dynamic and mobile with fortify on demand
play

Dynamic, and Mobile with Fortify on Demand Rick Smith Product - PowerPoint PPT Presentation

Apr 19, 2023 •11 likes •261 views

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit Agenda Identifying the cost Identifying the tool A quick case study 2 Thinking about the cost 3

  1. Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

  2. Agenda Identifying the cost Identifying the tool A quick case study 2

  3. Thinking about the cost 3

  4. Cliché Alert: Nothing in Life is Free Challenge becomes identifying the cost:  Opportunity  Time  Risk  Reputation  Features  Productivity  Relationships  Sanity!

  5. Application Security Today is Complex Monitoring / Protecting Production Software Securing legacy Certifying new applications releases In-house Development Legacy Software Demonstrating Compliance Procuring secure software Outsourced Commercial Open Source 5

  6. It isn’t getting easier 2020+ Software @ DevOps Speed 2015 App App 2010 Number of Applications Release Frequency 6

  7. Identifying the Right Tool

  8. Enterprise DevSecOps 8

  9. To a Hammer, Everything is a Nail Do you need a hammer?

  10. Choosing the Right Tool

  11. The Right Fit  Dynamic  Open Source Analysis  Static  Real-time Static  Mobile  Continuous Monitoring

  12. Static Made Simple Easily upload source from the IDE, and audit there as well

  13. Static – Full Build Integration Fortify on Demand Step 1: Develop & check-in code Step 4 : (Optional) Step 5 : Automated Developers (IDE) Manual Audit Audit Fortify Scan Fortify SCA Analytics Step 3 : Start Static Assessment Audited static results at DevOps speed Vulnerabiliti es Continuous Bill of materials FoD security Source control Known integration server expert repository vulnerabilities Vulnerabiliti Step 2 : Scheduled or triggered License risk es check-out & build Open Source Analysis Defect management Step 6: Triage, assign & fix vulnerabilities Vulnerability Management

  14. Dynamic Results at Scale – Speed and Depth Your applications Our infrastructure & expertise Fast dynamic, augmented with human testing

  15. Mobile – Blazing Fast + Thorough Automated results in 1 minute Full device stack testing

  16. Open Source Component Analysis Are your libraries introducing risk?

  17. Real-time Static Analysis Instant feedback within the IDE

  18. Continuous Monitoring Focusing on the OWASP Top 10 with fast & lightweight scanning 18

  19. Putting it all together 19

  20. Balancing the Pace of Development

  21. Balancing the Pace of Development  Flexibility is critical  Automate where possible  Leverage integrations  Build security in as quality

  22. Case Study: Fortify on Demand 22

  23. Case Study: Fortify on Demand Continuous lightweight static Dynamic after deploy Defects to Octane Weekly static Continuous monitoring in prod Constant feedback 23

  24. Question & Answer

  25. #MicroFocusCyberSummit Thank You.

Recommend

Fortify Integration & User Experience Fortify Partner Integration Integration with both

Fortify Integration & User Experience Fortify Partner Integration Integration with both

Fortify Integration & User Experience Fortify Partner Integration Integration with both Fortify on Demand and Software Security Center (v18.2). Get Training provides Fortify User with real-time interactive training in Secure

527 views • 31 slides
GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW &

GROW & FORTIFY Ag Commission Update 6/13/18 Kelly Dudeck Grow & Fortify GROW & FORTIFY MISSION To cultivate an environment where value- added agricultural producers, operators and growers innovate and thrive. WHAT IS

173 views • 14 slides
Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman

Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman

Developer-centric Application Security Scans Ray Kelly, Practice Principal - Fortify Sherman Monroe, Senior Security Consultant Thomas Ryan, Fortify Solutions Architect #MicroFocusCyberSummit Session Agenda Mobile Apps The Bad, The Worse

694 views • 44 slides
Managing Capacity and ShinMing Guo Demand NKUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKUST Managing dynamic demand Service capacity is perishable Yield Management Case: Disneyland Paris Established in 1992 Overestimate the initial demand Too many empty rooms

330 views • 16 slides
Managing Capacity and ShinMing Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and ShinMing Guo Demand NKFUST Managing dynamic demand Service capacity is perishable Yield Management Case: Disneyland Paris Established in 1992 Overestimate the initial demand Too many empty rooms

585 views • 17 slides
Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service capacity is perishable Yield Management Case: Disneyland Paris Established in 1992 Overestimate the demand Too many hotel rooms lead to

183 views • 17 slides
On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit rates computation based on event processing. An Idea by David Luckham, Stanford University, and CITT. Daniel Jobst, Benjamin Gebauer, Thomas Schfer,

311 views • 6 slides
Dynamic Processors Demand Dynamic Operating Systems Sankaralingam Panneerselvam Michael M. Swift

Dynamic Processors Demand Dynamic Operating Systems Sankaralingam Panneerselvam Michael M. Swift

Dynamic Processors Demand Dynamic Operating Systems Sankaralingam Panneerselvam Michael M. Swift Computer Sciences Department University of Wisconsin, Madison, WI 1 HotPar 2010 Motivation Chip Multiprocessor Does not support well

378 views • 22 slides
Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service

Managing Capacity and Shin Ming Guo Demand NKFUST Managing dynamic demand Service capacity is perishable Yield Management Case: Increase Revenue with Fixed Capacity The Park Hyatt Philadelphia, 118 King/Queen rooms.

303 views • 15 slides
Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple

Zappix Mobile app on demand transforms the experience of Mobile customers by unifying multiple communication channels of phone messaging, web, and social network January 2016 www.zappix.com 1 Company Profile Zappixs Visual IVR Platform

543 views • 37 slides
Distributed Intelligence and the Future of Dynamic Pricing, Price Responsive Demand, and Demand

Distributed Intelligence and the Future of Dynamic Pricing, Price Responsive Demand, and Demand

Distributed Intelligence and the Future of Dynamic Pricing, Price Responsive Demand, and Demand Response in PJM Paul Centolella President, Paul Centolella & Associates, LLC Senior Consultant, Tabors Caramanis Rudkevich Energy Policy

583 views • 21 slides
Dynamic Pricing for Non-Perishable Products with Demand Learning Ren Victor F. Araman e A.

Dynamic Pricing for Non-Perishable Products with Demand Learning Ren Victor F. Araman e A.

Dynamic Pricing for Non-Perishable Products with Demand Learning Ren Victor F. Araman e A. Caldentey Stern School of Business New York University DIMACS Workshop on Yield Management and Dynamic Pricing Rutgers University August, 2005

704 views • 26 slides
Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West

Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West

Dynamic Taint Propagation Finding Vulnerabilities Without Attacking Brian Chess / Jacob West Fortify Software 2.21.08 Overview Motivation Dynamic taint propagation Sources of inaccuracy Integrating with QA Related work

740 views • 70 slides
Dynamic demand side management of heat pump integrated with thermal energy storage Christopher

Dynamic demand side management of heat pump integrated with thermal energy storage Christopher

Dynamic demand side management of heat pump integrated with thermal energy storage Christopher Wilson Loughborough University 29th June 2015 Introduction Project Title Dynamic demand side management of heat pump integrated with thermal

363 views • 14 slides
Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P .

Overlapping Communities in Dynamic Networks: Their Detection and Mobile Applications Nam P . Nguyen, Thang N. Dinh, Sindhura Tokala, My T. Thai Department of Computer and Information Science and Engineering, University of Florida, USA

1.46k views • 87 slides
PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin

PUMA: Programmable UI Automation for Large-Scale Dynamic Analysis of Mobile Apps Shuai Hao, Bin Liu, Suman Nath, William G.J. Halfond, Ramesh Govindan 2 Mobile App Explosion 1.2 million 1,200,000 1,000,000 Number of Apps 800,000 600,000

638 views • 42 slides
A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web

A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web Alexei Bulazel & Blent Yener River Loop Security Rensselaer Polytechnic Institute (RPI) Introduction Automated dynamic malware analysis is

684 views • 33 slides
Riding the Mobile Traffic Tsunami Opportunities and Threats in the Making of 5G Mobile

Riding the Mobile Traffic Tsunami Opportunities and Threats in the Making of 5G Mobile

Riding the Mobile Traffic Tsunami Opportunities and Threats in the Making of 5G Mobile Broadband Jerry Pi Chief Technology Officer Straight Path Communications Inc. November 16, 2015 Content Drives Demand for Capacity 360 o /VR 4K/8K

621 views • 13 slides
Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code Analyzer for Security Static Code Analyzer for Security (HP Fortify SCA) C/C++ Java Vulnerabilities LLVM Language independent Services C/C++ Swift

325 views • 31 slides
Advanced Computer Graphics CS 525M: Understanding Mobile Web and Mobile Search Use in Todays

Advanced Computer Graphics CS 525M: Understanding Mobile Web and Mobile Search Use in Todays

Advanced Computer Graphics CS 525M: Understanding Mobile Web and Mobile Search Use in Todays Dynamic Mobile Landscape Shary J. Llanos Antonio Computer Science Dept. Worcester Polytechnic Institute (WPI) OUTLINE Introduction Motivation

567 views • 21 slides
ENERGIZE. FORTIFY. REPLENISH. WHAT ARE ANTIOXIDANTS? ANTIOXIDANT BALANCE WHOLE-BODY NUTRIENT

ENERGIZE. FORTIFY. REPLENISH. WHAT ARE ANTIOXIDANTS? ANTIOXIDANT BALANCE WHOLE-BODY NUTRIENT

ENERGIZE. FORTIFY. REPLENISH. WHAT ARE ANTIOXIDANTS? ANTIOXIDANT BALANCE WHOLE-BODY NUTRIENT INFUSION Wellness from head to toe Anthocyanins MSM Boron Phenols Calcium Potassium Catechin gallate Sodium Copper

424 views • 13 slides
Achieving a dominant position in Mobile Payments Customers demand digital solutions Claus Hjort

Achieving a dominant position in Mobile Payments Customers demand digital solutions Claus Hjort

Achieving a dominant position in Mobile Payments Customers demand digital solutions Claus Hjort Bjerre Development Director Personal Banking IT, Danske Bank June 2015 2 In may 2013 Danske Bank launched Mobile Pay, a simple peer to peer

510 views • 18 slides
M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic

M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic

M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic Analysis Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer SBA Research, Vienna, Austria IBM Research, Zurich, Switzerland International

394 views • 25 slides
Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di

Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di

Mobile Network Sharing Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di Francesco et al. Outline Paolo Di Francesco, Francesco Malandrino, Luiz DaSilva Introduction Data Available Data Trinity

396 views • 14 slides

More recommend