fortify integration user experience fortify partner
play

Fortify Integration & User Experience Fortify Partner - PowerPoint PPT Presentation

Jan 13, 2023 •204 likes •527 views

Fortify Integration & User Experience Fortify Partner Integration Integration with both Fortify on Demand and Software Security Center (v18.2). Get Training provides Fortify User with real-time interactive training in Secure

  1. Fortify Integration & User Experience

  2. Fortify Partner Integration • Integration with both Fortify on Demand and Software Security Center (v18.2). • “Get Training” provides Fortify User with real-time interactive training in Secure Code Warrior. • Mappings implemented to direct User to specific content. ULR connects directly to vulnerability subcategory & language / framework User is anonymous by default

  3. Fortify Partner Integration - Prospects vs. Customers For Prospects & SCW Customers Not Logged In User is Anonymous by default ULR connects directly to vulnerability subcategory & language / framework For SCW Customers User known is logged into SCW and session is still valid (in another tab for example) When User clicks on “Get Training” they will connect directly in their SCW account and all training and metrics are saved. User “identified” & asked to Log In For SCW Customers

  4. First Enable AppSec Training in SSC for Customer The URL will be pre-configured however each customer installation will need to click the ‘Enable Training’ checkbox in order to receive SCW Training.

  5. Accessing SCW from FoD • Drill down into Applications -> Releases and choose an issue to view. • Choose the “Recommendations” tab • From the Recommendations tab, scroll down to “Interactive Training” and click the “Launch Training” link

  6. Accessing SCW from SSC • In the Audit view of a Security issue in SSC, the “Get Training” link will open training module on the issue if it is mapped from Fortify to SCW

  7. New Microsite Landing Page New Login Popup if system recognizes you have an SCW Account. Cancel here otherwise FOD & SSC Users who are also SCW Users can now Login first to complete exercise and add to their SCW Training Statistics vs. be anonymous.

  8. Mapping and Interactive Demo Cross Site Scripting / Java • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting: ExternalLinks:java&redirect=true Cross Site Scripting - Reflective / Java • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting: Reflected:java&redirect=true Injection - SQL / Java • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=SQLInjection:Persis tence:java&redirect=true Cross Site Scripting - DOM-based / Javascript • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting: DOM:javascript&redirect=true Cross Site Scripting - Persistent / JavaScript • https://integration-api.securecodewarrior.com/partner?id=Microfocus&mappingKey=Cross-SiteScripting: Persistent:javascript&redirect=true

  9. New Microsite Landing Page Enter Name to Personalize Your View of Leaderboard FOD & SSC Users have immediate access to targeted on-demand training in Secure Code Warrior as a value added freemium offering.

  10. New Microsite Landing Page ● Pre-set language ● User can change ● Leaderboard ● User selections will error if no challenge is available ● Your Name Go to Interactive Training FOD & SSC Users have immediate access to targeted on-demand training in Secure Code Warrior as a value added freemium offering.

  11. Changing Languages ● Languages / Frameworks which align to specific vulnerabilities are context sensitive. If User chooses to change the pre-set Language / Framework, the selections will vary according to the Vulnerability Category selected.

  12. Stage 1 - “Locate the Vulnerability” Expand To next file To next block Settings • 1st of a 2-stage Screen with selection in file Challenge • Code blocks are pre-marked for you to choose • Pay attention to specific Category and Subcategory Help and • And # of vulnerable Support blocks to choose (or have been chosen) Real-world language/framework specific code snippets to help the User learn how to Locate, Identify & Fix the Vulnerability.

  13. Stage 1 - “Locate the Vulnerability” Expand Screen Expand Screen to more easily view full code set.

  14. Can You Locate the Vulnerability? Click “Next” once Minimize To next block selection is made Window in file ? ? Review & ? make Selection ? Challenges the User to THINK...Can they can recognize the Vulnerability? Applied Learning = Learn by doing!

  15. When First You Don’t Succeed...Retry and Learn • Incorrect selection “Retry” or “Reveal Answer” Immediate feedback with chance to “Retry”.

  16. Access Hints as Help to Learn More • Overview & deeper dive Click “Hint” for explanation on “How to Help to learn more find” this vulnerability • 3-5 min micro learning asset from SCW Learning • Volume control (videos) Library (video or presentation) • Expand Screen • Creates awareness & • Closed captions understanding (English, Spanish, Chinese) • Download additional info Click for more Hints (PPT, Google Slides or PDF) Hints designed to build context-based knowledge about the Vulnerability to apply as the User works to complete the Challenge.

  17. More Hints to Continue to Learn • Deeper dive explanation on “How to find” this vulnerability “Close” to return to challenge Or get another Hint Hints designed to build context-based knowledge about the Vulnerability to apply as the User works to complete the Challenge.

  18. Try Again to Locate the Vulnerability Click “Next” once selection is made Review & make new Selection Pushes to User’s thinking to retry and learn from trial and error.

  19. Success...Vulnerability Located! • Feedback on “why the answer was right” “Continue” to next stage Feedback reinforces learning experience whether a User may have guessed or used all the hints. Learn at every step.

  20. Stage 2 - “Identify the Solution” to Fix the Code • Advance to second stage to “Identify the Solution” Click “View Solutions” to start Pushing User thinking to the next level by now asking them to identify the optimal most secure fix for this vulnerability.

  21. Do You Know the Most Secure Optimal Fix? Review solutions & Settings compare • Review 4 different potential solutions and test or build your skill to know which is the optimal most secure fix for the vulnerability • Differences between selections Continues to challenge the User to see if they know how best to fix the code … don’t be fooled by different techniques, there is only 1 right solution.

  22. Choose the View Most Familiar to You Compare solutions Inline diff view against each other Click “Accept” once selection is made • Differences between selections User settings allow Users to complete the Challenge in the view most familiar to them. Building muscle memory on the journey to become a secure coder.

  23. Immediate Response with Feedback to Learn From • Incorrect solution • Feedback on “why” solution is not correct • Including incorrect techniquest Click “Retry” or Reveal Answer Feedback reinforces learning experience whether a User may have guessed or used all the hints. Learn at every step.

  24. Access Hints for Help to Learn More Click “Hint” for Help to learn more • An incorrect solution is removed and you learn why that was the wrong technique or approach Close or click for more Hints Hints designed to build context-based knowledge about the Vulnerability to apply as the User works to complete the Challenge.

  25. Solution Correct & Challenge Complete! • Challenge Complete • Correct Solution with Feedback on why that is the optimal, most secure solution • Points breakdown “Continue” to move forward Feedback reinforces learning experience. Breakdown of points to highlight where User needed help or was incorrect.

  26. Your Statistics for Completing the Challenge “Try another Sign up for a category” randomly Free Trial assigned • My metrics for completing this • Advanced on the challenge Leaderboard • As an Anonymous User results are not saved Metric view of User’s “My Statistics” highlighting User’s results. As an Anonymous User results are not saved.

  27. Engage & Sign Up for a Trial Click to Sign Up now For Tier 1 / 2 Accounts, we should get our sales teams aligned to provide a proper company trial experience

  28. Access Learning Library Go to SCW Learning FOD & SSC Users have immediate access to targeted on-demand training in Secure Code Warrior as a value added freemium offering.

  29. “Feed Your Brain” in the Learning Resources Library Search by Topic ● Learning Resources for User to browse ● Security Fundamentals ● Application Security Weaknesses Full access to all videos and presentations, with links to additional details to help build Awareness and Understanding of the fundamentals of Application Security.

  30. “Feed Your Brain” in the Learning Resources Library ● Search results to take you to the desired topic. Full access to all videos and presentations, with links to additional details to help build Awareness and Understanding of the fundamentals of Application Security.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW & FORTIFY MISSION To cultivate an environment where value- added agricultural producers, operators and growers innovate and thrive. WHAT IS

173 views • 14 slides
Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman

Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman

Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman Monroe, Senior Security Consultant Thomas Ryan, Fortify Solutions Architect #MicroFocusCyberSummit Session Agenda Mobile Apps The Bad, The Worse

694 views • 44 slides
AppSec at High Speed and Scale Agility, Integration & Automation Scott Johnson, Fortify GM

AppSec at High Speed and Scale Agility, Integration & Automation Scott Johnson, Fortify GM

AppSec at High Speed and Scale Agility, Integration & Automation Scott Johnson, Fortify GM #MicroFocusCyberSummit Forward Looking Statements: Legal Disclaimer This document contains forward looking statements This document contains forward

410 views • 29 slides
Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code Analyzer for Security Static Code Analyzer for Security (HP Fortify SCA) C/C++ Java Vulnerabilities LLVM Language independent Services C/C++ Swift

325 views • 31 slides
ENERGIZE. FORTIFY. REPLENISH. WHAT ARE ANTIOXIDANTS? ANTIOXIDANT BALANCE WHOLE-BODY NUTRIENT

ENERGIZE. FORTIFY. REPLENISH. WHAT ARE ANTIOXIDANTS? ANTIOXIDANT BALANCE WHOLE-BODY NUTRIENT

ENERGIZE. FORTIFY. REPLENISH. WHAT ARE ANTIOXIDANTS? ANTIOXIDANT BALANCE WHOLE-BODY NUTRIENT INFUSION Wellness from head to toe Anthocyanins MSM Boron Phenols Calcium Potassium Catechin gallate Sodium Copper

424 views • 13 slides
Hiring & Firing Requirements & Best Practices Fortify Conference November 7, 2018 1

Hiring & Firing Requirements & Best Practices Fortify Conference November 7, 2018 1

Employment Standards Branch & Navy & Sage Benefits Hiring & Firing Requirements & Best Practices Fortify Conference November 7, 2018 1 Top 8 Focus Areas for HR Best Practices 1. Recruitment & Selection 2. Training &

502 views • 39 slides
HP Fortify Scanner Setup CSIF computer's should have the scanner already installed

HP Fortify Scanner Setup CSIF computer's should have the scanner already installed

HP Fortify Scanner Setup CSIF computer's should have the scanner already installed Command is sourceanalyzer Problems which sourceanalyzer == <path>/HP_Fortify/HP_Fortify_SCA_and_Apps_<ver

358 views • 15 slides
Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit Agenda Identifying the cost Identifying the tool A quick case study 2 Thinking about the cost 3

261 views • 25 slides
Fortify your MySQL data security in AWS using ProxySQL and Firewalling Marco Tusa Percona About

Fortify your MySQL data security in AWS using ProxySQL and Firewalling Marco Tusa Percona About

Fortify your MySQL data security in AWS using ProxySQL and Firewalling Marco Tusa Percona About Me Open source enthusiast Principal Consultant Working in DB world over 25 years Open source developer and community contributor

979 views • 48 slides
Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that

Secure Programming with Static Analysis Brian Chess brian@fortify.com Software Systems that are Ubiquitous Connected Dependable Complexity Unforeseen Consequences Software Security Today The line between secure/insecure is

624 views • 48 slides
Financial Results Full year ended 30 June 2019 Fortify 23 August 2019 Disclaimer The material

Financial Results Full year ended 30 June 2019 Fortify 23 August 2019 Disclaimer The material

Purpose Invest Grow Preserve Financial Results Full year ended 30 June 2019 Fortify 23 August 2019 Disclaimer The material contained in this document is a presentation of information about the Groups activities (primarily: metal

500 views • 45 slides
SSC REST API Jonathan Couch Fortify Security Support Engineer How to create a project version

SSC REST API Jonathan Couch Fortify Security Support Engineer How to create a project version

SSC REST API Jonathan Couch Fortify Security Support Engineer How to create a project version Creating a project is not one REST API endpoint call but uses two separate calls using the following endpoints /projectVersions /bulk To

370 views • 17 slides
Winning Employee Retention Strategies for Today Fortify Conference November 7, 2018 52 27 59

Winning Employee Retention Strategies for Today Fortify Conference November 7, 2018 52 27 59

Winning Employee Retention Strategies for Today Fortify Conference November 7, 2018 52 27 59 Visit www.menti.com and use the code 52 27 59 Visit www.menti.com and use the code 52 27 59 BC Unemployment Rates (3 Month Moving Average as of

371 views • 35 slides
The Dark Side of Ajax Jacob West Fortify Software Mashup Pink Floyd AJAX all purpose cleaner

The Dark Side of Ajax Jacob West Fortify Software Mashup Pink Floyd AJAX all purpose cleaner

The Dark Side of Ajax Jacob West Fortify Software Mashup Pink Floyd AJAX all purpose cleaner Dark Side of the Moon Ajax Fancier and easier-to-use web applications using: A synchronous Web 1.0 J avaScript Server Web page A nd

993 views • 52 slides
#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and

#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and

#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and delivery Brenton Scott Witonski <>< , Acxiom Brandon Spruth, Target Lucas von Stockhausen, Fortify #MicroFocusCyberSummit WHY ARE YOU

711 views • 44 slides
Path Projection For User-Centered Static Analysis Tools Khoo Yit Phang , Jeff Foster, Michael

Path Projection For User-Centered Static Analysis Tools Khoo Yit Phang , Jeff Foster, Michael

Path Projection For User-Centered Static Analysis Tools Khoo Yit Phang , Jeff Foster, Michael Hicks, Vibha Sazawal University of Maryland PASTE 2008, November 10 1 Success in Static Analysis Coverity, Fortify, Grammatech, Klocwork, many others

895 views • 86 slides
Embedding of External Content from Non-trusted Sources Alexandre Miguel Ferreira University of

Embedding of External Content from Non-trusted Sources Alexandre Miguel Ferreira University of

Embedding of External Content from Non-trusted Sources Alexandre Miguel Ferreira University of Amsterdam Research Project II July 5, 2012 Agenda Introduction Research Question Background How to embed content? Most

434 views • 17 slides
As global commodity super-cycle ends, Africans continue uprising against Africa Rising By

As global commodity super-cycle ends, Africans continue uprising against Africa Rising By

As global commodity super-cycle ends, Africans continue uprising against Africa Rising By Patrick Bond presented to Mapungubwe Institute for Strategic Reflection (Mistra) Great Recession Colloquium, University of South Africa, Pretoria,

344 views • 21 slides
FORWARD LOOKING STATEMENTS This presentation contains forward -looking statements, within the

FORWARD LOOKING STATEMENTS This presentation contains forward -looking statements, within the

V an S par RENTIAN PROJECT XIUSHUI VANADIUM REGION JIANGXI, CHINA LONG TERM, HIGH QUALITY VANADIUM PRODUCTION FOR THE FLOW BATTERY, STEEL AND CHEMICAL INDUSTRIES AUGUST 2018 VanSpar Mining Inc. a subsidiary of FORWARD

373 views • 24 slides
WORLD CLASS MINERAL SYSTEM UNLOCKED August 2017 2 IMPORTANT INFORMATION This document has been

WORLD CLASS MINERAL SYSTEM UNLOCKED August 2017 2 IMPORTANT INFORMATION This document has been

WALFORD CREEK PROJECT: WORLD CLASS MINERAL SYSTEM UNLOCKED August 2017 2 IMPORTANT INFORMATION This document has been prepared by Aeon Metals Limited (Aeon) for the purpose of providing a comprehensive company and technical overview to

474 views • 30 slides
Software Security Presentation Dr. E. Benoist Spring Semester 2011 Software Security

Software Security Presentation Dr. E. Benoist Spring Semester 2011 Software Security

Berner Fachhochschule - Technik und Informatik Software Security Presentation Dr. E. Benoist Spring Semester 2011 Software Security Presentation 1 Presentation Emmanuel Benoist email: emmanuel.benoist(at)bfh.ch PhD at the

368 views • 9 slides
The Life of Breached Data & The Dark Side of Security. Jarrod Overson @jsoverson QCon SF

The Life of Breached Data & The Dark Side of Security. Jarrod Overson @jsoverson QCon SF

The Life of Breached Data & The Dark Side of Security. Jarrod Overson @jsoverson QCon SF 2016 It's more than just massive breaches from large companies, too. It's small continuous, streams of exploitable data 2.2 Billion Leaked

1.07k views • 82 slides
Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor

Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor

Domain System Threat Landscape Pablo Rodriguez Nic.pr Janelle McAlister - MarkMonitor Agenda n History n Nic.PR Case Study q Registrar Perspective q Registry Perspective n Future solutions History n Over the past few years

643 views • 26 slides
Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool

Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool

Project Plan Connected Appliances Analytics Dashboard The Capstone Experience Team Whirlpool Derrick Neier Jim Solce Zach Taylor Joe Tuohey Department of Computer Science and Engineering Michigan State University Fall 2012 From Students

447 views • 17 slides

More recommend