Suman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017
|
|
- Liliana Benson
- 6 years ago
- Views:
Transcription
1 Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017
2 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder of DevSecOps Singapore & DevSecCon Asia Speakers IoT Asia OWASP Singapore DevOps Singapore Jenkins Singapore Security Conferences in USA, China Trained developers and QA
3 Indonesia Information Security Vantage Point Security Confidential
4 Important numbers Reference :
5 Important numbers Reference :
6 Application Security Approach Security Requirements Security Requirements are missing REQUIREMENTS DESIGN DEVELOP TEST UAT SAST DAST PENETRATION TESTING REMEDIATION CYCLE
7 Cost of Vulnerability Remediation 35x Penetration Testing 30x 25x 20x 15x 10x 5x 0x Requirements/Design Coding Integration Testing Acceptance Testing Production Relative Cost to fix, based on time of
8
9 Agile Security 24 hours Develop Pairing Threat Modelling Manual Security Tests Test Automatic Security Tests 1-4 Weeks Design Arch & Design Review Shippable Increment Plan Security Requirements Product Backlog Security Acceptance Criteria Sprint Backlog Security Activities Security Feature Demo Output
10 DevOps & SecOps DevOps SecOps Lack of Security Orchestration & Automation in the SDLC Rise of the Developer Overburdened Security
11 Security Developer
12 Major Challenges Shortage of Application Security Resources Lack of awareness in the organization Influences of technology vendors Slow adoption of security tools in development environment Lack of education & training No application security dashboard
13
14 Time to Change Our Approach of Application Security Define Security Metrics for Application Security Build Internal Resources from Development Team Define the Application Security Technology Evaluation Process Build the DevSecOps Technology Roadmap Adoption of Cloud Security Solution Adoption of Security As a Service
15 What we need is : DevSecOps and 99% Agree DevOps is an opportunity to improve application security Scale Agile Developmen t Q A Automation Operation s Customer Centric Immediate Results 90% of surveyed organizations are implementing or piloting DevOps but only 20% Are doing application security testing during development SecOps Needs to Shift Left SecOp s
16 Key Elements People Training Role Process Compliance Certifications Technology Security tools Dev tools
17 People Vantage Point Security Confidential
18 Training Approach Culture Change Traditional Training Shorter Training Duration Integrated in IDE/ALM New Joinee Induction Training Product Manager Secure SDLC Security Requirements Architects Secure Design Principles Threat Modeling Developer Secure Coding SAST Tools QA Security Testing Dynamic Testing Tools Operation Security Configurations Secure Deployments
19 Secure Coding Training Program Security Champion Development Roadmap Level 1 Level 2 Level 3 Level 4 Level 5
20 Software Security Group SSG Project Group 1 SSG Lead Project Group 2 Project Group N
21 Software Security Group Roles & Responsibilities SSG Security Best Practices Security tournaments Secure Coding Training Security Policy Security Process Security Technologies Security Forum Security Events (Internal Conference) Security Hackathon Security Summits Vantage Point Security Confidential
22
23 Process Vantage Point Security Confidential
24 Appsec Program Definition Execution Optimization Application Portfolio Initial Communication Onboarding Assessments Remediation Integrations Program Oversight Reporting & Analytics
25 ISO/IEC VANTAGEPOINT
26 OPEN SAMM VANTAGEPOINT
27 Technology Vantage Point Security Confidential
28 OWASP Appsec Pipeline Project VANTAGEPOINT
29 Application Security Execution from Left QA Developers Development Environment Code Repository Build Server Deployment Server IDE Plugin ALM PM Repository Scan Nightly Scans Dynamic Scans Secure Coding Principles SAST/ Dependencies check DAST Security Unit test Cases IAST Security Requirements Immediate Feedback Incremental Report False Positives Generated from Threat
30 DevSecOps Orchestration Open Source Libraries GitHub Build Tools Deploy Env Vulnerability Normalization & Analytics Master Compile Test Publish Deploy Branch1 Build DevSecOps Orchestration Platform Sec Requirements Design Review Threat Modelling Security Unit Tests SAST SCA DAST IAST VA Security as Code RASP NG WAF Security As a service
31
32 Q&A
In collaborazione con
In collaborazione con 1. Software Security Introduction 2. SDLC frameworks: how OWASP can help on software security 3. OWASP Software Security 5 Dimension Framework 4. Apply the models to a real
More informationTaking Control of Your Application Security
EDUCAUSE Wednesday, May 3 rd Taking Control of Your Application Security 2017 SANS Institute All Rights Reserved INTRODUCTION Eric Johnson, CISSP, GSSP-Java, GSSP-.NET, GWAPT Application Security Curriculum
More informationApplication Security at Scale
Jake Marcinko Standards Manager, PCI Security Standards Council Jeff Williams CTO, Contrast Security Application Security at Scale AppSec at Scale Delivering Timely Security Solutions / Services to Meet
More informationManaging an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1
Managing an Application Vulnerability Management Program in a CI/CD Environment March 29, 2018 OWASP Vancouver - Karim Lalji 1 About Me Karim Lalji Managing Security Consultant (VA/PT) at TELUS Previously:
More informationStrengthen and Scale security using DevSecOps
OWASP Indonesia Meetup Strengthen and Scale security using DevSecOps $ www.teachera.io!"# @secfigo % secfigo@gmail.com # whoami Author, Speaker and Community Leader. Speaker/Trainer at Blackhat, AppSec EU,
More informationSecure DevOps: A Puma s Tail
Secure DevOps: A Puma s Tail SANS Secure DevOps Summit Tuesday, October 10th 2017 Eric Johnson (@emjohn20) Eric Johnson, CISSP, GSSP, GWAPT Cypress Data Defense Principal Security Consultant Static code
More informationWeaving Security into Every Application
Weaving Security into Every Application Paul Fox AVP Technology AT&T 2018 TM Forum 1 Cyber Security Accelerating Threat Telecom Breaches 300,000 Number of complaints filed with the FBI Internet Crime Complaint
More informationPut Security Into Your DevOps NOW. Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018
Put Security Into Your DevOps NOW Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018 Defining Devops State of Devops Report (Puppet, Dora):..set of practices and cultural
More informationHow to shift from compliance to proactive security
How to shift from compliance to proactive security and make engineers your competitive advantage Răzvan Tudor, Chapter Lead, ING Tech Cloud & Cyber Security Expo, London, March 2019 Whoami Răzvan Tudor
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationAppSec in a DevOps World
AppSec in a DevOps World Peter Chestna Director of Developer Engagement 1 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Who am I? 27 Years Software Development Experience 12 Years Application Security
More informationEffective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker:
Effective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker: Cindy Blake CISSP Product Marketing Manager Hewlett Packard Enterprise Effective
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationDevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1
DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1 Agenda State of DevOps Value of DevOps Benefitting from DevOps DevSecOps What you can do as InfoSec 2 The State of DevOps - 2017 Automation is
More informationUnify DevOps and SecOps: Security Without Friction
SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania Technology Trend #1: Infrastructure Migrates
More informationTest Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
More informationRobots with Pentest Recipes:
Robots with Pentest Recipes: Democratizing Security Testing for DevOps Wins Abhay Bhargav - CTO, we45 Yours Truly Co-author of Secure Java For Web Application Development Author of PCI Compliance: A Definitive
More informationRethinking Product Security: Cloud Demands a New Way
SESSION ID: CSV-R11 Rethinking Product Security: Cloud Demands a New Way Reeny Sondhi Chief of Product Security Autodesk Inc. @reenysondhi Tony Arous Head of Application Security Autodesk Inc. @tonyarous
More informationHow to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M. Matias Madou Ph.D., Secure Code Warrior
How to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M Matias Madou Ph.D., Secure Code Warrior Matias Madou, Ph.D. CTO and Co-Founder Ph.D. in Computer Engineering from Ghent
More informationDevelopment. Architecture QA. Operations
Development Architecture QA Operations Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments
More informationDay One Success for DevSecOps and Automation on Azure
Day One Success for DevSecOps and Automation on Azure Chris Jeffrey Senior Cloud Architect Microsoft Azure Cloud Technology Partners, A Hewlett Packard Enterprise Company Twitter: @chrisjeffrey_uk What
More informationMicro Focus Security Fortify. Application Security
Micro Focus Security Fortify Application Security Secure the new Application security in DevOps Agenda: - Fortify in brief (Offerings) - Fortify Source Code Analyzer - Fortify WebInspect - Using Fortify
More informationDevOps A How To for Agility with Security
DevOps A How To for Agility with Security Murray Goldschmidt, COO Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationOvercoming the Challenges of Automating Security in a DevOps Environment
SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial
More informationTHE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security
THE THREE WAYS OF SECURITY Jeff Williams Co-founder and CTO Contrast Security 1. TODAY S AVERAGE APPLICATION IS A SECURITY DISASTER 2. SOFTWARE IS LEAVING SECURITY IN THE DUST SOFTWARE Typical enterprise
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationAppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world.
AppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world. Doug Morato Sr. Manager PwC NIS App-Sec OWASP Tampa Meeting - 02/19/2016 Who am I
More informationMarc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute
HOST EXPERT PANEL Shashi Kiran CMO Quali Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute Pascal Joly Director, Technology Partnerships
More informationAccelerate High-Quality App Delivery with the Micro Focus DevOps Suite March 28, 2018
Accelerate High-Quality App Delivery with the Micro Focus DevOps Suite March 28, 2018 Today s Speakers: David Landsberg Director of Product Management Micro Focus Ayal Cohen Chief Functional Architect
More informationDevOps and DevSec with
DevOps and DevSec with Joona Immonen Software architect Solita Oy https://www.linkedin.com/in/joonaimmonen Twitter @rinorragi @SolitaOy THIS IS SOLITA Turnover 2015 49,7 Million euros Nearly 500 professionals
More informationTHE EMERGING PRODUCT SECURITY LEADER DISCIPLINE
SESSION ID: DEV-F02 THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE Matt Clapham Principal Product Security Leader GE Digital (Healthcare) @ProdSec Agenda What is product security What is a product security
More informationSDx and the Future of Infrastructure
SDx and the Future of Infrastructure John Manville, SVP, Global Infrastructure Services, Cisco Radhika Chagarlamudi, Sr. Dir., IT, Business Collaboration and Software Platforms ITM-1004 A Ten Year Journey..
More informationWe re redefining Software Quality
We re redefining Software Quality Continuous Testing Web Services Agile Testing Mobile Device Farm Test Lifecycle Management Performance Test Quality Assurance Mobile Device Management Test Life Cycle
More informationLAB3R12 A Successful Application Security Program Envision Build and Scale
LAB3R12 A Successful Application Security Program Envision Build and Scale Post Conference Summary Jyothi Charyulu Jaya Chilakamarri Table of Contents INTRODUCTION... 2 KEY TAKEAWAYS... 4 SUMMARY OF ACTIVITIES...
More informationBUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE:
BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE: 15 Questions to Ask Yourself and Your DAST Vendor > An Introduction to the AppSec Market Page 3 Dynamic Application Security Testing Requirements Page
More informationHow to Build an Appium Continuous Testing Pipeline
How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous
More informationBrochure. Security. Fortify on Demand Dynamic Application Security Testing
Brochure Security Fortify on Demand Dynamic Application Security Testing Brochure Fortify on Demand Application Security as a Service Dynamic Application Security Testing Fortify on Demand delivers application
More informationOrchestrating the Continuous Delivery Process
Orchestrating the Continuous Delivery Process steven.g.harris@cloudbees.com @stevengharris SVP Products, CloudBees 1 Continuous Delivery Overview Feedback Loop App Lifecycle BUILD TEST STAGE Deploy Run
More informationThe Divine and Felonious Nature of Cyber Security
The Divine and Felonious Nature of Cyber Security ( Introduction to DevSecOps ) John Willis @botchagalupe https://github.com/botchagalupe/my-presentations The Felonious Nature of Cyber Security Infecting
More informationContinuous Delivery for Cloud Native Applications
Continuous Delivery for Cloud Native Applications Cyrille Le Clerc, Director, Product Management at CloudBees Bjorn Boe, Senior Field Engineer at Pivotal Software Speakers /Cyrille Le Clerc Product Manager
More informationPractical Guide to Securing the SDLC
Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure
More informationBuilding an Effective Cloud Operating Model on AWS
Building an Effective Cloud Operating Model on AWS Jeff Armstrong (Cloud Architect, Cloudreach) 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introductions Cloud Operating Model
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationInformation Security Keeping Up With DevOps
Connecting People. Delivering Security. Information Security Keeping Up With DevOps Stas Filshtinkskiy - Applied Mathematics degree - 20 years in Information Security - 10 years of that in software development
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationCase Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office
Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationDevOps Agility in the Evolving Cloud Services Landscape
DevOps Agility in the Evolving Cloud Services Landscape Kiran Chitturi CTO Architect, Sungard Availability Services @nkchitturi Kiran Chitturi Architect in the Office of the CTO Focus on DevOps and cloud
More informationDevOps. A way to reduce risks for IoT? Hui Song, SINTEF
DevOps A way to reduce risks for IoT? Hui Song, SINTEF 1 Internet of Things Ryan Manship, The Business of Federal Technology 2 As the IoT grows, so do the risks "I try to avoid all the risks before I go"
More informationApplication Security Training Program
Application Security Training Program 2016 WhiteHat Security, Inc. All rights reserved. Table of Contents 2 INTRODUCTION 3 COURSE CATALOG 5 ABOUT WHITEHAT SECURITY 1 Introduction WhiteHat Security offers
More informationApplication Security at DevOps Speed and Portfolio Scale. Jeff Contrast Security
Application Security at DevOps Speed and Portfolio Scale Jeff Williams @planetlevel Contrast Security OWASP XSS Prevention Cheat Sheet 1,000,000 Page Views! https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet
More informationWas gibt es Neues Better Team Work with Cloud
Was gibt es Neues Better Team Work with Cloud Dana Singleterry Produktmanager Oracle Mobility & Dev Tools, Oracle dana.singleterry@oracle.com +++ Bitte nutzen Sie die integrierte Audio-Funktion von WebEx
More informationQuality Engineering in DevOps world a Strategic Enabler
www.cigniti.com Unsolicited Distribution is Restricted. Copyright 2015-16, Cigniti Technologies Quality Engineering in DevOps world a Strategic Enabler » Analyst Speak» DevOps in a nutshell» DevOps vs
More informationROTATE TO THE NEW: FROM TESTING TO QUALITY ENGINEERING
ROTATE TO THE NEW: FROM TESTING TO QUALITY ENGINEERING INDUSTRY TRENDS AND PRESSURES IMPACTING QA IT organisations are being impacted by the convergence of three disciplines that were once operated as
More informationMcAfee Product Security Practices
McAfee Product Security Practices 12 October 2017 McAfee Public Page 1 of 8 12 October 2017 Expires 12 Apr 2018 Importance of Security At McAfee (formerly Intel Security) we take product security very
More informationCAPABILITY. Managed testing services. Strong test managers experienced in working with business and technology stakeholders
TESTING SERVICES 1 CAPABILITY Innovative use of open source tools helping early and frequent and reducing license costs Test strategy Managed services Test management Functional Strong test managers experienced
More informationTurbo boost your digital app test automation with Jenkins
Turbo boost your digital app test automation with Jenkins Step-by-Step Tutorial May, 2018 Speakers Sheli Ashkenazi Sr. Product Manager Experitest Jonathan Aharon Sr. Sales Engineer Experitest 2 01 The
More informationQuality Assurance and IT Risk Management
Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank IT RISK - REGULATORY GOVERNANCE Major shifts in the
More informationWill your application be secure enough when Robots produce code for you?
SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I
More informationNathan Desmet. Lead Engineer
Nathan Desmet Lead Engineer Degree in Applied Informatics - Computer and Cyber Crime Professional Co-founder of Sensei Security (which is merged with SCW) Leading the development of Sensei. Pieter De Cremer,
More informationNITA Based Offers and Services
NITA Based Offers and Services Jessica Garrison, @networkjessica, jgarrison@juniper.net Global Architect, Professional Services Network Automation Team This statement of direction sets forth Juniper Networks
More informationCONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WHITEPAPER
WHITEPAPER CONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WELCOME TO THE ERA OF SELF-PROTECTING SOFTWARE CONTRASTSECURITY.COM CONTENTS What is Interactive
More informationJenkins User Conference Israel. #jenkinsconf. CI / Liveperson. Gidi Samuels. July 16, #jenkinsconf
Jenkins User Conference Israel #jenkinsconf CI / CD @ Liveperson Gidi Samuels www.liveperson.com July 16, 2014 #jenkinsconf About Myself Lead the CI Team at Liveperson 3 years in Liveperson About Myself
More informationA SEISMIC SHIFT IN APPLICATION SECURITY HOW TO INTEGRATE AND AUTOMATE SECURITY IN THE DEVOPS LIFECYCLE
A SEISMIC SHIFT IN APPLICATION SECURITY HOW TO INTEGRATE AND AUTOMATE SECURITY IN THE DEVOPS LIFECYCLE WHAT'S INSIDE? INTRODUCTION THE TRADITIONAL APPLICATION SECURITY WORKFLOW WHY SHIFT LEFT ISN T ENOUGH
More informationAGILE AND CONTINUOUS THREAT MODELS
SESSION ID: DEV-R04 AGILE AND CONTINUOUS THREAT MODELS Nancy Davoust Vice President, Security Architecture and Technology Solutions Comcast CONTEXT FOR AGILE AND CONTINUOUS THREAT MODELING The Landscape
More informationTexas Regional Infrastructure Security Conference (TRISC) Dan Cornell
Securing the SDLC: A Case Study Texas Regional Infrastructure Security Conference (TRISC) 2008 Dan Cornell April 22, 2008 Agenda Denim Group introduction and background The problem: Integrate security
More informationShift Happens. The Role of Continuous Testing in DevOps. Alex Martins. CTO Continuous Testing. May 15 th, 2018 CA Technologies.
Shift Happens The Role of Continuous Testing in DevOps Alex Martins CTO Continuous Testing May 15 th, 2018 CA Technologies February 2018 1 Chris Petterson (chris.petterson@ca.com) Account Executive SLED
More informationAbout Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016
About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &
More informationHPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017
HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017 Brought to you by the Vivit Business Intelligence Special Interest Group led by Oded Tankus Hosted By Oded Tankus Project Manager
More informationA Methodology to Build Lasting, Intelligent Cybersecurity Programs
EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative
More informationContinuous Opportunity: DevOps & Security
August 2017 August 15, 2017 Continuous Opportunity: DevOps & Security 2016-2017 SANS Institute All Rights Reserved Introduction Ben Allen Security Engineer at SANS Institute Operations Engineer, Developer
More informationV Conference on Application Security and Modern Technologies
V Conference on Application Security and Modern Technologies In collaborazione con Venezia, Università Ca Foscari 6 Ottobre 2017 1 Matteo Meucci OWASP Nuovi standard per la sicurezza applicativa 2
More informationIBM Rational Software
IBM Rational Software Development Conference 2008 Our Vision for Application Security David Ng Rational Software Security, Asean IBM Software Group 2008 IBM Corporation Agenda Application Security Defined
More informationViews on OpenSAMM-1. CJ Coppersmith, CTO HP Enterprise Group
OpenSAMM at HP Abstract HP uses OpenSAMM to prioritize new investments in secure development. HP's Product Security group has developed an innovative SAMM Self Assessment Tool to adapt the OpenSAMM process
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationContinuous Security. Improve Web Application Security by using Continuous Security Scans
Continuous Security Improve Web Application Security by using Continuous Security Scans 1 The world of software development has changed. Nowadays around 65% of software projects use agile development 1.
More informationSecuring DevOps, RMF and STIG
Securing DevOps, RMF and STIG Scott Snowden Sameer Kamani May 2017 San Diego Federal Fortify Users Group DevOps definition and principles DevOps (a clipped compound of development and operations) is a
More information.NET JAVA C ASE. Certified. Certified. Application Security Engineer.
.NET C ASE Certified Application Security Engineer JAVA C ASE Certified Application Security Engineer Certified Application Security Engineer www.eccouncil.org EC-Council Course Description The Certified
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationDevOps: Transforming Military Application Delivery Lifecycles. Tim Dioquino, Chief Technologist U.S. Public Sector ITM HPE Software
DevOps: Transforming Military Application Delivery Lifecycles Tim Dioquino, Chief Technologist U.S. Public Sector ITM HPE Software Agenda Why DevOps HPE DevOps Solution Case Studies The DevOps Journey
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationJenkins: A complete solution. From Continuous Integration to Continuous Delivery For HSBC
Jenkins: A complete solution From Integration to Delivery For HSBC Rajesh Kumar DevOps Architect @RajeshKumarIN www.rajeshkumar.xyz Agenda Why Jenkins? Introduction and some facts about Jenkins Supported
More informationCreating an AppSec Pipeline with containers in a week. How we failed and succeeded Jeroen Willemsen OWASP benelux days
Creating an AppSec Pipeline with containers in a week How we failed and succeeded Jeroen Willemsen OWASP benelux days About me Jeroen Willemsen @commjoenie jwillemsen@xebia.com Security architect Full-stack
More informationDiscover Best of Show März 2016, Düsseldorf
Discover Best of Show 2016 2. - 3. März 2016, Düsseldorf 2. - 3. März 2016 Softwaresicherheit im Zeitalter von DevOps Lucas von Stockhausen Regional Product Manager Fortify The case for Application Security
More informationIn This Webinar. ConEnuous Load TesEng & ConEnuous Delivery with Jenkins
In This Webinar TODAY S PRESENTERS Tom Chavez: SOASTA, Sr. Product MarkeEng Manager Andy Pemberton: CloudBees, Senior Director, SoluEons Architecture & ConsulEng TWO COMPANIES, A SINGLE SOLUTION SOASTA:
More informationMcAfee Product Security Practices
McAfee Product Security Practices 5 July 2018 McAfee Public Page 1 of 12 2 April 2018 Expires 5 July 2019 Table of Contents Importance of Security... 3 Software Development Lifecycle (SDLC) at McAfee...
More informationdevops with
devops with docker @beshippable avi cavale co-founder & ceo @avinci avi@shippable.com continuous app delivery pipelines the most frequently asked question during an outage the most frequently asked question
More informationTHE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT
WHITEPAPER THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT A comprehensive approach to reducing vulnerabilities across your ecosystem TABLE OF CONTENTS INTRODUCTION PAGE 3 1 2 3 4 ENHANCING NETWORK
More informationDevOps CICD for VNF a NetOps Approach
DevOps CICD for VNF a NetOps Approach Renato Fichmann Senior Solutions Architect Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.
More informationSUSE s vision for agile software development and deployment in the Software Defined Datacenter
From Git to Cloud SUSE s vision for agile software development and deployment in the Software Defined Datacenter Joachim Werner Senior Product Manager joe@suse.com Peter Chadwick Director Product Management
More informationAUTOMATING SECDEVOPS WORKSHOP
SESSION ID: AUTOMATING SECDEVOPS WORKSHOP Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Agenda Overview Coding Scanning Attacking Security in DevOps Overview Stack Security AWS
More informationAgile Load Testing using StormRunner Load September 15, Copyright 2016 Vivit Worldwide
Agile Load Testing using StormRunner Load September 15, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Matt Angerer Sr. Solution Architect ResultsPositive
More informationDevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis
DevSecOps Shift Left Security Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis Themes Vulnerabilities are Low Hanging Fruit Why so many breaches that Anti-Virus
More information