Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Services and AppScan. Why Develop Secure Applications 1.Prevent Vulnerabilities. [account and data theft] 2.Prevent Breaches. [$200/record notifications]

Published byFrancis McDaniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Services and AppScan. Why Develop Secure Applications 1.Prevent Vulnerabilities. [account and data theft] 2.Prevent Breaches. [$200/record notifications]"— Presentation transcript:

1 Security Services and AppScan

2 Why Develop Secure Applications 1.Prevent Vulnerabilities. [account and data theft] 2.Prevent Breaches. [$200/record notifications] 3.Prevent Regulatory Violations [FERPA, 201 CMR 17]

3 Why YOU Develop Secure Applications 1.Reduces future maintenance and “fire-fighting” emergencies. 2.Easier to figure out while “in your head” 3.Patching production sucks. 4.Security is fun and cool (right?) 5.Jumbo in the room: reputation and prestige

4 How to Develop Secure Applications 1.Conduct Security Assessments Throughout Development –Automated Code Review (doesn’t even have to compile) –Automated Black Box Scans –Manual Risk Assessments 2.Talk to Information Security –We pretend to be nice if you talk to use before launch! 3.Learn about security relevant to your areas of expertise. –OWASP –Stack Exchange

5 Key Points to Discuss while Demo Fails Badnessometer Why automated scanning is the bare minimum Canned Tests - Known Good vs Test Result

6 AppScan Demo

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22 Options: Throttle Test Speed Enable Flash / JavaScript Record Custom Logic Define Custom Error Pages (!!!)

Download ppt "Security Services and AppScan. Why Develop Secure Applications 1.Prevent Vulnerabilities. [account and data theft] 2.Prevent Breaches. [$200/record notifications]"

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Creating the Ultimate Online Customer-Service Experience Stefan Beeli, Vice President ESP Computer Services Choosing the proper level of Technology A look.

Creating the Ultimate Online Customer-Service Experience Stefan Beeli, Vice President ESP Computer Services Choosing the proper level of Technology A look.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Web Vulnerability Assessments

Web Vulnerability Assessments
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.

© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.
Automating ESS User Management By Nogalis. What is covered? Why you should automate ESS user management General overview of methodology How-to demo (Basic)

Automating ESS User Management By Nogalis. What is covered? Why you should automate ESS user management General overview of methodology How-to demo (Basic)
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.

©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.
® Rational Power-Up Program © 2008 IBM Corporation IBM Rational’s Solutions to Ensure Quality Susann Ulrich –

® Rational Power-Up Program © 2008 IBM Corporation IBM Rational’s Solutions to Ensure Quality Susann Ulrich –
Security Controls – What Works

Security Controls – What Works
Testing by Duncan Butler Sara Stephens. Too much to cover.

Testing by Duncan Butler Sara Stephens. Too much to cover.
1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.
Figure 18-1. Figure 18-1 part 1 Figure 18-1 part 2.

Figure Figure 18-1 part 1 Figure 18-1 part 2.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Similar presentations

Ads by Google