IBM Innovate AppScan: Introducin g Security, a first. Bobby Walters Consultant, ATSC Application Security & Compliance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IBM Innovate 2011. AppScan: Introducin g Security, a first. Bobby Walters Consultant, ATSC bwalters@atsc.com Application Security & Compliance"

Transcription

1 IBM Innovate 2011 Bobby Walters Consultant, ATSC Application Security & Compliance AppScan: Introducin g Security, a first June 5 9 Orlando, Florida

2 Agenda Defining Application Security Tools to help: AppScan Leveraging AppScan in the Software Development Life Cycle 2

3 Defining Application Security Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application. ~Wikipedia NOT Firewalls NOT SSL 3

4 False sense of security What could happen? Data leaked Customer, partner, and/or own company Identity theft Elevated access to system Site defacement Impacts brand reputation, unsatisfied customers, etc Application goes down Unable to perform business Un-trusted code execution Arbitrary code ran on server 4

5 We had a security breach! What s the damage? Bad publicity Security breach has to be disclosed Public opinion/company brand decline Deeper look into security of application Audits Outside services/monitoring Financial impact Legal fees Local/Federal penalties Unbudgeted security spending (Much more now!) Customer lawsuits Customer loss 5

6 Example breach and disclosure Data breach of data warehouse company March 30 th, 2011 Several companies effected Impact Media coverage Individual companies respond to customers Likely phishing attacks, more damage possible 6

7 Checkpoint Defining Application Security Security throughout application life cycle Risks of a breach Costs of a breach Tools to help: AppScan Up next Leveraging AppScan in the Software Development Life Cycle 7

8 Tools to help: AppScan AppScan Source Edition Statically looks at source code for flaws AppScan Standard/Enterprise Edition Reviews running web application AppScan Tester Edition Tie in to QA environment AppScan Build Edition Add security to continuous integration builds AppScan Reporting Console Aggregate all security reports 8

9 AppScan built on industry standards Open Web Application Security Project (OWASP) They are dedicated to finding and fighting the causes of insecure software Official Web site: Web Application Security Consortium (WASC) Their purpose is to develop, adopt, and advocate standards for Web application security Official Web site: Threat ranking DREAD: Damage potential, Reproducibility, Exploitability, Affected users, Discoverability Rank = (D + R + E + A + D) / 5 Reporting 9

10 Pick the right tool for the job Security affects everyone Roles: developers, testers, leads, managers, etc Editions of AppScan are tailored for a purpose Resources small, large, on demand Scope local or across enterprise Automated with build process or manually started Consolidated or local reports 10

11 11

12 IBM Rational AppScan 12

13 IBM Rational AppScan: Advisory 13

14 IBM Rational AppScan: Fix Recommendation 14

15 IBM Rational AppScan: Request/Response 15

16 IBM Rational AppScan: Scan Configuration 16

17 IBM Rational AppScan: Create Report Security Report 17

18 IBM Rational AppScan: Create Report Regulatory Compliance 18

19 IBM Rational AppScan: Sample Report Executive Summary 19

20 IBM Rational AppScan: Sample Report HIPAA 20

21 21

22 Checkpoint Defining Application Security Completed Tools to help: AppScan Several editions exist to fit your environment and need Built on industry standards Leveraging AppScan in the Software Development Life Cycle Up next 22

23 Software Development Life Cycle Represents various phases of realizing a business need in an application Capture business requirement Analysis and design Implement functionality Verify and test Deploy and maintain 23

24 Agile Software Development Life Cycle A lightweight, iterative, and adaptable approach to the SDLC Requirements are User Stories and stored on a Product Backlog Analysis and design on smaller sections of Product Backlog (Sprint Backlog) Implement Sprint Backlog User Stories Conditions of Satisfaction serve to verify User Story requirements Deploy, maintain, and increment to next Sprint 24

25 Agile Security Software Development Life Cycle Security can be implemented in an Agile fashion Cost versus value of Security SDLC Agile allows small iterations to re-evaluate and rank threats Prioritize and account for security flaws early and often Develop with security in mind instead of huge fallout from security breach Great to start with security in mind but can be introduced to existing projects Groom Product Backlog using AppScan reports Identify responsibilities within team regarding security 25

26 Building an Agile Security SDLC Existing process won t change overnight Show value It s not an afterthought to prevent heartache later Easy to communicate reports with entire team Introduce in small understandable steps Find a champion in management Concise steps builds team support Work backwards in SDLC 26

27 Building an Agile Security SDLC: Deployed Application Run AppScan against an existing deployed web application Familiarize security/qa team with AppScan run configuration Review report styles and ways to communicate with team and managers Establish baseline and patterns Next steps Review and document potential flaws for Product Backlog, involve Testers First runs of AppScan on deployed app 27

28 Building an Agile Security SDLC: Verify and Testing Expose AppScan to Testers Setup AppScan with established baseline and patterns Distribute reports to team Start thinking in terms of Conditions of Satisfaction Next steps Remediate and assign potential security flaws to User Stories Testers using AppScan on Sprint review 28

29 Building an Agile Security SDLC: Implementation Allow developers to review AppScan reports Bring user story in - understand the security issue Review suggested fixes Incorporate security concerns with future development Next steps Adjust best practices; Analysis and design include security Developers recognize security patterns 29

30 Building an Agile Security SDLC: Analysis & Design Developers and business analysts have security in focus Build user stories with security in mind at the beginning Conditions of Satisfaction are security aware Demonstrate with AppScan reports conditions of satisfaction are met Continue Agile Security SDLC Scan, triage, and assign during each Sprint Best practices include security concerns 30

31 Agile Security Software Development Life Cycle: Value Value vs cost preposition Avoid negative press due to security exploit Keep confidence of customers, partners, and company Value of iterative approach to discover, rank, and handle security flaws early rather than in a reactive fashion Introducing Security to an Agile SDLC is an iterative process Have key buy in from management Build team support without overwhelming them Demonstrate ease to integrate AppScan Use appropriate AppScan edition(s) 31

32 Key Takeaways Defining Application Security Security throughout application life cycle Not SSL & Firewalls Understanding risks and costs associated with them Tools to help: AppScan Based on industry standards Reporting, role based, and flexible Leveraging AppScan in the Software Development Life Cycle Communicate value of having Security in the Software Development Life Cycle Introducing Security as part of the process not an afterthought 32

33 33

34 Daily ipod Touch giveaway Complete your session surveys online each day at a conference kiosk or on your Innovate 2011 Portal! SPONSORED BY Each day that you complete all of that day s session surveys, your name will be entered to win the daily IPOD touch! On Wednesday be sure to complete your full conference evaluation to receive your free conference t-shirt! 34

35 Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 35

Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved.

Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved. Security for a Smarter Planet The Smarter Planet Our world is getting Instrumented Our world is getting Interconnected Our world is getting Intelligent Growing Security Challenges on the Smarter Planet

More information

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

IBM Rational AppScan: enhancing Web application security and regulatory compliance. Strategic protection for Web applications To support your business objectives IBM Rational AppScan: enhancing Web application security and regulatory compliance. Are untested Web applications putting your

More information

Increased Agility with Integration Testing

Increased Agility with Integration Testing Increased Agility with Integration Testing Monica Luke (mluke@us.ibm.com) Scenario Designer IBM Rational Agenda ALM Community Office Hours Increased Agility with Integration Testing 2 Application Lifecycle

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Web application security: automated scanning versus manual penetration testing.

Web application security: automated scanning versus manual penetration testing. Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents

More information

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the

More information

IBM Rational DOORS Next Generation

IBM Rational DOORS Next Generation Silvio Ronchi, Technical Sales & Solutions IBM Software, Rational 26/06/2014 IBM Rational DOORS Next Generation Software and Systems Engineering Rational Agenda 1 Why DOORS Next Generation? 2 Collaborative

More information

Addressing Security for Hybrid Cloud

Addressing Security for Hybrid Cloud Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

WebGoat for testing your Application Security tools

WebGoat for testing your Application Security tools WebGoat for testing your Application Security tools NAISG-DFW February 28 th, 2012 Michael A Ortega, CISSP CEH CISM GCFA Sr Application Security Professional IBM Security Systems 312.523.1538 maortega@us.ibm.com

More information

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Securing the Cloud infrastructure with IBM Dynamic Cloud Security Securing the Cloud infrastructure with IBM Dynamic Cloud Security Ngo Duy Hiep Security Brand Manager Cell phone: +84 912216753 Email: hiepnd@vn.ibm.com 12015 IBM Corporation Cloud is rapidly transforming

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Leveraging Rational Team Concert's build capabilities for Continuous Integration

Leveraging Rational Team Concert's build capabilities for Continuous Integration Leveraging Rational Team Concert's build capabilities for Continuous Integration Krishna Kishore Senior Engineer, RTC IBM Krishna.kishore@in.ibm.com August 9-11, Bangalore August 11, Delhi Agenda What

More information

L'automazione dei test come elemento chiave delle pratiche DevOps

L'automazione dei test come elemento chiave delle pratiche DevOps L'automazione dei test come elemento chiave delle pratiche DevOps Stefano Sergi WW Solutions Manager - DevOps IBM Systems sergi@us.ibm.com 2013 IBM Corporation Digital transformation requires core capabilities

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in

More information

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist 2008 IBM Corporation Agenda Objective Interoperability Prerequisites Where to model

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Security Intelligence

Security Intelligence IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers

More information

Three significant risks of FTP use and how to overcome them

Three significant risks of FTP use and how to overcome them Three significant risks of FTP use and how to overcome them Management, security and automation Contents: 1 Make sure your file transfer infrastructure keeps pace with your business strategy 1 The nature

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Application Security from IBM Karl Snider, Market Segment Manager March 2012 Application Security from IBM Karl Snider, Market Segment Manager March 2012 1 2012 IBM Corporation Helping Solve Customer Challenges Application Security Finding Application Vulnerabilities GlassBox scanning

More information

DevOps for the Mainframe

DevOps for the Mainframe DevOps for the Mainframe Rosalind Radcliffe IBM Distinguished Engineer, Enterprise Modernization Solution Architect rradclif@us.ibm.com 1 Please note IBM s statements regarding its plans, directions, and

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

Minimizing code defects to improve software quality and lower development costs.

Minimizing code defects to improve software quality and lower development costs. Development solutions White paper October 2008 Minimizing code defects to improve software quality and lower development costs. IBM Rational Software Analyzer and IBM Rational PurifyPlus software Kari

More information

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand different types of application assessments and how they differ Be

More information

How to Build a Trusted Application. John Dickson, CISSP

How to Build a Trusted Application. John Dickson, CISSP How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.

More information

Rational Asset Manager 7.2 Editions and Licensing

Rational Asset Manager 7.2 Editions and Licensing Rational Asset Manager 7.2 Editions and Licensing Derek D. Baron, ddbaron@us.ibm.com Product Manager, Rational Asset Manager 2009 IBM Corporation IBM Corporation 200 The information contained in this presentation

More information

IBM MobileFirst Build a mobile enterprise agenda

IBM MobileFirst Build a mobile enterprise agenda ICC Tech Summit 2014 - Worklight IBM MobileFirst Build a mobile enterprise agenda Eduardo Abreu Business Development Manager Cloud & Smarter Infrastructure IBM Software Group Mobile Adoption Continues

More information

Four keys to effectively monitor and control secure file transfer

Four keys to effectively monitor and control secure file transfer Four keys to effectively monitor and control secure file transfer Contents: 1 Executive summary 2 Key #1 Make your data visible wherever it is in the network 2 Key #2 Reduce or even eliminate ad hoc use

More information

Secure Code Development

Secure Code Development ISACA South Florida 7th Annual WOW! Event Copyright Elevate Consult LLC. All Rights Reserved 1 Agenda i. Background ii. iii. iv. Building a Business Case for Secure Coding Top-Down Approach to Develop

More information

Operationalizing Application Security & Compliance

Operationalizing Application Security & Compliance IBM Software Group Operationalizing Application Security & Compliance 2007 IBM Corporation What is the cost of a defect? 80% of development costs are spent identifying and correcting defects! During the

More information

HP Application Security Center

HP Application Security Center HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and

More information

A Simple Guide to Successful. Penetration Testing

A Simple Guide to Successful. Penetration Testing A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Data Security: Fight Insider Threats & Protect Your Sensitive Data Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand

More information

and Security in the Era of Cloud

and Security in the Era of Cloud Re-imagine i Enterprise Mobility and Security in the Era of Cloud Brendan Hannigan General Manager, IBM Security Systems Leverage Cloud as a growth engine for business Exploit Mobile to build customer

More information

Using the IBM Rational Publishing Engine to Streamline the Documentation Generation Process at General Dynamics Land Systems

Using the IBM Rational Publishing Engine to Streamline the Documentation Generation Process at General Dynamics Land Systems Using the IBM Rational Publishing Engine to Streamline the Documentation Generation Process at General Dynamics Land Systems Michael Sutherland General Dynamics Land Systems sutherla@gdls.com RDM-1272

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats

More information

Agile Development for Application Security Managers

Agile Development for Application Security Managers Agile Development for Application Security Managers www.quotium.com When examining the agile development methodology many organizations are uncertain whether it is possible to introduce application security

More information

Enhance visibility into and control over software projects IBM Rational change and release management software

Enhance visibility into and control over software projects IBM Rational change and release management software Enhance visibility into and control over software projects IBM Rational change and release management software Accelerating the software delivery lifecycle Faster delivery of high-quality software Software

More information

Realizing business flexibility through integrated SOA policy management.

Realizing business flexibility through integrated SOA policy management. SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished

More information

Requirements Management im Kontext von DevOps

Requirements Management im Kontext von DevOps IBM Software Group Rational software Requirements Management im Kontext von DevOps DI Steindl Wolfgang https://www.xing.com/profiles/wolfgang_steindl Senior IT Specialist wolfgang.steindl@at.ibm.com http://lnkd.in/tpzrug

More information

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Mobile, Cloud, Advanced Threats: A Unified Approach to Security Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or

More information

Developing in the Cloud Environment. Rosalind Radcliffe IBM Distinguished Engineer, IBM Academy of Technology rradclif@us.ibm.

Developing in the Cloud Environment. Rosalind Radcliffe IBM Distinguished Engineer, IBM Academy of Technology rradclif@us.ibm. Developing in the Cloud Environment Rosalind Radcliffe IBM Distinguished Engineer, IBM Academy of Technology rradclif@us.ibm.com @RosalindRad Organizations are combining on-premise, off-premise and public

More information

BigData Analytics per la sicurezza delle Infrastrutture Critiche

BigData Analytics per la sicurezza delle Infrastrutture Critiche BigData Analytics per la sicurezza delle Infrastrutture Critiche Vincenzo Conti IBM Security Sales Consultant Energy and utility organizations are at the forefront of attacks Utilities are among the most

More information

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. Managing business infrastructure White paper Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. September 2008 2 Contents 2 Overview 5 Understanding

More information

Life insurance policy administration: Operate efficiently and capitalize on emerging opportunities.

Life insurance policy administration: Operate efficiently and capitalize on emerging opportunities. Life insurance policy administration: Operate efficiently and capitalize on emerging opportunities. > RESPOND RAPIDLY TO CHANGING MARKET CONDITIONS > DRIVE CUSTOMER AND AGENT LOYALTY > ENHANCE INTEGRATION

More information

Vulnerability Management in an Application Security World. January 29 th, 2009

Vulnerability Management in an Application Security World. January 29 th, 2009 Vulnerability Management in an Application Security World OWASP San Antonio January 29 th, 2009 Agenda Background A Little Bit of Theatre You Found Vulnerabilities Now What? Vulnerability Management The

More information

Lunch and Learn: BlueMix to Mainframe making development accessible in the

Lunch and Learn: BlueMix to Mainframe making development accessible in the Lunch and Learn: BlueMix to Mainframe making development accessible in the Cloud Rosalind Radcliffe IBM Distinguished Engineer, IBM Academy of Technology rradclif@us.ibm.com @RosalindRad Insert Custom

More information

Stories From the Front Lines: Deploying an Enterprise Code Scanning Program

Stories From the Front Lines: Deploying an Enterprise Code Scanning Program Stories From the Front Lines: Deploying an Enterprise Code Scanning Program Adam Bixby Manager Gotham Digital Science 10/28/2010 YOUR LOGO HERE Introduction Adam Bixby, CISSP, MS o Manager at Gotham Digital

More information

Agile and Secure Can We Be Both? Chicago OWASP. June 20 th, 2007

Agile and Secure Can We Be Both? Chicago OWASP. June 20 th, 2007 Agile and Secure Can We Be Both? Chicago OWASP June 20 th, 2007 The Agile Practitioner s Dilemma Agile Forces: Be more responsive to business concerns Increase the frequency of stable releases Decrease

More information

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP

Harnessing the power of software-driven innovation. Martin Nally IBM Rational CTO IBM Fellow and VP Harnessing the power of software-driven innovation Martin Nally IBM Rational CTO IBM Fellow and VP We have entered a new wave of innovation Innovation The Industrial Revolution Age of Steam and Railways

More information

Web Application Remediation. OWASP San Antonio. March 28 th, 2007

Web Application Remediation. OWASP San Antonio. March 28 th, 2007 Web Application Remediation OWASP San Antonio March 28 th, 2007 Agenda Introduction The Problem: Vulnerable Web Applications Goals Example Process Overview Real World Issues To Address Conclusion/Questions

More information

Security Intelligence Solutions

Security Intelligence Solutions Security Intelligence Solutions Know what is going on inside your enterprise with QRadar Joseph Skocich, WW Sales Integration Executive Q1 Labs, an IBM Company June 2012 jskocich@us.ibm.com What is Security

More information

Learning objectives for today s session

Learning objectives for today s session Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP Learning objectives for today s session Understand what a black box and white box assessment is and how they differ Identify

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Implementing Agile Requirements using IBM Rational Requirements Composer with C/ALM

Implementing Agile Requirements using IBM Rational Requirements Composer with C/ALM IBM Software Group Implementing Agile Requirements using IBM Rational Requirements Composer with C/ALM Yan (Tina) Zhuo, IBM Rational Topics IBM Rational Requirements Composer Agile Requirements Project

More information

Agile and Secure: OWASP AppSec Seattle Oct 2006. The OWASP Foundation http://www.owasp.org/

Agile and Secure: OWASP AppSec Seattle Oct 2006. The OWASP Foundation http://www.owasp.org/ Agile and Secure: Can We Be Both? OWASP AppSec Seattle Oct 2006 Dan Cornell, OWASP San Antonio Leader Principal, Denim Group Ltd. dan@denimgroup.com (210) 572-4400 Copyright 2006 - The OWASP Foundation

More information

Introduction to PCI DSS

Introduction to PCI DSS Month-Year Introduction to PCI DSS March 2015 Agenda PCI DSS History What is PCI DSS? / PCI DSS Requirements What is Cardholder Data? What does PCI DSS apply to? Payment Ecosystem How is PCI DSS Enforced?

More information

The role of integrated requirements management in software delivery.

The role of integrated requirements management in software delivery. Software development White paper October 2007 The role of integrated requirements Jim Heumann, requirements evangelist, IBM Rational 2 Contents 2 Introduction 2 What is integrated requirements management?

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Best Practices - Remediation of Application Vulnerabilities

Best Practices - Remediation of Application Vulnerabilities DROISYS APPLICATION SECURITY REMEDIATION Best Practices - Remediation of Application Vulnerabilities by Sanjiv Goyal CEO, Droisys February 2012 Proprietary Notice All rights reserved. Copyright 2012 Droisys

More information

Ten questions to ask when evaluating contract management solutions

Ten questions to ask when evaluating contract management solutions IBM Software Industry Solutions Contract Management Ten questions to ask when evaluating contract management solutions Ten questions to ask when evaluating contract management solutions Contents 2 Top

More information

A proven 5-step framework for managing supplier performance

A proven 5-step framework for managing supplier performance IBM Software Industry Solutions Industry/Product Identifier A proven 5-step framework for managing supplier performance Achieving proven 5-step spend framework visibility: benefits, for managing barriers,

More information

How to Choose the Right Security Information and Event Management (SIEM) Solution

How to Choose the Right Security Information and Event Management (SIEM) Solution How to Choose the Right Security Information and Event Management (SIEM) Solution John Burnham Director, Strategic Communications and Analyst Relations IBM Security Chris Meenan Director, Security Intelligence

More information

Security of Cloud Computing for the Power Grid

Security of Cloud Computing for the Power Grid ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 Security of Cloud Computing for the Power Grid Industry Panel November 12, 2014 UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

New IBM Security Scanning Software Protects Businesses From Hackers

New IBM Security Scanning Software Protects Businesses From Hackers New IBM Security Scanning Software Protects Businesses From Hackers Chatchawun Jongudomsombut Web Application Security Situation Today HIGH AND INCREASING DEPENDENCE ON WEB SERVICES Work and business Communications

More information

Secure By Design: Security in the Software Development Lifecycle

Secure By Design: Security in the Software Development Lifecycle Secure By Design: Security in the Software Development Lifecycle Twin Cities Rational User s Group Security Briefing by Arctec Group (www.arctecgroup.net) Integrating Security into Software Development

More information

Gain a competitive edge through optimized B2B file transfer

Gain a competitive edge through optimized B2B file transfer Gain a competitive edge through optimized B2B file transfer Contents: 1 Centralized systems enable business success 2 Business benefits of strategic file transfer that you can experience for yourself 2

More information

CONTINUOUS INTEGRATION TESTING

CONTINUOUS INTEGRATION TESTING WELCOME TO CONTINUOUS INTEGRATION TESTING Mikko Palkama IBM Software Nordic mikko.palkama@fi.ibm.com THE CHALLENGE Traditional approach: Integrate everything, then try it out Complexity lies beneath the

More information

IBM Software Information Management. Scaling strategies for mission-critical discovery and navigation applications

IBM Software Information Management. Scaling strategies for mission-critical discovery and navigation applications IBM Software Information Management Scaling strategies for mission-critical discovery and navigation applications Scaling strategies for mission-critical discovery and navigation applications Contents

More information

Continuous integration using Rational Team Concert

Continuous integration using Rational Team Concert IBM Software Group Continuous integration using Rational Team Concert Peter Steinfeld November 4, 2009 2009 IBM Corporation Overview The importance of using continuous integration How to use Rational Team

More information

Mobile Security. Luther Knight - @lutherldn Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

Mobile Security. Luther Knight - @lutherldn Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015. Mobile Security Luther Knight - @lutherldn Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015 12015 IBM Corporation Where I Started: Blackberry Migration BYOD Bring Your Own

More information

Collaborative DevOps Learn the magic of Continuous Delivery. Saurabh Agarwal Product Engineering, DevOps Solutions agarwasa@us.ibm.

Collaborative DevOps Learn the magic of Continuous Delivery. Saurabh Agarwal Product Engineering, DevOps Solutions agarwasa@us.ibm. Collaborative DevOps Learn the magic of Continuous Delivery Saurabh Agarwal Product Engineering, DevOps Solutions agarwasa@us.ibm.com Please note IBM s statements regarding its plans, directions, and intent

More information

Making your web application. White paper - August 2014. secure

Making your web application. White paper - August 2014. secure Making your web application White paper - August 2014 secure User Acceptance Tests Test Case Execution Quality Definition Test Design Test Plan Test Case Development Table of Contents Introduction 1 Why

More information

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility

More information

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Cenzic Product Guide. Cloud, Mobile and Web Application Security Cloud, Mobile and Web Application Security Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Quality management across the product and application life cycle

Quality management across the product and application life cycle IBM Software Product and application life cycle June 2011 Quality across the product and application life cycle IBM solutions for a Smarter Planet 2 Quality across the product and application life cycle

More information

IBM Tivoli Netcool network management solutions for enterprise

IBM Tivoli Netcool network management solutions for enterprise IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com

More information

Under the Hood of the IBM Threat Protection System

Under the Hood of the IBM Threat Protection System Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer

More information

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With

More information

New Zealand Company Six full time technical staff Offices in Auckland and Wellington

New Zealand Company Six full time technical staff Offices in Auckland and Wellington INCREASING THE VALUE OF PENETRATION TESTING ABOUT YOUR PRESENTER Brett Moore Insomnia Security New Zealand Company Six full time technical staff Offices in Auckland and Wellington Penetration Testing Web

More information

Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle

Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle Across the Software Deliver y Lifecycle Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle Contents Executive Overview 1 Introduction 2 The High Cost of Implementing

More information

Dashboard solutions Executive brief April 2007. Capitalize on the value of active dashboards to improve business flexibility and decision making.

Dashboard solutions Executive brief April 2007. Capitalize on the value of active dashboards to improve business flexibility and decision making. Dashboard solutions Executive brief April 2007 Capitalize on the value of active dashboards to improve business flexibility and decision making. Page 2 Contents 2 Executive summary 2 Dashboard trends and

More information

Web Application Report

Web Application Report Web Application Report This report includes important security information about your Web Application. OWASP Top Ten 2010 The Ten Most Critical Web Application Report This report was created by IBM Rational

More information

How Silk Central brings flexibility to agile development

How Silk Central brings flexibility to agile development How Silk Central brings flexibility to agile development The name agile development is perhaps slightly misleading as it is by its very nature, a carefully structured environment of rigorous procedures.

More information

Business Process Management IBM Business Process Manager V7.5

Business Process Management IBM Business Process Manager V7.5 Business Process Management IBM Business Process Manager V7.5 Federated task management overview This presentation gives you an overview on the federated task management feature in IBM Business Process

More information