Understanding scan coverage in AppScan Standard
|
|
- Erik Shields
- 6 years ago
- Views:
Transcription
1 IBM Security AppScan Standard Open Mic Webcast January 27, 2015 Understanding scan coverage in AppScan Standard Panelists Shahar Sperling Software Architect at Application Security AppScan Tal Rabinovitch - AppScan Standard Development Manager Daniel Dubnikov - Security Software Developer Warren Moynihan - ethical hacking and AppScan Standard expert Joe Bucanelli - Escalation Lead for AppScan Standard Scott Hurd Client Technical Resolution Specialist Marek Stepien Knowledge & Content Specialist for AppScan Support Kathleen Smith, Moderator Social business manager Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA Toll-Free: USA Toll: Participant passcode: Slides & additional phone numbers: NOTICE: By participating in this call, you give your irrevocable consent to IBM to record any statements that you may make during the call, as well as to IBM's use of such recording in any and all media, including for video postings on YouTube. If you object, please do not connect to this call IBM Corporation
2 Goal: Understanding Application Data for configuration The most important aspect of the scan is the Explore phase This is where we identify what we need to test Coverage of the application defines how much of it we scan We want to cover all the business logic We want to avoid over-testing a specific part of the application Automatic Explore needs help! How can you assist AppScan to better cover the application? What information can you draw from AppScan to improve configuration? In this session I will attempt to explain some of the advanced topics in the Application Data and how they can help in optimizing the scan. 2
3 Agenda Review Application Data Layout Review General Information Tabs Review Critical Information Tabs Summary 3
4 Status Bar Information Visited Pages Count of main URL, not including automatic or AJAX links Tested Elements The combination of entity and the list of rules that need to run in each part of the test phase HTTP Request Sent Requests that were sent to the site Does not include in-session requests or server down check requests Total security Issues Security Issues by Severity Demo license indication GlassBox agent status 4 4
5 Application Tree Application Tree provides a physical view of the URL paths Identify filtered or broken links HTTP/S identify a different application Each port is a new application Available operations include: Apply configuration changes: Exclude from scan Record Multi Step Operation Can generate partial reports Manual explore adds directly to application data 5 5
6 Data Tabs Requests All successful HTTP request sent to the server Parameters All query, body (POST), and custom parameters Cookies All cookies identified (including client-cookies) Pages Root requests which should match the Visited Page Failed Request all requests resulting in HTTP 4xx and 5xx errors Filtered all requests not sent due to some filter status User Interaction Needed requests which generated additional authentication processes Comments all the comment that was identified in the JavaScript all the code that was detected in the application 6 6
7 Agenda Review Application Data Layout Review General Information Tabs Review Critical Information Tabs Summary 7
8 Requests Review traffic to identify differences URI related data URL Method Parameters query, post, custom Many look repeated, but represent different sources Automatic/Manual explore, pre/post login Recorded login Recorded sequences 8
9 Cookies Cookie properties Response containing set-cookie Values Configuration Tracked Test Exclude 9
10 Pages Examine Navigation Logical root requests 10
11 Failed Requests Requests with 4xx/5xx response codes 11
12 User Interaction Needed Extra user intervention Additional Authorization needed Failed from submission 12
13 Comment and JavaScript Information provided for convenience Tests search for suspicious content Phone numbers, SSN, s, etc. Detail section contains the full content of the JavaScript code or Comment Modern applications contain a critical mass of JavaScript code Content of JavaScript tab can be overwhelming Could be used to find something specific 13
14 Agenda Review Application Data Layout Review General Information Tabs Review Critical Information Tabs Summary 14
15 Filtered Examine Navigation Logical root requests 15
16 Filtered - Details Scan scope Untested Server host name not included in Starting URL and additional domains File Extension Exclude file extensions General Regular Expression Excluded Path/Parameters Scanner Limits technological limitations Unsupported Flash Version Request HTTP Method (supported GET POST PUT DELET) Configuration Redundant Path Limit Depth Limit Page Limit Review these values to identify if too much unique content is missing, increase values if necessary 16
17 Parameters Details include Configuration Session ID tracking Test Included Details Location Type 17
18 Parameters Parameters in the wide sense of the term Query, Post-Data, Multi-Part Form, JSON, XML Path parameters (custom parameters for URL rewriting) Non-standard Query and Body parameters (custom parameters) Parameters are the primary attack mechanisms Constitute the greatest dependency in server side code The most abundant elements in web-applications The single-most dramatic affect on coverage Greatest impact on the content being covered Greatest impact on the size of the scan and length of the test phase Compound, structured, and complex data types JSON and XML based data exchange is very popular AppScan parses structures to attack each value Can create an explosion of test entities could be hundreds in a single request! 18
19 Parameters Standard Locations Query Post Data Multi-part form data Type location where the parameter was identify Simple parameter in a link Text, Select, Hidden, Password, etc. parameter in form submission will be identified by the field type Name the name of the parameter as it appears as part HTTP protocol 19
20 Parameters - Custom Locations Query Path Body Headers advanced configuration Type Custom Name The name is constructed from the name of the custom parameter and an index, if more than one instance of the parameter is identified If the custom parameter has a name, it will also be added to the name as it appears in AppScan 20
21 Parameters Custom examples Nameless parameter the name of the custom parameter in brackets, followed by an index if more than one index appears Example 1: Numeric defined as 8 value digits in path in Parameter identified will be [Numeric] with value of Example 2: Numeric defined as 8 digits in path in Parameter identified will be [Numeric] with value of Parameter identified will be [Numeric]_1 with value of Named parameter the name of the custom parameter in brackets, followed the name and an index Example 1: Numeric defined as 4 name characters followed by 8 value digits in path in Parameter 1: [Numeric] abcd Parameter 2: [Numeric] efgh_1 21
22 Parameters JSON/XML Structured types Locations Body Query Value of query/post-data parameters (complex parameters) Values are encapsulated, meaning each value may contain another structure which is parsed for parameters Type XML JSON Name The name of the parameters is created from the path through the structured type to reach a specific value If the JSON or XML is in the value of query or body parameters, the name of the parameter is also added as a lead in 22
23 Parameters JSON examples JSON body Example { top : { first : 1, second : 2 } } Name Value Type -> top { first : 1, second : 2 } JSON -> top -> first 1 JSON -> top -> second 2 JSON JSON Value Example /index.php?content={ top :{ first :1, second :2}}&target=new Name Value Type content -> top { first : 1, second : 2 } JSON content -> top -> first 1 JSON content -> top -> second 2 JSON content { top :{ first :1, second :2}} Simple Link target New Simple Link 23
24 Parameters XML examples XML body Example <top> <first attr= 2 > 1 </first> </top> Name Value Type -> top XML -> top -> first 1 XML -> top -> first{attr} 2 XML 24
25 Redundancy Tuning Describing affect on application Redundancy tuning is available for parameters (all types) and cookies The affect of a parameter or cookie has on the application Helps avoid exploring redundant content or performing redundant tests Content is only interesting if it exposes new business logic in the server Retesting the same parameter/cookie over and over in the same context will not yield new vulnerabilities 25
26 Redundancy Tuning - Explore Question: Does a parameter introduce new business logic? Question: Does a parameter value affects business logic flow? Explore Redundancy tuning asks the following questions: Should AppScan revisit the page when the value of the parameter changes? Should AppScan revisit the page when the parameter is added or removed? The answers can optimize the coverage of the business logic in the server 26
27 Redundancy Tuning Explore Example layout: Defines the stylesheet to be used Case 1: If layout is missing redirect to SelectLayout.php (a different logic flow) We prefer revisit the URL when parameter is added or removed. We will cover two different flows in the application. We save following the flow that has the parameter, but with a new value. Case 2: If layout is missing, default to flat (not affect on the logic flow) We prefer full redundancy tuning, because all requests follow the same flow, and there is no need to scan it three different times. 27
28 Redundancy Tuning - Test Concept: Each parameter is tested in a request context. The context is the environment of the parameter/cookie. The default is to test the parameter/cookie in each of it s contexts. Question: Does a parameter introduce new business logic? Question: Does a parameter value affects business logic flow? When a parameter is introduced or is given a new value, it creates a new context for it s neighbors. Test Redundancy tuning asks the following questions: Does the parameter value affect the context? Should AppScan retest the neighbors when the parameter value changes? Does the parameter addition or removal affect the context? Should AppScan retest the neighbors when the parameter is added or removed? The answers can optimize the test phase of the scan, making it considerably shorter 28
29 Redundancy Tuning Test Example layout: Defines the stylesheet to be used Case 1: If layout is missing redirect to SelectLayout.php (a different logic flow) We prefer retest neighbors when parameter is added or removed. We don t know how index is used in the redirect, so we must test it there as well. Case 2: If layout is missing, default to flat (not affect on the logic flow) We prefer full redundancy tuning, because index is used in the same way in all three requests. We can save a lot of testing by only testing index in the context of the first request. 29
30 Parameters Structured Redundancy Tuning When repeated records are identified, only the first will be tested (configurable) Sample { report : [ { index :1, value : abcd }, { index :2, value : efgh }, } { index :3, value : ijkl } ] Name Value -> report [{"index":1,"value":"abcd"},{"index":2,"value":"efgh"},{"index":3,"value":"ijkl"}] -> report[0] {"index":1,"value":"abcd"} -> report[0] -> index 1 -> report[0] -> value abcd -> report[1] {"index":2,"value": efgh"} -> report[1] -> index 2 -> report[1] -> value efgh -> report[2] {"index":3,"value": ijkl"} -> report[2] -> index 3 -> report[2] -> value ijkl 30
31 Parameters Management and Configuration Add this parameter Create configuration definition for the parameter directly from the Application Data view Automatically fills in details about the parameter to simplify creating the configuration Include/Exclude Exclude/Include configuration can be dependent on a parameter s value Complements the Application Tree action to exclude a URL by allowing to exclude a URL given a specific value Do not test Creates a parameter configuration from the Application Data view Available in multi-select to avoid test large number of parameters in a single action 31
32 Agenda Review Application Data Layout Review General Information Tabs Review Critical Information Tabs Summary 32
33 Summary Reviewing the explore results is important There are many hints to for the quality of coverage, even without detailed application knowledge Use tools within Application Data to perform some of the work in a simpler manner Parameters The most direct influence on the coverage Compound data types can create an explosion of test entities Careful configuration can reduce over-testing Filtered URLs Best indication for coverage Examine relationship between explored and filtered URLs Indicate complexity of filtering It is worth your time to review the Application Data. It will result in a more affective scan in both time spent scanning and the quality of results reported 33
34 Questions for the panel? Now is your opportunity to ask questions of our panelists. To ask a question now: Press *1 to ask a question over the phone or Type your question into the SmartCloud Meetings chat To ask a question after this presentation: You are encouraged to participate in Forum topics: IBM developerworks forum for IBM Security AppScan Standard 34
35 Where do you get more information? Questions on this or other topics can be directed to the product forum: IBM developerworks forum for IBM Security AppScan Standard Other references: AppScan Standard on IBM Support Portal AppScan Standard demonstration videos How to subscribe to notifications for AppScan products AppScan Standard in IBM KnowledgeCenter Security Support Open Mic Opportunities Follow us: IBM Support Portal Open a Service Request Update your PMR Escalate your PMR 35
36 Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
37 Backup 37
38 Tested Elements Explained Entity a part of the application that should be tested (cookie, parameter, request, etc.) Rule a script that tests for a single issue type on a specific entity, with multiple variants Rules can identify global-detection issues as well Test steps there are two steps in the test phase concurrent (running rules in parallel) and serialized (running rules one at a time) Rule Range a list of rules applying to a specific entity which should run in a specific step Test Element defined by an entity and a rule-range Entity that can run concurrent and has no serialized rules, will have one Test Element created for it Entity that should run entirely serialized will have one Test Element created for it Entity that can run concurrent and has serialized rules, will have two Test Elements created of it 38
Disk Space Management of ISAM Appliance
IBM Security Access Manager Tuesday, 5/3/16 Disk Space Management of ISAM Appliance Panelists David Shen Level 2 Support Engineer Steve Hughes Level 2 Support Engineer Nicholas Hasten Level 2 Support Engineer
More informationWhat's new in AppScan Standard/Enterprise/Source version
What's new in AppScan Standard/Enterprise/Source version 9.0.3.4 support Open Mic Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA
More informationXGS: Making use of Logs and Captures
IBM Security Network Protection XGS Open Mic webcast #6 June 24, 2015 XGS: Making use of Logs and Captures Panelists Bill Klauke (Presenter) Product Lead L2 Support Maxime Turlot Product Lead L2 Support
More informationMSS VSOC Portal Single Sign-On Using IBM id IBM Corporation
MSS VSOC Portal Single Sign-On Using IBM id Changes to VSOC Portal Sign In Page Users can continue to use the existing Client Sign In on the left and enter their existing Portal username and password.
More informationSecurity Support Open Mic: ISNP High Availability and Bypass
Panelists Ed Leisure Knowledge Engineer, Presenter Andrew Sallaway SWAT Consultant Kenji Hamahata L2 Engineer (Japan) Maxime Turlot Product Lead Arthur Testa Product Lead Jeff Dicostanzo Advanced Value
More informationIBM Threat Protection System: XGS - QRadar Integration
IBM Security Network Protection Support Open Mic - Wednesday, 25 May 2016 IBM Threat Protection System: XGS - QRadar Integration Panelists Tanmay Shah - Presenter Level 2 Support Product Lead Danitza Villaran-Rokovich,
More informationWhat's new in AppScan Standard version
What's new in AppScan Standard version 9.0.3.5 IBM Audio Security Connection support dialog by Open access Mic the Slides and more information: http://www.ibm.com/support/docview.wss?uid=swg27049311 February
More informationIBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions
IBM Security Access Manager open mic webcast July 14, 2015 IBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions Panelists Gianluca Gargaro L2 Support Engineer Darren Pond L2
More informationXGS & QRadar Integration
IBM Security Support Open Mic - January 28, 2015 XGS & QRadar Integration Advanced Threat Protection Integration Options Panelists Wes Davis Advanced Threat Support Group Engineer (Presenter) Thomas Gray
More informationHow AppScan explores applications with ABE and RBE
How AppScan explores applications with ABE and RBE IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationIBM Security Network Protection Open Mic - Thursday, 31 March 2016
IBM Security Network Protection Open Mic - Thursday, 31 March 2016 Application Control and IP Reputation on the XGS Demystified Panelists Tanmay Shah, Presenter IPS/Network Protection Product Lead Bill
More informationIBM Security Access Manager v8.x Kerberos Part 2
IBM Security Access Manager open mic webcast - Oct 27, 2015 IBM Security Access Manager v8.x Kerberos Part 2 Kerberos Single Sign On using Constrained Delegation Panelists Gianluca Gargaro L2 Support Engineer
More informationSecurity Support Open Mic Build Your Own POC Setup
IBM Security Access Manager 08/25/2015 Security Support Open Mic Build Your Own POC Setup Panelists Reagan Knowles Level II Engineer Nick Lloyd Level II Support Engineer Kathy Hansen Level II Support Manager
More informationSecurity Support Open Mic Client Certificate Authentication
IBM Security Access Manager, Tuesday, December 8, 2015 Security Support Open Mic Client Certificate Authentication Panelists Jack Yarborough ISAM Level II Nick Lloyd ISAM Level II Scott Stough ISAM Level
More informationXGS Administration - Post Deployment Tasks
IBM Security Network Protection Support Open Mic - 18 November 2015 XGS Administration - Post Deployment Tasks Panelists Tanmay Shah XGS Product Lead, L2 Support (Presenter) Thomas Gray L2 Support Manager
More informationISAM Advanced Access Control
ISAM Advanced Access Control CONFIGURING TIME-BASED ONE TIME PASSWORD Nicholas J. Hasten ISAM L2 Support Tuesday, November 1, 2016 One Time Password OTP is a password that is valid for only one login session
More informationIBM Security Directory Server: Utilizing the Audit.log
IBM Security Directory Server Open Mic Webcast #1 November 4, 2014 IBM Security Directory Server: Utilizing the Audit.log Panelists Roy Spencer L2LDAP Technical Lead Ram Reddy L2LDAP Senior Engineer Benjamin
More informationHow to properly deploy, configure and upgrade the NAB
Panelists Jeff DiCostanzo, Presenter AVP Team Lead Bill Klauke - Level 2 Product Lead Maxime Turlot - Level 2 Product Lead Ryan Andersen - Level 2 Senior Engineer Edward A Romero - Level 3 Network Security
More informationISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.
ISAM Federation STANDARDS AND MAPPINGS Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support July 19, 2017 Agenda ISAM Federation Introduction Standards and Protocols Attribute Sources
More informationGX vs XGS: An administrator s comparison of the two products
: An administrator s comparison of the two products Panelists Bill Klauke IPS Product Lead, Level 2 Support Matthew Elsner XGS Development Yuceer (Banu) Ilgen XGS Development Jeff Dicostanzo AVP Support
More informationDeploying BigFix Patches for Red Hat
Deploying BigFix Patches for Red Hat IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2141
More informationBigFix Query Unleashed!
BigFix Query Unleashed! Lee Wei IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu option. To
More informationAnalyzing Hardware Inventory report and hardware scan files
Analyzing Hardware Inventory report and hardware scan files IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by
More informationIBM Security Network Protection
IBM Security Network Protection XGS 5.3.3 firmware release Features and Enhancements IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web
More informationJunction SSL Debugging With Wireshark
Junction SSL Debugging With Wireshark IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu option.
More informationIBM MaaS360 Kiosk Mode Settings
IBM MaaS360 Kiosk Mode Settings Configuration Settings for Kiosk Mode Operation IBM Security September 2017 Android Kiosk Mode IBM MaaS360 provides a range of Android device management including Samsung
More informationIBM BigFix Relays Part 2
IBM BigFix Relays Part 2 IBM SECURITY SUPPORT OPEN MIC December 17, 2015 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING
More informationHTTP Transformation Rules with IBM Security Access Manager
HTTP Transformation Rules with IBM Security Access Manager IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationConfiguring zsecure To Send Data to QRadar
Configuring zsecure To Send Data to QRadar CONFIGURATION, SETUP, AND EXAMPLES Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free:
More informationIntroduction to IBM Security Network Protection Manager
Introduction to IBM Security Network Protection Manager IBM SECURITY SUPPORT OPEN MIC Slides are at: https://ibm.biz/bdscvz NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM
More informationUsing Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting
Using Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationMore on relevance checks in ILMT and BFI
More on relevance checks in ILMT and BFI IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by accessing the Communicate
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationQRadar Feature Discussion IBM SECURITY SUPPORT OPEN MIC
QRadar 7.2.7 Feature Discussion IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2141
More informationConfiguring your policy to prevent appliance problems
Configuring your policy to prevent appliance problems IBM Security Guardium IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationIBM Security Identity Manager New Features in 6.0 and 7.0
IBM Security Identity Manager New Features in 6.0 and 7.0 IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationIBM Security Support Open Mic
IBM Security Support Open Mic LET S TALK ABOUT QRADAR 7.2.8 FEATURES Connect to WebEx Audio by selecting an option in the Audio Connection dialog or by accessing the Communicate > Audio Connection menu
More informationIBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation
IBM Security Endpoint Manager- BigFix Daniel Joksch Security Sales Establish security as an immune system Malware protection Incident and threat management Identity management Device management Data monitoring
More informationInfoSphere Guardium 9.1 TechTalk Reporting 101
InfoSphere Guardium 9.1 TechTalk Reporting 101 Click to add text Dario Kramer, Senior System Architect dariokramer@us.ibm.com 2013 IBM Corporation Acknowledgements and Disclaimers Availability. References
More informationIBM Security Access Manager Single Sign-on with Federation
IBM Security Access Manager Single Sign-on with Federation IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationRemote Syslog Shipping IBM Security Guardium
Remote Syslog Shipping IBM Security Guardium IBM Security support Open Mic To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection menu
More informationIBM Lotus Notes in XenApp Environments
IBM Lotus Notes in XenApp Environments Open Mic Webcast September 28, 2011 11:00 AM EDT 2011 IBM Corporation Open Mic Webcast: IBM Lotus Notes in XenApp environments September 28 th @ 11:00 AM EDT (15:00
More informationLet s talk about QRadar 7.2.5
QRadar Open Mic Webcast #9 June 10, 2015 Let s talk about QRadar 7.2.5 Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Jeremy Mathews
More informationQRadar Open Mic: Custom Properties
November 29, 2017 QRadar Open Mic: Custom Properties IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationIBM Security Guardium: : Sniffer restart & High CPU correlation alerts
IBM Security Guardium: : Sniffer restart & High CPU correlation alerts IBM SECURITY SUPPORT OPEN MIC, presented by Lisette Contreras, Guardium Support To hear the WebEx audio, select an option in the Audio
More informationIBM Security Guardium: Troubleshooting No Traffic Issues
IBM Security Guardium: Troubleshooting No Traffic Issues IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationInterpreting relevance conditions in commonly used ILMT/BFI fixlets
Interpreting relevance conditions in commonly used ILMT/BFI fixlets IBM LICENSE METRIC TOOL AND BIGFIX INVENTORY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog
More informationSecurity Update PCI Compliance
Security Update PCI Compliance (Payment Card Industry) Jeff Uehling IBM i Security Development uehling@us.ibm.com 2012 IBM Corporation PCI Requirements An Information only Presentation NOTE: These Slides
More informationIBM Social Rendering Templates for Digital Data Connector
IBM Social Rendering Templates for Digital Data Dr. Dieter Buehler Software Architect WebSphere Portal / IBM Web Content Manager Social Rendering Templates for DDC- Overview This package demonstrates how
More informationLet s Talk About Threat Intelligence
Let s Talk About Threat Intelligence IBM SECURITY SUPPORT OPEN MIC #20 Slides and additional dial in numbers: http://ibm.biz/openmic20 January 26, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR
More informationDeveloping Enterprise Services for Mobile Devices using Rational Software Architect / Worklight
Developing Enterprise Services for Mobile Devices using Rational Software Architect / Worklight Sandeep Katoch Architect, Rational Software Architect Development sakatoch@in.ibm.com Agenda Introduction
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationAD406: What s New in Digital Experience Development with IBM Web Experience Factory
AD406: What s New in Digital Experience Development with IBM Web Experience Factory Jonathan Booth, Senior Architect, Digital Experience Tooling, IBM Adam Ginsburg, Product Manager, Digital Experience
More informationOptimizing IBM QRadar Advisor with Watson
Optimizing IBM QRadar Advisor with Watson IBM SECURITY SUPPORT OPEN MIC #25 Slides and additional dial in numbers: http://ibm.biz/openmic25 June 8, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE
More informationPredators are lurking in the Dark Web - is your network vulnerable?
Predators are lurking in the Dark Web - is your network vulnerable? Venkatesh Sadayappan (Venky) Security Portfolio Marketing Leader IBM Security - Central & Eastern Europe Venky.iss@cz.ibm.com @IBMSecurityCEE
More informationIBM BigFix Relays Part 1
IBM BigFix Relays Part 1 IBM SECURITY SUPPORT OPEN MIC November 19, 2015 Revised March 2, 2018 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT
More informationIBM Application Performance Analyzer for z/os Version IBM Corporation
IBM Application Performance Analyzer for z/os Version 11 IBM Application Performance Analyzer for z/os Agenda Introduction to Application Performance Analyzer for z/os A tour of Application Performance
More informationIBM BigFix Client Reporting: Process, Configuration, and Troubleshooting
IBM BigFix Client Reporting: Process, Configuration, and Troubleshooting IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate
More informationPonemon Institute s 2018 Cost of a Data Breach Study
Ponemon Institute s 2018 Cost of a Data Breach Study September 18, 2018 1 IBM Security Speakers Deborah Snyder CISO State of New York Dr. Larry Ponemon Chairman and Founder Ponemon Institute Megan Powell
More informationBenchmarking z/os Development Tasks - Comparing Programmer Productivity using RDz and ISPF
IBM Software Group Benchmarking z/os Development Tasks - Comparing Programmer Productivity using RDz and ISPF Jon Sayles RDz Technical Enablement jsayles@us.ibm.com 2010 IBM Corporation Agenda and Disclaimer
More informationProduct Overview Analyst s Notebook Analyst s Notebook is a standalone desktop product for a single user Allows quick collation and visualization of unstructured or structured data Incorporates powerful
More informationSecuring global enterprise with innovation
IBM Cybersecurity Securing global enterprise with innovation Shamla Naidoo VP, IBM Global CISO August 2018 Topics 01 02 03 Securing Large Complex Enterprise Accelerating With Artificial Intelligence And
More informationBroadcasting in IBM Sterling File Gateway
Praveen Ummadi Sterling Technical Support Engineer 07 Augdurch 2014 Klicken hinzufügen Text Broadcasting in IBM Sterling File Gateway Moderator and Presenter Moderator Eileem Mejia, IBM Sterling B2B Integrator
More informationThe Challenge of Managing WebSphere Farm Configuration. Rational Automation Framework for WebSphere
IBM Software Group The Challenge of Managing WebSphere Farm Configuration Rational Automation Framework for WebSphere Terence Chow Technical Specialist IBM Rational Hong Kong 2007 IBM Corporation Example:
More informationWe will see how this Android SDK class. public class OpenSSLX509Certificate extends X509Certificate {
We will see how this Android SDK class public class OpenSSLX509Certificate extends X509Certificate { } private MISSING MODIFIER BEFORE OUR DISCLOSURE! (NOW PATCHED) final long mcontext; 2 Led to this REPLACEMENT
More informationIBM Software. IBM Forms V8.0. Forms Experience Builder - Portal Integration. Lab Exercise
IBM Forms V8.0 Forms Experience Builder - Portal Integration Lab Exercise Catalog Number Copyright IBM Corporation, 2012 US Government Users Restricted Rights - Use, duplication or disclosure restricted
More informationValue of managing and running automated functional tests with Rational Quality Manager
Value of managing and running automated functional tests with Rational Quality Manager Shinoj Zacharias (Shinoj.zacharias@in.ibm.com) Senior Software Engineer, Technical Lead IBM Software Fariz Saracevic
More informationPenetration testing a building automation system
Penetration testing a building automation system Is your smart office creating backdoors for hackers? IBM X-Force Research Click here to start There is much focus in the IT industry on securing web servers,
More informationHands-on Lab Session 9020 Working with JSON Web Token. Budi Darmawan, Bluemix Enablement
Hands-on Lab Session 9020 Working with JSON Web Token Budi Darmawan, Bluemix Enablement Copyright IBM Corporation 2017 IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp.,
More informationWebSphere Partner Gateway v6.2.x: EDI TO XML Transformation With FA
WebSphere Partner Gateway v6.2.x: EDI TO XML Transformation With FA Mike Glenn(v1mikeg@us.ibm.com) WPG L2 Support September 23, 2014 Agenda (1 of 3) Download EDI Standard Create XML Schema Use the DIS
More informationUsing Question/Answer Wizards and Process Slots to configure an RMC process/wbs
IBM Software Group Using Question/Answer Wizards and Process Slots to configure an RMC process/wbs Bruce MacIsaac Rational Method Composer Product Manager bmacisaa@us.ibm.com Agenda Process builder Process
More informationWe will see how this Android SDK class. public class OpenSSLX509Certificate extends X509Certificate {
We will see how this Android SDK class public class OpenSSLX509Certificate extends X509Certificate { } private MISSING MODIFIER BEFORE OUR DISCLOSURE! (NOW PATCHED) final long mcontext; One Class to Rule
More informationIntroducing IBM Lotus Sametime 7.5 software.
Real-time collaboration solutions March 2006 Introducing IBM Lotus Sametime 7.5 software. Adam Gartenberg Offering Manager, Real-time and Team Collaboration Page 2 Contents 2 Introduction 3 Enhanced instant
More informationIBM Security Identity Governance and Intelligence Clustering and High Availability
IBM Security Identity Governance and Intelligence Clustering and High Availability IBM SECURITY SUPPORT Luigi Lombardi: luigi.lombardi@it.ibm.com Gianluca Gargaro: g.gargaro@it.ibm.com Raffaele Sperandeo:
More informationHands-on Lab Session 9909 Introduction to Application Performance Management: Monitoring. Timothy Burris, Cloud Adoption & Technical Enablement
Hands-on Lab Session 9909 Introduction to Application Performance Management: Monitoring Timothy Burris, Cloud Adoption & Technical Enablement Copyright IBM Corporation 2017 IBM, the IBM logo and ibm.com
More informationService Description. IBM Aspera Files. 1. Cloud Service. 1.1 IBM Aspera Files Personal Edition. 1.2 IBM Aspera Files Business Edition
Service Description IBM Aspera Files This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of the Cloud Service.
More informationIBM Infrastructure Suite for z/vm and Linux: Introduction IBM Tivoli OMEGAMON XE on z/vm and Linux
IBM Infrastructure Suite for z/vm and Linux: Introduction IBM Tivoli OMEGAMON XE on z/vm and Linux August/September 2015 Please Note IBM s statements regarding its plans, directions, and intent are subject
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationHands-on Lab Session 9011 Working with Node.js Apps in IBM Bluemix. Pam Geiger, Bluemix Enablement
Hands-on Lab Session 9011 Working with Node.js Apps in IBM Bluemix Pam Geiger, Bluemix Enablement Copyright IBM Corporation 2017 IBM, the IBM logo and ibm.com are trademarks of International Business Machines
More informationWP710 Language: English Additional languages: None specified Product: WebSphere Portal Release: 6.0
General information (in English): Code: WP710 Language: English Additional languages: Brand: Lotus Additional brands: None specified Product: WebSphere Portal Release: 6.0 WW region: WorldWide Target audience:
More informationIBM Security Network Protection v Enhancements
IBM Security Network Protection v5.3.3.1 Enhancements IBM SECURITY SUPPORT OPEN MIC To hear the WebEx audio, select an option in the Audio Connection dialog or by access the Communicate > Audio Connection
More informationIBM Rational Software Development Conference IBM Rational Software. Presentation Agenda. Development Conference
IBM Rational Software Development Conference 2008 UML to EGL without writing code and deploy as Java or COBOL Reginaldo Barosa Executive IT Specialist, TechWorks Americas rbarosa@us.ibm.com Session 20036
More informationIBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC. 13 Dec 2017
IBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC 13 Dec 2017 IBM Security Learning Academy www.securitylearningacademy.com New content published
More informationSCREEN COMBINATION FEATURE IN HATS 7.0
SCREEN COMBINATION FEATURE IN HATS 7.0 This white paper provides details regarding screen combination feature in HATS 7.0. What is Screen combination in HATS 7.0? HATS 7.0 can combine together multiple
More informationIBM Rational Software
IBM Rational Software Development Conference 2008 Benefits realized in using Rational Functional Tester and Performance Tester Presenters Name Sumika Mukerji & Sharath TS sumika.mukerji@accenture.com sharath.t.s@accenture.com
More informationOpen Mic Webcast. IBM Sametime Media Manager Troubleshooting Tips and Tricks. Tony Payne Sr. Software Engineer May 20, 2015
Open Mic Webcast IBM Sametime Media Manager Troubleshooting Tips and Tricks Tony Payne Sr. Software Engineer May 20, 2015 Agenda Troubleshooting Basics Setting a diagnostic trace Finding the right trace
More informationBuild and Deploy Stored Procedures with IBM Data Studio
Build and Deploy Stored Procedures with IBM Data Studio December 19, 2013 Presented by: Anson Kokkat, Product Manager, Optim Database Tools 1 DB2 Tech Talk series host and today s presenter: Rick Swagerman,
More informationCopyright and Trademark Information Trademarks Disclaimer; No Warranty
Copyright and Trademark Information Under the copyright laws, this document may not be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form, in whole
More informationLe sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza
Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza Giulia Caliari IT Architect, IBM Security #IBMSecurity Attackers break through conventional
More informationF5 Big-IP Application Security Manager v11
F5 F5 Big-IP Application Security Manager v11 Code: ACBE F5-ASM Days: 4 Course Description: This four-day course gives networking professionals a functional understanding of the BIG- IP LTM v11 system
More informationLotusphere IBM Collaboration Solutions Development Lab
Lotusphere 2012 IBM Collaboration Solutions Development Lab Lab#4 IBM Sametime Unified Telephony Lite telephony integration and integrated telephony presence with PBX 1 Introduction: IBM Sametime Unified
More informationThe McGill University Health Centre (MUHC)
The McGill University Health Centre (MUHC) Strengthening its security posture with in- depth global intelligence Overview The need MUHC security staff wanted to more quickly identify and assess potential
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More informationGetting Started with Rational Team Concert
Getting Started with Rational Team Concert or RTC in 16 Steps Kai-Uwe Maetzel IBM Rational Software kai-uwe_maetzel@us.ibm.com SDP 20 2009 IBM Corporation This Presentation is Good for You if You know
More informationIBM Application Security on Cloud
April, 2017 IBM Application Security on Cloud Service Overview Security has and will always be about understanding, managing, and mitigating the risk to an organization s most critical assets. - Dr. Eric
More informationUsing Hive for Data Warehousing
An IBM Proof of Technology Using Hive for Data Warehousing Unit 1: Exploring Hive An IBM Proof of Technology Catalog Number Copyright IBM Corporation, 2013 US Government Users Restricted Rights - Use,
More informationOracle Cloud Using the MailChimp Adapter. Release 17.3
Oracle Cloud Using the MailChimp Adapter Release 17.3 E70293-07 September 2017 Oracle Cloud Using the MailChimp Adapter, Release 17.3 E70293-07 Copyright 2016, 2017, Oracle and/or its affiliates. All rights
More informationCybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY
Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March 21 2019 You have been breached; What Happens Next 2 IBM Security
More informationSecure Development Guide
Secure Development Guide Oracle Health Sciences InForm 6.1.1 Part number: E72493-01 Copyright 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
More informationIBM Security QRadar. Vulnerability Assessment Configuration Guide. January 2019 IBM
IBM Security QRadar Vulnerability Assessment Configuration Guide January 2019 IBM Note Before using this information and the product that it supports, read the information in Notices on page 89. Product
More information