SlideShare ist ein Scribd-Unternehmen logo

IBM AppScan Source: The SAST Solution

Als PPT, PDF herunterladen
hearme limited company
hearme limited company

IBM AppScan Source is a static application security testing (SAST) tool that scans source code to identify vulnerabilities like SQL injection and cross-site scripting. It has components for analysis, development, remediation, and automation. It can be deployed as a standard desktop tool, in a small workgroup, or in an enterprise environment integrated with other tools. AppScan Source features include importing apps, configuring scans, viewing results, and generating reports. It aims to help security analysts, developers, and organizations identify and fix issues to prevent data breaches and other security problems.

Software
1 von 26
IBM AppScan Source The SAST solution Thuc X.Vu <thuc@labsofthings.com> Reseacher, founder of IoT and Data processing Labs Vietsoftware International Inc. Website: http://labsofthings.com/
IBM AppScan Solution2 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution3 Vietsoftware International Inc. Understanding what AppScan Source is  AppScan Source is a static application security testing (SAST) solution.  Scans application source code for security vulnerabilities: SQL injection, command injection, cross-site scripting, buffer overflow  These vulnerabilities are exploitable weaknesses in code that lead to: 1. Loss of reputation 2. Loss of money 3. A breach or an exposure of sensitive information 4. Business noncompliance  AppScan Source enables organizations to proactively identify and mitigate security risk.
IBM AppScan Solution5 Vietsoftware International Inc. AppScan Source components Source for Analysis, Source for Development, Source for Remediation, Source for Automation 1. AppScan Source for Automation Allow Build Teams to execute Scans at Build time Command line tooling and build tools allow for ease of automation Assessment Publishing and Reporting directly from Automation
IBM AppScan Solution6 Vietsoftware International Inc. AppScan Source components (Cont.) 2. AppScan Source for Development Allow Developers to perform Security Scans Plugins supplied for IDE Remediate Vulnerabilities 3. AppScan Source for Analysis  Allow Security Analysts to Configure Applications for SAST Scanning, Optimize Scan Configuration to Focus on Vulnerable Source Code  Analyze, isolate, and take action on priority vulnerabilities.  Provides security analysts, QA managers, and development managers with fast time-to-results.
IBM AppScan Solution7 Vietsoftware International Inc. AppScan Source components (Cont.) AppScan Source Database  An out-of-the-box database that persists the AppScan Source Security Knowledgebase data, assessment data, and application/project inventory. AppScan Source command line interface (CLI) client  Provides command line access to various AppScan Source functions to enable integration, automation, and scripting.  Plugins for Make, Ant, and Maven allow the configuration process to be automated
IBM AppScan Solution8 Vietsoftware International Inc. AppScan Source Edition Products vs Roles
IBM AppScan Solution9 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution10 Vietsoftware International Inc. Standard desktop deployment
IBM AppScan Solution11 Vietsoftware International Inc. Standard desktop deployment (Cont.) Used in small organization, for a security analyst/auditor who performs security assessments No defect tracking system integration or build integration Using the AppScan Source administrative account, and no LDAP Directory Server integration
IBM AppScan Solution12 Vietsoftware International Inc. Small workgroup deployment
IBM AppScan Solution13 Vietsoftware International Inc. Small workgroup deployment (Cont.) Used in small to moderate organization Dedicated to different roles: Administrator, Manager, Security Analyst, Developer Build Automation server integration
IBM AppScan Solution14 Vietsoftware International Inc. Enterprise workgroup deployment
IBM AppScan Solution15 Vietsoftware International Inc. Enterprise workgroup deployment (Cont.) Integrate with Defect tracking system Authentication with LDAP integration
IBM AppScan Solution16 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution17 Vietsoftware International Inc. AppScan Source Features and Tooling  Configuration perspective: - Import existing applications from IDEs - Configure AppScan Source applications and projects - Scan code - Create and manage applications, projects, and attributes  Triage perspective: - View scan results to prioritize remediation workflow - Organize findings - Filter findings - Promote, demote, and dispatch findings for remediation  Analysis perspective: - Drill down to individual findings - Track data flow visually though the source code (trace) - Access contextual remediation assistance - Generate Reports
IBM AppScan Solution18 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution19 Vietsoftware International Inc. Continuous Improvement Environment CONFIGURE TRIAGE ASSIGNREMEDIATE AppScan Source •For Analysis •For Development •For Automation AppScan Enterprise AppScan Source •For Remediation •For Development REPORT High-confidence findings >>>>> > > > > > >> > > > > > > AppScan Source •For Analysis AppScan Source •For Analysis SCAN
IBM AppScan Solution20 Vietsoftware International Inc. Security Analyst Workflow Security Professionals using AppScan Source for Security: Total time: 2-3 weeks / application • Applications are scanned once per year or less • Minimal carry-over for subsequent scans
IBM AppScan Solution21 Vietsoftware International Inc. Developer Workflow Any developer using AppScan Source for Development: Total Time: ½ - 1 day •Developers cannot develop while scanning (can take hours) •Developers are not security experts •Scan workflow interrupts agile workflows
IBM AppScan Solution22 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution23 Vietsoftware International Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose Magic Quadrant for Application Security Testing Neil MacDonald, Joseph Feiman July 2, 2013 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The link to the Gartner report is available upon request from IBM. “The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market.” Gartner has recognized IBM as a leader in the Magic Quadrant for Application Security Testing (AST)
IBM AppScan Solution24 Vietsoftware International Inc. Additional Information  Documents  EMA Impact Brief - IBM Security AppScan 8.7 Adds Support for iOS Mobile Apps https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg- WW_Security_Organic&S_PKG=ov14494&S_TACT=102PW29W  AppScan Source Data Sheet http://public.dhe.ibm.com/common/ssi/ecm/en/rad14105usen/RAD14105USEN.PDF  AppScan Standard Data Sheet: http://public.dhe.ibm.com/common/ssi/ecm/en/rad14019usen/RAD14019USEN.PDF  AppScan Enterprise Data Sheet ftp://public.dhe.ibm.com/common/ssi/ecm/en/rad14113usen/RAD14113USEN.PDF  Posts  2013 Gartner Application Security Testing MQ and the Evolution of Software Security http://securityintelligence.com/2013-gartner-application-security-testing-mq-and-the-evolution-of-software-security/  Gartner Publishes 2013 Magic Quadrant for Application Security Testing (AST) http://securityintelligence.com/gartner-magic-quadrant-for-application-security-testing-2013/  Podcasts  2013 Gartner Magic Quadrant for Application Security Testing  http://www.blogtalkradio.com/calebbarlow/2013/07/25/2013-gartner-magic-quadrant-for-application-security-testing  Application + Threat + Security intelligence = Priceless  http://www.blogtalkradio.com/calebbarlow/2012/08/13/threat-application-security-intelligence-priceless  Taking Application Security from the Whiteboard to Reality  http://www.blogtalkradio.com/calebbarlow/2012/06/11/taking-application-security-from-the-whiteboard-to-reality
IBM AppScan Solution25 Vietsoftware International Inc. Videos Overview of IBM Security AppScan http://www.youtube.com/watch?v=9R4IjZpKt8I How College Board is Building Security into Application Development http://www.youtube.com/watch?v=TtqhlcTnbg8 Building Better, More Secure Applications http://www.youtube.com/watch?v=UcN2uUolgKk Using Application Security Testing to Increase Deployment Speed http://www.youtube.com/watch?v=VImy3ilYUSk IBM Security AppScan 8.7 for iOS mobile application support http://www.youtube.com/watch?v=I73tbAmJIGw IBM Security AppScan 8.7 for iOS Applications http://www.youtube.com/watch?v=egnEH-GGQEI IBM Security AppScan: Analysis Perspective http://www.youtube.com/watch?v=UZD53ZgV848
IBM AppScan Solution26 Vietsoftware International Inc. Credits  Implemented IBM Appscan for customers in Vietnam: Vietcombank; VietinBank; Vietnam Customs  Some presentations on Enterprise Mobile Solution, IoT, Security, payment at  http://www.slideshare.net/papaiking/
IBM AppScan Solution27 Vietsoftware International Inc. Smarter security for a smarter planet

Empfohlen

IBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security SolutionIBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security Solutionhearme limited company
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Testing Spring Boot Applications
Testing Spring Boot ApplicationsTesting Spring Boot Applications
Testing Spring Boot ApplicationsVMware Tanzu
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Securityn|u - The Open Security Community
 

Empfohlen

IBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security SolutionIBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security Solutionhearme limited company
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com
 
Security testing
Security testingSecurity testing
Security testingKhizra Sammad
 
Testing Spring Boot Applications
Testing Spring Boot ApplicationsTesting Spring Boot Applications
Testing Spring Boot ApplicationsVMware Tanzu
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Securityn|u - The Open Security Community
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConTom Stiehm
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterAmazon Web Services
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Easymock Tutorial
Easymock TutorialEasymock Tutorial
Easymock TutorialSbin m
 
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágilDevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágilBruno Dantas
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Kevin Fealey
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionhearme limited company
 

Weitere ähnliche Inhalte

Was ist angesagt?

IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConTom Stiehm
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterAmazon Web Services
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaEdureka!
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonAdar Weidman
 
Easymock Tutorial
Easymock TutorialEasymock Tutorial
Easymock TutorialSbin m
 
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágilDevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágilBruno Dantas
 

Was ist angesagt? (20)

IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
 
DevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security Success
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best Practices
 
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConShifting Security Left - The Innovation of DevSecOps - ValleyTechCon
Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Microservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | EdurekaMicroservices with Spring Boot Tutorial | Edureka
Microservices with Spring Boot Tutorial | Edureka
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
 
Easymock Tutorial
Easymock TutorialEasymock Tutorial
Easymock Tutorial
 
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágilDevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
DevOpsDays Brasilia - DevSecOps: Adotando uma cultura de segurança ágil
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 

Andere mochten auch

Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Kevin Fealey
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionhearme limited company
 
Is life insurance tax deductible in super?
Is life insurance tax deductible in super?Is life insurance tax deductible in super?
Is life insurance tax deductible in super?Chris Strano
 
Coverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property InsuranceCoverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property InsuranceNicholas Toscano
 
Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?Alan Walsh
 
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...Lars Crama
 
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?Patrick Lowenthal
 
BURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insuranceBURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insuranceDuncan Waugh
 
Avaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingAvaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingMotty Ben Atia
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security WhitepaperBoxHQ
 
Capacity Planning with Free Tools
Capacity Planning with Free ToolsCapacity Planning with Free Tools
Capacity Planning with Free ToolsAdrian Cockcroft
 

Andere mochten auch (14)

Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
 
TruLink hearing control app user guide
TruLink hearing control app user guideTruLink hearing control app user guide
TruLink hearing control app user guide
 
Is life insurance tax deductible in super?
Is life insurance tax deductible in super?Is life insurance tax deductible in super?
Is life insurance tax deductible in super?
 
Recommended homeowners insurance endorsements for charleston, sc
Recommended homeowners insurance endorsements for charleston, scRecommended homeowners insurance endorsements for charleston, sc
Recommended homeowners insurance endorsements for charleston, sc
 
Coverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property InsuranceCoverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property Insurance
 
GENBAND G6 datasheet
GENBAND G6 datasheetGENBAND G6 datasheet
GENBAND G6 datasheet
 
Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?
 
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
 
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
 
BURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insuranceBURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insurance
 
Avaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingAvaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensing
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security Whitepaper
 
Capacity Planning with Free Tools
Capacity Planning with Free ToolsCapacity Planning with Free Tools
Capacity Planning with Free Tools
 

Ähnlich wie IBM AppScan Source: The SAST Solution

Rational App Scan&Policy Tester
Rational App Scan&Policy TesterRational App Scan&Policy Tester
Rational App Scan&Policy TesterKristina O'Regan
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointIvanti
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Jeff Williams
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Application security vision - John b
Application security vision - John bApplication security vision - John b
Application security vision - John bRoopa Nadkarni
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101 Wade Malone
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...Agile Testing Alliance
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseSauce Labs
 
Connecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in BluemixConnecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in BluemixIBM
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQMIBM Rational
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24
 
Brochure Swascan Overview
Brochure Swascan OverviewBrochure Swascan Overview
Brochure Swascan OverviewSara Colnago
 

Ähnlich wie IBM AppScan Source: The SAST Solution (20)

Rational App Scan&Policy Tester
Rational App Scan&Policy TesterRational App Scan&Policy Tester
Rational App Scan&Policy Tester
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
Application security vision - John b
Application security vision - John bApplication security vision - John b
Application security vision - John b
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
App checker
App checkerApp checker
App checker
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the Enterprise
 
Connecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in BluemixConnecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in Bluemix
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
Brochure Swascan Overview
Brochure Swascan OverviewBrochure Swascan Overview
Brochure Swascan Overview
 
Swascan
Swascan Swascan
Swascan
 

Mehr von hearme limited company

TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0hearme limited company
 
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂMCHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂMhearme limited company
 
Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6hearme limited company
 
hearme solution for Customer experience measurement
hearme solution for Customer experience measurementhearme solution for Customer experience measurement
hearme solution for Customer experience measurementhearme limited company
 
Giải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearmeGiải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearmehearme limited company
 
Open Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application SystemOpen Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application Systemhearme limited company
 
on Sales Performance Management system
on Sales Performance Management systemon Sales Performance Management system
on Sales Performance Management systemhearme limited company
 
GIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM WorklightGIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM Worklighthearme limited company
 
Apply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking systemApply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking systemhearme limited company
 
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺGIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺhearme limited company
 

Mehr von hearme limited company (14)

TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
 
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂMCHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
 
Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6
 
Trải nghiệm khách hàng
Trải nghiệm khách hàngTrải nghiệm khách hàng
Trải nghiệm khách hàng
 
hearme solution for Customer experience measurement
hearme solution for Customer experience measurementhearme solution for Customer experience measurement
hearme solution for Customer experience measurement
 
Giải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearmeGiải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearme
 
Open Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application SystemOpen Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application System
 
Mobile Enterprise Application vision
Mobile Enterprise Application visionMobile Enterprise Application vision
Mobile Enterprise Application vision
 
Mobile payment solution
Mobile payment solutionMobile payment solution
Mobile payment solution
 
on Sales Performance Management system
on Sales Performance Management systemon Sales Performance Management system
on Sales Performance Management system
 
GIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM WorklightGIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM Worklight
 
Apply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking systemApply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking system
 
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺGIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
 
Giới thiệu về Chợ xây dựng
Giới thiệu về Chợ xây dựngGiới thiệu về Chợ xây dựng
Giới thiệu về Chợ xây dựng
 

Kürzlich hochgeladen

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Kürzlich hochgeladen (20)

Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

IBM AppScan Source: The SAST Solution

  • 1. IBM AppScan Source The SAST solution Thuc X.Vu <thuc@labsofthings.com> Reseacher, founder of IoT and Data processing Labs Vietsoftware International Inc. Website: http://labsofthings.com/
  • 2. IBM AppScan Solution2 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 3. IBM AppScan Solution3 Vietsoftware International Inc. Understanding what AppScan Source is  AppScan Source is a static application security testing (SAST) solution.  Scans application source code for security vulnerabilities: SQL injection, command injection, cross-site scripting, buffer overflow  These vulnerabilities are exploitable weaknesses in code that lead to: 1. Loss of reputation 2. Loss of money 3. A breach or an exposure of sensitive information 4. Business noncompliance  AppScan Source enables organizations to proactively identify and mitigate security risk.
  • 4. IBM AppScan Solution5 Vietsoftware International Inc. AppScan Source components Source for Analysis, Source for Development, Source for Remediation, Source for Automation 1. AppScan Source for Automation Allow Build Teams to execute Scans at Build time Command line tooling and build tools allow for ease of automation Assessment Publishing and Reporting directly from Automation
  • 5. IBM AppScan Solution6 Vietsoftware International Inc. AppScan Source components (Cont.) 2. AppScan Source for Development Allow Developers to perform Security Scans Plugins supplied for IDE Remediate Vulnerabilities 3. AppScan Source for Analysis  Allow Security Analysts to Configure Applications for SAST Scanning, Optimize Scan Configuration to Focus on Vulnerable Source Code  Analyze, isolate, and take action on priority vulnerabilities.  Provides security analysts, QA managers, and development managers with fast time-to-results.
  • 6. IBM AppScan Solution7 Vietsoftware International Inc. AppScan Source components (Cont.) AppScan Source Database  An out-of-the-box database that persists the AppScan Source Security Knowledgebase data, assessment data, and application/project inventory. AppScan Source command line interface (CLI) client  Provides command line access to various AppScan Source functions to enable integration, automation, and scripting.  Plugins for Make, Ant, and Maven allow the configuration process to be automated
  • 7. IBM AppScan Solution8 Vietsoftware International Inc. AppScan Source Edition Products vs Roles
  • 8. IBM AppScan Solution9 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 9. IBM AppScan Solution10 Vietsoftware International Inc. Standard desktop deployment
  • 10. IBM AppScan Solution11 Vietsoftware International Inc. Standard desktop deployment (Cont.) Used in small organization, for a security analyst/auditor who performs security assessments No defect tracking system integration or build integration Using the AppScan Source administrative account, and no LDAP Directory Server integration
  • 11. IBM AppScan Solution12 Vietsoftware International Inc. Small workgroup deployment
  • 12. IBM AppScan Solution13 Vietsoftware International Inc. Small workgroup deployment (Cont.) Used in small to moderate organization Dedicated to different roles: Administrator, Manager, Security Analyst, Developer Build Automation server integration
  • 13. IBM AppScan Solution14 Vietsoftware International Inc. Enterprise workgroup deployment
  • 14. IBM AppScan Solution15 Vietsoftware International Inc. Enterprise workgroup deployment (Cont.) Integrate with Defect tracking system Authentication with LDAP integration
  • 15. IBM AppScan Solution16 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 16. IBM AppScan Solution17 Vietsoftware International Inc. AppScan Source Features and Tooling  Configuration perspective: - Import existing applications from IDEs - Configure AppScan Source applications and projects - Scan code - Create and manage applications, projects, and attributes  Triage perspective: - View scan results to prioritize remediation workflow - Organize findings - Filter findings - Promote, demote, and dispatch findings for remediation  Analysis perspective: - Drill down to individual findings - Track data flow visually though the source code (trace) - Access contextual remediation assistance - Generate Reports
  • 17. IBM AppScan Solution18 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 18. IBM AppScan Solution19 Vietsoftware International Inc. Continuous Improvement Environment CONFIGURE TRIAGE ASSIGNREMEDIATE AppScan Source •For Analysis •For Development •For Automation AppScan Enterprise AppScan Source •For Remediation •For Development REPORT High-confidence findings >>>>> > > > > > >> > > > > > > AppScan Source •For Analysis AppScan Source •For Analysis SCAN
  • 19. IBM AppScan Solution20 Vietsoftware International Inc. Security Analyst Workflow Security Professionals using AppScan Source for Security: Total time: 2-3 weeks / application • Applications are scanned once per year or less • Minimal carry-over for subsequent scans
  • 20. IBM AppScan Solution21 Vietsoftware International Inc. Developer Workflow Any developer using AppScan Source for Development: Total Time: ½ - 1 day •Developers cannot develop while scanning (can take hours) •Developers are not security experts •Scan workflow interrupts agile workflows
  • 21. IBM AppScan Solution22 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 22. IBM AppScan Solution23 Vietsoftware International Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose Magic Quadrant for Application Security Testing Neil MacDonald, Joseph Feiman July 2, 2013 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The link to the Gartner report is available upon request from IBM. “The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market.” Gartner has recognized IBM as a leader in the Magic Quadrant for Application Security Testing (AST)
  • 23. IBM AppScan Solution24 Vietsoftware International Inc. Additional Information  Documents  EMA Impact Brief - IBM Security AppScan 8.7 Adds Support for iOS Mobile Apps https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg- WW_Security_Organic&S_PKG=ov14494&S_TACT=102PW29W  AppScan Source Data Sheet http://public.dhe.ibm.com/common/ssi/ecm/en/rad14105usen/RAD14105USEN.PDF  AppScan Standard Data Sheet: http://public.dhe.ibm.com/common/ssi/ecm/en/rad14019usen/RAD14019USEN.PDF  AppScan Enterprise Data Sheet ftp://public.dhe.ibm.com/common/ssi/ecm/en/rad14113usen/RAD14113USEN.PDF  Posts  2013 Gartner Application Security Testing MQ and the Evolution of Software Security http://securityintelligence.com/2013-gartner-application-security-testing-mq-and-the-evolution-of-software-security/  Gartner Publishes 2013 Magic Quadrant for Application Security Testing (AST) http://securityintelligence.com/gartner-magic-quadrant-for-application-security-testing-2013/  Podcasts  2013 Gartner Magic Quadrant for Application Security Testing  http://www.blogtalkradio.com/calebbarlow/2013/07/25/2013-gartner-magic-quadrant-for-application-security-testing  Application + Threat + Security intelligence = Priceless  http://www.blogtalkradio.com/calebbarlow/2012/08/13/threat-application-security-intelligence-priceless  Taking Application Security from the Whiteboard to Reality  http://www.blogtalkradio.com/calebbarlow/2012/06/11/taking-application-security-from-the-whiteboard-to-reality
  • 24. IBM AppScan Solution25 Vietsoftware International Inc. Videos Overview of IBM Security AppScan http://www.youtube.com/watch?v=9R4IjZpKt8I How College Board is Building Security into Application Development http://www.youtube.com/watch?v=TtqhlcTnbg8 Building Better, More Secure Applications http://www.youtube.com/watch?v=UcN2uUolgKk Using Application Security Testing to Increase Deployment Speed http://www.youtube.com/watch?v=VImy3ilYUSk IBM Security AppScan 8.7 for iOS mobile application support http://www.youtube.com/watch?v=I73tbAmJIGw IBM Security AppScan 8.7 for iOS Applications http://www.youtube.com/watch?v=egnEH-GGQEI IBM Security AppScan: Analysis Perspective http://www.youtube.com/watch?v=UZD53ZgV848
  • 25. IBM AppScan Solution26 Vietsoftware International Inc. Credits  Implemented IBM Appscan for customers in Vietnam: Vietcombank; VietinBank; Vietnam Customs  Some presentations on Enterprise Mobile Solution, IoT, Security, payment at  http://www.slideshare.net/papaiking/
  • 26. IBM AppScan Solution27 Vietsoftware International Inc. Smarter security for a smarter planet