Security Autodesk DevDays rEvolution

Slides:



Advertisements
Similar presentations
Construction Documents and Details
Advertisements

Making Your Session Last: Presenting for AU Online Ray EisenbergBrian Schanen Eric Stover Call in Info: Participant Code:
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
© 2013 Autodesk Autodesk Labs & Autodesk Beta Scott Sheppard Program Manager, Autodesk Labs Expert Elite 2013.
© 2012 Autodesk Get Your Head into the Cloud: How to Make Digital Asset Management Work for You Oscar R. Cantu’ Topcon University.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
© 2012 Autodesk How to Establish Autodesk® PLM 360 as the Platform for Enabling PLM and Related Processes Prayush Saraswat PLM Business Process Consultant.
© 2012 Autodesk Autodesk® Simulation 360: Taking Full Advantage of the Cloud to Improve your Design Mike Smell Technical Consultant.
© 2010 Autodesk Autodesk Structural Curriculum 2013 Unit 1: Introduction to Structural BIM Building Information Modeling.
© 2012 Autodesk Conceptual and Design Workflows Using Autodesk ® 360 Integrated Applications Anirban Ghosh Principal User Experience Designer – DLS Mobile.
© 2011 Autodesk Single Job 1 Processor 1 Single Job 2 Single Job 3 Processor 2 Processor 3 Big Job 1 Big Job 2 Single Job 4 Processor 1 Single Job 5 Single.
© 2013 Autodesk Autodesk ® ReCap ™. © 2013 Autodesk What is Reality Capture? Reality capture is the process of taking the analog world around us and putting.
Scripting Components for AutoCAD Plant 3D
© 2012 Autodesk AC It's a Plug-in. It's an App. It's Autodesk® Exchange Apps! Karen Mason Principal User Experience Designer, Autodesk.
© 2012 Autodesk Autodesk 360 Jerry Campbell VDC Consultant.
© 2012 Autodesk AutoCAD ® Virtualized and Digitized michael trachtenberg - AE BackOffice Software Director.
© 2012 Autodesk The Devil Is In The Workflow Module 1: Successfully Plan and Implement BIM Luis Rojas Building Design Product Line Manager, Eagle Point.
© 2012 Autodesk Project Architect-Times-a-Changing: How to transition from yesterday to today Christopher Ozog Project Architect.
Join us on Twitter: #AU2013 Roundtable: Electrical in a 3D World Randy Brunette Electrical Subject Matter Expert Janna Spicer Product Manager, Mechanical.
© 2012 Autodesk Autodesk Structural Curriculum 2013 Unit 2: User Interface Autodesk® Revit® Structure Software User Interface.
Join the conversation #AU2015. Class summary text goes here Class summary #AU2015.
Snakes and Ladders OWASP Newcastle 24 th November 2015.
Deconstructing API Security
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
© 2012 Autodesk Adding Instrumentation and Electrical Capabilities to Autodesk® Plant Design Suite Andy Bonfield.
© 2013 Autodesk Autodesk Upgrade Discontinuation Presenter Name Presenter Title 2013.
© 2012 Autodesk Going for the Gold with Data Management AB6022-V Adam Peter Customer Success Engineer.
© 2012 Autodesk Can You Afford to Use Old Training Methods on New Technology? Module 1: Why Old Training Methods Don’t Work Steve Biver Civil Product Line.
Join us on Twitter: #AU2014. Class summary text goes here Class summary.
© 2012 Autodesk Customizing AutoCAD P&ID David Wolfe Process and Power Specialist.
Join us on Twitter: #AU2013.  An appropriate image has been provided for your presentation based on the AU look and feel  You can replace the Title.
© 2012 Autodesk The Picture Says It All: Commercial Site Plan 3D Visualizations Using Autodesk® IDS John Sayre Civil Application Engineer.
© 2012 Autodesk Autodesk Structural Curriculum 2013 Unit 3: Modeling for Building Structures Building Information Modeling.
HIG – Self publishing process Scope and plan Jay Zhang, Gabriel He March 4, 2014.
© 2011 Autodesk The Suite Life of AutoCAD® Guillermo Melantoni Sr Product Manager: Workflows and Interoperability at Autodesk.
© 2012 Autodesk SM3595-R | Thinking of Design, Engineering, and Simulation Differently! Luke Mihelcic Product Marketing Manager | ISM – Simulation Industry.
© 2012 Autodesk Collaboration Systems – It’s good to share Martin Duke Business Systems Manager.
© 2014 Autodesk Getting started with Desktop Subscription.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
© 2011 Autodesk Publish Autodesk® Inventor® Building Components for Consumption in AutoCAD® MEP and Revit® MEP Jay Ayala Solutions Engineer.
© 2012 Autodesk From CAD to Awesome: AutoCAD® and Autodesk® SketchBook® Designer Guillermo Melantoni Product Line Manager: Personal Design & Fabrication.
Making Use of Substation Design Models for Project Estimating Trevor Scullion Managing Director, Automationforce inc.
1.Click on the link below, this will open your web browser 2.Use “Extended Display” to project the.
© 2012 Autodesk The new AUGI UGA / UG Handbook Shaun Bryant Director, AUGI Board of Directors.
1.Click on the link below, this will open your web browser 2.Use “Extended Display” to project the.
1.Click on the link below, this will open your web browser 2.Use “Extended Display” to project the.
The time to address enterprise mobility is now
Web Application Vulnerabilities
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Securing Your Web Application in Azure with a WAF
Vulnerability Chaining Every Low Issue Has its big impact
Are You STILL Not Using AutoCAD® Civil 3D ®?
ADN Developer Days 2011 Inventor App Store.
Water! Water! Quenching Your Thirst for Water in AutoCAD® Civil 3D®
1. ASSOCILATE DEGREE PROGRAM Application Attacks SUBMITTED TO: Fatima Ashiq SUBMITTED By: University Of Central Punjab Farooq Sardar (V1F16ASOC0012) Adnan.
Autodesk® Revit® Rendering Tips You Can Use
Creating Intelligent Details in Autodesk® Revit®
Check Out These ‘Suite’ Workflows
Using Scripts, AutoLISP® and
Autodesk Navisworks: Practical Tips and Tricks from Seven Years in the Construction Industry Josh Lowe Project Lead, TURIS Systems.
AppExchange Security Certification
BIM for Interiors: Making Autodesk® Revit® Work for You
WWW安全 國立暨南國際大學 資訊管理學系 陳彥錚.
MP1483 Massing and using Architecture Models for Revit MEP 2013 Analysis Simon Whitbread Application Specialist.
The Family Lab Harlan Brumm Product Support Technical Lead.
© 2014 Autodesk MEP Fabrication Detailing in Autodesk® Revit® MEP 2016 Julien Drouet BIM Technical Specialist – MEP, Construction & MEP Fabrication.
Microsoft Data Insights Summit
Beyond Massing: Conceptual Design in Autodesk® Revit® Architecture 2012 David Fano Partner | CASE Design, Inc |
Presentation transcript:

Security Autodesk DevDays 2013 - rEvolution Where Desktop meets the Cloud Jim Quanci Director, Autodesk Developer Network

Something on everyone’s mind… I know many of you – and your customers have security concerns and questions. Security is a pretty big deal… and its just getting bigger. Adobe was hacked a month back. Angela Merkel had her mobile tapped. Customers have good reason to be concerned about the security of their data.

Don’t stick your head in the sand… YOU need to learn the security basics to create safe software and web services.

The Need Customer confidence and trust Reputation Publicity (negative) Legal The need is clear. We must have customer confidence and trust – or we will fail. There is also a significant real emotional component to security. The customer needs to know you are protecting their interests and not misusing their data. At the same time we as a community do a better job securing our customers data and IT assets, we also all need to have frank conversations with our customers about how data is handled today – and how we can make their data more secure using the web and the cloud. How many customers send their design data to partners and customers by email?

Vulnerabilities - Desktop Here are the top client software vulnerabilities. No surprises on most of these… error handling, buffer issues, SQL injection and so on. “more code, more bugs, more security problems”

OWASP (Open Web Application Security Project) Vulnerabilities – Web Services OWASP (Open Web Application Security Project) 1 – Injection 2 – Broken Authentication & Session Management 3 – Cross Site Scripting (XSS) 4 – Insecure Direct Object References 5 – Security Misconfiguration 6 – Sensitive Data Exposure 7 – Missing Functions Level Access Control 8 – Cross Site Request Forgery 9 – Using Components with Known Vulnerabilities 10 – Unvalidated Redirects and Forwards Web Services have a different set of vulnerabilities – areas you need to consider and address to deliver a secure web service to your customers.

Common Vulnerabilities Tying together various web services – a lot of what we talked about today – has its own special security requirements – the importance of Filter Input and Escape Pitput.

What you should do right now Limit user privileges Turning on compiler/linker security flags Disabling unsafe functions by using banned.h So what is it that you as a developer can do right away to secure your applications? Here are three things that you can do right away. First, limit the user privileges of your application. This will automatically reduce the risk of damage that your application can do. The next thing you could do is to turn on the flags that your compiler and linker provides that will detect and report potential security holes in your application. All modern compilers have these flags and using all of them is the right thing to do. Third, most legacy code, especially in C and C++, uses standard library methods and functions that make your applications vulnerable to hacking and attacks. You should immediately swap these functions and methods out for more secure versions of these methods and functions.

What Autodesk is doing Implementing infrastructure and processes to secure all applications spanning Desktop Mobile Cloud Autodesk is constantly working on improving processes to strengthen existing security modules in its applications and introduce newer practices as they evolve. We are actively conducting Audits of our applications to identify vulnerabilities and plugging them. These Audits and standard improvements span multiple platforms including desktop, mobile and cloud based services.

Autodesk on the cloud Physical security at cloud data centers Software security schemes at multiple levels Securing access to your content Encrypting transmitted data On the cloud, Autodesk has established clear policy practices to secure your Intellectual property. Here is what we implement: A very high level of physical security of the data centers in which the cloud data exists Software security schemes at multiple levels from the low level operating systems all the way up to the software application that you use. Securing access to your content through login/password mechanism. The process of logging-in itself is also encrypted. Encrypting any data that is transmitted from your local computer to the cloud and vice versa

Autodesk Security Policy and Practices Autodesk® 360: Work Wherever You Are – Safely Autodesk Trust Center One of the key focus points in the previous slide is application security and while it is mainly your responsibility to secure your application, the Autodesk cloud infrastructure goes to great lengths to secure it as well. These issues are discussed in more detail in this white paper from Autodesk: Autodesk® 360: Work Wherever You Are – Safely. You will also find more technical details in the links provided here. Also, the Autodesk Trust Center will give you up to date information on Privacy, Security, Operational and Quality control measures for Autodesk products and services. There is a lot of information here that will equip you to have a rational and informed discussion with your customers about security issues.

More Autodesk Security Info Security Controls for the Autodesk® 360 Managed Services Terms of Service: Autodesk® 360 and Other Services You might also worry about details of how your data, and that of your customer, is handled once it is on the cloud. For instance what happens if you or your customer deletes the content? Do backups exist? Who else has access to your data if any? What happens when an account is terminated? These details and more are specifically discussed here: Terms of Service: Autodesk® 360 and Other Services. The Terms of service is not just a legal document. It also gives specific details of how the data is handled. It is highly recommended that you read these documents.

Questions and Answers

Autodesk is a registered trademark of Autodesk, Inc Autodesk is a registered trademark of Autodesk, Inc., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. Autodesk reserves the right to alter product and services offerings, and specifications and pricing at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document.