dynamic and mobile with fortify on demand
play

Dynamic, and Mobile with Fortify on Demand Rick Smith Product - PowerPoint PPT Presentation

Apr 19, 2023 •11 likes •261 views

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit Agenda Identifying the cost Identifying the tool A quick case study 2 Thinking about the cost 3

  1. Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

  2. Agenda Identifying the cost Identifying the tool A quick case study 2

  3. Thinking about the cost 3

  4. Cliché Alert: Nothing in Life is Free Challenge becomes identifying the cost:  Opportunity  Time  Risk  Reputation  Features  Productivity  Relationships  Sanity!

  5. Application Security Today is Complex Monitoring / Protecting Production Software Securing legacy Certifying new applications releases In-house Development Legacy Software Demonstrating Compliance Procuring secure software Outsourced Commercial Open Source 5

  6. It isn’t getting easier 2020+ Software @ DevOps Speed 2015 App App 2010 Number of Applications Release Frequency 6

  7. Identifying the Right Tool

  8. Enterprise DevSecOps 8

  9. To a Hammer, Everything is a Nail Do you need a hammer?

  10. Choosing the Right Tool

  11. The Right Fit  Dynamic  Open Source Analysis  Static  Real-time Static  Mobile  Continuous Monitoring

  12. Static Made Simple Easily upload source from the IDE, and audit there as well

  13. Static – Full Build Integration Fortify on Demand Step 1: Develop & check-in code Step 4 : (Optional) Step 5 : Automated Developers (IDE) Manual Audit Audit Fortify Scan Fortify SCA Analytics Step 3 : Start Static Assessment Audited static results at DevOps speed Vulnerabiliti es Continuous Bill of materials FoD security Source control Known integration server expert repository vulnerabilities Vulnerabiliti Step 2 : Scheduled or triggered License risk es check-out & build Open Source Analysis Defect management Step 6: Triage, assign & fix vulnerabilities Vulnerability Management

  14. Dynamic Results at Scale – Speed and Depth Your applications Our infrastructure & expertise Fast dynamic, augmented with human testing

  15. Mobile – Blazing Fast + Thorough Automated results in 1 minute Full device stack testing

  16. Open Source Component Analysis Are your libraries introducing risk?

  17. Real-time Static Analysis Instant feedback within the IDE

  18. Continuous Monitoring Focusing on the OWASP Top 10 with fast & lightweight scanning 18

  19. Putting it all together 19

  20. Balancing the Pace of Development

  21. Balancing the Pace of Development  Flexibility is critical  Automate where possible  Leverage integrations  Build security in as quality

  22. Case Study: Fortify on Demand 22

  23. Case Study: Fortify on Demand Continuous lightweight static Dynamic after deploy Defects to Octane Weekly static Continuous monitoring in prod Constant feedback 23

  24. Question & Answer

  25. #MicroFocusCyberSummit Thank You.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fortify Integration & User Experience Fortify Partner Integration Integration with both

Fortify Integration & User Experience Fortify Partner Integration Integration with both

Fortify Integration & User Experience Fortify Partner Integration Integration with both Fortify on Demand and Software Security Center (v18.2). Get Training provides Fortify User with real-time interactive training in Secure

527 views • 31 slides
GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW & FORTIFY MISSION To cultivate an environment where value- added agricultural producers, operators and growers innovate and thrive. WHAT IS

173 views • 14 slides
Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman

Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman

Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman Monroe, Senior Security Consultant Thomas Ryan, Fortify Solutions Architect #MicroFocusCyberSummit Session Agenda Mobile Apps The Bad, The Worse

694 views • 44 slides
Managing Capacity and ShinMing Guo Demand NKUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKUST Managing dynamic demand Service capacity is perishable Yield Management Case: Disneyland Paris Established in 1992 Overestimate the initial demand Too many empty rooms

330 views • 16 slides
Managing Capacity and ShinMing Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKFUST Managing dynamic demand Service capacity is perishable Yield Management Case: Disneyland Paris Established in 1992 Overestimate the initial demand Too many empty rooms

585 views • 17 slides
Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service capacity is perishable Yield Management Case: Disneyland Paris Established in 1992 Overestimate the demand Too many hotel rooms lead to

183 views • 17 slides
On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit rates computation based on event processing. An Idea by David Luckham, Stanford University, and CITT. Daniel Jobst, Benjamin Gebauer, Thomas Schfer,

311 views • 6 slides
Dynamic Processors Demand Dynamic Operating Systems Sankaralingam Panneerselvam Michael M. Swift

Dynamic Processors Demand Dynamic Operating Systems Sankaralingam Panneerselvam Michael M. Swift

Dynamic Processors Demand Dynamic Operating Systems Sankaralingam Panneerselvam Michael M. Swift Computer Sciences Department University of Wisconsin, Madison, WI 1 HotPar 2010 Motivation Chip Multiprocessor Does not support well

378 views • 22 slides
Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service capacity is perishable Yield Management Case: Increase Revenue with Fixed Capacity The Park Hyatt Philadelphia, 118 King/Queen rooms.

303 views • 15 slides
Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple communication channels of phone messaging, web, and social network January 2016 www.zappix.com 1 Company Profile Zappixs Visual IVR Platform

543 views • 37 slides
Distributed Intelligence and the Future of Dynamic Pricing, Price Responsive Demand, and Demand

Distributed Intelligence and the Future of Dynamic Pricing, Price Responsive Demand, and Demand

Distributed Intelligence and the Future of Dynamic Pricing, Price Responsive Demand, and Demand Response in PJM Paul Centolella President, Paul Centolella & Associates, LLC Senior Consultant, Tabors Caramanis Rudkevich Energy Policy

583 views • 21 slides
Dynamic Pricing for Non-Perishable Products with Demand Learning Ren Victor F. Araman e A.

Dynamic Pricing for Non-Perishable Products with Demand Learning Ren Victor F. Araman e A.

Dynamic Pricing for Non-Perishable Products with Demand Learning Ren Victor F. Araman e A. Caldentey Stern School of Business New York University DIMACS Workshop on Yield Management and Dynamic Pricing Rutgers University August, 2005

704 views • 26 slides
Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West

Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West

Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West Fortify Software 2.21.08 Overview Motivation Dynamic taint propagation Sources of inaccuracy Integrating with QA Related work

740 views • 70 slides
Dynamic demand side management of heat pump integrated with thermal energy storage Christopher

Dynamic demand side management of heat pump integrated with thermal energy storage Christopher

Dynamic demand side management of heat pump integrated with thermal energy storage Christopher Wilson Loughborough University 29th June 2015 Introduction Project Title Dynamic demand side management of heat pump integrated with thermal

363 views • 14 slides
Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P . Nguyen, Thang N. Dinh, Sindhura Tokala, My T. Thai Department of Computer and Information Science and Engineering, University of Florida, USA

1.46k views • 87 slides
PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin Liu, Suman Nath, William G.J. Halfond, Ramesh Govindan 2 Mobile App Explosion 1.2 million 1,200,000 1,000,000 Number of Apps 800,000 600,000

638 views • 42 slides
ELECTRICITY GENERATED FROM LOW-HEAD WATER SOURCES Shock Wave Engine Technology Abstract Shock

ELECTRICITY GENERATED FROM LOW-HEAD WATER SOURCES Shock Wave Engine Technology Abstract Shock

ELECTRICITY GENERATED FROM LOW-HEAD WATER SOURCES Shock Wave Engine Technology Abstract Shock Wave Engine technology utilizes the Water Hammer Effect powered by low-head water sources to generate clean electricity Dr. Sebastian Uppapalli

451 views • 14 slides
The V The V The V The V- - - -30 Drilling Solution 30 Drilling Solution 30 Drilling

The V The V The V The V- - - -30 Drilling Solution 30 Drilling Solution 30 Drilling

The V The V The V The V- - - -30 Drilling Solution 30 Drilling Solution 30 Drilling Solution 30 Drilling Solution V-30 BLIND BORING APPLICATION V V V V- - - -30 30 30 30 Blind Raising Blind Raising Blind Raising Blind Raising

914 views • 47 slides
DevOps for IoT: A Hammer-io Extension Client/Advisor: Lotfi ben-Othmane Matt Bechtel, Brett

DevOps for IoT: A Hammer-io Extension Client/Advisor: Lotfi ben-Othmane Matt Bechtel, Brett

DevOps for IoT: A Hammer-io Extension Client/Advisor: Lotfi ben-Othmane Matt Bechtel, Brett Wilhelm, Chakib Ahlouche, Yussef Saleh http://sddec19-24.sd.ece.iastate.edu/ DevOps for IoT: A Hammer.io Extension sddec19-24 What is DevOps?

485 views • 29 slides
Module One: Non Powered Hand Tools What is included in this module Why are we learning

Module One: Non Powered Hand Tools What is included in this module Why are we learning

Module One: Non Powered Hand Tools What is included in this module Why are we learning this? Safety rules Right tool for the right job Identity of Tools Hands on time Quiz Why are we here? Basic knowledge of tools and

507 views • 49 slides
2021-2026 Low Income Program Application Presentation to the Low Income Oversight Board September

2021-2026 Low Income Program Application Presentation to the Low Income Oversight Board September

2021-2026 Low Income Program Application Presentation to the Low Income Oversight Board September 16, 2019 DRAFT FOR DISCUSSION PURPOSES ONLY Guiding Principles 1. One Destination, Many On Ramps Increase low income program participation and

725 views • 21 slides
Interim Report January June 2016 Robit Plc Growth Company 2 Highlights 1-6/2016

Interim Report January June 2016 Robit Plc Growth Company 2 Highlights 1-6/2016

Interim Report January June 2016 Robit Plc Growth Company 2 Highlights 1-6/2016 Challenging market featured the period Q2/2016 looked better H1/2016 net sales dropped 4,0 % from H1/2015 Q2/2016 increased +3,6 % from

392 views • 27 slides
PORTING THE HAMMER FILE SYSTEM TO LINUX Daniel Lorch June 10, 2009 Outline 2/13 Motivation 1.

PORTING THE HAMMER FILE SYSTEM TO LINUX Daniel Lorch June 10, 2009 Outline 2/13 Motivation 1.

Porting the HAMMER File System to Linux Daniel Lorch 1/13 PORTING THE HAMMER FILE SYSTEM TO LINUX Daniel Lorch June 10, 2009 Outline 2/13 Motivation 1. A Hammer File System Walkthrough 2. Tool Evaluation 3. Porting Work 4. Demo 5.

174 views • 13 slides
Becoming NCEI NOAA/NCEI An Over 50-Year History of Climate, Oceans, Coastal, and Geophysical

Becoming NCEI NOAA/NCEI An Over 50-Year History of Climate, Oceans, Coastal, and Geophysical

Becoming NCEI NOAA/NCEI An Over 50-Year History of Climate, Oceans, Coastal, and Geophysical Data and Information Gregory Hammer, Katy Matthews, Tim Owen, Sharon Mesick, Andrew Allegra, Heather McCullough, and Jennifer Fulford 24 January 2017

323 views • 15 slides

More recommend