application security
play

Application Security The source code perspective Authors: - PowerPoint PPT Presentation

Nov 13, 2022 •1.11k likes •1.3k views

Application Security The source code perspective Authors: Francesco Consiglio Marco Borza Implementation Challenges Iron Triangle Security as an afterthought The Secure SDLC in the Waterfall Model SDLC vs Secure SDLC Cost Reduction

  1. Application Security The source code perspective Authors: Francesco Consiglio Marco Borza

  2. Implementation Challenges • Iron Triangle • Security as an afterthought

  3. The Secure SDLC in the Waterfall Model

  4. SDLC vs Secure SDLC

  5. Cost Reduction in the Secure SDLC TIME & COST “Cost to find/fix a defect during integration/system test is 15-90 times higher Integration & than at design/coding” System Testing Unit Testing SCAN BINARIES Code Inspection Static analysis tools find defects & design flaws “in phase” SCAN SOURCES WITH CHECKMARX PRODUCT LIFECYCLE DESIGN CODING QA PRODUCTION

  7. Before we met Checkmarx … • Complex usability and unfamiliar interfaces (or familiar to coders only) • Inaccurate results reaching a high rate of FPs • Unaffordable solutions eventually requiring vast resources

  8. Checkmarx SAST

  10. • Leading Static Application Security Testing Vendor (SAST) • Ranked 2 nd Fastest Growing Security Company by • “Best Application Security Product in 2014” by Cyber Defense Magazine • Patented Technology • Strong financial backing, IWI, Ofer • Fortune 500 customers

  11. Thank You!

Recommend

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: https://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

1.31k views • 11 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides
Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

Web Application Security Attacks on the Web Attacker Web User Application Web Database Web

IN3210 Network Security Web Application Security Attacks on the Web Attacker Web User Application Web Database Web Server Application 2 The OWASP Foundation The Open Web Application Security Project (OWASP) is a 501(c)(3)

1.21k views • 60 slides
OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application

Application Security Management (ASM) August 9, 2016 CC Kermen Agenda About Application Security Management (ASM) Features and Benefits Performance Review Ordering Information About Application Security Management (ASM)

618 views • 7 slides
Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal

Application security Application security September 25, 2020 Administrative submittal instructions submittal instructions Administrative answer the lab assignments questions in written report form, as a text, pdf, or Word

566 views • 37 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 -

Web Application Security Payloads Andrs Riancho Director of Web Security BlackHat 2011 - Barcelona Topics Short w3af introduction Whats new in w3af Automating Web application exploitation The problem and how other tools are

553 views • 54 slides
Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security [Web Application Security] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

540 views • 29 slides
OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente

Agenda Application Security OWASP Top 10 OWASP Top Ten meets JSF Andreas Hartmann Application Security Komponente Application Security Startup 04.04.2013 04.04.2013 2 OWASP Top 10 Agenda Application Security Was ist Application Security

234 views • 8 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Web Security: Web Application Security Spring 2016 Franziska (Franzi) Roesner

Web Security: Web Application Security Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

874 views • 34 slides
Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Application Logic Flaws Professor Larry Heimann Web Application Security Information Systems

Application Logic Flaws Professor Larry Heimann Web Application Security Information Systems

Application Logic Flaws Professor Larry Heimann Web Application Security Information Systems Discussion of Lab 6 Due end of the week on October 17th (11:59am) Complete findings record, attach screenshots and/or code files to confirm

847 views • 16 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Security CS 4720 Mobile Application Development CS 4720 The Traditional Security Model

Security CS 4720 Mobile Application Development CS 4720 The Traditional Security Model

Security CS 4720 Mobile Application Development CS 4720 The Traditional Security Model The Firewall Approach Keep the good guys in and the bad guys out CS 4720 2 Distributed System Security Islands of Security

883 views • 39 slides
Improving Application Software Security in Linux Sebastian Neubauer Technische Universitt

Improving Application Software Security in Linux Sebastian Neubauer Technische Universitt

Improving Application Software Security in Linux Sebastian Neubauer Technische Universitt Mnchen Computer Science Department July 19, 2017 1 Improve C/C++ applications contain bugs Security Existing security mechanisms Still

367 views • 32 slides
Continuous Application Security Testing Presented by:

Continuous Application Security Testing Presented by:

W14 Security Testing Wednesday, October 23rd, 2019 3:00 PM Continuous Application Security Testing Presented by: Josh Gibbs

306 views • 4 slides
APPLICATION SECURITY HackInParis 2013 Dmitriy Evdokimov Andrey Chasovskikh About us Dmitriy

APPLICATION SECURITY HackInParis 2013 Dmitriy Evdokimov Andrey Chasovskikh About us Dmitriy

WINDOWS PHONE 8 APPLICATION SECURITY HackInParis 2013 Dmitriy Evdokimov Andrey Chasovskikh About us Dmitriy D1g1 Evdokimov - Security researcher at ERPScan - Mobile security, RE, fuzzing, exploit dev etc. - Editor of Russian hacking

742 views • 43 slides
UNDERGROUND ECONOMIES CMSC 414 MAY 10 2018 BUT FIRST: APPLICATION-LAYER SECURITY

UNDERGROUND ECONOMIES CMSC 414 MAY 10 2018 BUT FIRST: APPLICATION-LAYER SECURITY

UNDERGROUND ECONOMIES CMSC 414 MAY 10 2018 BUT FIRST: APPLICATION-LAYER SECURITY APPLICATION LAYER Familiar faces: HTTP (web), SMTP (mail), Skype, Bittorrent, Gaming, All of these choose explicitly from the layer beneath

1.49k views • 89 slides
Web Application Security And Why You Need To Review Yours David Busby Percona Who am I?

Web Application Security And Why You Need To Review Yours David Busby Percona Who am I?

Web Application Security And Why You Need To Review Yours David Busby Percona Who am I? David Busby Contracting for Percona since January 2013 18+ years as sysadmin / devops / security Volunteer work: Assistant Scout

958 views • 44 slides

More recommend