WP3 Security SQA INDIGO - DataCloud

Slides:



Advertisements
Similar presentations
OMII-Europe Repository Steven Newhouse Director, OMII-UK.
Advertisements

UNESCO ICTLIP Module 2. Lesson 31 Introduction to Integrated Library Systems Lesson 3. How Do You Evaluate Integrated Library Systems?
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
OPTIRAIL WORKSHOP · OCTOBER 23, 2014 · BRUSSELS WP5: “Integration and Usability validation of models”
The future for Test Automation Sarah Saltzman EMEA Manager for Quality Test Management Summit January 31 st, 2007.
SwE 434. Rational Quality Manager Rational Quality Manager is a collaborative, Web-based tool that offers comprehensive test planning, test construction,
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
The project plan. December 16, Agenda The project plan –Risks –Language decision –Schedule –Quality plan –Testing –Documentation Program architecture.
Michael S. Zachowski, Robert D. Walla Astrix Technology Group 1090 King Georges Post Rd Edison, NJ A Successful Approach to a LIMS Upgrade In A Public.
Picture 1 model: ICT lifecycle in a company 1. business needs & business strategy 2. ICT strategy - ICT assessment - ICT strategic plan - ICT implementation/tactical.
Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing.
File: 1 The OECD Halden Reactor Project The OECD Halden Reactor Project (HRP) is an International Research Project between 19 countries in Europe, America.
Software Engineering Term Paper
Test Organization and Management
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
CMS Security Justin Klein Keane CMS Working Group March 3, 2010.
Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
The Basics of Javadoc Presented By: Wes Toland. Outline  Overview  Background  Environment  Features Javadoc Comment Format Javadoc Program HTML API.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Support for Vista Unity 5.0(1)
Software Testing. What is Testing? The process consisting of all life cycle activities, both static and dynamic, concerned with planning, preparation.
WEEK INTRODUCTION CSC426 SOFTWARE ENGINEERING.
Security, GENI, and Open Source Ketly Jean-Pierre GENI/Howard University.
GEARS Commercial SPL Tool Ohad Utitz Moran Nave May 2013.
 Programming - the process of creating computer programs.
Software Release Procedure Session MANAGEMENT and FUTURE directions Form ongoing ‘empowered’ Technical Discussion Group (TDG) Any future project definitions(resources.
INFSOM-RI WP 4 : Testing Tools and Methodologies Status Report ETICS Review – 15 February 2008 Éva Takács (4D SOFT)
Chapter 3 Midterm Review Your Help For the Mid-Term.
© SERG Reverse Engineering (REportal) REportal: Reverse Engineering Portal (reportal.cs.drexel.edu)
Sol-Terra: A Roadmap to Operational Sun-to- Earth Space Weather Forecasting Mike Marsh 1, David Jackson 1, Alastair Pidgeon 2, Gareth Lawrence 2, Simon.
T Project Review MalliPerhe Iteration 3 Implementation
Getting to Know the SWAMP (Software Assurance Marketplace) Irene Landrum Assistant Project Manager.
JRA1 Meeting – 09/02/ Software Configuration Management and Integration EGEE is proposed as a project funded by the European Union under contract.
Introduction to Programming 1 1 2Introduction to Java.
Ansible and Ansible Tower 1 A simple IT automation platform November 2015 Leandro Fernandez and Blaž Zupanc.
STFC in INDIGO DataCloud WP3 INDIGO DataCloud Kickoff Meeting Bologna April 2015 Ian Collier
Tool Support for Testing Classify different types of test tools according to their purpose Explain the benefits of using test tools.
Profiling/Tracing Method and Tool Evaluation Strategy Summary Slides Hung-Hsun Su UPC Group, HCS lab 1/25/2005.
Programming 2 Intro to Java Machine code Assembly languages Fortran Basic Pascal Scheme CC++ Java LISP Smalltalk Smalltalk-80.
Slide 1 © 2016, Lera Technologies. All Rights Reserved. Oracle Data Integrator By Lera Technologies.
Android. Android An Open Handset Alliance Project A software platform and operating system for mobile devices Based on the Linux kernel Developed by Google.
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
1 March 19, Test Plans William Cohen NCSU CSC 591W March 19, 2008.
TCSEC: The Orange Book.
SE-1021 Software Engineering II
Chapter 10: Web Basics.
Using Ada-C/C++ Changer as a Converter Automatically convert to C/C++ to reuse or redeploy your Ada code Eliminate the need for a costly and.
Chapter 8 Environments, Alternatives, and Decisions.
Bogor-Java Environment for Eclipse
Software Analytics Platform
Managing the Project Lifecycle
Infrastructure Orchestration to Optimize Testing
JZOS (Java Batch Launcher and Toolkit for z/OS) Quick Start Guide
Software Chapter 11.
^ About the.
MOBILE DEVICE OPERATING SYSTEM
Design and Implementation
Skill Based Assessment
Skill Based Assessment
Shanghai Jiao Tong University
Implementation and Maintenance
Introduction to Software Testing
eCulture Science Gateway – reloaded
Secure Coding: SDLC Integration Sixfold Path
Module 01 ETICS Overview ETICS Online Tutorials
Make Web Not War /Web Say(Hello); to the Microsoft Web Platform
Chapter 7 –Implementation Issues
Developing Web Specifications
Human Resources Risk Assessment
Presentation transcript:

WP3 Security SQA INDIGO - DataCloud John Kewley Ian Neilson STFC – UK john.kewley@stfc.ac.uk ian.neilson@stfc.ac.uk

WP3 Security SQA Background - D3.1 - Initial Plan for WP3 Quality Criteria Code Style Unit Testing Functional and Integration Testing Code Review Documentation Metrics, including ….. … “Number of software vulnerabilities” …. These are all good for Security Can this be improved? What can we do to help?

WP3 Security SQA 3 phase approach Code analysis (ongoing) SWAMP toolset Service [architecture] review (beginning) Select a few key services - IM, Orchestrator, Onedata, …? Asset evaluation -> protection of data and comms. Configuration -> documentation and risks Combine off-the-shelf scanners with manual review Traceability testing (later) Can a user (who, where, when) be traced from an action? Is the logging adequate?

What is SWAMP SoftWare Assurance MarketPlace Suite of static code analysis tools (one isn’t enough) A good variety of tools supported, incl. some commercial, assessing many aspects of code Range of languages supported incl. Python, Java, C/C++ Potential to link into Jenkins SWAMP: https://continuousassurance.org SWAMP portal: https://www.mir-swamp.org Static tools: https://samate.nist.gov/docs/NIST_Special_Publication_500-297.pdf

The SWAMP Process Rather than spending time installing, licensing and configuring software assessment tools on your own machines, you can use SWAMP. Upload your package First, upload your code. It remains private and secure. Run your assessment Next, create and run an assessment by choosing a package, tool, and platform. View your results Last, view your results using a native viewer or Code Dx™ for full featured analysis.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.