How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell
|
|
- Jasmin Dennis
- 8 years ago
- Views:
Transcription
1 How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell SESSION ID: ASEC-R03 Yair Rovek Security Specialist
2 Challenged by Agile
3 In the Next 45 Min LivePerson and Application Security Where did it all Began LivePerson And Agile Security Checkpoints in the Process Bringing it All Together in the Continuous Integration Summarize the Challenges Key Success Factors 3
4 LivePerson ID What we do? How it works? SaaS platform for creation of meaningful connections through real-time engagement Monitor web visitor s behavior (Over 1.5 B visits each month) Conduct behavioral ranking Provide the engagement platform (Over 10 M chats each month) SaaS & Cloud only Security is NOT optional
5 5
6 From Pen-Testing to SDLC # New Bugs/Year 150 Secure Coding Baseline 3 rd Party Pen-Testing Hand-On Training (R&D vs. QA) 100 Dynamic Testing < > LP Tools Static Code Analysis Open Source Coverage Enforcement 50 Platform Tests Simplify & Scale - ESAPI
7 Who are the Key Players? Sales & Product Software Architects R&D Scrum Teams System Architects CI environment Artifact Production
8 Agile Framework
9 Agile Framework RETROSPECTIVE
10 Add Security to the Agile Process Scrum Actions Release Planning Sprint Planning Coding Code Freeze Q&A Regression Tests Release
11 Add Security to the Agile Process Scrum Actions Release Planning Security Control Security High-Level Design Sprint Planning Coding Code Freeze Q&A Regression Tests Release
12 Add Security to the Agile Process Scrum Actions Release Planning Security Control Security High-Level Design Sprint Planning Guide-in the teams On-Demand Coding Code Freeze Q&A Regression Tests Release
13 Add Security to the Agile Process Scrum Actions Release Planning Security Control Security High-Level Design Sprint Planning Coding Guide-in the teams On-Demand ESAPI & SCA checks for each build Code Freeze Q&A Regression Tests Release
14 Add Security to the Agile Process Scrum Actions Release Planning Security Control Security High-Level Design Sprint Planning Coding Code Freeze Guide-in the teams On-Demand ESAPI & SCA checks for each build Automated Security Tests Q&A Regression Tests Release
15 Add Security to the Agile Process Scrum Actions Release Planning Security Control Security High-Level Design Sprint Planning Coding Code Freeze Q&A Regression Tests Guide-in the teams On-Demand ESAPI & SCA checks for each build Automated Security Tests Automated Security Tests Release
16 Add Security to the Agile Process Scrum Actions Release Planning Sprint Planning Security Control Security High-Level Design Q&A On-Demand Coding Code Freeze Q&A Regression Tests Release ESAPI & SCA checks for each build Automated Security Tests Automated Security Tests External Pen-Test
17 Add Security to the Agile Process Scrum Actions Release Planning Security Control Security High-Level Design Sprint Planning Coding Code Freeze Q&A Regression Tests Release Guide-in the teams On-Demand ESAPI & SCA checks for each build Automated Security Tests Automated Security Tests External Pen-Test
18 Screening Code in 3D Delivered Dependencies and Open Source Developer Code
19 ESAPI Building Blocks Custom Enterprise Web Application Enterprise Security API Authenticator User AccessController AccessReferenceMap Validator Encoder HTTPUtilities Encryptor EncryptedProperties Randomizer Exception Handling Logger IntrusionDetector SecurityConfiguration
20 Where Do I Put my Validation? Any Interpreter Any Encoding Controller Web Service Database User Business Functions Data Layer Mainframe Etc User Interface File System
21 Where Do I Put my Validation? Specific Validate Any Interpreter Any Encoding Controller Web Service Database User Business Functions Data Layer Mainframe Etc User Interface File System Encode For HTML Validate
22 API Example Define Relevant Filters
23 Automated Test Example Black/ White Listing Filter Integrating Automated Testing: Example Preventing RegEx DoS and Performance Issues
24 LivePerson ESAPI Implementation Live Person Security API (LPSAPI) - In-House Security Package based on ESAPI project For Each Product Imports LPSAPI Enforces correct usage via Source Code Analysis (SCA) Enforce Open Source Policy Test your infra BB
25 CI Environment Develop Code Commit Source Control (SVN) TeamCity (Build Trigger) Maven Build Process (Unit tests) Deploy to Test Env Report & Notify Publish to release repository Deploy to Production
26 Security in CI Environment Develop Code Commit Source Control (SVN) TeamCity (Build Trigger) Deploy to Test Env Maven Build Process (Unit tests) SCA, Dynamic, OS Report & Notify Publish to Release Repositor y Deploy to Production
27 One Dashboard Results are Integrated within TeamCity
28 Dive into the Results Results are integrated within CI environment Developer has all required info. No need to involve the Security Team
29 Challenges Management Developers Technology HR Formal Training VS Coaching and Continues Education Scale PenTest Quality 30
30 Key Success Factor Secure Agile Development
31 Key Success Factors Identify the process within R&D and set a plan to become part of it Set Security Package API to be consumed with each code (ESAPI AntiSamy CSRF Guard) Screen and enforce your policy on your code Open Source and platform Use automation to collaborate with the security dynamic test Allow customer to run a pen test and work as a community to succeed
32 Key Success Factors Engage tech leaders as security champions by showing them the value Train developers on a regular basis Create a knowledge base and discussions around security Break the build for any High or Medium findings Start small but think big
33 Contact
34
35 Links to Resources OWASP AGILE & SDLC - MS SDLC
The AppSec How-To: 10 Steps to Secure Agile Development
The AppSec How-To: 10 Steps to Secure Agile Development Source Code Analysis Made Easy 10 Steps In Agile s fast-paced environment and frequent releases, security reviews and testing sound like an impediment
More informationPoints of View. CxO s point of view. Developer s point of view. Attacker s point of view
Web App Security 2 CxO s point of view Points of View Measurable security SCAP (Security Content Automation Protocol) Developer s point of view Secure coding/software security CWE (Common Weakness Enumeration)
More informationOpenSAMM Software Assurance Maturity Model
Libre Software Meeting Brussels 10-July-2013 The OWASP Foundation http://www.owasp.org Open Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation Board Member OWASP Belgium
More informationSecurity Automation in Agile SDLC Real World Cases
Security Automation in Agile SDLC Real World Cases Ofer Maor Director of Security Strategy, Synopsys AppSec California, January 2016 Speaker Security Strategy at Synopsys Founder of Seeker / Pioneer of
More informationInfo-Security Conference 2013. Securing Your Applications in the Cloud. 29 May 2013
Info-Security Conference 2013 Securing Your Applications in the Cloud 29 May 2013 Applications in the Cloud Problem: In the cloud, application security is your final line of defence We are still not doing
More informationDon t Write Your Own Security Code The Enterprise Security API Project OWASP. The OWASP Foundation http://www.owasp.org
Don t Write Your Own Security Code The Enterprise Security API Project Jeff Williams Aspect Security CEO Volunteer Chair of jeff.williams@aspectsecurity.com modified by app@iki.fi Copyright 2009 - The
More informationBuilding & Measuring Security in Web Applications. Fabio Cerullo Cycubix Limited 30 May 2012 - Belfast
Building & Measuring Security in Web Applications Fabio Cerullo Cycubix Limited 30 May 2012 - Belfast Brief Bio - CEO & Founder Cycubix Limited - 10+ years security experience in Technology, Manufacturing,
More informationDevelopment. Resilient Software. Secure and. Mark S. Merkow Lakshmikanth Raghavan. CRC Press. Taylor& Francis Croup. Taylor St Francis Group,
Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs
More informationEnterprise Security API (ESAPI) Java Java User Group San Antonio. Jarret Raim June 3 rd, 2010
Enterprise Security API (ESAPI) Java Java User Group San Antonio Jarret Raim June 3 rd, 2010 What is it? ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control
More informationSoftware Development. Overview. www.intland.com
Agile, Waterfall & Hybrid Method Support SAFe Template Git, SVN, Mercurial Integration Release Management DevOps Baselining (Versioning) Integration to Requirements and QA & Testing Overview codebeamer
More informationPracticing Continuous Delivery using Hudson. Winston Prakash Oracle Corporation
Practicing Continuous Delivery using Hudson Winston Prakash Oracle Corporation Development Lifecycle Dev Dev QA Ops DevOps QA Ops Typical turn around time is 6 months to 1 year Sprint cycle is typically
More informationBeyond ISO 27034 - Intel's Product Security Maturity Model (PSMM)
Beyond ISO 27034 - Intel's Product Security Maturity Model (PSMM) Harold Toomey Sr. Product Security Architect & PSIRT Manager Intel Corp. 2 October 2015 @NTXISSA #NTXISSACSC3 Agenda Application / Product
More informationPaul Barham (pabarham@microsoft.com) Program Manager - Java. David Staheli (dastahel@microsoft.com) Software Development Manager - Java
Paul Barham (pabarham@microsoft.com) Program Manager - Java David Staheli (dastahel@microsoft.com) Software Development Manager - Java to empower every person and every organization on the planet to achieve
More informationHP ALM11 & MS VS/TFS2010
Comparison Test Management Tools HP ALM11 & MS VS/TFS2010 22 mei 2012 voordracht georganiseerd door Discussiegroep Software Testing met de steun van Ingenieurshuis, Antwerpen 24/05/2012 HP ALM 11 Microsoft
More informationIT Home 2015 DevOps 研 討 會
IT Home 2015 DevOps 研 討 會 百 人 工 研 院 團 隊 如 何 落 實 CI 雙 子 星 雲 端 運 算 公 司 符 儒 嘉 執 行 長 http://www.geminiopencloud.com GOCC Internal Use Only Agenda DevOps What does it mean? From Agile to DevOps ITRI Cloud OS
More informationQA & Test Management. Overview. www.intland.com
Agile, Waterfall & Hybrid Method Support SAFe Template for Scaling Agile Git, SVN, Mercurial Integration Release IT Operations & DevOps Baselining (Versioning) Integrated with requirements and QA & Testing
More informationThe AppSec How-To: Achieving Security in DevOps
The AppSec How-To: Achieving Security in DevOps How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be
More informationAgile Best Practices and Patterns for Success on an Agile Software development project.
Agile Best Practices and Patterns for Success on an Agile Software development project. Tom Friend SCRUM Master / Coach 1 2014 Agile On Target LLC, All Rights reserved. Tom Friend / Experience Industry
More information"End-to-End Testing in an Enterprise Agile Environment"
W15 Track 5/6/2009 3:00:00 PM "End-to-End Testing in an Enterprise Agile Environment" Presented by: Billie Bell Intuit, Inc. Presented at: 330 Corporate Way, Suite 300, Orange Park, FL 32073 888-268-8770
More informationSECURITY AND RISK MANAGEMENT
SECURITY AND RISK MANAGEMENT IN AGILE SOFTWARE DEVELOPMENT SATURN 2012 Conference (#SATURN2012) Srini Penchikala (@srinip) 05.10.12 #WHOAMI Security Architect @ Financial Services Organization Location:
More informationAbout Me Developer Workspaces Enable Agile Teams
About Me Developer Workspaces Enable Agile Teams Steve Berczuk Cyrus Innovation New England Agile Bazaar March 2008 Software Developer Certified Scrum Master Author (SCM Patterns Book, CM Crossroads) Technical
More informationContinuous Application Delivery From concept to reality. Carsten Lentz Sr. Solution strategist carsten.lentz@ca.com
Continuous Application Delivery From concept to reality Carsten Lentz Sr. Solution strategist carsten.lentz@ca.com Agenda - Introduction to customer case A Danish insurance company started the journey,
More informationBMC Service Assurance. Proactive Availability and Performance Management Capacity Optimization
BMC Service Assurance Proactive Availability and Performance Management Capacity Optimization BSM enables cross-it workflow Proactive Operations Initiatives Incident Management Proactive Operations REQUEST
More informationAutomation and Virtualization, the pillars of Continuous Testing
HP Software: Apps meet Ops 2015 Automation and Virtualization, the pillars of Continuous Testing Jerry Saelemakers/ April 2 nd, 2015 Today s business initiatives demand a balance between velocity and quality
More informationBest Overall Use of Technology. Jaspersoft
Best Overall Use of Technology Jaspersoft Kerstin Klein Manager, Engineering Processes/ Infrastructure, Jaspersoft From requirements to release QA centric development From Requirement to Release QA-Centric
More informationStarting your Software Security Assurance Program. May 21, 2015 ITARC, Stockholm, Sweden
Starting your Software Security Assurance Program May 21, 2015 ITARC, Stockholm, Sweden Presenter Max Poliashenko Chief Enterprise Architect Wolters Kluwer, Tax & Accounting Max leads the Enterprise Architecture
More informationAccelerating Software Security With HP. Rob Roy Federal CTO HP Software
Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National
More informationContinuous Delivery for Alfresco Solutions. Satisfied customers and happy developers with!! Continuous Delivery!
Continuous Delivery for Alfresco Solutions Satisfied customers and happy developers with!! Continuous Delivery! About me Roeland Hofkens #rhofkens roeland.hofkens@westernacher.com http://opensource.westernacher.com
More informationRequirements Management
MS Excel / Word, and ReqIF Export / Import and Round-trip Medical & Automotive Requirements and Risk (FMEA, IEC 62304, IEC 61508, ISO 26262...) Enterprise Architect and Atlassian JIRA integration Requirements
More informationHow Silk Central brings flexibility to agile development
How Silk Central brings flexibility to agile development The name agile development is perhaps slightly misleading as it is by its very nature, a carefully structured environment of rigorous procedures.
More informationContinuous Integration: Put it at the heart of your development
Continuous Integration: Put it at the heart of your development Susan Duncan Tools Product Manager, Oracle 1 Program Agenda What is CI? What Does It Mean To You? Make it Hudson Evolving Best Practice For
More informationSoftware Development In the Cloud Cloud management and ALM
Software Development In the Cloud Cloud management and ALM First published in Dr. Dobb's Journal, February 2009: http://www.ddj.com/development-tools/212900736 Nick Gulrajani is a Senior Solutions Architect
More informationHP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training
HP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training HP and HP Enterprise Security Products are committed to your success as an HP Partner. In the Fortify Proof of Concept Boot Camp Training,
More informationJenkins World Tour 2015 Santa Clara, CA, September 2-3
1 Jenkins World Tour 2015 Santa Clara, CA, September 2-3 Continuous Delivery with Container Ecosystem CAD @ Platform Equinix - Overview CAD Current Industry - Opportunities Monolithic to Micro Service
More informationSuccessful PaaS and CI in the Cloud
Successful PaaS and CI in the Cloud Steven G. Harris steven.g.harris@cloudbees.com @stevengharris AgileALM/EclipseCon 2012 Platform as a Service As-a-Service Examples Today SaaS PaaS "Cloud computing is
More informationIntegrate App. Security in Continuous Integration
Integrate App. Security in October 12, 2015 TLP: WHITE www.excellium-services.com Excellium ID card A Luxembourg company created in 2012 targeting PSF and Support PSF. An experimented team in Information
More informationTRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION
www.wipro.com TRANSFORMING TO NEXT-GEN APP DELIVERY FOR COMPETITIVE DIFFERENTIATION Renaissance Delivery Experience Ecosystem Sabir Ahmad Senior Architect ... Table of Content Introduction 3 Driving Transformational
More informationEnhancing The ALM Experience
Enhancing The ALM Experience Tools to Accelerate Delivery of Secure, Reliable Modern Applications Brent Dorenkamp Solutions Architect Agenda Application Modernization and the Instant-On Enterprise Building
More informationHow To Protect Your Data From Attack
Integrating Vulnerability Scanning into the SDLC Eric Johnson JavaOne Conference 10/26/2015 1 Eric Johnson (@emjohn20) Senior Security Consultant Certified SANS Instructor Certifications CISSP, GWAPT,
More informationTable of contents. Performance testing in Agile environments. Deliver quality software in less time. Business white paper
Performance testing in Agile environments Deliver quality software in less time Business white paper Table of contents Executive summary... 2 Why Agile? And, why now?... 2 Incorporating performance testing
More informationMobile App Development: The CD Recipe Jenkins + Functional and Non-functional Testing + Real Devices. Carlo Cadet, Director, Technical Evangelists
Mobile App Development: The CD Recipe Jenkins + Functional and Non-functional Testing + Real Devices Carlo Cadet, Director, Technical Evangelists Introducing Perfecto Mobile Enabling manual and automated
More informationAgile Austin Dev SIG. June 2013 - Continuous Integration (CI)
Agile Austin Dev SIG June 2013 - Continuous Integration (CI) Special thanks to: Our hosts, BancVue, for their hospitality and meeting facilities. And to Agile Austin for providing lunch. * For more SIGs
More informationCase Study - Developing a Clinical Application using Agile Methodology
Case Study - Developing a Clinical Application using Agile Methodology Tony Hewer, Senior Quality & Regulatory Affairs Director Medidata Solutions Inc 1 Agenda Background Who we are and what we do Why
More informationMobile Cloud Computing
Mobile Cloud Computing Aalto University 2012-11-21 T-110.5121 Markku Lepistö Principal Cloud Architect 1 Copyright Nokia Siemens Networks 2012 Document classification Cloud Computing Principle Physical
More informationThe Agile Movement An introduction to agile software development
The Agile Movement An introduction to agile software development 1 The Agile Movement An introduction to agile software development Russell Sherwood @russellsherwood & David Sale @saley89 Agenda Who are
More informationNeXUS REPOSITORY managers
PRODUCT OVERVIEW NeXUS REPOSITORY managers Nexus OSS, Nexus Pro and Nexus Pro+ Nexus repository managers help organizations build better software, faster. Like a supply chain, applications are built by
More informationFireScope + ServiceNow: CMDB Integration Use Cases
FireScope + ServiceNow: CMDB Integration Use Cases While virtualization, cloud technologies and automation have slashed the time it takes to plan and implement new IT services, enterprises are still struggling
More informationIntroduction. Arkuda Solutions www.arkudasolutions.com info@arkudasolutions.com
Introduction Globalization, increased competition and changing economic environment create many challenging tasks, such as decreasing company costs, improving business performance, increasing organizational
More informationDevelopment Processes (Lecture outline)
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationWhat s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing
What s new in the HP Functional Testing 11.5 suite Ronit Soen, product marketing John Jeremiah, product marketing Today s agenda A new world order for applications impact on QA HP s response announcement
More informationDISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, 2009. The OWASP Foundation http://www.owasp.
DISA's Application Security and Development STIG: How Can Help You AppSec DC November 12, 2009 Jason Li Senior Application Security Engineer jason.li@aspectsecurity.com The Foundation http://www.owasp.org
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More information! Resident of Kauai, Hawaii
SECURE SDLC Jim Manico @manicode! OWASP Volunteer! Global OWASP Board Member! Manager of several OWASP secure coding projects! Security Instructor, Author! 17 years of web-based, databasedriven software
More informationMastering Continuous Integration with Jenkins
1. Course Objectives Students will walk away with a solid understanding of how to implement a Continuous Integration (CI) environment with Jenkins, including: Setting up a production-grade instance of
More informationContinuous Delivery and Risk Management
Continuous Delivery and Risk Management SESSION ID: SEC-T10 Shaik Mokhinuddeen Director, Software Engineering CA Technologies Ravindra Rajaram Principal Software Engineer CA Technologies Development Deployment
More informationSCRUM 1. Upon what type of process control is Scrum based? a. Empirical b. Hybrid c. Defined d. Complex
SCRUM 1. Upon what type of process control is Scrum based? a. Empirical b. Hybrid c. Defined d. Complex 2. The three pillars of empirical process control are: a. Respect for People, Kaizen, Eliminating
More informationApplication Portfolio Risk Ranking Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking Banishing FUD With Structure and Numbers Dan Cornell OWASP AppSec DC 2010 November 11 th, 2010 Overview The Problem Information Gathering Application Scoring Risk Rank
More informationHP Application Lifecycle Management
HP Application Lifecycle Management Overview HP Application Lifecycle Management is a software solution expressly designed to allow your team to take control of the application lifecycle while investing
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationMM Agile: SCRUM + Automotive SPICE. Electronics Infotainment & Telematics
MM Agile: SCRUM + Automotive SPICE Electronics Infotainment & Telematics 20 Novembre, 2010 INDEX Introduction Why MM Agile Approach? How did we align classical and agile approach? How do we implement SCRUM?
More informationHTML5 SECURITY. Why Should I Care? Ofer Shezaf, ofr@hp.com Product Manager, Security Solutions HP ArcSight
HTML5 SECURITY Why Should I Care? Ofer Shezaf, ofr@hp.com Product Manager, Security Solutions HP ArcSight 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change
More informationDeciphering The Buzzwords. Duncan Winn @duncwinn
Deciphering The Buzzwords Duncan Winn @duncwinn Business Problem: Shipping with Velocity Underlying Problem: Buzzwords Buzzwords Release Engineering Cloud Computing Containers Automation Anything As A
More informationProduct Update. Get There Faster. Dan Ternes CTO, Asia-Pacific & Japan. 2014 Software AG. All rights reserved.
Product Update Dan Ternes CTO, Asia-Pacific & Japan 1 Get There Faster 2 When does the problem change from personal inconvenience to financial loss? What is the potential business case for HSBC? And how
More informationOn the Edge of Mobility Building a Bridge to Quality October 22, 2013
Copyright 2013 Vivit Worldwide On the Edge of Mobility Building a Bridge to Quality October 22, 2013 Brought to you by Copyright 2013 Vivit Worldwide Hosted by Stephanie Konkoy Americas Chapter/SIG Liaison
More informationAugmented Search for Software Testing
Augmented Search for Software Testing For Testers, Developers, and QA Managers New frontier in big log data analysis and application intelligence Business white paper May 2015 During software testing cycles,
More informationSoftware infrastructure for Java development projects
Tools that can optimize your development process Software infrastructure for Java development projects Presentation plan Software Development Lifecycle Tools What tools exist? Where can tools help? Practical
More informationi Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.
Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. 2 Barry Brueseke (619) 401 7334 www.inetwork west.com 4/3/2014 IEEE Cyber Security Workshop
More informationNovember 12 th 13 th London: Mastering Continuous Integration with Jenkins
1. Course Objectives Students will walk away with a solid understanding of how to implement a Continuous Integration (CI) environment, including: Setting up a production-grade instance of a Jenkins server,
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationD. Best Practices D.1. Assurance The 5 th A
Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.1. Assurance The 5 th A 1 of 36 IT systems are insecure for two main reasons: People are fallible and systems are complex and
More informationBecome an ALM specialist in 6 weeks
Become an ALM specialist in 6 weeks What is it about? ALM academy empowers organizations with Microsoft Team Foundation Server as ALM platform. ALM academy enables software professionals and consultants
More informationSUCCESFUL TESTING THE CONTINUOUS DELIVERY PROCESS
SUCCESFUL TESTING THE CONTINUOUS DELIVERY PROCESS @pascal_dufour & @hrietman INTRODUCTION Pascal Dufour Agile Tester @Pascal_Dufour Harald Rietman Developer Scrum Master @hrietman TYPICAL Experience with
More informationHP Fortify application security
HP Fortify application security Erik Costlow Enterprise Security The problem Cyber attackers are targeting applications Networks Hardware Applications Intellectual Property Security Measures Switch/Router
More informationA Practical Guide to implementing Agile QA process on Scrum Projects
Agile QA A Practical Guide to implementing Agile QA process on Scrum Projects Syed Rayhan Co-founder, Code71, Inc. Contact: srayhan@code71.com Blog: http://blog.syedrayhan.com Company: http://www.code71.com
More informationecommerce and Retail Rainforest QA enables ecommerce companies to test highly visual user interfaces and customer experience and flow.
ecommerce and Retail Rainforest QA enables ecommerce companies to test highly visual user interfaces and customer experience and flow. ecommerce lives and dies by a great user experience, which in turn
More informationContinuous Delivery. Alejandro Ruiz
Continuous Delivery Alejandro Ruiz True reality How the customer explained it How the project leader understood it How the analyst designed it How the programmer wrote it What the customer really needed
More informationAugmented Search for Web Applications. New frontier in big log data analysis and application intelligence
Augmented Search for Web Applications New frontier in big log data analysis and application intelligence Business white paper May 2015 Web applications are the most common business applications today.
More informationContinuous Integration and Deployment Modern Technique's
International Journal of Computer Sciences and Engineering Open Access Review Paper Volume-4, Issue-4 E-ISSN: 2347-2693 Continuous Integration and Deployment Modern Technique's Vivek Verma 1* and Vinay
More informationCall for Tender for Application Development and Maintenance Services
ADM Partners Reference #: 100001200 Call for Tender for Application Development and Maintenance Services Annex 2 - Agile Application Development and Maintenance Appendix A - OECD s Agile Practices and
More informationFast Feedback: Jenkins + Functional and Non-Functional Mobile App Testing Without Pulling Your Hair
Fast Feedback: Jenkins + Functional and Non-Functional Mobile App Testing Without Pulling Your Hair Uzi Elion, Tecnology Director Carlo Cadet, Director, Technical Evangelists Tuning the Process for Mobile
More informationMANUAL TESTING. (Complete Package) We are ready to serve Latest Testing Trends, Are you ready to learn.?? New Batches Info
MANUAL TESTING (Complete Package) WEB APP TESTING DB TESTING MOBILE APP TESTING We are ready to serve Latest Testing Trends, Are you ready to learn.?? New Batches Info START DATE : TIMINGS : DURATION :
More informationMaking Leaders Successful Every Day. 2014 Forrester Research, Inc. Reproduction Prohibited
Making Leaders Successful Every Day Compliance & Continuous Delivery for SVN and Git An Oxymoron No Longer Kurt Bittner, Principal Analyst Mobile and Cloud Are Driving The Need for Faster Delivery Cycles
More informationSecure Development Lifecycle. Eoin Keary & Jim Manico
Secure Development Lifecycle Jim Manico @manicode OWASP Volunteer Global OWASP Board Member OWASP Cheat-Sheet Series Manager VP of Security Architecture, WhiteHat Security 16 years of web-based, database-driven
More informationMobile Testing in a Fast Paced World
Mobile Testing in a Fast Paced World Shaminder Rai VP, Product Development at MBA Focus Session: Strategies Risk Based Testing Give me time to test in 10 easy steps! Mobile Security Testing Give me
More informationHow to Develop Cloud Applications Based on Web App Security Lessons
Applications Based on Before moving applications to the public cloud, it is important to implement security practices and techniques. This expert E-Guide provides guidance on how to develop secure applications
More informationSafeguard Your Remote Employees With CyBlock Hybrid
WavecrestTechBrief Safeguard Your Remote Employees With CyBlock Hybrid www.wavecrest.net For organizations that are composed of a main office, branch offices, and remote and mobile users, there is a certain
More informationIntroductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management
Introductions KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management Agenda 1. Introduction 2. What is Cloud Computing? 3. The Identity Management
More information<Insert Picture Here> Introducing Hudson. Winston Prakash. Click to edit Master subtitle style
Introducing Hudson Click to edit Master subtitle style Winston Prakash What is Hudson? Hudson is an open source continuous integration (CI) server. A CI server can do various tasks
More informationDevOps Best Practices for Mobile Apps. Sanjeev Sharma IBM Software Group
DevOps Best Practices for Mobile Apps Sanjeev Sharma IBM Software Group Me 18 year in the software industry 15+ years he has been a solution architect with IBM Areas of work: o DevOps o Enterprise Architecture
More informationTesting Lifecycle: Don t be a fool, use a proper tool.
Testing Lifecycle: Don t be a fool, use a proper tool. Zdenek Grössl and Lucie Riedlova Abstract. Show historical evolution of testing and evolution of testers. Description how Testing evolved from random
More information101-301 Guide to Mobile Testing
101-301 Guide to Mobile Testing Perfecto Mobile & Toronto Association of System and Software Eran Kinsbruner & Joe Larizza 2014 What To Do? Great News Your first Mobile Project has arrived! You have been
More informationExceptional Technology Solutions
Exceptional Technology Solutions Alacrity Technologies is a privately held technology company that provides IT services and crafts software solutions to fit specific business and technology domains. For
More informationBig Data Use Cases. To Start Today. Paul Scholey Sales Director, EMEA. 2013, Pentaho. All Rights Reserved. pentaho.com. Worldwide +1 (866) 660-7555
Big Use Cases To Start Today Paul Scholey Sales Director, EMEA 1 Exabytes of We all know the amount of data in the world is growing exponentially 40000 30000 YOU ARE HERE 20000 FROM 2010 TO 2015 77% of
More informationRequest for Offers (RFO) Addendum
Request for Offers (RFO) Addendum RFO Number: RFO0095 Addendum Number: 1 Date of Addendum: _10/21/2015 Original Due Date, Time: 10/26/2015, 2:00pm Revised Date, Time: _10/26/2015, 2:00pm Title: _MNLARS
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationBeginners guide to continuous integration. Gilles QUERRET Riverside Software
Beginners guide to continuous integration Gilles QUERRET Riverside Software About the speaker Working with Progress and Java since 10 years Started Riverside Software 7 years ago Based in Lyon, France
More informationSecure Development LifeCycles (SDLC)
www.pwc.com Feb 2014 Secure Development LifeCycles (SDLC) Bart De Win Bart De Win? 15+ years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific
More informationDevOps for the Mainframe
DevOps for the Mainframe Rosalind Radcliffe IBM Distinguished Engineer, Enterprise Modernization Solution Architect rradclif@us.ibm.com 1 Please note IBM s statements regarding its plans, directions, and
More informationPatch Management SoftwareTechnical Specs
Patch Management SoftwareTechnical Specs 1. Scalable: a. The PMS (Patch Management Software)must be scalable(can grow as network grows). b. The PMSmust be able to support more than 10k nodes from a single
More information