© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Application Security and Testing.

Slides:

Advertisements

Similar presentations

MGD Services, Inc. The IT Quality Assurance Specialists

Advertisements

FIS Enterprise Solutions EPK/EPM Implementation

Cisco Partner Helpline Essential Presales Support

Using Metrics to Reduce Cost of Re-work Dwight Lamppert Senior Test Manager Franklin Templeton.

BGAN Miami Seminar Day 1 Broadband Global Area Network 28 th June 2005 Option Finder Session 2 Broadband for a mobile planet TM.

Integrating SHE Management Systems in Organizations: A case for Business Sustainability Presentation by A. Chimutanda SHAW 7-9 October 2009.

Cost Management ACCOUNTING AND CONTROL

Google Confidential and Proprietary 1 The Power of Information Dan Reicher National Town Meeting on Demand Response and Smart Grid July 13, 2009 Washington,

By Rick Clements Software Testing 101 By Rick Clements

Demand Response May 9, United States 40 Million People 8 States Canada 10 Million People 7 Provinces Cost $6.0 to 10.0 Billion.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Hewlett-Packard.

Evolving Challenges of PCI Compliance Charlie Wood, PCI QSA, CRISC, CISA Principal, The Bonadio Group January 10, 2014.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Mobile Application Security.

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Welcome To Presentation on Holistic Information Security Management.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya

Presented by : Yoel Finkel Central Bureau of Statistics, Israel OECD STESEG Meeting, Paris, Sept Credit-Card Purchases as a Short-Term Indicator.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Taiwan ITQ.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Partner managed print.

Ticketmasters Call for Customer Service Xavier Coto Director of Telecom Operations Albert Mays III Senior IVR Operations Manager.

MARTAs Road to PCI Compliance 1 Presenter: Yolanda Curtis, PMP AFC Project Manager.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Better business outcomes equal better.

PeriData.Net® June 27, 2014, 10 a.m. CST  Webinar for hospitals using PeriData.Net®  Presented by the WAPC Perinatal Data Committee and Ancilla Partners.

MANAGING PRESSURES IN AN ACUTE SETTING Grant Archibald Director Emergency Care & Medical Services 10 TH JUNE 2011.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Need for Speed Win the.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice ABSP Enterprise Storage Installation.

© Prentice Hall CHAPTER 15 Managing the IS Function.

Version 5, Revised on ERPA 2014 © 20. ERPA Project – Horizon 2020  Horizon 2020 = the new EU programe for Research & Innovation  Started 01/01/2014.

Weekly Attendance by Class w/e 6 th September 2013.

Building an EMS Database on a Company Intranet By: Nicholas Bollons Sally Goodman.

Highcon: game changer in the packaging market Highcon transforms conventional packaging production from analog to digital 1 This document contains confidential.

© 2008 All Right Reserved Fortify Software Inc. Hybrid 2.0 – In search of the holy grail… A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

© Carnegie Mellon University The CERT Insider Threat Center.

1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed.

EC-Council | Press The Security Books You Have Been Waiting For!

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

Computer Security And Computer Crimes. Problem under consideration A software flaw was found in a national bank's web site that allows anyone who knows.

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Cloud Computing: Putting the Cloud to Work Today 2013 California Accounting & Business Show & CPE Conference June 3, 2013.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

SEC835 Database and Web application security Information Security Architecture.

ISEC0511 Programming for Information System Security

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

PCI: As complicated as it sounds? Gerry Lawrence CTO

© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.

Matin Barmare Technical Consultant Scalable Secure Applications Optimize Application Quality.

Introduction to Computer Ethics

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

WebEx Cloud Connected Audio Enterprise

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Computer Security By Duncan Hall.

Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

15 years of Web Security © 2015 WhiteHat Security, Inc. Jeremiah Grossman Founder WhiteHat Security, Inc. The Rebellious Teenage Years.

Defining your requirements for a successful security (and compliance

Moving from “Bolt-on” to “Build-in” Security Controls

Hanqing Zhou|Yijiang Li|Jason M Mays|Karabo Ntokwane|Qianru Yang

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Albeado - Enabling Smart Energy

Presentation transcript:

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Application Security and Testing Test Management Summit

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice TSE managing director Tomio Amano blamed the glitch on a software upgrade for processing data from securities companies which was introduced in October Application Security - Who Cares? From The Times December 3, 2007 Secrets of Shell and Rolls-Royce come under attack from Chinas spies James Rossiter Rolls-Royce and Royal Dutch Shell have fallen victim to Chinese espionage attacks, The Times has learnt. Sustained spying assaults on Britains largest engineering company and on the worlds second-biggest oil multinational occurred earlier this year as part of a campaign to obtain confidential commercial information, sources said 40M credit cards hacked Breach at third party payment processor affects 22 million Visa cards and 14 million MasterCards. June 20, 2005: 3:18 PM EDT By Jeanne Sahadi, CNN/Money senior writer – m 2 of 9

HP Confidential 3 11 January 2014 Application Security is the weakness of Security

HP Confidential Web Application Vulnerabilities on the Rise 4 Web is easiest entry point Networks are secure. Hackers know Web applications are not. Organizations under pressure More Web applications More regulatory requirements More customer & partner demands More pressure from shareholders Sources: Computer Emergency Response Team Coordination Center (CERT/CC), National Vulnerability Database, Open-Source Vulnerability Database, and the Symantec Vulnerability Database. Growth of Web Application Vulnerabilities

HP Confidential What are organizations doing about these threats? 5 Leading organizations secure the lifecycle 92% of security defects exist in the application Save $$ by fixing security defects before they get to production 1 X Development 6.5X Testing 15X 100X Design Deployment

HP Confidential 6 Challenge of Building a Scalable Security Program

HP Confidential Tools available today to support application security quality issues Source code analysis static review of application vulnerabilities at the code phase Find and fix Security testing tools Functional validation of security requirements Some integrated with test management solutions Remedial updates to cover new threats Post deployment security Penetration testing as an ongoing preventative measure Regular updates and re-test imperative

HP Confidential Points to consider Where does security fit in to the application lifecycle? What is your security policy ? how do you consider it when approaching software quality? Should quality be considered only at the testing stage? What about pre and post testing? Internal vs external security – Where are the vulnerabilities in your org? People? Applications? Data? Is there enough awareness of this issue within your org Application vulnerabilities account for 75% of all issues

HP Confidential Open to the floor Security testing experiences What works well Why? Challenges How can they be overcome? Who is responsible? Does it have to become front line news before it is taken seriously?

HP Confidential