application security
play

Application Security The source code perspective Authors: - PowerPoint PPT Presentation

Nov 13, 2022 •1.11k likes •1.3k views

Application Security The source code perspective Authors: Francesco Consiglio Marco Borza Implementation Challenges Iron Triangle Security as an afterthought The Secure SDLC in the Waterfall Model SDLC vs Secure SDLC Cost Reduction

  1. Application Security The source code perspective Authors: Francesco Consiglio Marco Borza

  2. Implementation Challenges • Iron Triangle • Security as an afterthought

  3. The Secure SDLC in the Waterfall Model

  4. SDLC vs Secure SDLC

  5. Cost Reduction in the Secure SDLC TIME & COST “Cost to find/fix a defect during integration/system test is 15-90 times higher Integration & than at design/coding” System Testing Unit Testing SCAN BINARIES Code Inspection Static analysis tools find defects & design flaws “in phase” SCAN SOURCES WITH CHECKMARX PRODUCT LIFECYCLE DESIGN CODING QA PRODUCTION

  7. Before we met Checkmarx … • Complex usability and unfamiliar interfaces (or familiar to coders only) • Inaccurate results reaching a high rate of FPs • Unaffordable solutions eventually requiring vast resources

  8. Checkmarx SAST

  10. • Leading Static Application Security Testing Vendor (SAST) • Ranked 2 nd Fastest Growing Security Company by • “Best Application Security Product in 2014” by Cyber Defense Magazine • Patented Technology • Strong financial backing, IWI, Ofer • Fortune 500 customers

  11. Thank You!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

1.31k views • 11 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides
Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.21k views • 60 slides
OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application Security Management (ASM) Features and Benefits Performance Review Ordering Information About Application Security Management (ASM)

618 views • 7 slides
Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal instructions submittal instructions Administrative answer the lab assignments questions in written report form, as a text, pdf, or Word

566 views • 37 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 - Barcelona Topics Short w3af introduction Whats new in w3af Automating Web application exploitation The problem and how other tools are

553 views • 54 slides
Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

540 views • 29 slides
OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

Agenda Application Security OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente Application Security Startup 04.04.2013 04.04.2013 2 OWASP Top 10 Agenda Application Security Was ist Application Security

234 views • 8 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Web Security: Web Application Security Spring 2016 Franziska (Franzi) Roesner

Web Security: Web Application Security Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

874 views • 34 slides
Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Numerical Investigation of Summer Sea Breeze Using Updated Urban Aerodynamic Parameters in Kanto

Numerical Investigation of Summer Sea Breeze Using Updated Urban Aerodynamic Parameters in Kanto

Numerical Investigation of Summer Sea Breeze Using Updated Urban Aerodynamic Parameters in Kanto Region Alvin Christopher G. Varquez, Makoto Nakayoshi, Manabu Kanda 1 Update on Roughness Parameters Thanks to Large Eddy Simulations, a

433 views • 18 slides
Future-Ready Workforce Vision: To be a world class school system Mission: To ensure that each

Future-Ready Workforce Vision: To be a world class school system Mission: To ensure that each

HUMAN RESOURCES DIVISION Future-Ready Workforce Vision: To be a world class school system Mission: To ensure that each student achieves his/her highest personal potential HUMAN RESOURCES LEADERSHIP TEAM Chief Human Executive Coordinators

539 views • 35 slides
Secure Agile Development With FISMA Compliance https://www.fyrmassociates.com/ FYRM Overview

Secure Agile Development With FISMA Compliance https://www.fyrmassociates.com/ FYRM Overview

Secure Agile Development With FISMA Compliance https://www.fyrmassociates.com/ FYRM Overview Qualifications Performance Strategy Experience CPAR 4/4 Secure Agile Respected Partner CMS, DOE Knowledge Sharing FedRAMP

197 views • 16 slides
Alchemy 2017 Updates About me John Winter Co-Founder, Content Bloom

Alchemy 2017 Updates About me John Winter Co-Founder, Content Bloom

Alchemy 2017 Updates About me John Winter Co-Founder, Content Bloom j.winter@contentbloom.com +1 832 202 4508 Content Bloom Digital / Content Management Agency Offices in USA,

475 views • 14 slides
Strategic Issues Discussion ($90M & Above) Facilitated by: Ken Ross EVP/COO, MCUL &

Strategic Issues Discussion ($90M & Above) Facilitated by: Ken Ross EVP/COO, MCUL &

MCUL & Affiliates | 2015 Executive Summit Strategic Issues Discussion ($90M & Above) Facilitated by: Ken Ross EVP/COO, MCUL & Affiliates MCUL & Affiliates | 2015 Executive Summit Stronger Lending Heather Luciani CEO,

1.12k views • 14 slides
The Trafficware Pod Pod Detection and Advanced Applications As a Means of Collecting Purdue High

The Trafficware Pod Pod Detection and Advanced Applications As a Means of Collecting Purdue High

The Trafficware Pod Pod Detection and Advanced Applications As a Means of Collecting Purdue High Resolution Data The Pod Bill Ische, Business Development Manager Chris Jannace, Detection Specialist 03 September 2015 A GENDA Pod Detection

1.04k views • 15 slides
EEC 181 Design Plan By: Christopher Bacchi, Andrea Lopez, Krysteen Terlouw Algorithm Flowchart

EEC 181 Design Plan By: Christopher Bacchi, Andrea Lopez, Krysteen Terlouw Algorithm Flowchart

EEC 181 Design Plan By: Christopher Bacchi, Andrea Lopez, Krysteen Terlouw Algorithm Flowchart Software Profiling Runtime Stage Runtime (%) 1 84 2 12 3 4 Within Stage 1, the inner loop takes 90% of the runtime. Hardware RTL Block

897 views • 7 slides
Transition Planning Elementary to Secondary & Secondary to Post-Secondary and Beyond HCDSB

Transition Planning Elementary to Secondary & Secondary to Post-Secondary and Beyond HCDSB

Transition Planning Elementary to Secondary & Secondary to Post-Secondary and Beyond HCDSB Special Education Advisory Committee Parent Information Night April 23, 2014 Jon Greenaway, Transitions Consultant / Social Worker Joe Trovato,

429 views • 30 slides

More recommend