dynamic and mobile with fortify on demand
play

Dynamic, and Mobile with Fortify on Demand Rick Smith Product - PowerPoint PPT Presentation

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit Agenda Identifying the cost Identifying the tool A quick case study 2 Thinking about the cost 3


  1. Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

  2. Agenda Identifying the cost Identifying the tool A quick case study 2

  3. Thinking about the cost 3

  4. Cliché Alert: Nothing in Life is Free Challenge becomes identifying the cost:  Opportunity  Time  Risk  Reputation  Features  Productivity  Relationships  Sanity!

  5. Application Security Today is Complex Monitoring / Protecting Production Software Securing legacy Certifying new applications releases In-house Development Legacy Software Demonstrating Compliance Procuring secure software Outsourced Commercial Open Source 5

  6. It isn’t getting easier 2020+ Software @ DevOps Speed 2015 App App 2010 Number of Applications Release Frequency 6

  7. Identifying the Right Tool

  8. Enterprise DevSecOps 8

  9. To a Hammer, Everything is a Nail Do you need a hammer?

  10. Choosing the Right Tool

  11. The Right Fit  Dynamic  Open Source Analysis  Static  Real-time Static  Mobile  Continuous Monitoring

  12. Static Made Simple Easily upload source from the IDE, and audit there as well

  13. Static – Full Build Integration Fortify on Demand Step 1: Develop & check-in code Step 4 : (Optional) Step 5 : Automated Developers (IDE) Manual Audit Audit Fortify Scan Fortify SCA Analytics Step 3 : Start Static Assessment Audited static results at DevOps speed Vulnerabiliti es Continuous Bill of materials FoD security Source control Known integration server expert repository vulnerabilities Vulnerabiliti Step 2 : Scheduled or triggered License risk es check-out & build Open Source Analysis Defect management Step 6: Triage, assign & fix vulnerabilities Vulnerability Management

  14. Dynamic Results at Scale – Speed and Depth Your applications Our infrastructure & expertise Fast dynamic, augmented with human testing

  15. Mobile – Blazing Fast + Thorough Automated results in 1 minute Full device stack testing

  16. Open Source Component Analysis Are your libraries introducing risk?

  17. Real-time Static Analysis Instant feedback within the IDE

  18. Continuous Monitoring Focusing on the OWASP Top 10 with fast & lightweight scanning 18

  19. Putting it all together 19

  20. Balancing the Pace of Development

  21. Balancing the Pace of Development  Flexibility is critical  Automate where possible  Leverage integrations  Build security in as quality

  22. Case Study: Fortify on Demand 22

  23. Case Study: Fortify on Demand Continuous lightweight static Dynamic after deploy Defects to Octane Weekly static Continuous monitoring in prod Constant feedback 23

  24. Question & Answer

  25. #MicroFocusCyberSummit Thank You.

Recommend


More recommend