Application Security Center overview

Similar documents
HP Application Security Center

HP Fortify Software Security Center

Testing Solutions to Tackle Application Security Checkpoint Technologies SQGNE. Jimmie Parson Checkpoint Technologies

HP Fortify application security

Collaborating for Quality in Agile Application Development From Beginning to End

IBM Rational AppScan: Application security and risk management

Application Security in the Software Development Lifecycle

API Management: Powered by SOA Software Dedicated Cloud

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

The top 10 misconceptions about performance and availability monitoring

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

Moving beyond Virtualization as you make your Cloud journey. David Angradi

McAfee Database Security. Dan Sarel, VP Database Security Products

Federal Secure Cloud Testing as a Service - TaaS Center of Excellence (CoE) Robert L. Linton

Application Security Testing as a Foundation for Secure DevOps

Table of contents. Standardizing IT Service Management. Best practices based on HP experience in ITSM consolidation. White paper

HP Service Manager software

"Performance and Security Testing in Agile Development"

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

The Evolution of Application Monitoring

Vulnerability Management

Product Roadmap. Sushant Rao Principal Product Manager Fortify Software, a HP company

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

HP APPLICATION PERFORMANCE MONITORING

HP CLOUD SYSTEM. The most complete, integrated platform for building and managing clouds featuring Intel technologies.

Summit Platform. IT and Business Challenges. SUMMUS IT Management Solutions. IT Service Management (ITSM) Datasheet. Key Benefits

Enabling ITIL Best Practices Through Oracle Enterprise Manager, Session # Ana Mccollum Enterprise Management, Product Management

Application Security Testing. Jesper Kråkhede

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA Enterprise Security

Implement a unified approach to service quality management.

Strategies for assessing cloud security

Cisco Security Optimization Service

Continuous Network Monitoring

Cross-Domain Service Management vs. Traditional IT Service Management for Service Providers

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

HP End User Management software. Enables real-time visibility into application performance and availability. Solution brief

Application Testing Suite Overview

Managed Security Services for Data

What s new in AM 9.30 Accelerating business outcomes

The SIEM Evaluator s Guide

<Insert Picture Here> Application Testing Suite Overview

Application Code Development Standards

Integrated Threat & Security Management.

Assuring Application Security: Deploying Code that Keeps Data Safe

On Demand Penetration Testing Applications Networks Compliance.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Integrating Application Security into the Mobile Software Development Lifecycle. WhiteHat Security Paper

Preemptive security solutions for healthcare

<Insert Picture Here> Integrating your On-Premise Applications with Cloud Applications

From the Bottom to the Top: The Evolution of Application Monitoring

How To Test For Security On A Network Without Being Hacked

Application Security 101. A primer on Application Security best practices

Fortify Training Services. Securing Your Entire Software Portfolio FRAMEWORK*SSA

The Value of Vulnerability Management*

Changing the Enterprise Security Landscape

Agenda. What is Service Level Agreement (SLA)? Why using ONE tool for SLA management? What s New on the Market? Oblicore Guarantee.

Vulnerabilities: A 360 Degree Approach

How To Standardize Itil V3.3.5

Effective Software Security Management

Virtualization and IaaS management

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Metrics that Matter Security Risk Analytics

G-Cloud IV Framework Service Definition Accenture Web Application Security Scanning as a Service

Cutting the Cost of Application Security

Journey to the Cloud and Application Release Automation Shane Pearson VP, Portfolio & Product Management

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Simplify and Automate IT

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Remote Management Services Portfolio Overview

Accenture Public Service Platform Taking SOA from the Whiteboard to the Data Center and Beyond

CloudCheck Compliance Certification Program

An Oracle White Paper June, Enterprise Manager 12c Cloud Control Application Performance Management

1 Introduction Product Description Strengths and Challenges Copyright... 5

Symantec Control Compliance Suite. Overview

PCI DSS Reporting WHITEPAPER

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Enterprise Applications Lifecycle Management

IBM Security QRadar Vulnerability Manager

Implementing Software- Defined Security with CloudPassage Halo

Extreme Networks Security Analytics G2 Vulnerability Manager

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Align IT Operations with Business Priorities SOLUTION WHITE PAPER

Q1 Labs Corporate Overview

Your world runs on applications. Secure them with Veracode.

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

SAP IT Infrastructure Management. Dirk Smit ALM Engagement Manager SAP Africa

IBM Internet Security Systems products and services

Clavister InSight TM. Protecting Values

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

SharePoint Governance & Security: Where to Start

Transcription:

Application Security overview Magnus Hillgren Presales HP Software Sweden Fredrik Möller Nordic Manager - Fortify Software

HP BTO (Business Technology Optimization) Business outcomes STRATEGY Project & Portfolio Management CIO Office SOA CTO Office APPLICATIONS Quality Management Quality Performance Application Security SAP, Oracle, SOA, J2EE,.Net Business Service Management Business Availability Operations Network Management OPERATIONS Business Service Automation Operations Orchestration Client Automation Data Automation Universal CMDB IT Service Management Service Management 2 17 September 2009

1 Three pillars of quality Does it work? AQM Does the application function the way the business needs it to? Does it perform? Will the application perform for the entire customer set? Does it work? Does it perform? Is it secure? Will it scale? Will it meet SLAs in production? Is it secure? FUNCTIONALITY PERFORMANCE SECURITY Has the application been assessed against all known threats? Are there open doors or windows that sophisticated hackers can penetrate? 3 17 September 2009

The Risks are Real 4 17 September 2009

Applications are the target Applications: Unprotected and ignored Servers: Protected by intrusion prevention Applications Servers Network Network: Secured by firewall 75% of hacks happen at the application. - Gartner Security at the Application Level 5 17 September 2009

Vulnerabilities are baked into the apps themselves, so security can t be bolted on Application teams must bridge the gap Security professionals Application developers and QA professionals 6 17 September 2009

The Costs to the Enterprise are Enormous Costs incurred for Discovery, response, and notification Lost employee productivity Regulatory fines Customer losses The total cost* of a data breach ranges from $90 to $305 per compromised record Cost of a single breach may run into millions or even billions of dollars From scans of over 31,000 sites, over 85% showed a vulnerability that could give hackers the ability to read, modify and transmit sensitive data. -- Web Application Security Consortium 11 17 September 2009 *Forrester Research, Calculating The Cost Of A Security Breach

What are organizations doing about these threats? Leading organizations secure the lifecycle 92% of security defects exist in applications Save money by fixing security defects before they get to production 100X 1X Design Development Testing Deployment 12

HP Software & Fortify Software Best Enterprise Application Security Solution Fortify leads SAST and Security for Development market HP dominates Quality Assurance, leader in DAST market Leverage strengths to bring best of breed solutions to customers Planned integrations: Fortify 360 SCA HP Application Management Platform Single dashboard view for more comprehensive risk picture Fortify 360 SCA HP Quality Defect Mgmt Module Security into established defect tracking process Gartner believes that vendors have greater vision if they integrate static and dynamic testing to increase the breadth of application life cycle coverage and the accuracy of vulnerability detection... 13 Gartner, Inc. HP and Fortify Aim to Advance Application Security Testing - Joseph Feiman and Neil MacDonald, June 17, 2009

HP Application Security Before partnership with Fortify Enterprise application security assurance Plan Design Code Test Production HP Application Security HP Web Security Research Group Source code validation DevInspect QA & integration QAInspect testing Production assessment WebInspect Continuous Updates Assessment Management Platform Internal app security research External hacking research Enterprise security assurance and reporting

HP Application Security Security for the Application lifecycle - Current Enterprise application security assurance Plan Design Code Test Production HP Web Security Research Group Source code validation HP Application Security QA & integration Production assessment WebInspect Continuous Updates Assessment Management Platform Internal app security research External hacking research Enterprise security assurance and reporting

Fortify 360 Source Code Analyzer The Gold Standard for Static Analysis Security Testing Business Value Increase Productivity Discover, Prioritize and Fix issues faster Pinpoint security flaws at the root cause in the code Empower developers to remediate errors early Increase Visibility Analyze and remediate software created: In-house Outsourced Purchased Open source Track and control security throughout the development lifecycle Leverage existing infrastructure Works seamlessly in developer IDEs or via web interface Automatically submit defects to HP Quality Defect Management System Analyzes 17 languages and over 600,000 APIs 16 13 April 2009

Fortify SCA -> HP Quality Out-of-the-box, seamless integration Submit issues from Fortify SCA into HP Quality Defect Management Module Via user interface or command line Round-trip integration enabled Fortify SCA updates issues when status changes in HP QC Custom field integration Via professional services

HP QAInspect Automated security testing for quality assurance teams and engineers Key benefits Automated Security Defect discovery Automatically finds and prioritizes security defects in a Web application Integrated with Quality Manage security testing within existing QM methodology Correct security defects early in application lifecycle Lower Application Risk Ensures compliance with government regulations Less exposure to application downtime Targeted Security Testing Holistic or targeted application security tests depending upon requirements Built in Knowledgebase Built-in Security Expertise combines daily updates of vulnerability checks with unique intelligent engines. Comprehensive defect information and remediation advice about each vulnerability

HP WebInspect For Security Professionals and Advanced Security Testers Key Benefits Find security defects during production or before you go live Determine the current security status of your web or web service applications Remediation advice for Development, QA and Operations Accelerate Regulatory Compliance Includes reports for more than 20 laws, regulations, and best practices, like SOX, HIPAA, PCI Support for the latest web technologies Supports the latest AJAX and JavaScript rich internet applications Advanced Security Toolkit High automated while allowing hands-on control Advanced toolkit for penetration testers Create customized reports and policies Custom checks, report templates, policies, compliance reports 19

HP Assessment Management Platform Assess and manage application security risk across the enterprise Key Benefits Controlled Visibility Scalability Centralize all application security data View and report on assessments conducted anytime by anyone Strict access control of sensitive data Multi-scanner arrays amplify existing personnel to scan more systems faster Managed Self-Service Allow low usage customers can scan themselves via web portal Control Sensitive Security Activities Set user permissions, enforce policies and restrict activities DevInspect, QAInspect, AMP Sensors and WebInspect SC Awards 2008 winner for Best Enterprise Security Solution

Integrate with demand Enforce the quality process A repeatable quality management process mitigates risk Align with management and stakeholders STRATEGY/ DEMAND REQUIREMENTS MANAGEMENT RISK-BASED TEST PLANNING TEST MANAGEMENT AND EXECUTION Go/ No Go OPERATIONS Strategic demand New applications New services Application integrations Business requirements Functional requirements Assess and Analyze risk Create manual test cases Automate regression test cases Execute functional tests Connect to production Operational demand Defects Enhancements Change requests Enterprise Architecture and Policies SOA Security Performance requirements Security requirements Other nonfunctional requirements Establish testing priorities Create test plans Identify and customize security policies Create performance scripts and scenarios Execute security scans Execute tests, diagnose and resolve problems DEFECT MANAGEMENT Operational security management Production monitoring Service desk 21 17 September 2009 Collaborate with design and development teams

Thank you! magnus.hillgren@hp.com fmoller@fortify.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information