Security Services and AppScan. Why Develop Secure Applications 1.Prevent Vulnerabilities. [account and data theft] 2.Prevent Breaches. [$200/record notifications]

Slides:

Advertisements

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Creating the Ultimate Online Customer-Service Experience Stefan Beeli, Vice President ESP Computer Services Choosing the proper level of Technology A look.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Web Vulnerability Assessments

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.

Automating ESS User Management By Nogalis. What is covered? Why you should automate ESS user management General overview of methodology How-to demo (Basic)

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.

® Rational Power-Up Program © 2008 IBM Corporation IBM Rational’s Solutions to Ensure Quality Susann Ulrich –

Security Controls – What Works

Testing by Duncan Butler Sara Stephens. Too much to cover.

1 SAP Security and Controls Use of Security Compliance Tools to Detect and Prevent Security and Controls Violations.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

Figure Figure 18-1 part 1 Figure 18-1 part 2.

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

Security Scanning OWASP Education Nishi Kumar Computer based training

Web Application Testing with AppScan Terry Labach.

Incident Response Updated 03/20/2015

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

E-Safety Challenge College. Learning Objectives To assess the risks faced when online and how to use the options available to protect yourself.

Information Security Issues at Casinos and eGaming

Evolving IT Framework Standards (Compliance and IT)

Measuring Security Best Practices with OpenSAMM Alan Jex SnowFROC 2013.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

A Framework for Automated Web Application Security Evaluation

Seattle Area Software Quality Assurance Group Release and Configuration Management, The Acceleration of Change and Its Contribution To Software Quality.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.

Web Application Security Implementation - © 2007 GIAC Web Application Security Implementation SANS MSISE GDWP Kevin Bong John Brozycki July 26, 2007.

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

SPH Information Security Update September 10, 2010.

The Dark Side of Document Imaging: ‘The Hidden Cost of Capture’

CSCE 522 Secure Software Development Best Practices.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Software Security Without The Source Code By Matt Hargett.

HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

New Techniques in Application Intrusion Detection Al Huizenga, Mykonos Product Manager May 2010.

Working Group # 5 - Report. Working Group #5 Principle #11 CSDs 1.What constitutes "compliance" with the Principle? Describe (in specific terms) the state.

Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.

Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

Smashing WebGoat for Fun and Research: Static Code Scanner Evaluation Josh Windsor & Dr. Josh Pauli.

Fuzzing Machine By Nikolaj Tolkačiov.

Data Protection Officer’s Overview of the GDPR

Simplification of work

Enabling/Disabling JavaScript

Interactive Dashboards to Manage Facilities Information David Trask National Director, Facilities | (971)

Chapter 3: IRS and FTC Data Security Rules

Webroot Antivirus offers a hassle-free scan option and helps which prevent your important data and system from the virus and malware attack.

Validating Your Information Security Program (ISP 3 of 3)

Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”

Data Mapping On the Journey to Accountability

CULLEN ACHESON Samuel Garcia Zachary Blum

XX XX $ $ Dark Web Scans Simulated Phishing

General Data Protection Regulation “11 months in”

Albeado - Enabling Smart Energy

Why is test automation important? Future-proof Your Framework

Sam elkholy Director, systems engineering

Presentation transcript:

Security Services and AppScan

Why Develop Secure Applications 1.Prevent Vulnerabilities. [account and data theft] 2.Prevent Breaches. [$200/record notifications] 3.Prevent Regulatory Violations [FERPA, 201 CMR 17]

Why YOU Develop Secure Applications 1.Reduces future maintenance and “fire-fighting” emergencies. 2.Easier to figure out while “in your head” 3.Patching production sucks. 4.Security is fun and cool (right?) 5.Jumbo in the room: reputation and prestige

How to Develop Secure Applications 1.Conduct Security Assessments Throughout Development –Automated Code Review (doesn’t even have to compile) –Automated Black Box Scans –Manual Risk Assessments 2.Talk to Information Security –We pretend to be nice if you talk to use before launch! 3.Learn about security relevant to your areas of expertise. –OWASP –Stack Exchange

Key Points to Discuss while Demo Fails Badnessometer Why automated scanning is the bare minimum Canned Tests - Known Good vs Test Result

AppScan Demo

Options: Throttle Test Speed Enable Flash / JavaScript Record Custom Logic Define Custom Error Pages (!!!)