Suman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017

Size: px
Start display at page:

Download "Suman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017"

Transcription

1 Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017

2 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder of DevSecOps Singapore & DevSecCon Asia Speakers IoT Asia OWASP Singapore DevOps Singapore Jenkins Singapore Security Conferences in USA, China Trained developers and QA

3 Indonesia Information Security Vantage Point Security Confidential

4 Important numbers Reference :

5 Important numbers Reference :

6 Application Security Approach Security Requirements Security Requirements are missing REQUIREMENTS DESIGN DEVELOP TEST UAT SAST DAST PENETRATION TESTING REMEDIATION CYCLE

7 Cost of Vulnerability Remediation 35x Penetration Testing 30x 25x 20x 15x 10x 5x 0x Requirements/Design Coding Integration Testing Acceptance Testing Production Relative Cost to fix, based on time of

8

9 Agile Security 24 hours Develop Pairing Threat Modelling Manual Security Tests Test Automatic Security Tests 1-4 Weeks Design Arch & Design Review Shippable Increment Plan Security Requirements Product Backlog Security Acceptance Criteria Sprint Backlog Security Activities Security Feature Demo Output

10 DevOps & SecOps DevOps SecOps Lack of Security Orchestration & Automation in the SDLC Rise of the Developer Overburdened Security

11 Security Developer

12 Major Challenges Shortage of Application Security Resources Lack of awareness in the organization Influences of technology vendors Slow adoption of security tools in development environment Lack of education & training No application security dashboard

13

14 Time to Change Our Approach of Application Security Define Security Metrics for Application Security Build Internal Resources from Development Team Define the Application Security Technology Evaluation Process Build the DevSecOps Technology Roadmap Adoption of Cloud Security Solution Adoption of Security As a Service

15 What we need is : DevSecOps and 99% Agree DevOps is an opportunity to improve application security Scale Agile Developmen t Q A Automation Operation s Customer Centric Immediate Results 90% of surveyed organizations are implementing or piloting DevOps but only 20% Are doing application security testing during development SecOps Needs to Shift Left SecOp s

16 Key Elements People Training Role Process Compliance Certifications Technology Security tools Dev tools

17 People Vantage Point Security Confidential

18 Training Approach Culture Change Traditional Training Shorter Training Duration Integrated in IDE/ALM New Joinee Induction Training Product Manager Secure SDLC Security Requirements Architects Secure Design Principles Threat Modeling Developer Secure Coding SAST Tools QA Security Testing Dynamic Testing Tools Operation Security Configurations Secure Deployments

19 Secure Coding Training Program Security Champion Development Roadmap Level 1 Level 2 Level 3 Level 4 Level 5

20 Software Security Group SSG Project Group 1 SSG Lead Project Group 2 Project Group N

21 Software Security Group Roles & Responsibilities SSG Security Best Practices Security tournaments Secure Coding Training Security Policy Security Process Security Technologies Security Forum Security Events (Internal Conference) Security Hackathon Security Summits Vantage Point Security Confidential

22

23 Process Vantage Point Security Confidential

24 Appsec Program Definition Execution Optimization Application Portfolio Initial Communication Onboarding Assessments Remediation Integrations Program Oversight Reporting & Analytics

25 ISO/IEC VANTAGEPOINT

26 OPEN SAMM VANTAGEPOINT

27 Technology Vantage Point Security Confidential

28 OWASP Appsec Pipeline Project VANTAGEPOINT

29 Application Security Execution from Left QA Developers Development Environment Code Repository Build Server Deployment Server IDE Plugin ALM PM Repository Scan Nightly Scans Dynamic Scans Secure Coding Principles SAST/ Dependencies check DAST Security Unit test Cases IAST Security Requirements Immediate Feedback Incremental Report False Positives Generated from Threat

30 DevSecOps Orchestration Open Source Libraries GitHub Build Tools Deploy Env Vulnerability Normalization & Analytics Master Compile Test Publish Deploy Branch1 Build DevSecOps Orchestration Platform Sec Requirements Design Review Threat Modelling Security Unit Tests SAST SCA DAST IAST VA Security as Code RASP NG WAF Security As a service

31

32 Q&A

In collaborazione con

In collaborazione con In collaborazione con 1. Software Security Introduction 2. SDLC frameworks: how OWASP can help on software security 3. OWASP Software Security 5 Dimension Framework 4. Apply the models to a real

More information

Taking Control of Your Application Security

Taking Control of Your Application Security EDUCAUSE Wednesday, May 3 rd Taking Control of Your Application Security 2017 SANS Institute All Rights Reserved INTRODUCTION Eric Johnson, CISSP, GSSP-Java, GSSP-.NET, GWAPT Application Security Curriculum

More information

Application Security at Scale

Application Security at Scale Jake Marcinko Standards Manager, PCI Security Standards Council Jeff Williams CTO, Contrast Security Application Security at Scale AppSec at Scale Delivering Timely Security Solutions / Services to Meet

More information

Managing an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1

Managing an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1 Managing an Application Vulnerability Management Program in a CI/CD Environment March 29, 2018 OWASP Vancouver - Karim Lalji 1 About Me Karim Lalji Managing Security Consultant (VA/PT) at TELUS Previously:

More information

Strengthen and Scale security using DevSecOps

Strengthen and Scale security using DevSecOps OWASP Indonesia Meetup Strengthen and Scale security using DevSecOps $ www.teachera.io!"# @secfigo % secfigo@gmail.com # whoami Author, Speaker and Community Leader. Speaker/Trainer at Blackhat, AppSec EU,

More information

Secure DevOps: A Puma s Tail

Secure DevOps: A Puma s Tail Secure DevOps: A Puma s Tail SANS Secure DevOps Summit Tuesday, October 10th 2017 Eric Johnson (@emjohn20) Eric Johnson, CISSP, GSSP, GWAPT Cypress Data Defense Principal Security Consultant Static code

More information

Weaving Security into Every Application

Weaving Security into Every Application Weaving Security into Every Application Paul Fox AVP Technology AT&T 2018 TM Forum 1 Cyber Security Accelerating Threat Telecom Breaches 300,000 Number of complaints filed with the FBI Internet Crime Complaint

More information

Put Security Into Your DevOps NOW. Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018

Put Security Into Your DevOps NOW. Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018 Put Security Into Your DevOps NOW Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018 Defining Devops State of Devops Report (Puppet, Dora):..set of practices and cultural

More information

How to shift from compliance to proactive security

How to shift from compliance to proactive security How to shift from compliance to proactive security and make engineers your competitive advantage Răzvan Tudor, Chapter Lead, ING Tech Cloud & Cyber Security Expo, London, March 2019 Whoami Răzvan Tudor

More information

Automating Security Practices for the DevOps Revolution

Automating Security Practices for the DevOps Revolution Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT

More information

AppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager

AppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous

More information

Embedding GDPR into the SDLC

Embedding GDPR into the SDLC Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience

More information

THE ART OF SECURING 100 PRODUCTS. Nir

THE ART OF SECURING 100 PRODUCTS. Nir THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!

More information

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant

More information

AppSec in a DevOps World

AppSec in a DevOps World AppSec in a DevOps World Peter Chestna Director of Developer Engagement 1 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Who am I? 27 Years Software Development Experience 12 Years Application Security

More information

Effective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker:

Effective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker: Effective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker: Cindy Blake CISSP Product Marketing Manager Hewlett Packard Enterprise Effective

More information

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation

More information

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo

More information

DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1

DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 Agenda State of DevOps Value of DevOps Benefitting from DevOps DevSecOps What you can do as InfoSec 2 The State of DevOps - 2017 Automation is

More information

Unify DevOps and SecOps: Security Without Friction

Unify DevOps and SecOps: Security Without Friction SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania Technology Trend #1: Infrastructure Migrates

More information

Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions

Test Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving

More information

Robots with Pentest Recipes:

Robots with Pentest Recipes: Robots with Pentest Recipes: Democratizing Security Testing for DevOps Wins Abhay Bhargav - CTO, we45 Yours Truly Co-author of Secure Java For Web Application Development Author of PCI Compliance: A Definitive

More information

Rethinking Product Security: Cloud Demands a New Way

Rethinking Product Security: Cloud Demands a New Way SESSION ID: CSV-R11 Rethinking Product Security: Cloud Demands a New Way Reeny Sondhi Chief of Product Security Autodesk Inc. @reenysondhi Tony Arous Head of Application Security Autodesk Inc. @tonyarous

More information

How to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M. Matias Madou Ph.D., Secure Code Warrior

How to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M. Matias Madou Ph.D., Secure Code Warrior How to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M Matias Madou Ph.D., Secure Code Warrior Matias Madou, Ph.D. CTO and Co-Founder Ph.D. in Computer Engineering from Ghent

More information

Development. Architecture QA. Operations

Development. Architecture QA. Operations Development Architecture QA Operations Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments

More information

Day One Success for DevSecOps and Automation on Azure

Day One Success for DevSecOps and Automation on Azure Day One Success for DevSecOps and Automation on Azure Chris Jeffrey Senior Cloud Architect Microsoft Azure Cloud Technology Partners, A Hewlett Packard Enterprise Company Twitter: @chrisjeffrey_uk What

More information

Micro Focus Security Fortify. Application Security

Micro Focus Security Fortify. Application Security Micro Focus Security Fortify Application Security Secure the new Application security in DevOps Agenda: - Fortify in brief (Offerings) - Fortify Source Code Analyzer - Fortify WebInspect - Using Fortify

More information

DevOps A How To for Agility with Security

DevOps A How To for Agility with Security DevOps A How To for Agility with Security Murray Goldschmidt, COO Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne

More information

TRAINING CURRICULUM 2017 Q2

TRAINING CURRICULUM 2017 Q2 TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training

More information

Overcoming the Challenges of Automating Security in a DevOps Environment

Overcoming the Challenges of Automating Security in a DevOps Environment SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial

More information

THE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security

THE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security THE THREE WAYS OF SECURITY Jeff Williams Co-founder and CTO Contrast Security 1. TODAY S AVERAGE APPLICATION IS A SECURITY DISASTER 2. SOFTWARE IS LEAVING SECURITY IN THE DUST SOFTWARE Typical enterprise

More information

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security

More information

AppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world.

AppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world. AppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world. Doug Morato Sr. Manager PwC NIS App-Sec OWASP Tampa Meeting - 02/19/2016 Who am I

More information

Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute

Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute HOST EXPERT PANEL Shashi Kiran CMO Quali Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute Pascal Joly Director, Technology Partnerships

More information

Accelerate High-Quality App Delivery with the Micro Focus DevOps Suite March 28, 2018

Accelerate High-Quality App Delivery with the Micro Focus DevOps Suite March 28, 2018 Accelerate High-Quality App Delivery with the Micro Focus DevOps Suite March 28, 2018 Today s Speakers: David Landsberg Director of Product Management Micro Focus Ayal Cohen Chief Functional Architect

More information

DevOps and DevSec with

DevOps and DevSec with DevOps and DevSec with Joona Immonen Software architect Solita Oy https://www.linkedin.com/in/joonaimmonen Twitter @rinorragi @SolitaOy THIS IS SOLITA Turnover 2015 49,7 Million euros Nearly 500 professionals

More information

THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE

THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE SESSION ID: DEV-F02 THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE Matt Clapham Principal Product Security Leader GE Digital (Healthcare) @ProdSec Agenda What is product security What is a product security

More information

SDx and the Future of Infrastructure

SDx and the Future of Infrastructure SDx and the Future of Infrastructure John Manville, SVP, Global Infrastructure Services, Cisco Radhika Chagarlamudi, Sr. Dir., IT, Business Collaboration and Software Platforms ITM-1004 A Ten Year Journey..

More information

We re redefining Software Quality

We re redefining Software Quality We re redefining Software Quality Continuous Testing Web Services Agile Testing Mobile Device Farm Test Lifecycle Management Performance Test Quality Assurance Mobile Device Management Test Life Cycle

More information

LAB3R12 A Successful Application Security Program Envision Build and Scale

LAB3R12 A Successful Application Security Program Envision Build and Scale LAB3R12 A Successful Application Security Program Envision Build and Scale Post Conference Summary Jyothi Charyulu Jaya Chilakamarri Table of Contents INTRODUCTION... 2 KEY TAKEAWAYS... 4 SUMMARY OF ACTIVITIES...

More information

BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE:

BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE: BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE: 15 Questions to Ask Yourself and Your DAST Vendor > An Introduction to the AppSec Market Page 3 Dynamic Application Security Testing Requirements Page

More information

How to Build an Appium Continuous Testing Pipeline

How to Build an Appium Continuous Testing Pipeline How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous

More information

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Brochure. Security. Fortify on Demand Dynamic Application Security Testing Brochure Security Fortify on Demand Dynamic Application Security Testing Brochure Fortify on Demand Application Security as a Service Dynamic Application Security Testing Fortify on Demand delivers application

More information

Orchestrating the Continuous Delivery Process

Orchestrating the Continuous Delivery Process Orchestrating the Continuous Delivery Process steven.g.harris@cloudbees.com @stevengharris SVP Products, CloudBees 1 Continuous Delivery Overview Feedback Loop App Lifecycle BUILD TEST STAGE Deploy Run

More information

The Divine and Felonious Nature of Cyber Security

The Divine and Felonious Nature of Cyber Security The Divine and Felonious Nature of Cyber Security ( Introduction to DevSecOps ) John Willis @botchagalupe https://github.com/botchagalupe/my-presentations The Felonious Nature of Cyber Security Infecting

More information

Continuous Delivery for Cloud Native Applications

Continuous Delivery for Cloud Native Applications Continuous Delivery for Cloud Native Applications Cyrille Le Clerc, Director, Product Management at CloudBees Bjorn Boe, Senior Field Engineer at Pivotal Software Speakers /Cyrille Le Clerc Product Manager

More information

Practical Guide to Securing the SDLC

Practical Guide to Securing the SDLC Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure

More information

Building an Effective Cloud Operating Model on AWS

Building an Effective Cloud Operating Model on AWS Building an Effective Cloud Operating Model on AWS Jeff Armstrong (Cloud Architect, Cloudreach) 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introductions Cloud Operating Model

More information

Application security : going quicker

Application security : going quicker Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF

More information

Information Security Keeping Up With DevOps

Information Security Keeping Up With DevOps Connecting People. Delivering Security. Information Security Keeping Up With DevOps Stas Filshtinkskiy - Applied Mathematics degree - 20 years in Information Security - 10 years of that in software development

More information

How to Secure Your Cloud with...a Cloud?

How to Secure Your Cloud with...a Cloud? A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud

More information

Case Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office

Case Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers

More information

CloudCenter for Developers

CloudCenter for Developers DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the

More information

DevOps Agility in the Evolving Cloud Services Landscape

DevOps Agility in the Evolving Cloud Services Landscape DevOps Agility in the Evolving Cloud Services Landscape Kiran Chitturi CTO Architect, Sungard Availability Services @nkchitturi Kiran Chitturi Architect in the Office of the CTO Focus on DevOps and cloud

More information

DevOps. A way to reduce risks for IoT? Hui Song, SINTEF

DevOps. A way to reduce risks for IoT? Hui Song, SINTEF DevOps A way to reduce risks for IoT? Hui Song, SINTEF 1 Internet of Things Ryan Manship, The Business of Federal Technology 2 As the IoT grows, so do the risks "I try to avoid all the risks before I go"

More information

Application Security Training Program

Application Security Training Program Application Security Training Program 2016 WhiteHat Security, Inc. All rights reserved. Table of Contents 2 INTRODUCTION 3 COURSE CATALOG 5 ABOUT WHITEHAT SECURITY 1 Introduction WhiteHat Security offers

More information

Application Security at DevOps Speed and Portfolio Scale. Jeff Contrast Security

Application Security at DevOps Speed and Portfolio Scale. Jeff Contrast Security Application Security at DevOps Speed and Portfolio Scale Jeff Williams @planetlevel Contrast Security OWASP XSS Prevention Cheat Sheet 1,000,000 Page Views! https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet

More information

Was gibt es Neues Better Team Work with Cloud

Was gibt es Neues Better Team Work with Cloud Was gibt es Neues Better Team Work with Cloud Dana Singleterry Produktmanager Oracle Mobility & Dev Tools, Oracle dana.singleterry@oracle.com +++ Bitte nutzen Sie die integrierte Audio-Funktion von WebEx

More information

Quality Engineering in DevOps world a Strategic Enabler

Quality Engineering in DevOps world a Strategic Enabler www.cigniti.com Unsolicited Distribution is Restricted. Copyright 2015-16, Cigniti Technologies Quality Engineering in DevOps world a Strategic Enabler » Analyst Speak» DevOps in a nutshell» DevOps vs

More information

ROTATE TO THE NEW: FROM TESTING TO QUALITY ENGINEERING

ROTATE TO THE NEW: FROM TESTING TO QUALITY ENGINEERING ROTATE TO THE NEW: FROM TESTING TO QUALITY ENGINEERING INDUSTRY TRENDS AND PRESSURES IMPACTING QA IT organisations are being impacted by the convergence of three disciplines that were once operated as

More information

McAfee Product Security Practices

McAfee Product Security Practices McAfee Product Security Practices 12 October 2017 McAfee Public Page 1 of 8 12 October 2017 Expires 12 Apr 2018 Importance of Security At McAfee (formerly Intel Security) we take product security very

More information

CAPABILITY. Managed testing services. Strong test managers experienced in working with business and technology stakeholders

CAPABILITY. Managed testing services. Strong test managers experienced in working with business and technology stakeholders TESTING SERVICES 1 CAPABILITY Innovative use of open source tools helping early and frequent and reducing license costs Test strategy Managed services Test management Functional Strong test managers experienced

More information

Turbo boost your digital app test automation with Jenkins

Turbo boost your digital app test automation with Jenkins Turbo boost your digital app test automation with Jenkins Step-by-Step Tutorial May, 2018 Speakers Sheli Ashkenazi Sr. Product Manager Experitest Jonathan Aharon Sr. Sales Engineer Experitest 2 01 The

More information

Quality Assurance and IT Risk Management

Quality Assurance and IT Risk Management Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank IT RISK - REGULATORY GOVERNANCE Major shifts in the

More information

Will your application be secure enough when Robots produce code for you?

Will your application be secure enough when Robots produce code for you? SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I

More information

Nathan Desmet. Lead Engineer

Nathan Desmet. Lead Engineer Nathan Desmet Lead Engineer Degree in Applied Informatics - Computer and Cyber Crime Professional Co-founder of Sensei Security (which is merged with SCW) Leading the development of Sensei. Pieter De Cremer,

More information

NITA Based Offers and Services

NITA Based Offers and Services NITA Based Offers and Services Jessica Garrison, @networkjessica, jgarrison@juniper.net Global Architect, Professional Services Network Automation Team This statement of direction sets forth Juniper Networks

More information

CONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WHITEPAPER

CONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WHITEPAPER WHITEPAPER CONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WELCOME TO THE ERA OF SELF-PROTECTING SOFTWARE CONTRASTSECURITY.COM CONTENTS What is Interactive

More information

Jenkins User Conference Israel. #jenkinsconf. CI / Liveperson. Gidi Samuels. July 16, #jenkinsconf

Jenkins User Conference Israel. #jenkinsconf. CI / Liveperson. Gidi Samuels.  July 16, #jenkinsconf Jenkins User Conference Israel #jenkinsconf CI / CD @ Liveperson Gidi Samuels www.liveperson.com July 16, 2014 #jenkinsconf About Myself Lead the CI Team at Liveperson 3 years in Liveperson About Myself

More information

A SEISMIC SHIFT IN APPLICATION SECURITY HOW TO INTEGRATE AND AUTOMATE SECURITY IN THE DEVOPS LIFECYCLE

A SEISMIC SHIFT IN APPLICATION SECURITY HOW TO INTEGRATE AND AUTOMATE SECURITY IN THE DEVOPS LIFECYCLE A SEISMIC SHIFT IN APPLICATION SECURITY HOW TO INTEGRATE AND AUTOMATE SECURITY IN THE DEVOPS LIFECYCLE WHAT'S INSIDE? INTRODUCTION THE TRADITIONAL APPLICATION SECURITY WORKFLOW WHY SHIFT LEFT ISN T ENOUGH

More information

AGILE AND CONTINUOUS THREAT MODELS

AGILE AND CONTINUOUS THREAT MODELS SESSION ID: DEV-R04 AGILE AND CONTINUOUS THREAT MODELS Nancy Davoust Vice President, Security Architecture and Technology Solutions Comcast CONTEXT FOR AGILE AND CONTINUOUS THREAT MODELING The Landscape

More information

Texas Regional Infrastructure Security Conference (TRISC) Dan Cornell

Texas Regional Infrastructure Security Conference (TRISC) Dan Cornell Securing the SDLC: A Case Study Texas Regional Infrastructure Security Conference (TRISC) 2008 Dan Cornell April 22, 2008 Agenda Denim Group introduction and background The problem: Integrate security

More information

Shift Happens. The Role of Continuous Testing in DevOps. Alex Martins. CTO Continuous Testing. May 15 th, 2018 CA Technologies.

Shift Happens. The Role of Continuous Testing in DevOps. Alex Martins. CTO Continuous Testing. May 15 th, 2018 CA Technologies. Shift Happens The Role of Continuous Testing in DevOps Alex Martins CTO Continuous Testing May 15 th, 2018 CA Technologies February 2018 1 Chris Petterson (chris.petterson@ca.com) Account Executive SLED

More information

About Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016

About Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016 About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &

More information

HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017

HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017 HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017 Brought to you by the Vivit Business Intelligence Special Interest Group led by Oded Tankus Hosted By Oded Tankus Project Manager

More information

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

A Methodology to Build Lasting, Intelligent Cybersecurity Programs EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative

More information

Continuous Opportunity: DevOps & Security

Continuous Opportunity: DevOps & Security August 2017 August 15, 2017 Continuous Opportunity: DevOps & Security 2016-2017 SANS Institute All Rights Reserved Introduction Ben Allen Security Engineer at SANS Institute Operations Engineer, Developer

More information

V Conference on Application Security and Modern Technologies

V Conference on Application Security and Modern Technologies V Conference on Application Security and Modern Technologies In collaborazione con Venezia, Università Ca Foscari 6 Ottobre 2017 1 Matteo Meucci OWASP Nuovi standard per la sicurezza applicativa 2

More information

IBM Rational Software

IBM Rational Software IBM Rational Software Development Conference 2008 Our Vision for Application Security David Ng Rational Software Security, Asean IBM Software Group 2008 IBM Corporation Agenda Application Security Defined

More information

Views on OpenSAMM-1. CJ Coppersmith, CTO HP Enterprise Group

Views on OpenSAMM-1. CJ Coppersmith, CTO HP Enterprise Group OpenSAMM at HP Abstract HP uses OpenSAMM to prioritize new investments in secure development. HP's Product Security group has developed an innovative SAMM Self Assessment Tool to adapt the OpenSAMM process

More information

Cloud Essentials for Architects using OpenStack

Cloud Essentials for Architects using OpenStack Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention

More information

Continuous Security. Improve Web Application Security by using Continuous Security Scans

Continuous Security. Improve Web Application Security by using Continuous Security Scans Continuous Security Improve Web Application Security by using Continuous Security Scans 1 The world of software development has changed. Nowadays around 65% of software projects use agile development 1.

More information

Securing DevOps, RMF and STIG

Securing DevOps, RMF and STIG Securing DevOps, RMF and STIG Scott Snowden Sameer Kamani May 2017 San Diego Federal Fortify Users Group DevOps definition and principles DevOps (a clipped compound of development and operations) is a

More information

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

.NET JAVA C ASE. Certified. Certified. Application Security Engineer. .NET C ASE Certified Application Security Engineer JAVA C ASE Certified Application Security Engineer Certified Application Security Engineer www.eccouncil.org EC-Council Course Description The Certified

More information

Qualys Cloud Platform

Qualys Cloud Platform 18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform

More information

DevOps: Transforming Military Application Delivery Lifecycles. Tim Dioquino, Chief Technologist U.S. Public Sector ITM HPE Software

DevOps: Transforming Military Application Delivery Lifecycles. Tim Dioquino, Chief Technologist U.S. Public Sector ITM HPE Software DevOps: Transforming Military Application Delivery Lifecycles Tim Dioquino, Chief Technologist U.S. Public Sector ITM HPE Software Agenda Why DevOps HPE DevOps Solution Case Studies The DevOps Journey

More information

CLOUD WORKLOAD SECURITY

CLOUD WORKLOAD SECURITY SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly

More information

Managed Application Security trends and best practices in application security

Managed Application Security trends and best practices in application security Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B

More information

Jenkins: A complete solution. From Continuous Integration to Continuous Delivery For HSBC

Jenkins: A complete solution. From Continuous Integration to Continuous Delivery For HSBC Jenkins: A complete solution From Integration to Delivery For HSBC Rajesh Kumar DevOps Architect @RajeshKumarIN www.rajeshkumar.xyz Agenda Why Jenkins? Introduction and some facts about Jenkins Supported

More information

Creating an AppSec Pipeline with containers in a week. How we failed and succeeded Jeroen Willemsen OWASP benelux days

Creating an AppSec Pipeline with containers in a week. How we failed and succeeded Jeroen Willemsen OWASP benelux days Creating an AppSec Pipeline with containers in a week How we failed and succeeded Jeroen Willemsen OWASP benelux days About me Jeroen Willemsen @commjoenie jwillemsen@xebia.com Security architect Full-stack

More information

Discover Best of Show März 2016, Düsseldorf

Discover Best of Show März 2016, Düsseldorf Discover Best of Show 2016 2. - 3. März 2016, Düsseldorf 2. - 3. März 2016 Softwaresicherheit im Zeitalter von DevOps Lucas von Stockhausen Regional Product Manager Fortify The case for Application Security

More information

In This Webinar. ConEnuous Load TesEng & ConEnuous Delivery with Jenkins

In This Webinar. ConEnuous Load TesEng & ConEnuous Delivery with Jenkins In This Webinar TODAY S PRESENTERS Tom Chavez: SOASTA, Sr. Product MarkeEng Manager Andy Pemberton: CloudBees, Senior Director, SoluEons Architecture & ConsulEng TWO COMPANIES, A SINGLE SOLUTION SOASTA:

More information

McAfee Product Security Practices

McAfee Product Security Practices McAfee Product Security Practices 5 July 2018 McAfee Public Page 1 of 12 2 April 2018 Expires 5 July 2019 Table of Contents Importance of Security... 3 Software Development Lifecycle (SDLC) at McAfee...

More information

devops with

devops with devops with docker @beshippable avi cavale co-founder & ceo @avinci avi@shippable.com continuous app delivery pipelines the most frequently asked question during an outage the most frequently asked question

More information

THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT

THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT WHITEPAPER THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT A comprehensive approach to reducing vulnerabilities across your ecosystem TABLE OF CONTENTS INTRODUCTION PAGE 3 1 2 3 4 ENHANCING NETWORK

More information

DevOps CICD for VNF a NetOps Approach

DevOps CICD for VNF a NetOps Approach DevOps CICD for VNF a NetOps Approach Renato Fichmann Senior Solutions Architect Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.

More information

SUSE s vision for agile software development and deployment in the Software Defined Datacenter

SUSE s vision for agile software development and deployment in the Software Defined Datacenter From Git to Cloud SUSE s vision for agile software development and deployment in the Software Defined Datacenter Joachim Werner Senior Product Manager joe@suse.com Peter Chadwick Director Product Management

More information

AUTOMATING SECDEVOPS WORKSHOP

AUTOMATING SECDEVOPS WORKSHOP SESSION ID: AUTOMATING SECDEVOPS WORKSHOP Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Agenda Overview Coding Scanning Attacking Security in DevOps Overview Stack Security AWS

More information

Agile Load Testing using StormRunner Load September 15, Copyright 2016 Vivit Worldwide

Agile Load Testing using StormRunner Load September 15, Copyright 2016 Vivit Worldwide Agile Load Testing using StormRunner Load September 15, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Matt Angerer Sr. Solution Architect ResultsPositive

More information

DevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis

DevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis DevSecOps Shift Left Security Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis Themes Vulnerabilities are Low Hanging Fruit Why so many breaches that Anti-Virus

More information