SlideShare a Scribd company logo

Day in the Life of a Developer

Download as PPTX, PDF
WhiteHat Security
WhiteHat Security

WhiteHat Sentinel Source

Technology
1 of 24
Day in the Life of a Developer …with WhiteHat Sentinel Source
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”  Notices a new vulnerability  Produced by ticketing integration  Viewing verified & actionable result  15+ supported systems, including…
“I fire up my IDE and triage my issues…”
“I fire up my IDE and triage my issues…”  Search application vulnerabilities
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC  Apply Directed Remediation patch if available
“I commit the fix and update the ticket…”
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule  Ticket auto-updated to reflect results
Security Enhanced Developer Tooling ... during notification … during triage … during verification
Integration with Developer • Atlassian JIRA •…many more using WIS •Eclipse •IntelliJ •Xcode •Visual Studio • Git • SVN • Perforce • CVS • TFS •HTTP/S •SFTP •Java •C#.Net (incl. ASP.Net) •Objective-C (incl. iOS) •PHP •Java Script •HTML5 •Android Languages Code Repo Bug Tracking IDE Plugins
WhiteHat Integration Server (WIS) Bug Tracking & ALM Systems Atlassian JIRA Microsoft Team Foundation Server Atlassian JIRA Service Desk ThoughtWorks Mingle Borland StarTeam (Dev Services Required) Rally HP ALM VersionOne HP Quality Center Bugzilla IBM Rational Team Concert (Rational Quality Manager) Serena Business Manager IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
THE FRONT LINE Of Application Security

Recommended

Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job APISumo Logic
 
How to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsHow to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsNaviance
 
Migration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsMigration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsBitTitan
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
K8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateK8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateKenshoo
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 

Recommended

Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job APISumo Logic
 
How to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsHow to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsNaviance
 
Migration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsMigration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsBitTitan
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
K8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateK8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateKenshoo
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 
Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillFireEye, Inc.
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Conduent Transport
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automationConduent
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachAlithya
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial ageConduent
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Cincom Systems
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar Wealthfront
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceDynatrace
 
Why LEAP?
Why LEAP?Why LEAP?
Why LEAP?LEAP Media Solutions, a division of BlueVenn
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookLulu Self-Publishing
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationConduent Transport
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceNew Relic
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsMachine Learning Valencia
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsLouis Dorard
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingLorinda Brandon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015Claire Townend Gee
 

More Related Content

Viewers also liked

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillFireEye, Inc.
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Conduent Transport
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automationConduent
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachAlithya
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial ageConduent
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Cincom Systems
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar Wealthfront
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceDynatrace
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookLulu Self-Publishing
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationConduent Transport
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceNew Relic
 

Viewers also liked (13)

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand Still
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automation
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer Experience
 
Why LEAP?
Why LEAP?Why LEAP?
Why LEAP?
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your book
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's Transportation
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with Confidence
 

Similar to Day in the Life of a Developer

Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsMachine Learning Valencia
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsLouis Dorard
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingLorinda Brandon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgerymorisson
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless applicationYan Cui
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014Manuel Pais
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationAbhay Bhargav
 
Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...peihsin1980
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 

Similar to Day in the Life of a Developer (20)

Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIs
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIs
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and Virtualizing
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgery
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021
 
C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio Scale
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021
 
Ontrack abug-20140925-02
Ontrack abug-20140925-02Ontrack abug-20140925-02
Ontrack abug-20140925-02
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
 
Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In Security
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Recently uploaded (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Day in the Life of a Developer

  • 1. Day in the Life of a Developer …with WhiteHat Sentinel Source
  • 2. “I roll out of bed and check my tickets…”
  • 3. “I roll out of bed and check my tickets…”
  • 4. “I roll out of bed and check my tickets…”  Notices a new vulnerability  Produced by ticketing integration  Viewing verified & actionable result  15+ supported systems, including…
  • 5. “I fire up my IDE and triage my issues…”
  • 6. “I fire up my IDE and triage my issues…”  Search application vulnerabilities
  • 7. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code
  • 8. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance
  • 9. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC
  • 10. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC  Apply Directed Remediation patch if available
  • 11. “I commit the fix and update the ticket…”
  • 12. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix
  • 13. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A
  • 14. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule
  • 15. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule  Ticket auto-updated to reflect results
  • 16. Security Enhanced Developer Tooling ... during notification … during triage … during verification
  • 17. Integration with Developer • Atlassian JIRA •…many more using WIS •Eclipse •IntelliJ •Xcode •Visual Studio • Git • SVN • Perforce • CVS • TFS •HTTP/S •SFTP •Java •C#.Net (incl. ASP.Net) •Objective-C (incl. iOS) •PHP •Java Script •HTML5 •Android Languages Code Repo Bug Tracking IDE Plugins
  • 18. WhiteHat Integration Server (WIS) Bug Tracking & ALM Systems Atlassian JIRA Microsoft Team Foundation Server Atlassian JIRA Service Desk ThoughtWorks Mingle Borland StarTeam (Dev Services Required) Rally HP ALM VersionOne HP Quality Center Bugzilla IBM Rational Team Concert (Rational Quality Manager) Serena Business Manager IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
  • 19. “I review significant vulns with my security team…”
  • 20. “I review significant vulns with my security team…”
  • 21. “I review significant vulns with my security team…”
  • 22. “I review significant vulns with my security team…”
  • 23. “I review significant vulns with my security team…”
  • 24. THE FRONT LINE Of Application Security

Editor's Notes

  1. Languages – 80% of most popular languages supported IDE – Vulnerability details available right within the development environment Code Repository -- Scan source code from most popular repositories Bug Tracking – Automatically open or close tickets for bugs and defects found or fixed by Sentinel Source
  2. WhiteHat Integration Server (WIS) helps bi-directionally integrate Sentinel Source with best-of-breed Bug Tracking & Application Lifecycle Management (ALM) tool