Application Security from IBM Karl Snider, Market Segment Manager March 2012



Similar documents
IBM QRadar Security Intelligence April 2013

Addressing Security for Hybrid Cloud

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

IBM Security Intelligence Strategy

Security Intelligence

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

The Current State of Cyber Security

The webinar will begin shortly

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Protecting against cyber threats and security breaches

Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

Security strategies to stay off the Børsen front page

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security: automated scanning versus manual penetration testing.

and Security in the Era of Cloud

Security for a Smarter Planet IBM Corporation All Rights Reserved.

Introducing IBM s Advanced Threat Protection Platform

IBM Security Systems Support

IBM Advanced Threat Protection Solution

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Tivoli Automation for Proactive Integrated Service Management

Under the Hood of the IBM Threat Protection System

IBM Rational AppScan: Application security and risk management

Strengthen security with intelligent identity and access management

Let s talk about assets in QRadar

IBM Security QRadar Risk Manager

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IBM Security QRadar Risk Manager

Ten questions to ask when evaluating contract management solutions

Safeguarding the cloud with IBM Dynamic Cloud Security

How to Choose the Right Security Information and Event Management (SIEM) Solution

IBM Security Intrusion Prevention Solutions

IBM Innovate AppScan: Introducin g Security, a first. Bobby Walters Consultant, ATSC bwalters@atsc.com Application Security & Compliance

IBM Security QRadar SIEM Product Overview

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Security IBM Corporation IBM Corporation

IBM Security. Managed Security Services. SOC Poland / GSOC. Damian Staroscic Security Operations Center (SOC) Manager.

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

IBM Security Privileged Identity Manager helps prevent insider threats

The Top Web Application Attacks: Are you vulnerable?

Rational Asset Manager 7.2 Editions and Licensing

Applying IBM Security solutions to the NIST Cybersecurity Framework

Introduction to PCI DSS

Security Intelligence Solutions

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

Minimizing code defects to improve software quality and lower development costs.

IBM Security X-Force Threat Intelligence

Best Practices with IBM Cognos Framework Manager & the SAP Business Warehouse Agnes Chau Cognos SAP Solution Specialist

Five Steps to Achieve Risk-Based Application Security Management Make application security a strategically managed discipline

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

IBM Security QRadar Vulnerability Manager

A proven 5-step framework for managing supplier performance

SINGLE SIGNON FUNCTIONALITY IN HATS USING MICROSOFT SHAREPOINT PORTAL

Breaking down silos of protection: An integrated approach to managing application security

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Six ways to accelerate Android mobile application development

IBM Connections Cloud Security

Requirements Management im Kontext von DevOps

Risk-based solutions for managing application security

Focus on the business, not the business of data warehousing!

CS 558 Internet Systems and Technologies

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

Increased Agility with Integration Testing

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Cloud Security. Vaughan Harper IBM Security Architect

Performance Testing Web 2.0

AMPLIFYING SECURITY INTELLIGENCE

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

IBM Security SiteProtector System Migration Utility Guide

IBM Security QRadar Vulnerability Manager Version User Guide

Connecting PPM and software delivery

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Production Security and the SDLC. Mark Kraynak Sr. Dir. Strategic Marketing Imperva

Reference Architecture: Enterprise Security For The Cloud

Programming Against Hybrid Databases with Java Handling SQL and NoSQL. Brian Hughes IBM

Simplify security management in the cloud

IBM QRadar Security Intelligence Platform appliances

IBM Internet Security Systems. The IBM Internet Security Systems approach for Health Insurance Portability and Accountability Act compliance overview

Reducing the cost and complexity of endpoint management

Web Application Report

Lunch and Learn: BlueMix to Mainframe making development accessible in the

The role of integrated requirements management in software delivery.

Agile enterprise content management and the IBM Information Agenda.

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink.

Leveraging Rational Team Concert's build capabilities for Continuous Integration

Technology and Trends for Smarter Business Analytics

QRadar SIEM 7.2 Flows Overview

The Cyber Threat Profiler

Leverage security intelligence for retail organizations

Transcription:

Application Security from IBM Karl Snider, Market Segment Manager March 2012 1 2012 IBM Corporation

Helping Solve Customer Challenges Application Security Finding Application Vulnerabilities GlassBox scanning allowed us to improve results accuracy as well as test for new class of vulnerabilities undetected by conventional web application security scanning technologies Boris Gorin, Amdocs Reducing the Cost of Being Secure AppScan not only helps us to avoid costs related to hacking attacks, but also reduces the manual effort needed for analysis and the costs for testing Michael Neumaier,Senior Quality Specialist, SAP AG Providing Oversight and Governance We were able to increase the participation of the IT community in web application scanning Alex Jalso, Assistant Director, Office of Information Security, WVU 2

Organizations need to take a proactive approach to Application Security Embed security testing early in the development lifecycle to support agile delivery demands Bridge the gap between Security and Development through joint collaboration and visibility, enabling regulatory compliance A proactive team approach to Application Security Static Analysis Visibility Rational AppScan Hybrid Analysis Collaboration Dynamic Analysis Governance Integrate security testing into the development lifecycle, through interfaces to development tools Architect Analyst Developer Quality Professional Security Auditor 3

One specific AppScan feature: Javascript Analyzer In AppScan Standard 8.0, we shipped JSA a unique hybrid scan engine to auto-detect client-side issues such as: DOM-based XSS HTML5 Notification API Poisoning HTML5 Client-side Stored XSS Phishing through Open Redirect HTML5 Web Storage API Poisoning HTML5 Web Worker URL Manipulation HTML5 Client-side SQL Injection Email Attribute Spoofing Hybrid Analysis STRING /* analysis */ HTML5 4

Viewing JSA Results in AppScan AppScan Standard Scan Results Vulnerable URL and line of code Tainted data flow information 5

JSA Analysis Algorithms Enhanced Our original JSA research whitepaper, showed that out of the Fortune500 + 178 most popular internet sites, 14.5% were found to be riddled with client-side JavaScript vulnerabilities We spent some time improving our analysis algorithms. Apps vulnerable To Client-side JavaScript vulnerabilities Applications with issues in 3 rd Party JavaScript code 40% 90% 6

Why IBM Security: Breadth, deep expertise, integration Leadership After doing our research, we determined that IBM was a leader in the field of dynamic application scanning. Alex Jalso, Assistant Director, Office of Information Security, WVU Identified as a Leader in Gartner SAST Magic Quadrant, December 2010 Identified as a Leader in Gartner DAST Magic Quadrant, December 2011 Pioneer of new hybrid analysis techniques, including Correlation, JavaScript Analyzer and GlassBox Pioneer of developer-friendly solutions Integration Integration with IBM AppScan and SiteProtector to enhance web application security through IPS policy modification from application vulnerability data Integrates with IBM Rational development lifecycle solutions to enable collaboration between security and development teams Expertise We turned to IBM because they offered both the technology leadership and the deep security expertise Marek Hlávka, Chief Security Officer, Skoda Auto 7

ibm.com/security Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 8 Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information