Framework for Application Security Testing. September 11th, 2018

Similar documents
SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

WALLARM AI ENGINE: HOW IT WORKS

PEACHTECH PEACH API SECURITY AUTOMATING API SECURITY TESTING. Peach.tech

Additional Security Services on AWS

Robots with Pentest Recipes:

Turbo boost your digital app test automation with Jenkins

haltdos - Web Application Firewall

Protect your apps and your customers against application layer attacks

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Advanced Techniques for DDoS Mitigation and Web Application Defense

BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE:

Automating Security Practices for the DevOps Revolution

Web Applications & APIs

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Secure DevOps: A Puma s Tail

ShiftLeft. Real-World Runtime Protection Benchmarking

AKAMAI CLOUD SECURITY SOLUTIONS

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Surrogate Dependencies (in

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Solutions Business Manager Web Application Security Assessment

DevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis

Web Application Penetration Testing

Application Security Buyer s Guide

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

RiskSense Attack Surface Validation for IoT Systems

Security Solution. Web Application

WHITE PAPER. Best Practices for Web Application Firewall Management

How to Build an Appium Continuous Testing Pipeline

N different strategies to automate OWASP ZAP

THE FOUR PILLARS OF MODERN VULNERABILITY MANAGEMENT

Shift Left Testing: are you ready? Live Webinar, Sept 19

WHITEHAT SECURITY. T.C. NIEDZIALKOWSKI Technical Evangelist. DECEMBER 2012

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Configuring BIG-IP ASM v12.1 Application Security Manager

AWS Web Application Firewall. Darren Weiner Cloud Architect/Engineer

Taking Control of Your Application Security

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Driving OWASP ZAP with Selenium

A DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West

Information Security Keeping Up With DevOps

Evaluation Criteria for Web Application Firewalls

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO

303 BIG-IP ASM SPECIALIST

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

CAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR

Automated Web Foo or FUD? OWASP Day. The OWASP Foundation David Kierznowski IT Security Analyst

MARCH Secure Software Development WHAT TO CONSIDER

Saving Time and Costs with Virtual Patching and Legacy Application Modernizing

TestBraindump. Latest test braindump, braindump actual test

The Four Pillars of Modern Vulnerability Management

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

A DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West

Sicherheit beim Build

Under the hood testing - Code Reviews - - Harshvardhan Parmar

Securing Microservices Containerized Security in AWS

Professional Services Overview

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Security Information & Event Management (SIEM)

Security Regression. Addressing Security Regression by Unit Testing. Christopher

MODERN APPLICATION ARCHITECTURE DEMO. Wanja Pernath EMEA Partner Enablement Manager, Middleware & OpenShift

RiskSense Attack Surface Validation for Web Applications

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

An Introduction to the Waratek Application Security Platform

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Imperva Incapsula Website Security

Enterprise D/DoS Mitigation Solution offering

Qualys Cloud Platform

THE ACCENTURE CYBER DEFENSE SOLUTION

CLOUD WORKLOAD SECURITY

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Container Deployment and Security Best Practices

SECURITY-AS-A-SERVICE BUILT FOR AWS

Being Mean To Your Code: Integrating Security Tools into Your DevOps Pipeline

Testing from the Cloud: Is the sky falling?

DefectDojo. The Good, the Bad and the Ugly. OWASP Stammtisch Hamburg Tilmann Haak Manuel Schneider

BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION

1. APPLICATION SECURITY: KEY CHALLENGES

EASYSECURITY SYMANTEC V1.0

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

Using Layered Model-Based Requirements to achieve Continuous Testing

Web App Testing: RECON. MAPPING. ANALYSIS.

QUALYS SECURITY CONFERENCE Qualys CertView. Managing Digital Certificates. Jimmy Graham Senior Director, Product Management, Qualys, Inc.

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Web Applications (Part 2) The Hackers New Target

Suman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017

Getting Started with AWS Security

Securing the Modern Data Center with Trend Micro Deep Security

I keep hearing about DevOps What is it?

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Risk Intelligence. Quick Start Guide - Data Breach Risk

Comodo Certificate Manager

Web Application Firewall

Symantec Endpoint Protection 14

Alliance Technology Partners. Acunetix Licensing, Training, and ScanAssist Services

Continuous Opportunity: DevOps & Security

Transcription:

Framework for Application Security Testing September 11th, 2018

Create thousands of security tests from existing functional tests automatically

Wallarm FAST enables secure CI / CD Wallarm FAST has many cool features to help DevOps teams strike the delicate balance between the security of the application and the very short release cycles. Chris Rodriguez SENIOR. ANALYST

Finds Issues BEFORE Software is Deployed Results may include: vulnerabilities of known types such as OWASP Top 10 unknown and zero-day vulnerabilities with a fuzzer vulnerabilities in XML, REST, JSON, SOAP, Base64 and protocols with nested encoding (no configuration required to parse it) API/endpoint behavioral anomalies

Generating Tests Capture a baseline from QA or production traffic, with FAST acting as a proxy Create security tests by inserting XSS, PTRAV, RCE or SQLi vector into all or specified web API parameters for every endpoint Create thousands of tests by applying fuzzing governed by regular expressions Specify test pass criteria to detect anomalies A Policy for generating tests can be defined out of band by the security team

Running Tests Generated tests run automatically Running tests and retrieving results is easily automated via API for CI / CD integration Authentication/credentials can be inherited from the requests, defined in a test automation framework or provided by a proxy Rate of testing and termination criteria are explicitly defined B Automation and reporting are well suited for regression testing

Actionable intelligence Provides actionable detailed information for every issue found: original (baseline) request test that found vulnerability detailed vulnerability description example exploit Results are integration-ready with REST API Allows security team to apply their expertise with leverage without slowing down CI / CD pipeline Developers and QA execute tests within their existing test automation flow

Start testing within minutes Register for a new FAST account https://fast.wallarm.com/signup Define a new TestRun in Wallarm Console Pull wallarm/fast-proxy from a Docker Registry Configure your browser, Selenium or shell to use wallarm-proxy Start functional and automated security testing It s that easy!

Sample Deployment Diagram

Who is FAST for? Security Developers + Core HR DevOps QA teams

Licensing Personal non-transferable license 30 days trial license $79/mo after Limited to single simultaneous test run & 1000 base-lines per month Pen-tester productivity license Contact us DevOps team license Coming in Q3

Wallarm Ecosystem for Application & API Security Adaptive AI Platform enables dev/qa and production application & API security Attack blocking Scanning Testing Adaptive real time web and API protection Automated CI/CD integrated security testing

Application Security powered by AI Other Wallarm products Wallarm attack mitigation for applications and APIs (NG WAF) protection against full spectrum of threats: OWASP Top 10, bots, app abuse and DDoS Works in full blocking mode (ultra-low false positives) AI-powered detection and bespoke security rules Additional FAST resources fast.wallarm.com/signup Demo video Marketing video Data Sheet Evaluation guide Test policy guide Wallarm scanner for operational security testing Try it for yourself today $docker run wallarm/fast

About Wallarm Founded in 2013 Headquartered in Silicon Valley Backed by prominent VCs Y Combinator, Partech Ventures, Runa Capital Profiled in analyst s reports as one of 12 leading WAF providers Frost & Sullivan White hat security DNA Experienced team of managers and advisors Protects 150M+ users at 120+ customers from startups to Fortune 500

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback