Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Autodesk DevDays rEvolution

Published byRosemary Lloyd Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Autodesk DevDays rEvolution"— Presentation transcript:

1 Security Autodesk DevDays 2013 - rEvolution
Where Desktop meets the Cloud Jim Quanci Director, Autodesk Developer Network

2 Something on everyone’s mind…
I know many of you – and your customers have security concerns and questions. Security is a pretty big deal… and its just getting bigger. Adobe was hacked a month back. Angela Merkel had her mobile tapped. Customers have good reason to be concerned about the security of their data.

3 Don’t stick your head in the sand… YOU need to learn the security basics to create safe software and web services.

4 The Need Customer confidence and trust Reputation Publicity (negative)
Legal The need is clear. We must have customer confidence and trust – or we will fail. There is also a significant real emotional component to security. The customer needs to know you are protecting their interests and not misusing their data. At the same time we as a community do a better job securing our customers data and IT assets, we also all need to have frank conversations with our customers about how data is handled today – and how we can make their data more secure using the web and the cloud. How many customers send their design data to partners and customers by ?

5 Vulnerabilities - Desktop
Here are the top client software vulnerabilities. No surprises on most of these… error handling, buffer issues, SQL injection and so on. “more code, more bugs, more security problems”

6 OWASP (Open Web Application Security Project)
Vulnerabilities – Web Services OWASP (Open Web Application Security Project) 1 – Injection 2 – Broken Authentication & Session Management 3 – Cross Site Scripting (XSS) 4 – Insecure Direct Object References 5 – Security Misconfiguration 6 – Sensitive Data Exposure 7 – Missing Functions Level Access Control 8 – Cross Site Request Forgery 9 – Using Components with Known Vulnerabilities 10 – Unvalidated Redirects and Forwards Web Services have a different set of vulnerabilities – areas you need to consider and address to deliver a secure web service to your customers.

7 Common Vulnerabilities
Tying together various web services – a lot of what we talked about today – has its own special security requirements – the importance of Filter Input and Escape Pitput.

8 What you should do right now
Limit user privileges Turning on compiler/linker security flags Disabling unsafe functions by using banned.h So what is it that you as a developer can do right away to secure your applications? Here are three things that you can do right away. First, limit the user privileges of your application. This will automatically reduce the risk of damage that your application can do. The next thing you could do is to turn on the flags that your compiler and linker provides that will detect and report potential security holes in your application. All modern compilers have these flags and using all of them is the right thing to do. Third, most legacy code, especially in C and C++, uses standard library methods and functions that make your applications vulnerable to hacking and attacks. You should immediately swap these functions and methods out for more secure versions of these methods and functions.

9 What Autodesk is doing Implementing infrastructure and processes to secure all applications spanning Desktop Mobile Cloud Autodesk is constantly working on improving processes to strengthen existing security modules in its applications and introduce newer practices as they evolve. We are actively conducting Audits of our applications to identify vulnerabilities and plugging them. These Audits and standard improvements span multiple platforms including desktop, mobile and cloud based services.

10 Autodesk on the cloud Physical security at cloud data centers
Software security schemes at multiple levels Securing access to your content Encrypting transmitted data On the cloud, Autodesk has established clear policy practices to secure your Intellectual property. Here is what we implement: A very high level of physical security of the data centers in which the cloud data exists Software security schemes at multiple levels from the low level operating systems all the way up to the software application that you use. Securing access to your content through login/password mechanism. The process of logging-in itself is also encrypted. Encrypting any data that is transmitted from your local computer to the cloud and vice versa

11 Autodesk Security Policy and Practices
Autodesk® 360: Work Wherever You Are – Safely Autodesk Trust Center One of the key focus points in the previous slide is application security and while it is mainly your responsibility to secure your application, the Autodesk cloud infrastructure goes to great lengths to secure it as well. These issues are discussed in more detail in this white paper from Autodesk: Autodesk® 360: Work Wherever You Are – Safely. You will also find more technical details in the links provided here. Also, the Autodesk Trust Center will give you up to date information on Privacy, Security, Operational and Quality control measures for Autodesk products and services. There is a lot of information here that will equip you to have a rational and informed discussion with your customers about security issues.

12 More Autodesk Security Info
Security Controls for the Autodesk® 360 Managed Services Terms of Service: Autodesk® 360 and Other Services You might also worry about details of how your data, and that of your customer, is handled once it is on the cloud. For instance what happens if you or your customer deletes the content? Do backups exist? Who else has access to your data if any? What happens when an account is terminated? These details and more are specifically discussed here: Terms of Service: Autodesk® 360 and Other Services. The Terms of service is not just a legal document. It also gives specific details of how the data is handled. It is highly recommended that you read these documents.

13 Questions and Answers

14 Autodesk is a registered trademark of Autodesk, Inc
Autodesk is a registered trademark of Autodesk, Inc., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. Autodesk reserves the right to alter product and services offerings, and specifications and pricing at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document.

Download ppt "Security Autodesk DevDays rEvolution"

Similar presentations

Construction Documents and Details

Construction Documents and Details
Making Your Session Last: Presenting for AU Online Ray EisenbergBrian Schanen Eric Stover Call in Info: +1-866-803-2145 Participant Code: 3909 572.

Making Your Session Last: Presenting for AU Online Ray EisenbergBrian Schanen Eric Stover Call in Info: Participant Code:
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
© 2013 Autodesk Autodesk Labs & Autodesk Beta Scott Sheppard Program Manager, Autodesk Labs Expert Elite 2013.

© 2013 Autodesk Autodesk Labs & Autodesk Beta Scott Sheppard Program Manager, Autodesk Labs Expert Elite 2013.
© 2012 Autodesk Get Your Head into the Cloud: How to Make Digital Asset Management Work for You Oscar R. Cantu’ Topcon University.

© 2012 Autodesk Get Your Head into the Cloud: How to Make Digital Asset Management Work for You Oscar R. Cantu’ Topcon University.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
© 2012 Autodesk How to Establish Autodesk® PLM 360 as the Platform for Enabling PLM and Related Processes Prayush Saraswat PLM Business Process Consultant.

© 2012 Autodesk How to Establish Autodesk® PLM 360 as the Platform for Enabling PLM and Related Processes Prayush Saraswat PLM Business Process Consultant.
© 2012 Autodesk Autodesk® Simulation 360: Taking Full Advantage of the Cloud to Improve your Design Mike Smell Technical Consultant.

© 2012 Autodesk Autodesk® Simulation 360: Taking Full Advantage of the Cloud to Improve your Design Mike Smell Technical Consultant.
© 2010 Autodesk Autodesk Structural Curriculum 2013 Unit 1: Introduction to Structural BIM Building Information Modeling.

© 2010 Autodesk Autodesk Structural Curriculum 2013 Unit 1: Introduction to Structural BIM Building Information Modeling.
© 2012 Autodesk Conceptual and Design Workflows Using Autodesk ® 360 Integrated Applications Anirban Ghosh Principal User Experience Designer – DLS Mobile.

© 2012 Autodesk Conceptual and Design Workflows Using Autodesk ® 360 Integrated Applications Anirban Ghosh Principal User Experience Designer – DLS Mobile.
© 2011 Autodesk Single Job 1 Processor 1 Single Job 2 Single Job 3 Processor 2 Processor 3 Big Job 1 Big Job 2 Single Job 4 Processor 1 Single Job 5 Single.

© 2011 Autodesk Single Job 1 Processor 1 Single Job 2 Single Job 3 Processor 2 Processor 3 Big Job 1 Big Job 2 Single Job 4 Processor 1 Single Job 5 Single.
© 2013 Autodesk Autodesk ® ReCap ™. © 2013 Autodesk What is Reality Capture? Reality capture is the process of taking the analog world around us and putting.

© 2013 Autodesk Autodesk ® ReCap ™. © 2013 Autodesk What is Reality Capture? Reality capture is the process of taking the analog world around us and putting.
Scripting Components for AutoCAD Plant 3D

Scripting Components for AutoCAD Plant 3D
© 2012 Autodesk AC3535 - It's a Plug-in. It's an App. It's Autodesk® Exchange Apps! Karen Mason Principal User Experience Designer, Autodesk.

© 2012 Autodesk AC It's a Plug-in. It's an App. It's Autodesk® Exchange Apps! Karen Mason Principal User Experience Designer, Autodesk.
© 2012 Autodesk Autodesk 360 Jerry Campbell VDC Consultant.

© 2012 Autodesk Autodesk 360 Jerry Campbell VDC Consultant.
© 2012 Autodesk AutoCAD ® Virtualized and Digitized michael trachtenberg - AE BackOffice Software Director.

© 2012 Autodesk AutoCAD ® Virtualized and Digitized michael trachtenberg - AE BackOffice Software Director.
© 2012 Autodesk The Devil Is In The Workflow Module 1: Successfully Plan and Implement BIM Luis Rojas Building Design Product Line Manager, Eagle Point.

© 2012 Autodesk The Devil Is In The Workflow Module 1: Successfully Plan and Implement BIM Luis Rojas Building Design Product Line Manager, Eagle Point.
© 2012 Autodesk Project Architect-Times-a-Changing: How to transition from yesterday to today Christopher Ozog Project Architect.

© 2012 Autodesk Project Architect-Times-a-Changing: How to transition from yesterday to today Christopher Ozog Project Architect.
Join us on Twitter: #AU2013 Roundtable: Electrical in a 3D World Randy Brunette Electrical Subject Matter Expert Janna Spicer Product Manager, Mechanical.

Join us on Twitter: #AU2013 Roundtable: Electrical in a 3D World Randy Brunette Electrical Subject Matter Expert Janna Spicer Product Manager, Mechanical.
© 2012 Autodesk Autodesk Structural Curriculum 2013 Unit 2: User Interface Autodesk® Revit® Structure Software User Interface.

© 2012 Autodesk Autodesk Structural Curriculum 2013 Unit 2: User Interface Autodesk® Revit® Structure Software User Interface.

Similar presentations

Ads by Google