SlideShare ist ein Scribd-Unternehmen logo

Healthcare application-security-practices-survey-veracode

Veracode
Veracode

Even though Healthcare applications are a primary target for cyber-attacks, a new study from IDG Research reveals that sixty percent of internally developed applications are not assessed for critical security vulnerabilities such as SQL Injection and Cross-Site Scripting. IT leaders expect the number of healthcare applications to increase as organizations increasingly rely on software innovation. How will healthcare application security teams close this gap?

Technologie
1 von 18
Downloaden Sie, um offline zu lesen
Application Security Best Practices SurveyInsights for the Healthcare Industry
2 Application Security Benchmark Survey Insights for the Healthcare Industry •About this survey •What is being developed by enterprises? •What is not being tested? •How will things change in 12 months? •Executive commitment •A plan to close the gap
3 About The Survey •Conducted by IDGResearch from May-June 2014 •Respondents: -100 US -100 UK -106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution Computing (HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
What is being developed by enterprises?
5 Healthcare enterprise application portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 34% 42% 24% Source: Veracode and IDGResearch Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfoliois internally developed vs. externally-developed/ sourced? Healthcare Base: 18 Average number of internally developed enterprise applications 1829 Source: Veracode and IDGResearch Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Healthcare Base: 18
6 Taxonomy of internally developed applications Source: Veracode and IDGResearch Services Q3. With the total equal to 100%, approximately what percent of your internally developedenterprise application portfolio falls into the following application architecture categories? Healthcare Base: 18 31% 25% 22% 24% Mobile Applications Web Applications Client/Server Applications Terminal Applications HEALTHCARE
What is being spent on securing internally developed applications?
8 Security spending on internally developed enterprise applications HEALTHCARE 0% 17% 22% 17% 11% 22% 11% 0% 0% 35% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $1.12M Source: Veracode and IDGResearch Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Healthcare Base: 18
9 Breakdown of application security spending on internally developed applications HEALTHCARE Penetration Testing SAST DAST Application Discovery/Inventory 20% 26% 31% 22% Source: Veracode and IDGResearch Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Healthcare Base: 18
What is not being tested?
11 Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 HEALTHCARE MOBILE APPLICATIONS 63% not tested for vulnerabilities WEB APPLICATIONS 57%not tested for vulnerabilities TERMINAL APPLICATIONS 64%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 59%not tested for vulnerabilities ALL APPLICATIONS 60%not tested for vulnerabilities A
12 Importance of closing the gaps in application security testing HEALTHCARE Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? Healthcare Base: 18 87% MOBILE APPLICATIONS (N = 15) 80% WEB APPLICATIONS (N = 15) 69% CLIENT/SERVER APPLICATIONS (N = 16) 69% TERMINAL APPLICATIONS (N = 16) Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
How will things change in 12 months?
14 Changes in application security programs: 12 month projection for Healthcare industry Source: Veracode and IDGResearch Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 2.92% average increase Change in security spend for internally developed applications (or 177 new apps) Average growth of internally developed applications 9.7% average increase Estimated 2015 Budget: $1.15M Estimated 2015 Need: $3.11M To test all current and new applications with existing approaches $1.95M Average gap between need and budget Source: Veracode and IDGResearch Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Healthcare Base: 18
Executive commitment
16 Executive commitment to application security testing HEALTHCARE Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 44% 28% 28% 0% Source: Veracode and IDGResearch Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Healthcare Base: 18
17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDGdetermined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSOin an untenable budgetary situation. The key is rethinking these elements: •How security gets built into applications as they are being developed •How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months •How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOsand CSOscan use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDGResearch, Aug 2014
Start the assessment http://www.veracode.com/application-security-assessment

Empfohlen

Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilitySonatype
 

Empfohlen

Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilitySonatype
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFixVirtual Forge
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsVeracode
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionhearme limited company
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous DeliveryMainstay
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Sonatype
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to EnlightenmentBlack Duck by Synopsys
 
Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Dinis Cruz
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1Khody Afkhami
 

Weitere ähnliche Inhalte

Was ist angesagt?

Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFixVirtual Forge
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsVeracode
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionhearme limited company
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous DeliveryMainstay
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Sonatype
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 

Was ist angesagt? (20)

Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFix
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous Delivery
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
 

Andere mochten auch

Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Dinis Cruz
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1Khody Afkhami
 
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineScripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineSherif Mansour
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
AllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CIAllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CISimon Bennetts
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesThreat Stack
 
Building a deployment pipeline
Building a deployment pipelineBuilding a deployment pipeline
Building a deployment pipelineNoam Shochat
 
Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Christian Bogeberg
 
Iot for e-health system project concept
Iot for e-health system project conceptIot for e-health system project concept
Iot for e-health system project conceptVakhtang Mosidze
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Simon Bennetts
 
advantage and disadvantage of technology
advantage and disadvantage of technology advantage and disadvantage of technology
advantage and disadvantage of technology Ziyad Siso
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stackKris Buytaert
 
Managing the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaManaging the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaAmazon Web Services
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...Amazon Web Services
 

Andere mochten auch (18)

Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1
 
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineScripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 
AllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CIAllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CI
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
 
Building a deployment pipeline
Building a deployment pipelineBuilding a deployment pipeline
Building a deployment pipeline
 
Development stack for an healthcare application
Development stack for an healthcare applicationDevelopment stack for an healthcare application
Development stack for an healthcare application
 
Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...
 
Iot for e-health system project concept
Iot for e-health system project conceptIot for e-health system project concept
Iot for e-health system project concept
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
 
advantage and disadvantage of technology
advantage and disadvantage of technology advantage and disadvantage of technology
advantage and disadvantage of technology
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stack
 
Managing the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaManaging the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS Lambda
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
 

Ähnlich wie Healthcare application-security-practices-survey-veracode

application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application SecurityVeracode
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Mainstay
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyJennifer Walker
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameDennis Stoutjesdijk
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfdotco
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Jeremiah Grossman
 
Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Brian Metzger
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software marketHarshalBamble
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
Apperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportApperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportJennifer Walker
 
Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14InvestorSymantec
 
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...IMARC Group
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactTata Consultancy Services
 

Ähnlich wie Healthcare application-security-practices-survey-veracode (20)

application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...
 
Webinar: CX up AND costs down?
Webinar: CX up AND costs down?Webinar: CX up AND costs down?
Webinar: CX up AND costs down?
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility Survey
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the game
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
 
SECURITY
SECURITYSECURITY
SECURITY
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Apperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportApperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility Report
 
Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14
 
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the Impact
 

Kürzlich hochgeladen

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Kürzlich hochgeladen (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Healthcare application-security-practices-survey-veracode

  • 1. Application Security Best Practices SurveyInsights for the Healthcare Industry
  • 2. 2 Application Security Benchmark Survey Insights for the Healthcare Industry •About this survey •What is being developed by enterprises? •What is not being tested? •How will things change in 12 months? •Executive commitment •A plan to close the gap
  • 3. 3 About The Survey •Conducted by IDGResearch from May-June 2014 •Respondents: -100 US -100 UK -106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution Computing (HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
  • 4. What is being developed by enterprises?
  • 5. 5 Healthcare enterprise application portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 34% 42% 24% Source: Veracode and IDGResearch Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfoliois internally developed vs. externally-developed/ sourced? Healthcare Base: 18 Average number of internally developed enterprise applications 1829 Source: Veracode and IDGResearch Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Healthcare Base: 18
  • 6. 6 Taxonomy of internally developed applications Source: Veracode and IDGResearch Services Q3. With the total equal to 100%, approximately what percent of your internally developedenterprise application portfolio falls into the following application architecture categories? Healthcare Base: 18 31% 25% 22% 24% Mobile Applications Web Applications Client/Server Applications Terminal Applications HEALTHCARE
  • 7. What is being spent on securing internally developed applications?
  • 8. 8 Security spending on internally developed enterprise applications HEALTHCARE 0% 17% 22% 17% 11% 22% 11% 0% 0% 35% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $1.12M Source: Veracode and IDGResearch Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Healthcare Base: 18
  • 9. 9 Breakdown of application security spending on internally developed applications HEALTHCARE Penetration Testing SAST DAST Application Discovery/Inventory 20% 26% 31% 22% Source: Veracode and IDGResearch Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Healthcare Base: 18
  • 10. What is not being tested?
  • 11. 11 Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 HEALTHCARE MOBILE APPLICATIONS 63% not tested for vulnerabilities WEB APPLICATIONS 57%not tested for vulnerabilities TERMINAL APPLICATIONS 64%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 59%not tested for vulnerabilities ALL APPLICATIONS 60%not tested for vulnerabilities A
  • 12. 12 Importance of closing the gaps in application security testing HEALTHCARE Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? Healthcare Base: 18 87% MOBILE APPLICATIONS (N = 15) 80% WEB APPLICATIONS (N = 15) 69% CLIENT/SERVER APPLICATIONS (N = 16) 69% TERMINAL APPLICATIONS (N = 16) Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
  • 13. How will things change in 12 months?
  • 14. 14 Changes in application security programs: 12 month projection for Healthcare industry Source: Veracode and IDGResearch Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 2.92% average increase Change in security spend for internally developed applications (or 177 new apps) Average growth of internally developed applications 9.7% average increase Estimated 2015 Budget: $1.15M Estimated 2015 Need: $3.11M To test all current and new applications with existing approaches $1.95M Average gap between need and budget Source: Veracode and IDGResearch Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Healthcare Base: 18
  • 16. 16 Executive commitment to application security testing HEALTHCARE Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 44% 28% 28% 0% Source: Veracode and IDGResearch Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Healthcare Base: 18
  • 17. 17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDGdetermined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSOin an untenable budgetary situation. The key is rethinking these elements: •How security gets built into applications as they are being developed •How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months •How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOsand CSOscan use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDGResearch, Aug 2014
  • 18. Start the assessment http://www.veracode.com/application-security-assessment