Integrate App. Security in Continuous Integration
|
|
- Sydney Logan
- 8 years ago
- Views:
Transcription
1 Integrate App. Security in October 12, 2015 TLP: WHITE
2 Excellium ID card A Luxembourg company created in 2012 targeting PSF and Support PSF. An experimented team in Information Technology Security (30 people). Management by local entrepreneurs with an operation center in Luxembourg and an eco-system of partners. Our core competencies: Making customer Information Systems more secure Protect your non material assets (#SaaS #Cloud #BigData #Security). Our Customers : Banks, Insurances, Administration (90 up to date).. And Service Providers PSF Application file in progress (Statute Jul 2015) SOC and CERT in Operation Certification process ISO27001 started. Located in the BGL BNP Paribas Future lab Startup Incubator in Luxembourg City (BLD Royal). 2
3 Some reminder about (CI) (CI) is a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early. By integrating regularly, you can detect errors quickly, and locate them more easily. CI helps to unify quality of the different projects of the company regardless of the provider because they are validated by a common system and set of quality rules. 3
4 Why integrate Application Security validation into CI? As the CI promote the validation and enhancement of the quality and stability of the application during the development process, it can be interesting to apply the same philosophy to the security aspects of the application. The goal is to perform validation on the application from a static and dynamic points of view. These automated checks will never replace human validation (manual code review and penetration test will always be performed, they are complementary) but they helps de detect obvious security issues during development process. 4
5 Source: 5
6 SAST or DAST? Static Application Security Testing The application is not executed. The application can be compiled depending on SAST analyzer. Inspect source code, compiled code in order to find vulnerabilities at code/design level. Dynamic Application Security Testing The application is executed. Inspect the application by sending specific crafted order in order to find vulnerabilities at behavior level. Both are complementary because sometime application behave differently depending on runtime environment! 6
7 Dependencies analysis? Wait, is not my code It s a good point to validate your code but it s important to ensure that the third party assets (libraries/frameworks) on which you build your application are not broken too.build a fortress on shifting sand Source: 7
8 Check out sources Publish binary Compile sources Classical Integration Process without security validation steps Reports & docs Unit Tests Integration Tests Code quality analysis Build & deploy 8
9 Publish binary Check out sources Compile sources Classical Integration Process with security validation steps Reports & docs DAST Unit Tests Audit dependencies Integration Tests Code quality analysis Build & deploy SAST 9
10 SCM Code quality analysis Example of tooling and their integration for Java /.Net technologies Sandbox for DAST SAST CI Platform Dep. analysis for CVE Artifacts repository DAST 10
11 Going Further Integrate App. Security into CI it s a good start but it s better to combine it with human factor Train all people involved in application build from Business team to Infrastructure team App. Sec target all application layers. Perform manual Security Code Review/Mini Intrusion Test during Sprint (agile) or Phase (waterfall). About training, you are welcome to our CodeHackademy ( 11
12 12
Meister Going Beyond Maven
Meister Going Beyond Maven A technical whitepaper comparing OpenMake Meister and Apache Maven OpenMake Software 312.440.9545 800.359.8049 Winners of the 2009 Jolt Award Introduction There are many similarities
More informationIntegrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper
Integrating Application Security into the Mobile Software Development Lifecycle WhiteHat Security Paper Keeping pace with the growth of mobile According to the November 2015 edition of the Ericsson Mobility
More informationTesting Solutions to Tackle Application Security Checkpoint Technologies SQGNE. Jimmie Parson Checkpoint Technologies
Testing Solutions to Tackle Application Security Checkpoint Technologies SQGNE Jimmie Parson Checkpoint Technologies Welcome, Introductions Agenda Checkpoint Technologies Quick Corporate Overview Why do
More informationThe Web AppSec How-to: The Defenders Toolbox
The Web AppSec How-to: The Defenders Toolbox Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware
More informationContinuous Integration Processes and SCM To Support Test Automation
Continuous Integration Processes and SCM To Support Test Automation SIGIST Conference, July 2013 Gal Fatal Gal.fatal@ATT.com 054-342-3864 AT&T Israel Center of Excellence AT&T Worldwide One of the largest
More informationContinuous Integration (CI)
Introduction A long standing problem for software development teams has been to maintain the stability of an application while integrating the changes made by multiple developers. The later that integration
More informationInfo-Security Conference 2013. Securing Your Applications in the Cloud. 29 May 2013
Info-Security Conference 2013 Securing Your Applications in the Cloud 29 May 2013 Applications in the Cloud Problem: In the cloud, application security is your final line of defence We are still not doing
More informationEnabling Continuous Delivery by Leveraging the Deployment Pipeline
Enabling Continuous Delivery by Leveraging the Deployment Pipeline Jason Carter Principal (972) 689-6402 Jason.carter@parivedasolutions.com Pariveda Solutions, Inc. Dallas,TX Table of Contents Matching
More informationKeys to Continuous Delivery Success. Mark Warren Product Director Perforce Software
Keys to Continuous Delivery Success Mark Warren Product Director Perforce Software Perforce Software Enterprise Version Management 10,500+ customers Trusted with storing and versioning the most valuable
More informationContinuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app
More informationSurvey on Application Security Programs and Practices
Survey on Application Security Programs and Practices A SANS Analyst Survey Written by Jim Bird and Frank Kim Advisor: Barbara Filkins February 2014 Sponsored by Hewlett-Packard, Qualys and Veracode 2014
More informationHow Safe are you in your Cloud?
Nov Nov 4-5, 4-5, 2014 2014 Monarch Monarch Beach, Beach, CA CA How Safe are you in your Cloud? Security Intelligence and Regulatory Compliance in the Cloud November 2014 Heather Hinton, Ph.D. IBM Distinguished
More informationThe Tester's Role in Continuous Integration
W8 Track 10/3/2012 The Tester's Role in Continuous Integration Presented by: Roi Carmel HP Brought to you by: 340 Corporate Way, Suite 300, Orange Park, FL 32073 888-268-8770 904-278-0524 sqeinfo@sqe.com
More informationSecurity Automation in Agile SDLC Real World Cases
Security Automation in Agile SDLC Real World Cases Ofer Maor Director of Security Strategy, Synopsys AppSec California, January 2016 Speaker Security Strategy at Synopsys Founder of Seeker / Pioneer of
More informationSecurity Testing of Java web applications Using Static Bytecode Analysis of Deployed Applications
Security Testing of Java web applications Using Static Bytecode Analysis of Deployed Applications Streamline your web application Security testing with IBM Security AppScan Source 9.0.1 Leyla Aravopoulos
More informationBest Overall Use of Technology. Jaspersoft
Best Overall Use of Technology Jaspersoft Kerstin Klein Manager, Engineering Processes/ Infrastructure, Jaspersoft From requirements to release QA centric development From Requirement to Release QA-Centric
More informationThe AppSec How-To: Achieving Security in DevOps
The AppSec How-To: Achieving Security in DevOps How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be
More informationAgile SPL-SCM: Agile Software Product Line Configuration and Release Management
Agile SPL-SCM: Agile Software Product Line Configuration and Release Management APLE 2006 Workshop SPLC 2006, Baltimore, MD Reto.Kurmann@phonak.com Phonak Hearing Systems Presentation Roadmap 1. Introduction
More informationA Strategic Approach to Web Application Security The importance of a secure software development lifecycle
A Strategic Approach to Web Application Security The importance of a secure software development lifecycle Rachna Goel Technical Lead Enterprise Technology Web application security is clearly the new frontier
More informationProduct Roadmap. Sushant Rao Principal Product Manager Fortify Software, a HP company
Product Roadmap Sushant Rao Principal Product Manager Fortify Software, a HP company Agenda Next Generation of Security Analysis Future Directions 2 Currently under investigation and not guaranteed to
More informationCentralized Secure Vault with Serena Dimensions CM
Centralized Secure Vault with Serena Dimensions CM A single artifact repository for development, quality and operations SOLUTION BRIEF Why Security and Software engineering We re a bank not a startup,
More informationSoftware Development In the Cloud Cloud management and ALM
Software Development In the Cloud Cloud management and ALM First published in Dr. Dobb's Journal, February 2009: http://www.ddj.com/development-tools/212900736 Nick Gulrajani is a Senior Solutions Architect
More informationCoverity Services. World-class professional services, technical support and training from the Coverity development testing experts
Coverity Services World-class professional services, technical support and training from the Coverity development testing experts Coverity has helped over 1,100 customers around the globe assure the quality,
More informationSuccessful PaaS and CI in the Cloud
Successful PaaS and CI in the Cloud Steven G. Harris steven.g.harris@cloudbees.com @stevengharris AgileALM/EclipseCon 2012 Platform as a Service As-a-Service Examples Today SaaS PaaS "Cloud computing is
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationSIN #5 - Choosing the system before defining the process
7 Deadly Sins of Software Implementations: SIN #5 - Choosing the system before defining the process Kelly Gilchrist Director, Systems Transformation Program Ritchie Bros. Auctioneers October 24 th, 2012
More informationHow We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell
How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell SESSION ID: ASEC-R03 Yair Rovek Security Specialist LivePerson @lione_heart Challenged by Agile In the Next 45 Min LivePerson and Application
More informationFundamentals of Continuous Integration
Zend Blueprint for Delivery Fundamentals of Jenkins with and server by Slavey Karadzhov Introduction Delivery is a methodology, a mindset change and a leadership practice that focuses on how to achieve
More information2015 IBM Continuous Engineering Open Labs Target to better LEARNING
2015 IBM Continuous Engineering Open Labs Target to better LEARNING (NO COST - not a substitute for full training courses) Choose from one or more of these Self-Paced, Hands-On Labs: DMT 3722 - Learn to
More informationJenkins World Tour 2015 Santa Clara, CA, September 2-3
1 Jenkins World Tour 2015 Santa Clara, CA, September 2-3 Continuous Delivery with Container Ecosystem CAD @ Platform Equinix - Overview CAD Current Industry - Opportunities Monolithic to Micro Service
More informationThe Forrester Wave : Application Security, Q4 2014
For: Security & Risk Professionals The Forrester Wave : Application Security, Q4 2014 by Tyler Shields, December 23,2014 Key Takeaways HP, IBM, Veracode, WhiteHat, Contrast Security, Quotium, And Checkmarx
More informationContinuous Delivery Benefits, Best Practices and Practical Advice
Continuous Delivery Benefits, Best Practices and Practical Advice Jeffrey Hammond Forrester Research Ajit Zadgaonkar Edmunds.com Mark Warren Perforce Software Continuous Delivery: A Key Enabler of Feedback
More informationContinuous integration End of the big bang integration era
Continuous integration End of the big bang integration era Patrick Laurent Partner Technology & Enterprise Applications Deloitte Mario Deserranno Manager Technology & Enterprise Applications Deloitte The
More informationThe AppSec How-To: 10 Steps to Secure Agile Development
The AppSec How-To: 10 Steps to Secure Agile Development Source Code Analysis Made Easy 10 Steps In Agile s fast-paced environment and frequent releases, security reviews and testing sound like an impediment
More informationJava PaaS Enabling CI, CD, and DevOps
Java PaaS Enabling CI, CD, and DevOps AuthX Overview Who We Are? Digital Engagement Company offering Technical and Marketing Services with proven success supporting Fortune 1000 companies. We partner with
More informationDelivering Quality Software with Continuous Integration
Delivering Quality Software with Continuous Integration 01 02 03 04 Unit Check- Test Review In 05 06 07 Build Deploy Test In the following pages we will discuss the approach and systems that together make
More informationApplication Release Automation (ARA) Vs. Continuous Delivery
Application Release Automation (ARA) Vs. Continuous Delivery A whitepaper review of the feature and process differences between Continuous Delivery and Application Release Automation (ARA) By Tracy Ragan,
More informationIntroduction. Secure Software Development 9/03/2015. Matias starts. Daan takes over. Matias takes over. Who are we? Round of introductions
Matias starts Who are we? Applying Static Analysis Matias Madou and Daan Raman, Leuven, Feb 27, 2015 1 At NVISO, I m responsible for the software security practice. Next to the client work, I also leads
More informationApplication Backdoor Assessment. Complete securing of your applications
Application Backdoor Assessment Complete securing of your applications Company brief BMS Consulting is established as IT system integrator since 1997 Leading positons in Eastern Europe country Product
More informationMobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing
Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173
More informationLicensing Guide for Partners. Leveraging Data Center Providers and Software Services Resellers
Licensing Guide for Partners Leveraging Data Center Providers and Software Services Resellers LEVERAGING DATA CENTER PROVIDERS AND SOFTWARE SERVICES RESELLERS: LICENSING GUIDE Table of Contents Introduction...
More informationHP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training
HP ESP Partner Enablement Fortify Proof of Concept Boot Camp Training HP and HP Enterprise Security Products are committed to your success as an HP Partner. In the Fortify Proof of Concept Boot Camp Training,
More informationContinuous Delivery Software-Deployments ohne graue Haare. 3. April 2012 Corsin Decurtins
Continuous Delivery Software-Deployments ohne graue Haare 3. April 2012 Corsin Decurtins Some numbers 4 15 deployments per year bank, insurance company, government, transport authority deployments per
More informationTest Challenges and Approaches With SaaS and PaaS. Dr. Ganesh Neelakanta Iyer Principal QA Engineer Progress Software
Test Challenges and Approaches With SaaS and PaaS Dr. Ganesh Neelakanta Iyer Principal QA Engineer Progress Software About Me Completed B.Tech. in Computer Science and Engineering from Mahatma Gandhi University,
More informationIntroduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Introduction to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and
More informationContinuous Integration on System z
Continuous Integration on System z A Proof of Concept at Generali Deutschland Informatik Services GmbH Enterprise Modernization GSE Frankfurt, 14th October 2013 Markus Holzem, GDIS-AS mailto: markus.holzem@generali.de
More informationWhitepaper. Security Best Practices for Evaluating Google Apps Marketplace Applications. Introduction. At a Glance
Whitepaper Security Best Practices for Evaluating Google Apps Marketplace Applications At a Glance Intended Audience: Security Officers CIOs of large enterprises evaluating Google Apps Marketplace applications
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More information!!!!!! "#$%&'&()%*+,-))!.'',(+-$(/#!0%,%-)%!.1$/2-$(/#!.!3%)$!4&-+$(+%!!!!
"#$%&'&()%*+,-)).'',(+-$(/#0%,%-)%.1$/2-$(/#.3%)$4&-+$(+% 55567%8(-,-8)6+/2 "7%+1$(9%:122-&; CIO s are under pressure to understand how to deliver IT projects that enable business growth and innovation,
More informationDevOps Best Practices for Mobile Apps. Sanjeev Sharma IBM Software Group
DevOps Best Practices for Mobile Apps Sanjeev Sharma IBM Software Group Me 18 year in the software industry 15+ years he has been a solution architect with IBM Areas of work: o DevOps o Enterprise Architecture
More informationCloud Security Alliance and Standards. Jim Reavis Executive Director March 2012
Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters
More informationРешения HP по информационной безопасности
Решения HP по информационной безопасности Евгений Нечитайло ynechyta@hp.com Mobile: +380 67 464 0218 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationUnderstanding Code Management in a Multi-Vendor Environment. Examples of code management in a multi-team environment
Understanding Code Management in a Multi-Vendor Environment Examples of code management in a multi-team environment About this Presentation This presentation was prepared as part of the support materials
More informationMastering Continuous Integration with Jenkins
1. Course Objectives Students will walk away with a solid understanding of how to implement a Continuous Integration (CI) environment with Jenkins, including: Setting up a production-grade instance of
More informationContinuous Integration & Automated Testing in a multisite.net/cloud Project
Continuous Integration Automated Testing in a multisite.net/cloud Project Entwicklertag 2013 Karlsruhe 5-Jun-2013 Vladislav Kublanov 1 Speaker Vladislav Kublanov Tata Consultancy Services (TCS) Studied
More informationContinuous Integration Comes to China. www.electric-cloud.com
Continuous Integration Comes to China www.electric-cloud.com Agenda Time Topic Presenter 2:00 Introduction Tracy Shi Emdoor Technology 2:15 Continuous Integration Anders Wallgren, Electric Cloud 3:00 Practical
More informationContinuous Integration
Continuous Integration Stefan Sprenger (sprengsz@informatik.hu-berlin.de) Semesterprojekt Verteilte Echtzeitrecherche in Genomdaten 15. Dezember 2015 Motivation 2 How was software developed before CI?
More informationCautela Labs Cloud Agile. Secured.
Cautela Labs Cloud Agile. Secured. Vulnerability Management Scanning and Assessment Service Vulnerability Management Services New network, application and database vulnerabilities emerge every day. Because
More informationIntegrating Security into the Application Development Process. Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis
Integrating Security into the Application Development Process Jerod Brennen, CISSP CTO & Principal Security Consultant, Jacadis Agenda Seek First to Understand Source Code Security AppSec and SQA Analyzing
More informationOpenMake Dynamic DevOps Suite 7.5 Road Map. Feature review for Mojo, Meister, CloudBuilder and Deploy+
OpenMake Dynamic DevOps Suite 7.5 Road Map Feature review for Mojo, Meister, CloudBuilder and Deploy+ Release Date: August 2012 Dated: May 21, 2012 Table of Contents OpenMake Dynamic DevOps Suite 7.5 Road
More informationOne solution for all your Source Configuration Management Needs
One solution for all your Source Configuration Management Needs SPECTRUM SOFTWARE, Inc. 11445 Johns Creek Parkway Suite 300 Duluth, GA 30097 Ph: 770-448-8662 Fax: 678-473-9294 www.spectrumscm.com www.spectrumsoftware.net
More informationDevOps for the Mainframe
DevOps for the Mainframe Rosalind Radcliffe IBM Distinguished Engineer, Enterprise Modernization Solution Architect rradclif@us.ibm.com 1 Please note IBM s statements regarding its plans, directions, and
More informationMOBILE METRICS REPORT
MOBILE METRICS REPORT ios vs. Android Development in 2015 A Ship.io Study for Mobile App Developers, Testers, and Product Managers Mobile developers understand the rising importance of continuous integration
More informationThe Security Development Lifecycle. OWASP 24 June 2010. The OWASP Foundation http://www.owasp.org
The Security Development Lifecycle 24 June 2010 Steve Lipner Senior Director of Security Engineering Strategy Trustworthy Computing Microsoft Corporation SLipner@microsoft.com +1 425 705-5082 Copyright
More informationPaul Barham (pabarham@microsoft.com) Program Manager - Java. David Staheli (dastahel@microsoft.com) Software Development Manager - Java
Paul Barham (pabarham@microsoft.com) Program Manager - Java David Staheli (dastahel@microsoft.com) Software Development Manager - Java to empower every person and every organization on the planet to achieve
More informationSikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges
More informationHP Application Lifecycle Management
HP Application Lifecycle Management Overview HP Application Lifecycle Management is a software solution expressly designed to allow your team to take control of the application lifecycle while investing
More informationDeciphering The Buzzwords. Duncan Winn @duncwinn
Deciphering The Buzzwords Duncan Winn @duncwinn Business Problem: Shipping with Velocity Underlying Problem: Buzzwords Buzzwords Release Engineering Cloud Computing Containers Automation Anything As A
More informationWalk Then Run: 10 Essential Steps to Securing the Cloud
Walk Then Run: 10 Essential Steps to Securing the Cloud Security and Platform Insights from 15 CIOs Every Organization Needs a Security Plan Every business needs a strategic security plan that takes into
More informationPracticing Continuous Delivery using Hudson. Winston Prakash Oracle Corporation
Practicing Continuous Delivery using Hudson Winston Prakash Oracle Corporation Development Lifecycle Dev Dev QA Ops DevOps QA Ops Typical turn around time is 6 months to 1 year Sprint cycle is typically
More informationRagy Magdy Regional Channel Manager MEA IBM Security Systems
Ragy Magdy Regional Channel Manager MEA IBM Security Systems 1 Started my career in Security in 2003 by Joining ISS 2005 was named the ISS Regional Manager for the Middle East 2006 ISS was acquired by
More informationModern practices 2.3.2015 02.03.2015 TIE-21100/21106 1
Modern practices 2.3.2015 1 Today s lecture Learn what some modern SW engineering topics are about A peek to some research topic of our department 2 3 4 5 6 How the lectures continue? 02.03 Modern practices
More informationHow Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant
How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic
More informationWHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security
Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application
More informationSUCCESFUL TESTING THE CONTINUOUS DELIVERY PROCESS
SUCCESFUL TESTING THE CONTINUOUS DELIVERY PROCESS @huibschoots & @mieldonkers INTRODUCTION Huib Schoots Tester @huibschoots Miel Donkers Developer @mieldonkers TYPICAL Experience with Continuous Delivery?
More informationMaking Leaders Successful Every Day. 2014 Forrester Research, Inc. Reproduction Prohibited
Making Leaders Successful Every Day Compliance & Continuous Delivery for SVN and Git An Oxymoron No Longer Kurt Bittner, Principal Analyst Mobile and Cloud Are Driving The Need for Faster Delivery Cycles
More informationNovember 12 th 13 th London: Mastering Continuous Integration with Jenkins
1. Course Objectives Students will walk away with a solid understanding of how to implement a Continuous Integration (CI) environment, including: Setting up a production-grade instance of a Jenkins server,
More informationBuilding a Continuous Integration Pipeline with Docker
Building a Continuous Integration Pipeline with Docker August 2015 Table of Contents Overview 3 Architectural Overview and Required Components 3 Architectural Components 3 Workflow 4 Environment Prerequisites
More informationCloudBees Continuous Integration and Test with Appvance Enterprise 7.0.1. August 28, 2013 Frank Cohen, fcohen@appvance.com, (408) 364-5508
CloudBees Continuous Integration and Test with Appvance Enterprise 7.0.1 August 28, 2013 Frank Cohen, fcohen@appvance.com, (408) 364-5508 The Missing Agile CI Results Database Extends CloudBees Jenkins
More informationCloud and Regulations: A match made in heaven, or the worst blind date ever?
Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing
More informationBrochure More information from http://www.researchandmarkets.com/reports/2930604/
Brochure More information from http://www.researchandmarkets.com/reports/2930604/ Security Testing Market by Network Security Testing, Application Security Testing, SAST, DAST, Security Testing Tools,
More informationSAST, DAST and Vulnerability Assessments, 1+1+1 = 4
SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges
More informationEnterpriseWeb grows business with its enterprise- and cloud-friendly application layer
EnterpriseWeb grows business with its enterprise- and cloud-friendly application layer Analyst: Michael Coté 26 Jun, 2014 EnterpriseWeb sells a platform built from scratch over the past five years to address
More informationApplication Security Testing as a Foundation for Secure DevOps
Application Security Testing as a Foundation for Secure DevOps White Paper - April 2016 Introduction Organizations realize that addressing the risk of attacks on their Website applications is critical.
More informationThe need for Security Testing An Introduction to the OSSTMM 3.0
The need for Security Testing An Introduction to the OSSTMM 3.0 Charles W. Fullerton OPST,CISSP,CSS1,CCNP,CCDA,CNA,A+ Founder, CEO Charles W. Fullerton Institute of Analysis www.cia-sec.com The need for
More informationSeamless adaptive multi-cloud management of service-based applications
Seamless adaptive multi-cloud management of service-based applications Open solution brings Interoperability & Portability to PaaS The future of Cloud computing: Elasticity, Legacy Support, Interoperability
More informationThe Game of Hide and Seek, Hidden Risks in Modern Software Development
The Game of Hide and Seek, Hidden Risks in Modern Software Development SESSION ID: ASEC-R02 Ryan Berg CSO Sonatype @ryanberg00 Agenda The changing dynamics surrounding application security Why this is
More informationWhite Paper. Automating Your Code Review: Moving to a SaaS Model for Application Security
White Paper Automating Your Code Review: Moving to a SaaS Model for Application Security Contents Overview... 3 Executive Summary... 3 Code Review and Security Analysis Methods... 5 Source Code Review
More informationGetting Started with Web Application Security
Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled
More informationIs your software secure?
Is your software secure? HP Fortify Application Security VII konferencja Secure 2013 Warsaw - October 9, 2013 Gunner Winkenwerder Sales Manager Fortify CEE, Russia & CIS HP Enterprise Security +49 (172)
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationSerena Dimensions CM. Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF
Serena Dimensions CM Develop your enterprise applications collaboratively securely and efficiently SOLUTION BRIEF Move Fast Without Breaking Things With Dimensions CM 14, I am able to integrate continuously
More informationSUCCESFUL TESTING THE CONTINUOUS DELIVERY PROCESS
SUCCESFUL TESTING THE CONTINUOUS DELIVERY PROCESS @pascal_dufour & @hrietman INTRODUCTION Pascal Dufour Agile Tester @Pascal_Dufour Harald Rietman Developer Scrum Master @hrietman TYPICAL Experience with
More informationThe Definitive Guide To Docker Containers
The Definitive Guide To Docker Containers EXECUTIVE SUMMARY THE DEFINITIVE GUIDE TO DOCKER CONTAINERS Executive Summary We are in a new technology age software is dramatically changing. The era of off
More informationIMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING
IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY How runtime application security monitoring helps enterprises make smarter decisions on remediation 2 ABSTRACT Enterprises today
More informationAgile ALM. Lightweight tools and Agile strategies MANNING MICHAEL HUTTERMANN. Shelter Island
Agile ALM Lightweight tools and Agile strategies MICHAEL HUTTERMANN II MANNING Shelter Island contents preface xv acknowledgments about this book xix xvii about the cover illustration xxv *art 1 Introduction
More informationSAP HANA Cloud Platform for SuccessFactors High Level Overview August 2013
SAP HANA Cloud Platform for SuccessFactors High Level Overview August 2013 SAP HANA Cloud Platform for SuccessFactors Executive Summary The SAP HANA Cloud Platform for SuccessFactors is a new solution,
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationALM: Continuous Integration. José Almeida, Microsoft
ALM: Continuous Integration José Almeida, Microsoft Agenda Issues Addressed Getting Started What is CI? CI Practices About Continuous Integration What is Continuous Integration? CI is the thread that ties
More information