Presentation is loading. Please wait.

Presentation is loading. Please wait.

WP3 Security SQA INDIGO - DataCloud

Published byDora McCoy Modified over 6 years ago

Similar presentations

Presentation on theme: "WP3 Security SQA INDIGO - DataCloud"— Presentation transcript:

1 WP3 Security SQA INDIGO - DataCloud
John Kewley Ian Neilson STFC – UK

2 WP3 Security SQA Background - D3.1 - Initial Plan for WP3
Quality Criteria Code Style Unit Testing Functional and Integration Testing Code Review Documentation Metrics, including ….. … “Number of software vulnerabilities” …. These are all good for Security Can this be improved? What can we do to help?

3 WP3 Security SQA 3 phase approach Code analysis (ongoing)
SWAMP toolset Service [architecture] review (beginning) Select a few key services - IM, Orchestrator, Onedata, …? Asset evaluation -> protection of data and comms. Configuration -> documentation and risks Combine off-the-shelf scanners with manual review Traceability testing (later) Can a user (who, where, when) be traced from an action? Is the logging adequate?

4 What is SWAMP SoftWare Assurance MarketPlace
Suite of static code analysis tools (one isn’t enough) A good variety of tools supported, incl. some commercial, assessing many aspects of code Range of languages supported incl. Python, Java, C/C++ Potential to link into Jenkins SWAMP: SWAMP portal: Static tools:

5 The SWAMP Process Rather than spending time installing, licensing and configuring software assessment tools on your own machines, you can use SWAMP. Upload your package First, upload your code. It remains private and secure. Run your assessment Next, create and run an assessment by choosing a package, tool, and platform. View your results Last, view your results using a native viewer or Code Dx™ for full featured analysis.

Download ppt "WP3 Security SQA INDIGO - DataCloud"

Similar presentations

OMII-Europe Repository Steven Newhouse Director, OMII-UK.

OMII-Europe Repository Steven Newhouse Director, OMII-UK.
UNESCO ICTLIP Module 2. Lesson 31 Introduction to Integrated Library Systems Lesson 3. How Do You Evaluate Integrated Library Systems?

UNESCO ICTLIP Module 2. Lesson 31 Introduction to Integrated Library Systems Lesson 3. How Do You Evaluate Integrated Library Systems?
TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.

TCSEC: The Orange Book. TCSEC Trusted Computer System Evaluation Criteria.
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
OPTIRAIL WORKSHOP · OCTOBER 23, 2014 · BRUSSELS WP5: “Integration and Usability validation of models”

OPTIRAIL WORKSHOP · OCTOBER 23, 2014 · BRUSSELS WP5: “Integration and Usability validation of models”
The future for Test Automation Sarah Saltzman EMEA Manager for Quality Test Management Summit January 31 st, 2007.

The future for Test Automation Sarah Saltzman EMEA Manager for Quality Test Management Summit January 31 st, 2007.
SwE 434. Rational Quality Manager Rational Quality Manager is a collaborative, Web-based tool that offers comprehensive test planning, test construction,

SwE 434. Rational Quality Manager Rational Quality Manager is a collaborative, Web-based tool that offers comprehensive test planning, test construction,
Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.

Assessing Vulnerabilities ISA 4220 Server Systems Security James A. Edge Jr., CISSP, CISM, CISA, CPTE, MCSE Sr. Security Analyst Cincinnati Bell Technology.
The project plan. December 16, 2004. Agenda The project plan –Risks –Language decision –Schedule –Quality plan –Testing –Documentation Program architecture.

The project plan. December 16, Agenda The project plan –Risks –Language decision –Schedule –Quality plan –Testing –Documentation Program architecture.
Michael S. Zachowski, Robert D. Walla Astrix Technology Group 1090 King Georges Post Rd Edison, NJ 08837 A Successful Approach to a LIMS Upgrade In A Public.

Michael S. Zachowski, Robert D. Walla Astrix Technology Group 1090 King Georges Post Rd Edison, NJ A Successful Approach to a LIMS Upgrade In A Public.
Picture 1 model: ICT lifecycle in a company 1. business needs & business strategy 2. ICT strategy - ICT assessment - ICT strategic plan - ICT implementation/tactical.

Picture 1 model: ICT lifecycle in a company 1. business needs & business strategy 2. ICT strategy - ICT assessment - ICT strategic plan - ICT implementation/tactical.
Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing.

Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing.
File: 1 The OECD Halden Reactor Project The OECD Halden Reactor Project (HRP) is an International Research Project between 19 countries in Europe, America.

File: 1 The OECD Halden Reactor Project The OECD Halden Reactor Project (HRP) is an International Research Project between 19 countries in Europe, America.
Software Engineering Term Paper

Software Engineering Term Paper
Test Organization and Management

Test Organization and Management
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
CMS Security Justin Klein Keane CMS Working Group March 3, 2010.

CMS Security Justin Klein Keane CMS Working Group March 3, 2010.
Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.

Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
The Basics of Javadoc Presented By: Wes Toland. Outline  Overview  Background  Environment  Features Javadoc Comment Format Javadoc Program HTML API.

The Basics of Javadoc Presented By: Wes Toland. Outline  Overview  Background  Environment  Features Javadoc Comment Format Javadoc Program HTML API.

Similar presentations

Ads by Google