Software Security and CISQ. Dr. Bill Curtis Executive Director
|
|
- Vivien Allison
- 5 years ago
- Views:
Transcription
1 Software Security and CISQ Dr. Bill Curtis Executive Director
2 Why Measure IT Applications? Six Digit Defects now affect Board of Directors CEO, COO, CFO Business VPs Corporate Auditors CIO accountable for Governance Risk management Risk measurement Brand protection Customer experience Evaluate Application Quality with CISQ Measures Consortium for IT Software Quality 1
3 What is CISQ? Co-founders IT Executives CISQ Technical Experts OMG Special Interest Group CISQ is chartered to define automatable measures of software size and quality that can be measured in the source code, and promote them to become Approved Specifications of the OMG CISQ Sponsors 2
4 CISQ/OMG Standards Process Automated Function Points Approved Measure Specifications Reliability CISQ Exec Forum Performance Efficiency OMG ISO Fasttrack Security Maintainability Deployment Workshops 3
5 Content of CISQ Measures CISQ Quality Characteristic Measures Example architectural and coding violations composing the CISQ measures Security 22 violations (Top 25 CWEs) SQL injection Cross-site scripting Buffer overflow Reliability 29 violations Empty exception block Unreleased resources Circular dependency Performance Efficiency 15 violations Expensive loop operation Un-indexed data access Unreleased memory Maintainability 20 violations Excessive coupling Dead code Hard-coded literals 5
6 How Do CISQ Measures Relate to ISO? ISO series replaces ISO/IEC 9126 (Parts 1-4) ISO defines quality characteristics and sub-characteristics CISQ conforms to ISO quality characteristic definitions ISO defines measures, but not at the source code level CISQ supplements ISO with source code level measures Software Product Quality Functional Suitability Reliability Performance Efficiency Operability Security Compatibility Maintainability Portability Functional appropriateness Accuracy Maturity Availability Fault tolerance Recoverability Time behavior Resource utilization Appropriateness Recognizability Learnability Ease of use Confidentiality Integrity Non-repudiation Accountability Co-existence Interoperability Modularity Reusability Analyzability Changeability Adaptability Installability Replaceability Attractiveness Technical Accessability Authenticity Modification stability Testability CISQ automated quality characteristic measures highlighted in blue 9
7 The 22 CWEs in the Security Measure CWE-22 Path Traversal Improper Input Neutralization CWE-78 OS Command Injection Improper Input Neutralization CWE-79 Cross-site Scripting Improper Input Neutralization CWE-89 SQL Injection Improper Input Neutralization CWE-120 Buffer Copy without Checking Size of Input CWE-129 Array Index Improper Input Neutralization CWE-134 Format String Improper Input Neutralization CWE-252 Unchecked Return Parameter of Control Element Accessing Resource CWE-327 Broken or Risky Cryptographic Algorithm Usage CWE-396 Declaration of Catch for Generic Exception CWE-397 Declaration of Throws for Generic Exception CWE-434 File Upload Improper Input Neutralization CWE-456 Storable and Member Data Element Missing Initialization CWE-606 Unchecked Input for Loop Condition CWE-667 Shared Resource Improper Locking CWE-672 Expired or Released Resource Usage CWE-681 Numeric Types Incorrect Conversion CWE-706 Name or Reference Resolution Improper Input Neutralization CWE-772 Missing Release of Resource after Effective Lifetime CWE-789 Uncontrolled Memory Allocation CWE-798 Hard-Coded Credentials Usage for Remote Authentication CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Robert Martin MITRE Common Weakness Enumeration cwe.mitre.org 7
8 Factors and non-factors in CWE density per KLOC Factor Non-Factors 30 Releases per Year 35 Source 30 Shore CWEs per KLOC CWEs per KLOC CWEs per KLOC
9 CWE-89 SQL injection # of weaknesses Total SQL Injection weaknesses Apps ordered by # of weaknesses # of opportunities Total SQL Injection opportunities No weaknesses Apps ordered by # of weaknesses Statistic Value Mean 1.3 Median 0 Mode 0 Std. Deviat. 5.9 Range 4 Minimum 0 Maximum 4 Count 139 Range Freq. % to to to >50 0 SQL opportunities occurred in 9% of all apps SQL weaknesses occur in 9% of checked apps 3% of checked apps have extensive weaknesses Weaknesses unrelated to # of opportunities
10 CWE-79 Cross-site scripting # of weaknesses Total Cross-site Scripting weaknesses Apps ordered by # of weaknesses Statistic Value Mean 2.8 Median 0 Mode 0 Std. Deviat. 9.8 Range 86 Minimum 0 Maximum 86 Count 135 Range Freq. % to to to > # of opportunities Total X-Site Scripting Opportunities No weaknesses Apps ordered by # of weaknesses X-site opportunities occurred in 9% of all apps X-site weaknesses occur in 1/3 of checked apps 5% of checked apps have extensive weaknesses Weaknesses unrelated to # of opportunities
11 Modern Apps Are a Technology Stack 1 Unit Level Code style & layout Expression complexity Code documentation Class or program design Basic coding standards Developer level Architectural APIs Web Services Spring Oracle Struts EJB Transaction Risk JSP Java PL/SQL Sybase SQL Server Java T/SQL ASP.NET COBOL DB2 Java IMS Data Flow Java Java Java Java Single language/technology layer Intra-technology architecture Hibernate Intra-layer dependencies Messaging Inter-program invocation.net Security vulnerabilities Development team level 3 2 Integration quality Architectural compliance Risk propagation Application security Resiliency checks Transaction integrity Technology Level System Level Function point Effort estimation Data access control SDK versioning Calibration across technologies IT organization level 8
12 Emerging CISQ Measures Automated Function Points Must measure functional and non-functional code segments Automated Enhancement Points Extensions to Embedded Software Must add future effort to fix bugs into productivity Quality- Adjusted Productivity Four Quality Characteristic Measures Must estimate the corrective costs in in future releases Automated Technical Debt
13 App Certification Using CISQ CISQ measures CISQconformance assessment Technology vendors CISQ-conformant technology used in CISQ service process Vendor authorized service providers CISQ-conformant service process to provide CISQ/OMG only assess vendor conformance do not certify applications program initiates in 2017 Service providers use CISQ-conformant technology in a CISQ-conformant service process to provide application certifications Application Certification Security Xσ Reliability Xσ Performance Xσ Maintainability Xσ 12
14 Join CISQ! 15
Measuring the Structural Quality of Software
Measuring the Structural Quality of Software Paul C. Bentz Director of Government and Industry Programs, CISQ What is CISQ? Co-founders IT Executives CISQ Technical Experts OMG Special Interest Group CISQ
More informationCISQ Weakness Descriptions
CISQ Weakness Descriptions This document presents descriptions of the 86 weaknesses contained in the 4 CISQ Quality Characteristic measures. These descriptions have been simplified from their description
More informationEstablishing Standards as the Basis for Effective Measurement and Affordability
Click to edit Master title style Consortium for IT Software Quality Establishing Standards as the Basis for Effective Measurement and Affordability Marc Jones Federal Director, (vol.) marc.jones@it-cisq.org
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationImportant Points to Note
Important Points to Note All Participating colleges are requested to mute your telephone lines during the webinar session. Participants are requested to make note of questions / responses to questions,
More informationTESTING SOFTWARE QUALITY CHARACTERISTICS
TESTING SOFTWARE QUALITY CHARACTERISTICS Zigmars Gailans TAPOST 2017 Agenda Introduction Quality Functionality Usability Accessibility https://kahoot.it Kahoot app 2 3 What is Quality? The standard of
More informationNon Functional Product Requirements (illeties)
Non Functional Product Requirements (illeties) MANAGEMENT SUMMARY This whitepaper list several Non functional, Illeties or Quality Requirements Non Functional Product Requirements (illeties) ImQuSo White
More informationSoftware Quality Engineering Tackles Security Issues
Software Quality Engineering Tackles Security Issues Taz Daughtrey Senior Scientist Quanterion Solutions, Inc. Software Quality Group of New England 12 June 2013 Software Quality Engineering Tackles Security
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationTSP Secure. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA September 2009
TSP Secure Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Noopur Davis, Philip L. Miller, William R. Nichols, and Robert C. Seacord 23 September 2009 2008 Carnegie Mellon
More informationQUALITY METRICS IMPLEMENTATION IN COMPONENT BASED SOFTWARE ENGINEERING USING AI BACK PROPAGATION ALGORITHM SOFTWARE COMPONENT
I.J.E.M.S., VOL.3(2) 2012: 109-114 ISSN 2229-600X QUALITY METRICS IMPLEMENTATION IN COMPONENT BASED SOFTWARE ENGINEERING USING AI BACK PROPAGATION ALGORITHM SOFTWARE COMPONENT Sidhu Pravneet SPCET, Mohali,
More informationIntroduction To Software Testing. Brian Nielsen. Center of Embedded Software Systems Aalborg University, Denmark CSS
Introduction To Software Testing Brian Nielsen bnielsen@cs.aau.dk Center of Embedded Software Systems Aalborg University, Denmark CSS 1010111011010101 1011010101110111 What is testing? Testing Testing:
More informationOpportunities and Obstacles to Using Static Analysis for the Development of Safety-Critical Software
Copyright 2006 Rockwell Collins, Inc. All right reserved. Opportunities and Obstacles to Using Static Analysis for the Development of Safety-Critical Software Safety-Critical Business Case FAA: use of
More informationSoftware Quality Engineering Tackles Security Issues
Software Quality Engineering Tackles Security Issues Presented By: Taz Daughtrey Brought To You By: Sponsored By: Copyright 2013 Taz Daughtrey. All Rights Reserved. ASQ Software Division Invites You to
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationClearPath Secure Java Overview For ClearPath Libra and Dorado Servers
5/18/2007 Page 1 ClearPath Secure Java Overview For ClearPath Libra and Dorado Servers Technical Presentation 5/18/2007 Page 2 Agenda ClearPath Java for Core Business Transformation Overview Architectural
More informationBest Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA
Best Practices Process & Technology Sachin Dhiman, Senior Technical Consultant, LDRA Best Quality Software Product Requirements Design Coding Testing 2 Product Requirement Feature Requirement Security
More informationRisk Analysis and Measurement with CWRAF
Risk Analysis and Measurement with CWRAF - Common Weakness Risk Analysis Framework - April 4, 2012 Making Security Measurable (MSM) Software Assurance Enterprise Security Management Threat Management Design
More informationStandard Glossary of Terms used in Software Testing. Version 3.2. Foundation Extension - Usability Terms
Standard Glossary of Terms used in Software Testing Version 3.2 Foundation Extension - Usability Terms International Software Testing Qualifications Board Copyright Notice This document may be copied in
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationImproving Security in the Application Development Life-cycle
Improving Security in the Application Development Life-cycle Migchiel de Jong Software Security Engineer mdejong@fortifysoftware.com March 9, 2006 General contact: Jurgen Teulings, 06-30072736 jteulings@fortifysoftware.com
More informationSaving Time and Costs with Virtual Patching and Legacy Application Modernizing
Case Study Virtual Patching/Legacy Applications May 2017 Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Instant security and operations improvement without code changes
More informationSAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview. Tim Boland NIST May 29,
SAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview Tim Boland NIST May 29, 2012 http://samate.nist.gov t.boland@nist.gov 1 NationaI Institute of Standards and Technology (NIST) NIST,
More informationBuilding Secure Systems
Building Secure Systems Antony Selim, CISSP, P.E. Cyber Security and Enterprise Security Architecture 13 November 2015 Copyright 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission
More informationIEEE Sec Dev Conference
IEEE Sec Dev Conference #23, Improving Attention to Security in Software Design with Analytics and Cognitive Techniques Jim Whitmore (former) IBM Distinguished Engineer Carlisle, PA jjwhitmore@ieee.org
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationMigrating traditional Java EE applications to mobile
Migrating traditional Java EE applications to mobile Serge Pagop Sr. Channel MW Solution Architect, Red Hat spagop@redhat.com Burr Sutter Product Management Director, Red Hat bsutter@redhat.com 2014-04-16
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationHacking by Numbers OWASP. The OWASP Foundation
Hacking by Numbers OWASP Tom Brennan WhiteHat Security Inc. tom.brennan@whitehatsec.com 973-506-9303 skype: jinxpuppy Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify
More informationLarry Maccherone Carnegie Mellon CyLab
1 What do building construction and software engineering have in common? Larry Maccherone Manager of Software Assurance Initiatives CyLab - Carnegie Mellon 2 Creating secure software is like constructing
More informationInternational Software & Systems Engineering Standards
This presentation represents the opinion of the author and does not present positions of The MITRE Corporation or of the U.S. Department of Defense. Jim Moore The MITRE Corporation Chair, US TAG to ISO/IEC
More informationAnnexure 08 (Profile of the Project Team)
Annexure 08 (Profile of the Project Team) 1. Project Director (1) 2. Transition / Delivery Manager (1) 3. Project Manager Software (1) 4. Project Manager SLA (1) 5. Project Manager Information Security
More informationSoftware Design & Evolution. Lecture 04. You cannot control what you cannot measure. Metrics & Problem Detection. Michele Lanza
Software Design & Evolution Lecture 04 Michele Lanza Metrics & Problem Detection Metrics? Don t trust them Michele Lanza & Radu Marinescu Object-Oriented Metrics in Practice Using Software Metrics to Characterize,
More informationManaging Trust in e-health with Federated Identity Management
ehealth Workshop Konolfingen (CH) Dec 4--5, 2007 Managing Trust in e-health with Federated Identity Management Dr. rer. nat. Hellmuth Broda Distinguished Director and CTO, Global Government Strategy, Sun
More informationBEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION
GUIDE BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION CONTINUOUS SECURITY With attackers getting more sophisticated every day, manual methods of locating and testing web-based apps
More informationOracle Forms and Oracle APEX The Odd Couple
Oracle Forms and Oracle APEX The Odd Couple About me 2 Francis Mignault CTO and Co-founder, Insum Solutions 30+ years with Oracle DB, 14+ years with APEX. (Forms 2.3 / Oracle 5) Books: Expert Oracle Application
More informationODMG 2.0: A Standard for Object Storage
Page 1 of 5 ODMG 2.0: A Standard for Object Storage ODMG 2.0 builds on database, object and programming language standards to give developers portability and ease of use by Doug Barry Component Strategies
More informationRBS OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution of 5
RBS-2017-001 OpenEMR Multisite Setup Improper Access Restriction Remote Code Execution 2018-03-22 1 of 5 Vendor / Product Information OpenEMR is a Free and Open Source electronic health records and medical
More informationOracle Developer Day
Oracle Developer Day Sponsored by: Session 2 Oracle Application Development Framework Speaker Speaker Title Page 1 1 Agenda Development Environment Expectations Challenges Oracle ADF Architecture Business
More informationProduct Quality Engineering. RIT Software Engineering
Product Quality Engineering Q vs q Quality includes many more attributes than just absence of defects Features Performance Availability Safety Security Reusability Extensibility Modifiability Portability
More informationMobile Trends And The New Threats Is Your SAP System Vulnerable to Cyber Attacks? Stephen Lamy, Virtual Forge
Mobile Trends And The New Threats Is Your SAP System Vulnerable to Cyber Attacks? Stephen Lamy, Virtual Forge Agenda Mobile Trends and The New Threats The Forgotten Layer Benchmarks of Defects in Custom
More informationCMSC 414 Computer and Network Security
CMSC 414 Computer and Network Security Buffer Overflows Dr. Michael Marsh August 30, 2017 Trust and Trustworthiness You read: Reflections on Trusting Trust (Ken Thompson), 1984 Smashing the Stack for Fun
More informationHarmonization of usability measurements in ISO9126 software engineering standards
Harmonization of usability measurements in ISO9126 software engineering standards Laila Cheikhi, Alain Abran and Witold Suryn École de Technologie Supérieure, 1100 Notre-Dame Ouest, Montréal, Canada laila.cheikhi.1@ens.etsmtl.ca,
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationThe OWASP Foundation. Compliance driven vulnerabilities The effect of a quality aspect on software security. BeNeLux OWASP Day 2009
Compliance driven vulnerabilities The effect of a quality aspect on software security Colin Watson Watson Hall Ltd colin.watson(at)owasp.org BeNeLux OWASP Day 2009 Copyright The OWASP Foundation Permission
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationSecuring Web Applications. Architecture Alternatives. Web Application Security Roadmap. Defense in Depth. Defense in Depth
V User Terminal Key Secure Storage Personal Computers AntiVirus Certificate Mgmt Authority :::::: Multiplexor Securing Web Applications Jennifer L. Bayuk jennifer@bayuk.com www.bayuk.com 1 Mainframe Wireless
More informationApplication Control Review. August 4, 2012
Application Control Review August 4, 2012 Application Controls Review - Scope Web security Access Controls Password Controls Service Level Agreement Database Access Controls Perimeter Security Controls
More informationMicrosoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications
Release Conception Microsoft SDL Security Development Lifecycle and Building Secure Applications KRnet 2010 2010. 6. 22. 한국마이크로소프트보안프로그램매니저김홍석부장 Hongseok.Kim@microsoft.com Agenda Applications under Attack
More informationEnterprise Software Architecture & Design
Enterprise Software Architecture & Design Characteristics Servers application server, web server, proxy servers etc. Clients heterogeneous users, business partners (B2B) scale large number of clients distributed
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationDon t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd
Don t Be the Developer Whose Rocket Crashes on Lift off 2015 LDRA Ltd Cost of Software Defects Consider the European Space Agency s Ariane 5 flight 501 on Tuesday, June 4 1996 Due to an error in the software
More informationLevel Access Information Security Policy
Level Access Information Security Policy INFOSEC@LEVELACCESS.COM Table of Contents Version Control... 3 Policy... 3 Commitment... 3 Scope... 4 Information Security Objectives... 4 + 1.800.889.9659 INFOSEC@LEVELACCESS.COM
More informationVulnerability Management From B Movie to Blockbuster Rahim Jina
Vulnerability Management From B Movie to Blockbuster Rahim Jina 5 December 2018 Rahim Jina COO & Co-Founder Edgescan & BCC Risk Advisory @rahimjina rahim@edgescan.com HACKED Its (not) the $$$$ Information
More informationIBM Rational Application Developer for WebSphere Software, Version 7.0
Visual application development for J2EE, Web, Web services and portal applications IBM Rational Application Developer for WebSphere Software, Version 7.0 Enables installation of only the features you need
More informationNew International Health and Safety Standard ISO 45001
New International Health and Safety Standard ISO 45001 By Mr. Coleman Tse, Sales & Marketing Director, BSI Hong Kong 4/24/2015 Who is BSI? Royal Charter Status focused on the development of standards,
More informationThe Role of the American National Standards Institute (ANSI) Irwin Silverstein, Ph.D. IPEA
The Role of the American National Standards Institute (ANSI) 1 ANSI Activities American National Standard: Excipient GMP Accreditation of Product Conformity Bodies Certification to Excipient GMP 2 IPEA
More informationCertified Secure Web Application Security Test Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands Certified Secure Checklist About Certified Secure exists to encourage and fulfill
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationOracle Developer Day
Oracle Developer Day Sponsored by: Session 3 Familiar Techniques: Modeling and Frameworks Speaker Speaker Title Page 1 1 Agenda Forms as a Framework Mapping Forms to Oracle ADF Familiar Concepts Phases
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationFortify Software Security Content 2017 Update 4 December 15, 2017
Software Security Research Release Announcement Micro Focus Security Fortify Software Security Content 2017 Update 4 December 15, 2017 About Micro Focus Security Fortify SSR The Software Security Research
More informationA Hierarchical Model for Object- Oriented Design Quality Assessment
A Hierarchical Model for Object- Oriented Design Quality Assessment IEEE Transactions on Software Engineering (2002) Jagdish Bansiya and Carl G. Davis 2013-08-22 Yoo Jin Lim Contents Introduction Background
More informationOWASP InfoSec Romania 2013
OWASP InfoSec Romania 2013 Secure Development Lifecycle, The good, the bad and the ugly! October 25 th 2013 Martin Knobloch OWASP Netherlands Chapter Leader Applications are about information! 3 pillars
More informationQuality and usability: A new framework
van Veenendaal, E, and McMullan, J (eds) Achieving software product quality, Tutein Nolthenius, Netherlands, 1997 Quality and usability: A new framework Nigel Bevan Usability Services National Physical
More informationPart 5. Verification and Validation
Software Engineering Part 5. Verification and Validation - Verification and Validation - Software Testing Ver. 1.7 This lecture note is based on materials from Ian Sommerville 2006. Anyone can use this
More informationRequest for Quotation (RfQ)
Request for Quotation (RfQ) For ONVIF Technical Services Committee Device Test Tool Evolution WG Project Ash Circulation: 2017-June-02 Quotation Due: 2017-June-19 Copyright ONVIF 2017. All rights reserved.
More informationVerification and Validation of High-Integrity Systems
Verification and Validation of High-Integrity Systems Chethan CU, MathWorks Vaishnavi HR, MathWorks 2015 The MathWorks, Inc. 1 Growing Complexity of Embedded Systems Emergency Braking Body Control Module
More informationStandards and the Portals Project
Standards and the Portals Project Carsten Ziegeler cziegeler@apache.org Competence Center Open Source S&N AG, Germany Member of the Apache Software Foundation Committer in some Apache Projects Cocoon,
More informationSoftware defects and security
CS-4920: Lecture 5 Developing Secure Software Today s Outcomes Discuss the connection between defects and security Identify several types of defects Discuss the cost/schedule ramifications of defect reduction
More informationAn Introduction to Software Architecture By David Garlan & Mary Shaw 94
IMPORTANT NOTICE TO STUDENTS These slides are NOT to be used as a replacement for student notes. These slides are sometimes vague and incomplete on purpose to spark a class discussion An Introduction to
More informationOracle Responsys Release 18C. New Feature Summary
Oracle Responsys Release 18C New Feature Summary TABLE OF CONTENTS Revision History 3 Overview 3 APIs 3 REST AFTM API: Support for retrievelistmember 3 Mobile 4 SPAN Deliverability Scoring and Monthly
More informationIntegrigy Consulting Overview
Integrigy Consulting Overview Database and Application Security Assessment, Compliance, and Design Services March 2016 mission critical applications mission critical security About Integrigy ERP Applications
More informationWe manage the technology that lets you manage your business.
We manage the technology that lets you manage your. Stages of Legacy Modernization Metadata enablement of a four-stage approach end-to-end Modernization Stages of Legacy Modernization The speed of technology
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Managing, Improving and Securing an Enterprise Digital Service Portfolio itsm003 v.3.0 Agenda and Objectives What is
More information1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake
Sample ISTQB examination 1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake 2 Regression testing should
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationNFC Forum Certification Program. Mikko Saarisalo Nokia Vice Chairman, NFC Forum
NFC Forum Certification Program Mikko Saarisalo Nokia Vice Chairman, NFC Forum April 21, 2011 NFC Forum Certification is Good for Business 1. Brings together a set of addressable markets whose combined
More informationSafeRiver SME. Added Value Solutions for Embedded Systems. Tools for FuSa and Software Security. Packaged Services. CIR agreed
SafeRiver SME Independent- founded december 2005 18 consultants highly skilled in Software and Formal methods Turnover 2015: 1,5M (excluding R&D public fundings) Added Value Solutions for Embedded Systems
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationThe Center for Internet Security
The Center for Internet Security Measurably reducing risk through collaboration, consensus, & practical security management Content of this Presentation: I. Background II. Univ. of CA Schools Rights and
More informationQuality in Use: Achieving Stakeholder Needs for Quality
1 Quality in Use: Achieving Stakeholder Needs for Quality Nigel Bevan www.nigelbevan.com nigel@nigelbevan.com Professional Usability Services Nigel Bevan. Reproduction permitted provided the source is
More informationCoding Standards in FACE Conformance. John Thomas, Chris Edwards, and Shan Bhattacharya
Coding Standards in FACE Conformance John Thomas, Chris Edwards, and Shan Bhattacharya LDRA Overview Provider of Software Quality, Compliance Management & Testing Solutions Established 1975 ISO 9001 certified
More informationAutomotive Software Security Testing
Detecting and Addressing Cybersecurity Issues V1.1 2018-03-05 Code ahead! 2 Automated vulnerability detection and triage + = 3 How did we get here? Vector was engaged with a large, US Tier 1 and we were
More informationSecuring Digital Applications
Securing Digital Applications Chris Lewis: Certification Director Agenda The problem and solution The Kitemark and how it works ISO/IEC 27001 (Information Security Management Standard) OWASP ASVS v2 CVSS
More informationWeb Application Security. OWASP 11 th August, The OWASP Foundation Basic SQL injection Basic Click Jacking
Web Application Security Basic SQL injection Basic Click Jacking OWASP 11 th August, 2012 Vinod Senthil T Director infysec vinod@infysec.com 044-42611142/43 Copyright The OWASP Foundation Permission is
More informationJ2EE Application Development : Conversion and Beyond Osmond Ng
IBM Software Group J2EE Application Development : Conversion and Beyond Osmond Ng IBM Software Group Practitioner View Point IBM Rational Application Developer J2EE/EJB Tooling J2EE construction tools
More informationFortify Security Report. Sep 30, 2010 Aleks
Sep 30, 2010 Aleks Executive Summary Issues Overview On Sep 30, 2010, a source code review was performed over the src code base. 124 files, 9053 LOC (Executable) were scanned and reviewed for defects that
More informationAbout these Release Notes. This document contains important information about Pro*COBOL 12c Release 2 (12.2).
Pro*COBOL Release Notes 12c Release 2 (12.2) E85817-01 May 2017 Release Notes About these Release Notes This document contains important information about Pro*COBOL 12c Release 2 (12.2). It contains the
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationCyberVista Certify cybervista.net
ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify ONLINE CYBERSECURITY CERTIFICATION TRAINING CyberVista Certify CyberVista offers the industry s most comprehensive cybersecurity training
More information6+ years of experience in IT Industry, in analysis, design & development of data warehouses using traditional BI and self-service BI.
SUMMARY OF EXPERIENCE 6+ years of experience in IT Industry, in analysis, design & development of data warehouses using traditional BI and self-service BI. 1.6 Years of experience in Self-Service BI using
More informationDB2 S-TAP, IMS S-TAP, VSAM S-TAP
IBM InfoSphere Guardium Version 8.2 IBM InfoSphere Guardium 8.2 offers the most complete database protection solution for reducing risk, simplifying compliance and lowering audit cost. Version 8.2 contains
More information