SLIDE 1
Application Security The source code perspective
Authors: Francesco Consiglio Marco Borza
- Iron Triangle
- Security as an
Application Security The source code perspective Authors: - - PowerPoint PPT Presentation
Application Security The source code perspective Authors: - - PowerPoint PPT Presentation
Application Security The source code perspective Authors: Francesco Consiglio Marco Borza Implementation Challenges Iron Triangle Security as an afterthought The Secure SDLC in the Waterfall Model SDLC vs Secure SDLC Cost Reduction
SLIDE 2
SLIDE 3
The Secure SDLC in the Waterfall Model
SLIDE 4
SDLC vs Secure SDLC
SLIDE 5
Cost Reduction in the Secure SDLC
PRODUCT LIFECYCLE
DESIGN CODING QA PRODUCTION
SCAN SOURCES WITH CHECKMARX SCAN BINARIES
Static analysis tools find defects & design flaws “in phase”
Code Inspection Unit Testing Integration & System Testing “Cost to find/fix a defect during integration/system test is 15-90 times higher than at design/coding” TIME & COST
SLIDE 6
SLIDE 7
- Complex usability and unfamiliar interfaces (or familiar to
coders only)
- Inaccurate results reaching a high rate of FPs
- Unaffordable solutions eventually requiring vast
resources Before we met Checkmarx…
SLIDE 8
Checkmarx SAST
SLIDE 9
SLIDE 10
- Leading Static Application Security Testing Vendor (SAST)
- Ranked 2nd Fastest Growing Security Company by
- “Best Application Security Product in 2014”
by Cyber Defense Magazine
- Patented Technology
- Strong financial backing, IWI, Ofer
- Fortune 500 customers
SLIDE 11