Position and strength of the vendor in the market. Level of investment in future research and development of the security solution. 4
5 Technical solution The IBM Rational AppScan product family selected for use by SAP examines Web applications for known vulnerabilities during both the development phase and application operation. Rational AppScan offers highly automated scanning and analysis, and provides reports in compliance with national and international standards at the push of a button. The Rational AppScan tools also help educate developers and security staff, with integrated e-learning components designed to ensure that safe practices are embedded in coding right at the start of software development programs. The SAP team deployed IBM Rational AppScan Standard in India on a Microsoft Windows server with multiple log-on options through Windows Terminal Server, and in Germany on a standard desktop PC running Windows. For both systems, SAP runs a shared calendar where colleagues can plan their tests and machine usage, which allows many different people to run their tests without conflict. The SAP team was very satisfied with the support and technical expertise offered by IBM. Issues were processed quickly, and the recommended solutions solved problems rapidly, thanks to the high level of product competency offered by IBM. Rational AppScan includes graphical presentations of results and powerful report generation functionality, which demonstrates how the vulnerabilities are actually exploited in a Web browser. These capabilities are central to helping developers understand what the issues mean in practice. The Rational AppScan interface is so powerful that at SAP, developers are invited to online screen-sharing teleconferences where they can view the test results and issues for themselves. Motive National security Industrial espionage Monetary gain Revenge The national security agenda is rising in importance within the context of the cybersecurity discussion Damage/impact to life and property Insiders Cyber warriors Organized crime, competitors Advanced persistent threat Hackers, crackers Inside information Sophisticated tools, expertise and substantial resources Prestige and thrill Script kiddies Substantial time, tools and social engineering Curiosity Scripts, tools, web-based how-tos Adversary Figure 1: The important information and services accessible through a Web-facing application have attracted a new and far more sophisticated adversary. The motivation for these attacks is changing and maturing from curiosity to financial gain to real espionage. The techniques that hackers employ are also advancing, making them harder to prevent and detect. The arrow represents a rapid rise in the likely overall damage and impact of attacks on applications as a whole. Source: IBM Software, Rational, Technical White Paper: Designing a strategy for comprehensive Web protection, 5
6 About Rational AppScan The Rational AppScan product portfolio provides ways to automate and industrialize the protection of networked and Web applications that collect and exchange sensitive data. Essentially, Rational AppScan software extends security analysis in the application security process and employs multiple testing techniques that result in higher-quality, more secure applications. Additional functionalities include JavaScript Analyzer, an extension of AppScan Standard developed in collaboration with IBM Research, which provides static taint analysis of JavaScript, detecting a range of client-side security issues, such as DOMbased Cross-site Scripting (XSS) where malicious JavaScript code is executed in the user s browser without sanity checks that could prevent the attack. There have been numerous documented cases of companies that spent millions of dollars recovering from cyber-attacks that could almost certainly have been prevented. Vulnerabilities in a production environment can be costly to remedy, while Rational AppScan helps to uncover and fix flaws during the development process, reducing cost and risk. Rational AppScan offers static and dynamic security testing in all stages of application development. SAP uses Rational AppScan Standard Edition, and the full product range extends to cover a variety of business needs: AppScan Build Edition embeds Web application security testing into the build management workflow. AppScan Enterprise Edition provides Web application vulnerability testing and reporting solution used to scale security testing. AppScan Express Edition delivers affordable Web application security for smaller organizations. AppScan OnDemand identifies and prioritizes Web application security vulnerabilities that may be apparent via the SaaS model. AppScan OnDemand Production Site Monitoring enables consistent and continuous monitoring for production Web content and sites for vulnerabilities via the SaaS model. The role of JavaScript in modern Web applications is becoming more important as technologies such as AJAX, HTML5 and the Dojo toolkit grow more common. The JavaScript Analyzer makes AppScan one of the first tools capable of detecting a range of client-side security issues. Until now, these issues were thought to be very common, but with no tool to find them there was no hard evidence and no way to build defenses. AppScan is also able to apply both black box and white box in the same scan. 6
7 Proof of validity To test the validity of the claims for Rational AppScan, SAP performed an external audit and penetration test on Duet software. The team then compared the results of the manual test against the automated findings generated by Rational AppScan. The comparison was designed to detect and reproduce the vulnerabilities discovered by the manual test, and highlight the appropriate areas of the source code. Rational AppScan succeeded in locating all the vulnerabilities discovered manually, identified additional concerns, and pinpointed the source code responsible in just a few hours. The AppScan findings are highly accurate, with very few false positives, which saves a great deal of time when evaluating an application. The audit reporting and ability to provide full traceability of errors feature high on the list of time- and costsaving functionalities. During software development itself, the developers themselves are responsible for testing. The SAP IT team provides developers with Rational AppScan testing services, which can be booked internally. For those developers who choose to test during development, the results are used during the software validation process. If the core team is involved in testing, software validation can be completed more quickly, reducing SAP s time to market with new solutions. If Rational AppScan is not involved during the software development process, developers have to run their own manual tests and provide documentation explaining why their test results are acceptable. Based on those documents, the testing team makes its plan for software validation usually a longer process than where products have involved Rational AppScan at an early stage. AppScan Standard was integrated into SAP s product development process, and the powerful reporting functionality is used to analyze results and generate recommendations for developers. For example, after an application scan with Rational AppScan, the team schedules a workshop with the development team. Rational AppScan generates an application profile with SAPspecific main issues, aimed at SAP standard requirements. With the reduced testing time and effort that using Rational AppScan provides, SAP is able to develop more Web applications more quickly, and bring them to market. As a result of these benefits, SAP purchased additional Rational AppScan licenses, expanding its footprint to eight users in total, in India, Israel and Germany. 7
8 Business benefits In the future, combinations of dynamic and static analyses present new possibilities for SAP. This hybrid analysis is completed using the JavaScript Analyzer. During a test, both the black box tests (the normal HTTP tests provided by AppScan Standard Edition) and white box tests (via static analysis of the JavaScript code by the JSA component) are run. The black box and white box test results are correlated through the Reporting Console. The correlation highlights specific weak points, identified by both scanning technologies. Such doubleweaknesses can be considered to be a genuine risk, to be fixed as rapidly as possible. Under the previous manual testing processes, the SAP team knew that its 60 or so test case descriptions did not cover all requirements. Manual testing is being phased out, and a regular process for checking and reviewing test cases has been implemented. With Rational AppScan, the SAP team now has a significantly higher degree of test coverage. Product complexity affects the testing processes, which can be fractions of a second or several minutes for each URL. Rational AppScan can also test by starting with an initial URL and then test all the pages that can be reached, somewhat in the manner of a search engine crawling linked Web pages. The tools include the ability to exclude or include certain pages, directories or areas of a website, and single pages can be specified for test. To accelerate testing, the IBM team implemented an adaptive approach: if test failures exceed pre-set limits, the test sequence is halted. This method reduces the time spend on test runs, accelerating total throughput and increasing efficiency. Rational AppScan has integrated seamlessly into SAP s processes, as it automates a component of existing workflows rather than requiring change. From initial adoption, usage has exploded as the benefits have become clear, particularly since the number of Web applications is growing continuously. 8
9 IBM Rational AppScan has a hugely positive impact on educating our developers with respect to avoiding vulnerabilities in Web applications. Michael Neumaier Senior Quality Specialist SAP AG
10 10
11 SAP, Duet and all SAP logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries. All other product and service names mentioned are the trademarks of their respective companies. SAP Forward-looking Statement Any statements contained in this document that are not historical facts are forward-looking statements as defined in the U.S. Private Securities Litigation Reform Act of Words such as anticipate, believe, estimate, expect, forecast, intend, may, plan, project, predict, should and will and similar expressions as they relate to SAP are intended to identify such forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations The factors that could affect SAP s future financial results are discussed more fully in SAP s filings with the U.S. Securities and Exchange Commission ( SEC ), including SAP s most recent Annual Report on Form 20-F filed with the SEC. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates. 11
12 For more information: To learn more about the solutions from IBM and SAP, visit: ibm-sap.com For more information about SAP products and services, contact an SAP representative or visit: sap.com For more information about IBM products and services, contact an IBM representative or visit: ibm.com Contacts: IBM Stephan Rosche For further questions please contact the IBM SAP International Competency Center via Copyright IBM Corp All Rights Reserved. IBM Deutschland GmbH D Stuttgart ibm.com Produced in Germany December 2011 IBM, the IBM logo, ibm.com, i5/os, DB2, Domino, FlashCopy, Lotus, Notes, POWER, POWER4, POWER5, POWER6, System i, System x, and Tivoli are trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of other IBM trademarks is available on the Web at: shtml UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product or service names may be trademarks, or service marks of others. This brochure illustrates how IBM customers may be using IBM and/or IBM Business Partner technologies/services. Many factors have contributed to the results and benefits described. IBM does not guarantee comparable results. All information contained herein was provided by the featured customer/s and/or IBM Business Partner/s. IBM does not attest to its accuracy. All customer examples cited represent how some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication is for general guidance only. Photographs may show design models. SPC03379-DEEN-00
IBM Rational AppScan: Application security and risk management
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
More informationIBM SAP International Competence Center. Load testing SAP ABAP Web Dynpro applications with IBM Rational Performance Tester
IBM SAP International Competence Center Load testing SAP ABAP Web Dynpro applications with IBM Rational Performance Tester Ease of use, excellent technical support from the IBM Rational team and, of course,
More informationIBM Rational AppScan: enhancing Web application security and regulatory compliance.
Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More informationApplication Security from IBM Karl Snider, Market Segment Manager March 2012
Application Security from IBM Karl Snider, Market Segment Manager March 2012 1 2012 IBM Corporation Helping Solve Customer Challenges Application Security Finding Application Vulnerabilities GlassBox scanning
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationDANNY ALLAN, STRATEGIC RESEARCH ANALYST. A whitepaper from Watchfire
WEB APPLICATION SECURITY: AUTOMATED SCANNING OR MANUAL PENETRATION TESTING? DANNY ALLAN, STRATEGIC RESEARCH ANALYST A whitepaper from Watchfire TABLE OF CONTENTS Introduction... 1 History... 1 Vulnerability
More informationIBM SmartCloud Workload Automation
IBM SmartCloud Workload Automation Highly scalable, fault-tolerant solution offers simplicity, automation and cloud integration Highlights Gain visibility into and manage hundreds of thousands of jobs
More informationOperationalizing Application Security & Compliance
IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the
More informationIBM Rational AppScan Source Edition
IBM Software November 2011 IBM Rational AppScan Source Edition Secure applications and build secure software with static application security testing Highlights Identify vulnerabilities in your source
More informationReducing Application Vulnerabilities by Security Engineering
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
More informationService management White paper. Manage access control effectively across the enterprise with IBM solutions.
Service management White paper Manage access control effectively across the enterprise with IBM solutions. July 2008 2 Contents 2 Overview 2 Understand today s requirements for developing effective access
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationTivoli Automation for Proactive Integrated Service Management
Tivoli Automation for Proactive Integrated Service Management Gain advantage with Tivoli Automation portfolio Optimizing the World s Infrastructure 24 October 2012, Moscow 2012 IBM Corporation Acknowledgements,
More informationIBM SAP International Competence Center. Coca-Cola Bottling Co. Consolidated utilizes SAP technical upgrade project to migrate from Oracle to IBM DB2
IBM SAP International Competence Center Coca-Cola Bottling Co. Consolidated utilizes SAP technical upgrade project to migrate from Oracle to IBM DB2 Running the SAP Unicode conversion and the database
More informationWeb application security: automated scanning versus manual penetration testing.
Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents
More informationEl costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
More informationHP WebInspect Tutorial
HP WebInspect Tutorial Introduction: With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the
More informationSecurity solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.
Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?
More informationApplication Security Center overview
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationDatacenter Management Optimization with Microsoft System Center
Datacenter Management Optimization with Microsoft System Center Disclaimer and Copyright Notice The information contained in this document represents the current view of Microsoft Corporation on the issues
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationWeb Applications The Hacker s New Target
Web Applications The Hacker s New Target Ross Tang IBM Rational Software An IBM Proof of Technology Hacking 102: Integrating Web Application Security Testing into Development 1 Are you phished? http://www.myfoxny.com/dpp/your_money/consumer/090304_facebook_security_breaches
More informationStaying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.
Managing business infrastructure White paper Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. September 2008 2 Contents 2 Overview 5 Understanding
More informationHow does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
More informationWebGoat for testing your Application Security tools
WebGoat for testing your Application Security tools NAISG-DFW February 28 th, 2012 Michael A Ortega, CISSP CEH CISM GCFA Sr Application Security Professional IBM Security Systems 312.523.1538 maortega@us.ibm.com
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationSAP Central Process Scheduling (CPS) 8.0 by Redwood
SAP Central Process Scheduling (CPS) 8.0 by Redwood What s new in SAP CPS 8.0? November 2010 Agenda 1. SAP Central Process Scheduling by Redwood Architecture Overview 2. Enhanced User Interface 3. New
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationWeb site security issues White paper November 2009. Maintaining trust: protecting your Web site users from malware.
Web site security issues White paper November 2009 Maintaining trust: protecting your Page 2 Contents 2 Is your Web site attacking your users? 3 Familiar culprit, new MO 6 A look at how legitimate Web
More informationBank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM
Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM Agenda Introduction to Application Hacking Demonstration of Attack Tool Common Web Application Attacks Live Bank Hacking Demonstration
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationIBM Tivoli Directory Integrator
IBM Tivoli Directory Integrator Synchronize data across multiple repositories Highlights Transforms, moves and synchronizes generic as well as identity data residing in heterogeneous directories, databases,
More informationIBM Workload Automation: Major Improvements in Hybrid Cloud Workload Management, Predictive Analytics and User Experience
Research Report IBM Workload Automation: Major Improvements in Hybrid Cloud Workload Management, Executive Summary Imagine the challenges involved in trying to manage application workflow across dozens
More informationLog Analysis Tool for SAP NetWeaver AS Java
Log Analysis Tool for SAP NetWeaver AS Java Applies to: SAP NetWeaver 6.40, 7.0x, 7.1x, 7.20 and higher Summary Log Analysis is an SAP tool for analyzing list formatted logs and traces in Application Server
More informationRisk-based solutions for managing application security
IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated
More informationDeploying a private database cloud on z Systems
Deploying a private database cloud on z Systems How DPS evolved over time and what is coming next SAP on z IBM Systems Conference Holger Scheller - IBM April 13 th, 2016 Trademarks The following are trademarks
More informationCloud Security Who do you trust?
Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud
More informationLearning objectives for today s session
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify
More informationIBM RATIONAL PERFORMANCE TESTER
IBM RATIONAL PERFORMANCE TESTER Today, a major portion of newly developed enterprise applications is based on Internet connectivity of a geographically distributed work force that all need on-line access
More informationApplication Code Development Standards
Application Code Development Standards Overview This document is intended to provide guidance to campus system owners and software developers regarding secure software engineering practices. These standards
More informationData Transfer Tips and Techniques
Agenda Key: Session Number: System i Access for Windows: Data Transfer Tips and Techniques 8 Copyright IBM Corporation, 2008. All Rights Reserved. This publication may refer to products that are not currently
More informationDatasheet FUJITSU Cloud Monitoring Service
Datasheet FUJITSU Cloud Monitoring Service FUJITSU Cloud Monitoring Service powered by CA Technologies offers a single, unified interface for tracking all the vital, dynamic resources your business relies
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationIBM SAP International Competence Center. The Home Depot moves towards continuous availability with IBM System z
IBM SAP International Competence Center The Home Depot moves towards continuous availability with IBM System z Continous availability and manageability are the design principles of our IT architecture.
More informationBlack Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP
Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationEffective Software Security Management
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationPredictive analytics with System z
Predictive analytics with System z Faster, broader, more cost effective access to critical insights Highlights Optimizes high-velocity decisions that can consistently generate real business results Integrates
More informationSAP NetWeaver BRM 7.3
SAP NetWeaver BRM 7.3 New Features Overview Arti Gopalan Solution Specialist SAP NetWeaver BRM NetWeaver Orchestration SAP Labs India Agenda Technical Components of NW BRM Rules Composer Rules Manager
More informationSecurity for a Smarter Planet. 2011 IBM Corporation All Rights Reserved.
Security for a Smarter Planet The Smarter Planet Our world is getting Instrumented Our world is getting Interconnected Our world is getting Intelligent Growing Security Challenges on the Smarter Planet
More informationData Breach Risk Intelligence
Data Breach Risk Intelligence for CISOs A host-based platform for speed, accuracy and relevancy to prioritize remediation and present risk to non-it leadership. Table of contents Introduction 3 Data breaches
More informationHow to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide
SAP How-to Guide Mobile Device Management SAP Afaria How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide Applicable Releases: SAP Afaria 7 SP3 HotFix 06, SAP Afaria
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationIBM Storwize V7000: For your VMware virtual infrastructure
IBM Storwize V7000: For your VMware virtual infrastructure Innovative midrange disk system leverages integrated storage technologies Highlights Complement server virtualization, extending cost savings
More informationBuilding Assurance Into Software Development Life- Cycle (SDLC)
Application Software Assurance Center of Excellence (ASACoE) Building Assurance Into Software Development Life- Cycle (SDLC) James Woody Woodworth Operations Chief, ASACoE & Sean Barnum, Principal Consultant
More informationCopyright 2006. Watchfire Corporation. All Rights Reserved.
AppScan Frequently Asked Technical Questions 1. How is AppScan different from other web application scanners? (p. 2) 2. How do I know if I ve covered all of my applications? (p. 3) 3. How is AppScan different
More informationUpdate on the SAP GUI Family. Q3/2014 Public
Update on the SAP GUI Family Q3/2014 Public Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject
More informationThe Truth about False Positives
An ISS Technical White Paper The Truth about False Positives 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Overview In the security industry, many security analysts remark that
More informationHow To Use Ibm Tivoli Monitoring Software
Monitor and manage critical resources and metrics across disparate platforms from a single console IBM Tivoli Monitoring Highlights Help improve uptime and shorten Help optimize IT service delivery by
More informationSAP xapp Resource and Portfolio Management (SAP xrpm)
SAP xapp Resource and Management (SAP xrpm) Version 2.0 Kai Nylen Solution Adviser, SAP Finland Outline Challenges Facing Organizations SAP xrpm Product Overview SAP xrpm Architecture SAP xrpm Customer
More informationQuality Programs for Regulatory Compliance
Quality Programs for Regulatory Compliance Roy Garris, IconATG Regulatory Compliance Practice Manager (866) 785-4266 http://www.iconatg.com info@iconatg.com Version 1.00 Application Vulnerabilities Put
More informationIntegrating Easy Document Management System in SAP DMS
Integrating Easy Document Management System in SAP DMS Applies to: SAP Easy Document Management System Version 6.0 SP12. For more information, visit the Product Lifecycle Management homepage. Summary This
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationSimplify Your Windows Server Migration
SOLUTION BRIEF: ENDPOINT MANAGEMENT........................................ Simplify Your Windows Server Migration Who should read this paper Windows Server 2003 customers looking to migrate to the latest
More informationIntelligent Business Operations Chapter 1: Overview & Strategy
Intelligent Business Operations Chapter 1: Overview & Strategy Legal Disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission
More informationSkybox Security Survey: Next-Generation Firewall Management
Skybox Security Survey: Next-Generation Firewall Management November 2012 Worldwide Results Notice: This document contains a summary of the responses to a November 2012 survey of medium- to largesize organizations
More informationSophistication of attacks will keep improving, especially APT and zero-day exploits
FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint
More informationSymantec Endpoint Protection
The next generation of antivirus technology from Symantec Overview Advanced threat protection combines Symantec AntiVirus with advanced threat prevention to deliver an unmatched defense against malware
More informationAddress IT costs and streamline operations with IBM service desk and asset management.
Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT
More informationProtect Your Connected Business Systems by Identifying and Analyzing Threats
SAP Brief SAP Technology SAP Enterprise Threat Detection Objectives Protect Your Connected Business Systems by Identifying and Analyzing Threats Prevent security breaches Prevent security breaches Are
More informationLumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation
Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation Version 7.0 SP1 Evaluation Guide September 2010 Version 2.4 Copyright 2010, Lumension, Inc. Table of Contents Lumension Endpoint
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationIBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure
IBM Global Small and Medium Business Keep Your IT Infrastructure and Assets Secure Contents 2 Executive overview 4 Monitor IT infrastructure to prevent malicious threats 5 Protect IT assets and information
More informationWhite paper September 2009. Realizing business value with mainframe security management
White paper September 2009 Realizing business value with mainframe security management Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationWeb Application Vulnerability Scanning. VITA Commonwealth Security & Risk Management. April 8, 2016
Web Application Vulnerability Scanning VITA Commonwealth Security & Risk Management April 8, 2016 1 Terms Threat A thing that can cause harm Vulnerability A flaw that can be exploited to cause bad things
More informationWeb Security School Final Exam
Web Security School Final Exam By Michael Cobb 1.) Which of the following services is not required to run a Windows server solely configured to run IIS and publish a Web site on the Internet? a. IIS Admin
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationWorldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares
Market Analysis Worldwide Security and Vulnerability Management 2014 2018 Forecast and 2013 Vendor Shares Charles J. Kolodgy IN THIS EXCERPT The content for this excerpt was taken directly from IDC Market
More informationMobile, Cloud, Advanced Threats: A Unified Approach to Security
Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationSAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015
SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015 2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any
More informationIBM Storwize Rapid Application Storage
IBM Storwize Rapid Application Storage Efficient, pretested, integrated and powerful solution to accelerate deployment and return on investment. Highlights Improve disk utilization by up to 30 percent
More informationReducing the cost and complexity of endpoint management
IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and
More informationWeb servers and WebSphere Portal
Web servers and WebSphere Portal By default IBM WebSphere Portal uses the internal HTTP transport within IBM WebSphere Application Server to handle requests. However, because WebSphere Application Server
More information