2 Jim OWASP Volunteer! Global OWASP Board Member! Manager of several OWASP secure coding projects! Security Instructor, Author! 17 years of web-based, databasedriven software development and analysis experience! Author of "Iron Clad Java" from Oracle Press and McGraw Hill! Resident of Kauai, Hawaii! Aloha!
3 Poor Communication = Epic Software Dev Failure
4 If you don t have a published SDLC... YOU WILL NOT LIKELY BE SUCCESSFUL! 4
5 Security in the SDLC Essential that security is embedded in all stages of the SDLC " Business Requirements " Technical Requirements " Development " Testing " Deployment " Operations "The cost of removing an application security vulnerability during the design phase ranges from times less than if removed during production." " NIST, IBM, and Gartner Group
6 SDLC building blocks Published SDLC (++) Secure Coding Guidelines (-) Secure Coding Checklist (+) Non Functional Requirements (++) Static Code Analysis (+) Manual Code Review (+) Dynamic Code Analysis (+) Giving Raw Scanner Data to Dev (-) Security Awareness Training (+++) Threat Modeling (+/-) Application Security Risk Matrix (++) Center of Excellence (++)
7 Security in the SDLC Secure Requirements Review Secure Design Review Secure Code Review Penetration Testing Requirements Definition Design Develop Test Deploy/ Implement Maintain
8 Security in the SDLC with more beef Application Portfolio Analysis External Security Review Static Code Analysis Security Metrics Development Pre- Implement Risk Mgt. User Risk Analysis Design Risk Analysis Developer Training Test Reviews Application Infrastructure Management Coding Standards Development Operations and Incident Response Architecture Risk Analysis Test Planning Secure Coding Libraries Penetration Tests Business Requirements & Use Cases Design Test Plans Coding Testing Deployment & Maintenance
9 Security requirements Establishing the security requirements for the application What are the key security risks within the application? It depends. " Type of information is the application processing " Size of company, number of users, danger of features " Financial and other business impact of potential incidents Involve risk group and/or internal audit to avoid later conflict Identify organizations standards (e.g. password lengths, security schemes), legal and regulatory security requirements! Are these requirements actionable by the development, testing and operations teams?
10 OWASP Application Security Verification Standard (ASVS) OWASP standard for security verification of applications Built in security area sections " Authentication " Session Management " Etc... Excellent way to manage pentesting and other assessment teams Excellent standard to help developers understand secure coding controls from a high level
11 ASVS 2 Authentication Requirements (Easy to Discover) " V2.1 Verify all pages and resources require authentication except those specifically intended to be public (Principle of complete mediation). " V2.2 Verify all password fields do not echo the user s password when it is entered. " V2.4 Verify all authentication controls are enforced on the server side. " V2.6 Verify all authentication controls fail securely to ensure attackers cannot log in. " V2.16 Verify that credentials, and all other identity information handled by the application(s), do not traverse unencrypted or weakly encrypted links. " V2.17 Verify that the forgotten password function and other recovery paths do not reveal the current password and that the new password is not sent in clear text to the user. " V2.18 Verify that username enumeration is not possible via login, password reset, or forgot account functionality. " V2.19 Verify there are no default passwords in use for the application framework or any components used by the application (such as "admin/password").
12 ASVS 2 Authentication Requirements (Intermediate, p1) " V2.7 Verify password entry fields allow or encourage the use of passphrases, and do not prevent long passphrases or highly complex passwords being entered, and provide a sufficient minimum strength to protect against the use of commonly chosen passwords. " V2.8 Verify all account identity authentication functions (such as registration, update profile, forgot username, forgot password, disabled / lost token, help desk or IVR) that might regain access to the account are at least as resistant to attack as the primary authentication mechanism. " V2.9 Verify users can safely change their credentials using a mechanism that is at least as resistant to attack as the primary authentication mechanism. " V2.12 Verify that all authentication decisions are logged. This should include requests with missing required information, needed for security investigations. " V2.13 Verify that account passwords are salted using a salt that is unique to that account (e.g., internal user ID, account creation) and use bcrypt, scrypt or PBKDF2 before storing the password.
13 ASVS 2 Authentication Requirements (Intermediate, p2) " V2.20 Verify that a resource governor is in place to protect against vertical (a single account tested against all possible passwords) and horizontal brute forcing (all accounts tested with the same password e.g. Password1 ). A correct credential entry should incur no delay. Both these governor mechanisms should be active simultaneously to protect against diagonal and distributed attacks. " V2.21 Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location (not in source code). " V2.22 Verify that forgot password and other recovery paths send a link including a time-limited activation token rather than the password itself. Additional authentication based on soft-tokens (e.g. SMS token, native mobile applications, etc.) can be required as well before the link is sent over. " V2.23 Verify that forgot password functionality does not lock or otherwise disable the account until after the user has successfully changed their password. This is to prevent valid users from being locked out. " V2.24 Verify that there are no shared knowledge questions/answers (so called "secret" questions and answers). " V2.25 Verify that the system can be configured to disallow the use of a configurable number of previous passwords.
14 ASVS 2 Authentication Requirements (Advanced) " V2.5 Verify all authentication controls (including libraries that call external authentication services) have a centralized implementation. " V2.26 Verify re-authentication, step up or adaptive authentication, SMS or other two factor authentication, or transaction signing is required before any applicationspecific sensitive operations are permitted as per the risk profile of the application.
15 Gratuitious slide with pictures to break up all the text slides
18 Agile Security Security Sprint Approach Every Sprint Approach Security Sprint Approach: " Dedicated sprint focusing on application security. " Stories implemented are security related. " Code is reviewed. " Stories may include:! Input validation story! Logging story! Authentication story! Authorization! XSS Story! SQLi Story Every Sprint Approach: " Similar to Microsoft Security Development Lifecycle (SDL). " Consists of the requirements and stories essential to security. " No software should ever be released without requirements being met. " Sprint is two weeks or two months long. " Every security requirement in the every- Sprint category must be completed in each and every Sprint.! Or the Sprint is deemed incomplete, and the software cannot be released. Many%organiza+ons%that%claim%to%do%"agile% development"%are%far%from%agile!%
19 Non-Functional Requirements (++) Most effective of all building blocks Container for other SDLC building blocks. Can include application security guidelines, secure coding checklist, security policies, etc. Effective NFRs will document the requirement *and* explain why the requirement is necessary.
21 Threat modeling (+/-) Hit or miss at most locations Can be informal process Combines nicely with NFRs Discussing NFR often leads to threat modeling discussion
22 Application Security Risk Matrix (++) External facing Data: Non sensitive Data: sensitive Internal facing Data: Non sensitive Data: sensitive
23 Development Ensuring that code is developed securely and implementing the security controls identified during the design phase Developer security awareness programs Unit testing of security features of the application Security audit and code reviews " Secure coding standards " Automated code review tools " Independent code review by third party or IT security
24 Secure Coding Libraries (+++) Reusable Security Controls These are the software centric building blocks that defend software These components are the heart of application security defense Dedicate your top developer resources into vetting, building and standardizing on these components Build training, testing and other activities around these artifacts
25 Security awareness training (+++) Instructor-led training Course curriculum for each job responsibility Very useful for educating on attack techniques and unexpected behavior Rewards for training
26 Your goal should be to provide anyone that can influence application security, e.g. project managers, development managers, application developers, server configuration, release management, QA, etc. with the training, awareness and resources they need to be successful.
27 Secure Coding Guidelines (-) Overlooked by developers Static and not helpful 100+ pages that can be language specific Most surprising discovery over the last 5 years
28 Secure Coding Checklist (+) Simple 1-2 page document All checklist items must be relevant Brief document must be backed up with deeper resources and code samples
29 Testing Ensure the application meets the security standards and security testing is performed Has the security design been implemented correctly in the application components? Execution of test plans created during the design phase Independent penetration testing, including infrastructure assessment Security release and sign off before deployment to the production environment
30 Why Code review The Cost of Software Bugs We cant hack ourselves secure, and if we could it would cost too much Source: Applied Software Measurement, Capers Jones, 1996
31 Static Code Analysis (SCA) (+) SDLC requires SCA Must be baked into acceptance criteria for code to leave the SDLC. Assurance to QA that code is ready for testing SCA can be integrated into the build process (each automated build spawns Static Code Analysis)
32 Dynamic Code Analysis (+) Looks for unexpected application behavior within the interface Dynamic analysis can happen multiple times during each iteration Assurance to QA that code is ready for testing Dynamic analysis can offer 24/7 monitoring Be tied to incident management process
33 Giving Raw Scanner Reports to Developers ( ) Most scanner reports have significant false positives If you give a false positive laden report to developers who do not have deep security training then please tell me what are you thinking? The first time you give a false reading to a developer you lose them forever.
34 Center of Excellence (++) COE Steering Committee COE Drivers COE Members Remove barriers between departments Positively impact change If developers have application security questions, where do they go?
35 Dashboards (++) Monitor key application security behaviour Build a framework where adding more monitoring points is easy to add Build live dashboards for monitoring teams Detect early when anomolies occur
36 Monitor and Tune ALL the things
38 Trending and anomalies
39 Tracking (++) It's hard to know if you are getting better unless you can measure it Track vulnerability data in some form of security CMS Track trends. Be able to answer which teams and which applications are getting better or worse over time and adjust.
Secure Development Lifecycle Jim Manico @manicode OWASP Volunteer Global OWASP Board Member OWASP Cheat-Sheet Series Manager VP of Security Architecture, WhiteHat Security 16 years of web-based, database-driven
Proactive risk mitigation within the Software Development Lifecycle (SDLC) Real world examples that have worked for me, Joe White, CISSP, CSSLP email@example.com @cyberlocksmith 20+ years technical
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy firstname.lastname@example.org Copyright The Foundation Permission is granted to copy, distribute and/or modify this
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
The AppSec How-To: Achieving Security in DevOps How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be
Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta email@example.com / firstname.lastname@example.org Table of Contents Abstract... 1
Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information
Authentication and Session Management JIM MANICO Secure Coding Instructor www.manicode.com A little background dirt email@example.com @manicode OWASP Global Board Member Project manager of the OWASP Cheat
Security vulnerabilities in new web applications Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant $whoami Introduction Pavol Lupták 10+ years of practical experience in security and seeking vulnerabilities
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
Building Security into the Software Life Cycle A Business Case Marco M. Morana Senior Consultant Foundstone Professional Services, a Division of McAfee Outline» Glossary» What is at risk, what we do about
HP WebInspect Tutorial Introduction: With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the
Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect
IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
MySQL Security: Best Practices Sastry Vedantam firstname.lastname@example.org Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
www.pwc.com Feb 2014 Secure Development LifeCycles (SDLC) Bart De Win Bart De Win? 15+ years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific
Microsoft SDL: Agile Development June 24, 2010 Nick Coblentz, CISSP Senior Security Consultant AT&T Consulting Nick.Coblentz@gmail.com http://nickcoblentz.blogspot.com http://www.twitter.com/sekhmetn Copyright
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
SECURING SELF-SERVICE PASSWORD RESET FUNCTIONALITY IN WEB APPLICATIONS David A. Shpritz July, 2010 INTRODUCTION Many web applications requiring user authentication also provide self-service password reset
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions email@example.com Agenda Current State of Web Application Security Understanding
Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
Information Technology Security Policy for IBTS Pakistan Stock Exchange Limited Table of contents Information Technology Security Policy for IBTS 1- INTRODUCTION AND SCOPE... 3 2- CHARTER OF THE DOCUMENT...
Web Application security testing: who tests the test? Ainārs Galvāns Application Penetration Tester www.exigenservices.lv About myself Functional testing Leading test group Reporting to client Performance
Starting your Software Security Assurance Program May 21, 2015 ITARC, Stockholm, Sweden Presenter Max Poliashenko Chief Enterprise Architect Wolters Kluwer, Tax & Accounting Max leads the Enterprise Architecture
HP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training HP and HP Enterprise Security Products are committed to your success as an HP Partner. In the Fortify Proof of Concept Boot Camp Training,
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
Application Security Audit Fault Injection Model, Fuzz Generators & Static Code Analysis Training Brochure Synopsis This Four-day practical training is designed for Information Systems auditors, application
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
Getting software security Right Haiyun Xu, Theodoor Scholte April 24 2015 Table of contents 2 I 23 1. Who is SIG? 2. SIG software maintainability model 3. Getting software security Right: security by design
Making your web application White paper - August 2014 secure User Acceptance Tests Test Case Execution Quality Definition Test Design Test Plan Test Case Development Table of Contents Introduction 1 Why
JavaOne San Fransisco 2014 The OWASP Foundation http://www.owasp.org Security Testing for Developers using OWASP ZAP Simon Bennetts OWASP ZAP Project Lead Mozilla Security Team firstname.lastname@example.org Copyright
Java-Web-Security Anti-Patterns Entwicklertag 20.05.2015 Dominik Schadow bridgingit Failed with only the best intentions Design Implement Maintain Design Ignoring threat modeling defense in depth Threat
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
Secure Web Applications The front line defense Agenda Web Application Security Threat Overview Exploiting Web Applications Common Attacks & Preventative techniques Developing Secure Web Applications -Security
Information Security Standards Web Application Development Standard IS-WAD Effective Date TBD Email email@example.com # Version 2.0 Contact Mike Cook Phone 408-924-1705 Standard: Web Application Development
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
Columbia University Web Application Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Application Security Standards and Practices document establishes a baseline
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
WHITEPAPER Interactive Application Security Testing (IAST) The World s Fastest Application Security Software Software affects virtually every aspect of an individual s finances, safety, government, communication,
White Paper Guide to PCI Application Security Compliance for Merchants and Service Providers Contents Overview... 3 I. The PCI DSS Requirements... 3 II. Compliance and Validation Requirements... 4 III.
Top Web Application Security Issues Daniel Ramsbrock, CISSP, GSSP daniel ramsbrock.com Presentation Overview Background and experience Financial services case study Common findings: Weak input validation
SUMMARY OF AUDIT FINDINGS EXECUTIVE SUMMARY Citizens' Office of Internal Infrastructure - July 2010 The audit determined the overall effectiveness of the controls over the processes for the acquisition,
A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT Chandramohan Muniraman, University of Houston-Victoria, firstname.lastname@example.org Meledath Damodaran, University of Houston-Victoria, email@example.com
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
Stories From the Front Lines: Deploying an Enterprise Code Scanning Program Adam Bixby Manager Gotham Digital Science 10/28/2010 YOUR LOGO HERE Introduction Adam Bixby, CISSP, MS o Manager at Gotham Digital
Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents
How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices
MIS 5203 Lifecycle Management 1 Week 13 April 14, 2016 Study Objectives Systems Implementation contd Configuration Management Monitoring and Incident Management Post implementation Reviews Project Success
Application Instructions for Global UGRAD 2016-2017 Portal Step-by-Step I. REGISTERING FOR THE PROGRAM Google Chrome and Mozilla Firefox work best when completing the UGRAD application. We do NOT recommend
BUILDING SECURITY IN Analyzing Mobile Single Sign-On Implementations Analyzing Mobile Single Sign-On Implementations 1 Introduction Single sign-on, (SSO) is a common requirement for business-to-employee
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
Single Sign-On Security and comfort can be friend. Arnd Langguth firstname.lastname@example.org September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?
Security Automation in Agile SDLC Real World Cases Ofer Maor Director of Security Strategy, Synopsys AppSec California, January 2016 Speaker Security Strategy at Synopsys Founder of Seeker / Pioneer of
Performance Testing in Production Using the Cloud to your advantage Presented by: Rob Holcomb VP Performance Engineering SOASTA Chris Cho Director, BTO Division Hexaware Technologies 1 Agenda Why Performance
Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide
Building & Measuring Security in Web Applications Fabio Cerullo Cycubix Limited 30 May 2012 - Belfast Brief Bio - CEO & Founder Cycubix Limited - 10+ years security experience in Technology, Manufacturing,
WHITE PAPER Agile Security Successful Application Security Testing for Agile Development Software Security Simplified Abstract It is an imperative to include security testing in application development.
Password Management Before User Provisioning 2015 Hitachi ID Systems, Inc. All rights reserved. Identity management spans technologies including password management, user profile management, user provisioning
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
Penetration Testing in Romania Adrian Furtunǎ, Ph.D. 11 October 2011 Romanian IT&C Security Forum Agenda About penetration testing Examples Q & A 2 What is penetration testing? Method for evaluating the
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
Kentico CMS security facts ELSE 1 www.kentico.com Preface The document provides the reader an overview of how security is handled by Kentico CMS. It does not give a full list of all possibilities in the
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
Secure and Resilient Software Development Mark S. Merkow Lakshmikanth Raghavan CRC Press Taylor& Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor St Francis Group, an Informs
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center www.praetorian.com Threat Modeling "Threat modeling at the design phase is really the only way to
Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing
Applications Based on Before moving applications to the public cloud, it is important to implement security practices and techniques. This expert E-Guide provides guidance on how to develop secure applications
Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM email@example.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
Intland s Medical Template Traceability Browser Risk Management & FMEA Medical Wiki Supports compliance with IEC 62304, FDA Title 21 CFR Part 11, ISO 14971, IEC 60601 and more INTLAND codebeamer ALM is
Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &