HP Yazılım Zirvesi - İstanbul 20 May Wyndham Grand Levent Burak DAYIOĞLU, Hüseyin ÖZEL Uygulamalarım Ne Kadar Güvende?

Size: px
Start display at page:

Download "HP Yazılım Zirvesi - İstanbul 20 May 2015 - Wyndham Grand Levent Burak DAYIOĞLU, Hüseyin ÖZEL Uygulamalarım Ne Kadar Güvende?"

Transcription

1 HP Yazılım Zirvesi - İstanbul 20 May Wyndham Grand Levent Burak DAYIOĞLU, Hüseyin ÖZEL Uygulamalarım Ne Kadar Güvende? Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

2 Uygulamalarım Ne Kadar Güvende? Burak DAYIOĞLU, CISSP, CSSLP, CRISC, Symturk Genel Müdürü Hüseyin ÖZEL, HP GTI&MEA Fortify Satış Müdürü Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

3 İhlaller ve Etkileri Artıyor İhlal sayısında yıllık ortalama %25 artış İhlalin büyüklüğünde yıllık ortalama %10 artış Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

4 Değişen Sınır: Uygulamalar Ağ Sunucular Uygulamalar Fikri Mülkiyet Security Measures Switch/Router security Firewalls Müşteri NIPS/NIDS Verileri VPN Net-Forensics İş Anti-Virus/Anti-Spam Süreçleri DLP Host FW Host IPS/IDS Ticari Vuln. Assessment Sırlar tools Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

5 20 Kritik BT Güvenlik Kontrolü Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

6 Symturk Çözümleri Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

7 Symturk ve HP 2003: Fortify Kuruldu 2007: Symturk & Fortify İş Ortaklığı 2010: HP Fortify Alımı 2011: Symturk HP Danışmanlığı 2013: Symturk Arcsight İş Ortaklığı 2015: Symturk Atalla İş Ortaklığı Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

8 Yazılım Güvenliği Çözümlerimiz Eğitim Süreç Danışmanlığı Fortify Entegrasyonu Yük Testleri Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

9 Cost What is the cost of doing nothing? Fixing software in production is about 30 times more expensive 30X 10X 15X 5X 2X Requirements Development Integration/ Unit Tests Functional Tests Production It costs 30 times more to fix security issues after a breach in Production than to build security into your code at the beginning during Design Source: NIST 9

10 Cost Application Security Testing Techniques RASP 30X DAST IAST SAST 15X 10X 5X 2X Requirements Development Integration/Unit Tests Functional Tests Production 10 SAST: Static Application Security Testing DAST: Dynamic Application Security Testing IAST: Interactive Application Security Testing RASP: Runtime Application Security Protection Source: NIST

11 Cost Application Security Testing Fortify Solutions RTA / Application Defender WebInspect / WebInspect Agent 30X Education SCA 10X 15X 5X 2X Requirements Development Integration/Unit Tests Functional Tests Production 11 SCA: Static Code Analyzer RTA: RunTime Application Source: NIST

12 Fortify s Software Security Vision Application Assessment Software Security Assurance (SSA) Application Protection In-house Outsourced Commercial Open source Assess Find security vulnerabilities in any type of software Mobile, Web, Infrastructure Assure Fix security flaws in source code before it ships Secure SDLC Protect Fortify applications against attack in production Logging, Threat Protection 12

13 HP Fortify Software Security Assurance On-Premise and On-Demand 13

14 Runtime - Enhance application logs & visibility OS, databases, storage IPS, routers, switches, firewalls, DLP Servers, IAM, networking Applications Application Logs: Few or uninteresting details No logs at all Require custom connectors IT SOC 14

15 Runtime - Enhance application logs & visibility Introducing Application View Know your apps. Know your users. Know your data! OS, databases, storage IPS, routers, switches, firewalls, DLP Servers, IAM, networking Applications Retro-fits applications with security event logs No change to application required Out-of-box ready for ArcSight ESM IT SOC 15

16 Runtime Protect your applications Simplicity Visibility Protection Secure Command/Event Channel (443) Applications 16

17 HP Confidential Fortify Solutions: Complete Secure Lifecycle Integration Security goals integrated in planning & requirements definition Application Lifecycle Management Threat Modeling is performed Application design / architecture is reviewed by security team Secure coding tools integrated & vulnerabilities proactively identified & fixed SCA Pre-Production Penetration testing WebInspect Post-Production Penetration Testing Metrics & Reporting Learn and Refine Planning & Requirements Design & Architecture Development Testing Production Maintenance Risk assessment and Profiles Security team signs off requirements Final design / architecture aligns with security goals & requirements Software Security Center Secure coding standards are applied and secure code is developed UFT ALM/QC on Demand Application Defender Application View Security team is involved in preproduction sign off Change management process includes security review & sign off Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

18 HP Fortify Named a Leader in Gartner Magic Quadrant Gartner Application Security Testing MQ 2014 HP offers comprehensive SAST capabilities with Fortify's strong brand name and breadth of languages tested. The company has innovative IAST capability with Fortify SecurityScope, which integrates with its WebInspect DAST. There is strong integration within HP's security portfolio, such as integration of AST knowledge into ArcSight and DAST knowledge into TippingPoint's IPS for WAF-like protection. HP uniquely offers runtime application self-protection (RASP) technology -- Gartner 18

19 19

HP Fortify application security

HP Fortify application security HP Fortify application security Erik Costlow Enterprise Security The problem Cyber attackers are targeting applications Networks Hardware Applications Intellectual Property Security Measures Switch/Router

More information

Is your software secure?

Is your software secure? Is your software secure? HP Fortify Application Security VII konferencja Secure 2013 Warsaw - October 9, 2013 Gunner Winkenwerder Sales Manager Fortify CEE, Russia & CIS HP Enterprise Security +49 (172)

More information

Решения HP по информационной безопасности

Решения HP по информационной безопасности Решения HP по информационной безопасности Евгений Нечитайло ynechyta@hp.com Mobile: +380 67 464 0218 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject

More information

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA lvonstockhausen@hp.com +49 1520 1898430 Enterprise Security The problem Cyber attackers are targeting applications

More information

Security Operation Centre 5th generation

Security Operation Centre 5th generation Security Operation Centre 5th generation transition Cezary Prokopowicz Regional Manager SEE HP Enterprise Security Products 2 3 4 5 Challenges you are facing 1 Nature and motivation of attacks (Fame to

More information

Information Security: Enabling the Business Developing an Effective Application Security Program

Information Security: Enabling the Business Developing an Effective Application Security Program Information Security: Enabling the Business Developing an Effective Application Security Program Bruce C Jenkins (bcj@hp.com) AppSec Program Strategist 04 April 2014 About me Commonwealth IT Security Conference

More information

HP Fortify Software Security Center

HP Fortify Software Security Center HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)

More information

Changing the Enterprise Security Landscape

Changing the Enterprise Security Landscape Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

HP NonStop Server Security and HP ArcSight SIEM

HP NonStop Server Security and HP ArcSight SIEM HP NonStop Customer Technical Talk HP NonStop Server Security and HP ArcSight SIEM 04/12/2012 HP NonStop Karen Copeland HP Enterprise Security Morgan DeRodeff XYPRO Barry Forbes NonStop Enterprise Division

More information

The Evolution of Application Monitoring

The Evolution of Application Monitoring The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments

More information

HP ESP 2013 Solution Roadmap

HP ESP 2013 Solution Roadmap HP ESP 2013 Solution Roadmap C. K. Lin ( 林 傳 凱 ) Senior Channel Solution Manager, North Asia ck.lin@hp.com March 8, 2013 資 安 要 聞 議 程 HP ESP 簡 介 HP ESP 解 決 方 案 HP ESP 2013 Solution Roadmap Q&A HP ESP 簡

More information

From the Bottom to the Top: The Evolution of Application Monitoring

From the Bottom to the Top: The Evolution of Application Monitoring From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:

More information

HP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training

HP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training HP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training HP and HP Enterprise Security Products are committed to your success as an HP Partner. In the Fortify Proof of Concept Boot Camp Training,

More information

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Be Fast, but be Secure a New Approach to Application Security July 23, 2015 Copyright 2015 Vivit Worldwide Copyright 2015 Vivit Worldwide Brought to you by Copyright 2015 Vivit Worldwide Hosted by Paul

More information

Application Security Center overview

Application Security Center overview Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project &

More information

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

More information

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing

More information

(S2.3) Security Spotlight: How cyber criminals can steal millions in seconds and how to fight back. Johannesburg

(S2.3) Security Spotlight: How cyber criminals can steal millions in seconds and how to fight back. Johannesburg (S2.3) Security Spotlight: How cyber criminals can steal millions in seconds and how to fight back Johannesburg Bharat Mistry Security Chief Technologist HP Enterprise Security Tweet using #HPWorldZA Johannesburg

More information

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software Accelerating Software Security With HP Rob Roy Federal CTO HP Software If we were in a cyberwar today, the United States would lose. Mike McConnell Former DNI, NSA. Head of Booz Allen Hamilton National

More information

HTML5 SECURITY. Why Should I Care? Ofer Shezaf, ofr@hp.com Product Manager, Security Solutions HP ArcSight

HTML5 SECURITY. Why Should I Care? Ofer Shezaf, ofr@hp.com Product Manager, Security Solutions HP ArcSight HTML5 SECURITY Why Should I Care? Ofer Shezaf, ofr@hp.com Product Manager, Security Solutions HP ArcSight 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change

More information

Find the intruders using correlation and context Ofer Shezaf

Find the intruders using correlation and context Ofer Shezaf Find the intruders using correlation and context Ofer Shezaf Agenda The changing threat landscape What can you do to find intruders? Best practices for timely detection and mitigation HP ArcSight 2 Find

More information

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents

More information

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Mobility Exploiting and Maintaining the New Face of Engagement Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained

More information

Connected Intelligence and the 21 st Century Digital Enterprise

Connected Intelligence and the 21 st Century Digital Enterprise Connected Intelligence and the 21 st Century Digital Enterprise Lewis Carr Senior Director, HP Software May 25 th, 2015 By 2025 we will become a deeply connected, digital world Digital everything everywhere,

More information

Selling HP Fortify Solutions

Selling HP Fortify Solutions Selling HP Fortify Solutions FOR HP CHANNEL PARTNERS 2 Sales plays 6 14 15 traps Sales Playbook There has never been a better time to sell HP s security solutions. Trends in Big Data, cloud, and mobile

More information

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

HP CloudSystem Enterprise

HP CloudSystem Enterprise Technical white paper HP CloudSystem Enterprise Securing CloudSystem Enterprise with HP Enterprise Security Table of contents Executive summary... 2 HP CloudSystem Enterprise overview... 2 HP CloudSystem

More information

Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products

Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products Threat landscape Riskier Enterprises + Advanced Attackers = More Attacks

More information

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY How runtime application security monitoring helps enterprises make smarter decisions on remediation 2 ABSTRACT Enterprises today

More information

Solutions to Meet Your PCI Compliance Needs A whitepaper prepared by Coalfire Systems and HP

Solutions to Meet Your PCI Compliance Needs A whitepaper prepared by Coalfire Systems and HP Solutions to Meet Your PCI Compliance Needs A whitepaper prepared by Coalfire Systems and HP 1 P a g e Table of Contents Executive Summary... 3 The Payment Card Industry Data Security Standard... 3 PCI

More information

Bezpečnosť dát v HP Cloude

Bezpečnosť dát v HP Cloude Bezpečnosť dát v HP Cloude Ochrana dát a súkromia v cloudových službách Február 2013 Agenda TRENDY RIEŠENIA HP PRÍKLADY 2 Security awareness at board level Security leadership is under immense pressure

More information

HP and netforensics Security Information Management solutions. Business blueprint

HP and netforensics Security Information Management solutions. Business blueprint HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization

More information

HP Application Security Center

HP Application Security Center HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and

More information

Партнерство с HP ESP Сильная Команда и Безопасное Будущее

Партнерство с HP ESP Сильная Команда и Безопасное Будущее Партнерство с HP ESP Сильная Команда и Безопасное Будущее Мирко Шнайдер Менеджер по Работе с Партнерами HP Enterprise Security Products mirko.schneider@hp.com Октябрь 2013 What does it take? 1. Great Products!

More information

Product Roadmap. Sushant Rao Principal Product Manager Fortify Software, a HP company

Product Roadmap. Sushant Rao Principal Product Manager Fortify Software, a HP company Product Roadmap Sushant Rao Principal Product Manager Fortify Software, a HP company Agenda Next Generation of Security Analysis Future Directions 2 Currently under investigation and not guaranteed to

More information

Work smarter, not harder, to secure your applications Featuring Analyst Research

Work smarter, not harder, to secure your applications Featuring Analyst Research 1 Issue 2 1 2 3 9 Seismic shift needed toward application security Critical differentiator for RASP Access to the code From the Gartner Files: Maverick* Research: Stop Protecting Your Apps; It s Time for

More information

Improving your Secure SDLC ( SSDLC ) with Prevoty. How adding real-time application security dramatically decreases vulnerabilities

Improving your Secure SDLC ( SSDLC ) with Prevoty. How adding real-time application security dramatically decreases vulnerabilities Improving your Secure SDLC ( SSDLC ) with Prevoty How adding real-time application security dramatically decreases vulnerabilities February 2015 Improving your Secure SDLC ( SSDLC ) with Prevoty Table

More information

THE EVOLUTION OF ENTERPRISE APPLICATION SECURITY

THE EVOLUTION OF ENTERPRISE APPLICATION SECURITY THE EVOLUTION OF ENTERPRISE APPLICATION SECURITY THE EVOLUTION OF ENTERPRISE APPLICATION SECURITY Why enterprises need runtime application self-protection 2 ABSTRACT Enterprise information security encompasses

More information

Securing your IT infrastructure with SOC/NOC collaboration

Securing your IT infrastructure with SOC/NOC collaboration Technical white paper Securing your IT infrastructure with SOC/NOC collaboration Universal log management for IT operations Table of contents Executive summary 2 IT operations: Handle IT incidents and

More information

The New Style of IT. Marc Fischer VP Enterprise Servers, Storage and Networking. 03. April 2014 Connect Symposium

The New Style of IT. Marc Fischer VP Enterprise Servers, Storage and Networking. 03. April 2014 Connect Symposium The New Style of IT Marc Fischer VP Enterprise Servers, Storage and Networking 03. April 2014 Connect Symposium To remain static is to lose ground. David Packard Living in the Age of Tectonic Shifts Welcome

More information

HP Security Research Tour 2014 If you want better security, think like a bad guy.

HP Security Research Tour 2014 If you want better security, think like a bad guy. HP Security Research Tour 2014 If you want better security, think like a bad guy. Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without

More information

Introduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions

Introduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions Matias starts Who are we? Applying Static Analysis Matias Madou and Daan Raman, Leuven, Feb 27, 2015 1 At NVISO, I m responsible for the software security practice. Next to the client work, I also leads

More information

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Application Security from IBM Karl Snider, Market Segment Manager March 2012 Application Security from IBM Karl Snider, Market Segment Manager March 2012 1 2012 IBM Corporation Helping Solve Customer Challenges Application Security Finding Application Vulnerabilities GlassBox scanning

More information

Innovation Session. MOBILITY Pieter Schouten. HP EMEA Software Performance Tour 2014

Innovation Session. MOBILITY Pieter Schouten. HP EMEA Software Performance Tour 2014 HP EMEA Software Performance Tour 2014 Innovation Session MOBILITY Pieter Schouten Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without

More information

Magic Quadrant for Application Security Testing

Magic Quadrant for Application Security Testing G00246914 Magic Quadrant for Application Security Testing Published: 2 July 2013 Analyst(s): Neil MacDonald, Joseph Feiman The market for application security testing is changing rapidly. Technology trends,

More information

The Evolution of Enterprise Application Security. Why enterprises need runtime application self-protection

The Evolution of Enterprise Application Security. Why enterprises need runtime application self-protection The Evolution of Enterprise Application Security Why enterprises need runtime application self-protection 2 Abstract Enterprise information security encompasses a broad set of disciplines and technologies,

More information

Magic Quadrant for Application Security Testing

Magic Quadrant for Application Security Testing G00246914 Magic Quadrant for Application Security Testing Published: 2 July 2013 Analyst(s): Neil MacDonald, Joseph Feiman The market for application security testing is changing rapidly. Technology trends,

More information

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015 Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Atalla Data-Centric Security & Encryption Solutions Jean-Charles

More information

HP Cyber Security Control Cyber Insight & Defence

HP Cyber Security Control Cyber Insight & Defence HP Cyber Security Control Cyber Insight & Defence Security awareness at board level Security leadership is under immense pressure Cyber threat Extended supply chain Financial loss Reputation damage Cost

More information

Enterprise Software Security Strategies

Enterprise Software Security Strategies Enterprise Software Security Strategies Summary Results October 2014 Program Overview Between June and September, 2014, Gatepoint Research invited IT and Security executives to participate in a survey

More information

Understanding the Security Vendor Landscape Using the Cyber Defense Matrix

Understanding the Security Vendor Landscape Using the Cyber Defense Matrix SESSION ID: PDIL-W02F Understanding the Security Vendor Landscape Using the Cyber Defense Matrix Sounil Yu sounil@gmail.com @sounilyu Disclaimers The views, opinions, and positions expressed in this presentation

More information

Discover 2014 Update Big Data changes everything. Roy Ritthaler Vice President, IT Operations Management

Discover 2014 Update Big Data changes everything. Roy Ritthaler Vice President, IT Operations Management Discover 2014 Update Big Data changes everything Roy Ritthaler Vice President, IT Operations Management 2014 By 2020 Every 60 seconds 98,000+ tweets 695,000 status updates 11million instant messages 698,445

More information

Fortify. Securing Your Entire Software Portfolio

Fortify. Securing Your Entire Software Portfolio Fortify 360 Securing Your Entire Software Portfolio Fortify Fortify s holistic approach to application security truly safeguards our enterprise against today s ever-changing security threats. Craig Schumard,

More information

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle A Strategic Approach to Web Application Security The importance of a secure software development lifecycle Rachna Goel Technical Lead Enterprise Technology Web application security is clearly the new frontier

More information

Aplikacija novi vladar poslovanja. Dino Novak F5 Networks

Aplikacija novi vladar poslovanja. Dino Novak F5 Networks Aplikacija novi vladar poslovanja Dino Novak F5 Networks What is an application nowdays? Device native or HTTP based (no longer on client only) Dynamic (many server GET/PUT requests) Talks to backend service(s)

More information

Proactive risk mitigation within the Software Development Lifecycle (SDLC)

Proactive risk mitigation within the Software Development Lifecycle (SDLC) Proactive risk mitigation within the Software Development Lifecycle (SDLC) Real world examples that have worked for me, Joe White, CISSP, CSSLP joe@cyberlocksmith.com @cyberlocksmith 20+ years technical

More information

Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu

Building a Security Operations Center. Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu Building a Security Operations Center Randy Marchany VA Tech IT Security Office and Lab marchany@vt.edu CyberSecurity Operations Center Security Operations Center (SOC) term is being taken over by physical

More information

Software EMEA Performance Tour 2013. Berlin, Germany 17-19 June

Software EMEA Performance Tour 2013. Berlin, Germany 17-19 June Software EMEA Performance Tour 2013 Berlin, Germany 17-19 June 360 Security Monitoring - Erkennen, Analysieren, Agieren Thorsten Mandau, ESP Solution Architect Enterprise Security Products, ArcSight Today

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

Getting Started with Web Application Security

Getting Started with Web Application Security Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled

More information

Assuring Application Security: Deploying Code that Keeps Data Safe

Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe Assuring Application Security: Deploying Code that Keeps Data Safe 2 Introduction There s an app for that has become the mantra of users,

More information

Security Information & Event Management (SIEM)

Security Information & Event Management (SIEM) Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting

More information

Defining, building, and making use cases work

Defining, building, and making use cases work Defining, building, and making use cases work Paul Brettle Presales Manager, Americas Pacific Region What is a use case? Compliance FISMA, PCI, SOX, etc Network security firewalls, IDS, routers & switches

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com Microsoft Security Development Lifecycle for IT Rob Labbé Application Consulting and Engineering Services roblab@microsoft.com The Reasons for Secure Software There are many threats to data and systems

More information

HP FlexNetwork Architecture

HP FlexNetwork Architecture HP Networking HP Networking 1 HP FlexNetwork Architecture FlexFabric Flex Campus FlexBranch FlexManagement Converges Network Management and Orchestration Open Scalable Secure Agile Consistent 2 Innovative

More information

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products Cloud Access Security Broker Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products THERE IS A RAPID ADOPTION OF CLOUD APPS INTRODUCING NEW SET OF RISKS We are rapidly

More information

Capturing the New Frontier:

Capturing the New Frontier: Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings

More information

#ITtrends #ITTRENDS SYMANTEC VISION 2012 1

#ITtrends #ITTRENDS SYMANTEC VISION 2012 1 #ITtrends 1 Strategies for Security and Management in a Mobile and Virtual World Anil Chakravarthy Senior Vice President, Enterprise Security Group 2 MASSIVE INCREASE IN SOPHISTICATED ATTACKS 403 million

More information

Digitization of Enterprise - New Style of IT

Digitization of Enterprise - New Style of IT Digitization of Enterprise - New Style of IT Neeraj Tolmare Oct 2014 What happens in an Internet Minute? 20 identity thefts 20 million photo views 1.3 million video views 6 million Facebook views 100,000

More information

Application Security Testing. Jesper Kråkhede

Application Security Testing. Jesper Kråkhede Application Security Testing Jesper Kråkhede AST 2015-10-22 2 Others call it security and try to avoid it I call it passion and dive right into it Jesper Kråkhede Worked as a security consultant for 17

More information

The promise of SDN. EU Future Internet Assembly March 18, 2014. Yanick Pouffary Chief Technologist HP Network Services

The promise of SDN. EU Future Internet Assembly March 18, 2014. Yanick Pouffary Chief Technologist HP Network Services The promise of SDN EU Future Internet Assembly March 18, 2014 Yanick Pouffary Chief Technologist HP Network Services Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges

More information

Practical Applications of Software Security Model Chris Nagel

Practical Applications of Software Security Model Chris Nagel Practical Applications of Software Security Model Chris Nagel Software Security Consultant Fortify Software Introductions About Me: Chris Nagel Software Security Consultant With Fortify for 2+ Years Before

More information

F5 Silverline Web Application Firewall Onboarding: Technical Note

F5 Silverline Web Application Firewall Onboarding: Technical Note F5 Silverline Web Application Firewall Onboarding: Technical Note F5 Silverline Web Application Firewall Onboarding With organizations transitioning application workloads to the cloud, traditional centralized

More information

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture

More information

Copyright 2013 WatchGuard Technologies, Inc. All rights reserved. Introducción a Watchguard DLP Data Loss Prevention

Copyright 2013 WatchGuard Technologies, Inc. All rights reserved. Introducción a Watchguard DLP Data Loss Prevention Copyright 2013 WatchGuard Technologies, Inc. All rights reserved. Introducción a Watchguard DLP Data Loss Prevention About WatchGuard > Taken private in 2006; enabled strategic shift > Firewall appliance

More information

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Realize That Big Security Data Is Not Big Security Nor Big Intelligence G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Guest Speaker. Michael Sutton Chief Information Security Officer Zscaler, Inc.

Guest Speaker. Michael Sutton Chief Information Security Officer Zscaler, Inc. Guest Speaker Michael Sutton Chief Information Security Officer Zscaler, Inc. Michael Sutton has dedicated his career to conducting leadingedge security research, building world-class security teams and

More information

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration Tomas Sander HP Labs Forward Looking Statements Rolling roadmap up to three years and is subject to change without

More information

Application Security Testing as a Foundation for Secure DevOps

Application Security Testing as a Foundation for Secure DevOps Application Security Testing as a Foundation for Secure DevOps White Paper - April 2016 Introduction Organizations realize that addressing the risk of attacks on their Website applications is critical.

More information

Debunking the Myths: An Essential Guide to Software-Defined Networking April 17, 2013

Debunking the Myths: An Essential Guide to Software-Defined Networking April 17, 2013 Copyright 2013 Vivit Worldwide Debunking the Myths: An Essential Guide to Software-Defined Networking April 17, 2013 Brought to you by Vivit Cloud Builders Special Interest Group (SIG) Jim Murphy Cloud

More information

Starting your Software Security Assurance Program. May 21, 2015 ITARC, Stockholm, Sweden

Starting your Software Security Assurance Program. May 21, 2015 ITARC, Stockholm, Sweden Starting your Software Security Assurance Program May 21, 2015 ITARC, Stockholm, Sweden Presenter Max Poliashenko Chief Enterprise Architect Wolters Kluwer, Tax & Accounting Max leads the Enterprise Architecture

More information

Case Study: Security Implementation for a Non-Profit Hospital

Case Study: Security Implementation for a Non-Profit Hospital Case Study: Security Implementation for a Non-Profit Hospital The Story Security Challenges and Analysis The Case The Clone Solution The Results The Story About the hospital A private, not-for-profit hospital

More information

Testing the Security of your Applications

Testing the Security of your Applications Home Safeguarding Business Critical Testing the of your Applications Safeguarding business critical systems and applications 2 Safeguarding business critical systems and applications Organizations are

More information

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility

More information

Martin Sůra, Managing Director & Enterprise Group Lead, Hewlett-Packard Slovakia

Martin Sůra, Managing Director & Enterprise Group Lead, Hewlett-Packard Slovakia Solutions for the New Style of IT Martin Sůra, Managing Director & Enterprise Group Lead, Hewlett-Packard Slovakia 25. 3. 2014, Bratislava To remain static is to lose ground. David Packard Copyright 2013

More information

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the

More information

Real-time hybrid analysis:

Real-time hybrid analysis: Real-time hybrid : Find more, fix faster Technology white paper Brian Chess, Ph.D., Distinguished Technologist, HP Founder and Chief Scientist, HP Fortify Summary Real-time hybrid marks a substantial evolution

More information

Building Assurance Into Software Development Life- Cycle (SDLC)

Building Assurance Into Software Development Life- Cycle (SDLC) Application Software Assurance Center of Excellence (ASACoE) Building Assurance Into Software Development Life- Cycle (SDLC) James Woody Woodworth Operations Chief, ASACoE & Sean Barnum, Principal Consultant

More information

Simple, scalable and secure unified wired and wireless networking

Simple, scalable and secure unified wired and wireless networking Simple, scalable and secure unified wired and wireless networking The only Complete BYOD solution Lars Kølendorf Head of Wireless Business HP Networking EMEA Email: lars@hp.com Copyright 2012 Hewlett-Packard

More information

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)

More information

HP APPLICATION PERFORMANCE MONITORING

HP APPLICATION PERFORMANCE MONITORING HP APPLICATION PERFORMANCE MONITORING mr. sci Tomislav Kanižaj Teritorry Sales Manager HP Software March 2011 2010 Hewlett-Packard Development Company, L.P. The information contained 1 herein is subject

More information

Metrics that Matter Security Risk Analytics

Metrics that Matter Security Risk Analytics Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk

More information