Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matin Barmare Technical Consultant Scalable Secure Applications Optimize Application Quality.

Published byCollin Neal Modified over 9 years ago

Similar presentations

Presentation on theme: "Matin Barmare Technical Consultant Scalable Secure Applications Optimize Application Quality."— Presentation transcript:

1 Matin Barmare Technical Consultant Scalable Secure Applications Optimize Application Quality

2 2August 11, 2008 Agenda Are these Necessities?? HP Solution Approach HP Solutions Overview Q & A

3 3August 11, 2008 Performance – Is it really important??

4 4August 11, 2008 Application Security – What is that??

5 So What is Hacking?

6 6August 11, 2008

7 7 Hacking … ??

8 8August 11, 2008 I don’t know this Security thing!!

9 9August 11, 2008 Now that hurts!!

10 10August 11, 2008 The Risks are Real!! 10August 11, 2008 Hackers Move from hobbyists to professionals. Hack went on for 2 years, 40 million records stolen, company now out of business. Cardsystems out of business PCI Requirement 6.6 becomes effective on June 30, 2008, requires web sites to be scanned for vulnerabilities or protected PCI deadline looming Hacker Redirects Barack Obama's site to hillaryclinton.com using cross-site scripting vulnerability Obama web site hacked MySpace site shut down by JavaScript worm exploiting vulnerabilities in the sites AJAX code Web 2.0 vulnerable Chain says intrusion may expose 4.2m cards; 1,800 fraud cases seen Grocer Hannaford hit by computer breach

11 11August 11, 2008 HP’s approach to AQM Global, enterprise-wide projects Global teams and deployments Complex, heterogeneous environments Plan Define / Design Develop / Test Launch Operate New Deploy ment Full Quality Process Fix / Pat ch Minor Release Accelerated Quality Process Assess and Analyze risk Establish testing priorities Create test plans RISK-BASED TEST PLANNING TEST MANAGEMENT AND EXECUTION Execute security scans Identify and customize security policies DEFECT MANAGEMENT Execute functional tests Create manual test cases Automate regression test cases Functional requirements Business requirements Security requirements Performance requirements REQUIREMENTS MANAGEMENT Other non- functional requirements Execute tests, diagnose and resolve problems Create performance scripts and scenarios Enforce quality processes; support key roles Applied across the true lifecycle of a business application Three pillars of quality Does it work? Is it secure? Does it perform? AQM

12 12August 11, 2008 Three pillars of quality 1 AQM Does it work? FUNCTIONALITY Does it perform? PERFORMANCE Is it secure? SECURITY Does it work? Does the application function the way the business needs it to? Does it perform? Will the application perform for the entire customer set? Will it scale? Will it meet SLAs in production? Is it secure? Has the application been assessed against all known threats? Are there open doors or windows that sophisticated hackers can penetrate?

13 13August 11, 2008 STRATEGY/ DEMAND Strategic demand New applications New services Application integrations Operational demand Defects Enhancements Change requests Enterprise Architecture and Policies SOA Security Many stakeholders from across IT and the business Business Analyst Quality Assurance Developers Requirements Management Quality Assurance Performance Engineers/ Security Engineers Test Plan RISK-BASED TEST PLANNING TEST MANAGEMENT AND EXECUTION Quality Assurance QA Inspect Developers DevInspect Security Engineers Assessment Management Platform DEFECT MANAGEMENT Quality Assurance Functional Testing Testers Business Process Testing Quality Assurance Functional Testing Performance Engineers Systems Architect Diagnostics Performance Engineers LoadRunner Performance Center DEV / QA / PE / SE / Project Management Defect Management Quality Assurance Requirements Management Business Analyst Requirements Management Security Engineers Requirements Management Performance Engineers Requirements Management REQUIREMENTS MANAGEMENT Developers Requirements Management Support all key roles Integrate with demand Security Engineers WebInspect OPERATIONS Application Support Service Manager Operations BAC EUM & Diagnostics Connect to production IT / Project Management Dashboard Go/ No Go

14 14August 11, 2008 HP Performance Center Foundation LoadRunner | Performance Center VuGen Controller Load Generator Monitors Analysis Center Management Demand Project Resource Diagnostics J2EE.NET SOA SAP Oracle User/Privilege Management Infrastructure Management Central Repository Global Access and Collaboration Dashboard HP Performance Center

15 15August 11, 2008 Performance Engineering - Value

16 16August 11, 2008 Breadth of analysis End user: Transaction “look up account” took 17.58 seconds at 250 users System: Application server CPU reached 90% at 500 users Network: London to datacenter network segment very slow Application: J2EE method “AccountLookup” took 16 seconds; 90% of end user response time What do you see at the end of a load test?

17 17August 11, 2008 AQM – IT initiatives Minimize time, reduce cost and gain control of risk for all applications across the entire IT organization Application project deployments & upgrades − Enable high-quality, timely releases − Validate application functionality − Optimize application performance − Assess application security Quality management product & process standardization − Ensure consistent delivery of high-quality releases − Risk-based approach to managing application change − Connect quality with strategic & operational processes Center of excellence − Pervasive quality approach for all application types and SOA services − Centralized technology & personnel − QA processes govern testing and quality initiatives − QA has enterprise influence Application quality management Application project deployments and upgrades Quality management product and process standardization Center of excellence

18 18August 11, 2008 Security illusions

19 19August 11, 2008 Applications are the target 19August 11, 2008 “75% of hacks happen at the application.” - Gartner “Security at the Application Level” “75% of hacks happen at the application.” - Gartner “Security at the Application Level” Network: Secured by firewall Servers: Protected by intrusion prevention Applications: Unprotected and ignored 

20 20August 11, 2008 HP Application Security Center Foundation Dashboard HP Application Security Center Assessment Management Platform Policy and compliance Centralized administration Vulnerability and risk management Alerts and reporting Distributed scanning DevInspect Microsoft Visual Studio Eclips e IBM RAD QAInspect HP Quality Center HP Functional Testing Intelligent engines SecureBase Security toolkit Open APIs SmartUpdat e Reporting Hybrid analysis WebInspect Production Application Assessment

21 21August 11, 2008 Enterprise application security assurance HP Application Security Center Security for the Application lifecycle HP Web Security Research Group Internal app security research External hacking research PlanDesignCode Production Test HP Application Security Center Enterprise security assurance and reporting Source code validation QA & integration testing Production assessment QAInspect WebInspect DevInspect Assessment Management Platform Continuous Updates

22 22August 11, 2008 Secure Your Outcome with the Application Security Center 22August 11, 2008 A Complete Application Lifecycle Solution Key benefits Find Security defects throughout the lifecycle Correct security defects early in application lifecycle and monitor applications in production Manage your online risk Verify compliance with government regulations Less exposure to application downtime and theft of online information Key capabilities Automatically finds and prioritizes security defects in a Web application Supports the latest AJAX and Web 2.0 Rich Internet Application technologies The only solution with Hybrid Analysis combining both static and dynamic analysis for the most accurate results possible Built-in Security Expertise combines daily updates of vulnerability checks with our unique intelligent engine technology Comprehensive defect information and remediation advice about each vulnerability Integrates with HP Quality Center

23 Q & A

24 Thank you! arun.john@hp.com

Download ppt "Matin Barmare Technical Consultant Scalable Secure Applications Optimize Application Quality."

Similar presentations

HP Quality Center Portfolio Overview

HP Quality Center Portfolio Overview
What is Infrastructure Optimisation and Why should you care?

What is Infrastructure Optimisation and Why should you care?
Performance Testing - Kanwalpreet Singh.

Performance Testing - Kanwalpreet Singh.
HP Quality Center Overview.

HP Quality Center Overview.
HP Solution Approach for Quality and Performance Testing

HP Solution Approach for Quality and Performance Testing
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect

A Presentation for the Enterprise Architect © 2008 IBM Corporation IBM Technology Day - SOA SOA Governance Miroslav Petrek IT Software Architect
One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !

One Firm. One Team. Countless Opportunities. Baruch College Come out to network and learn more about a career with KPMG that is far beyond coding !
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Microsoft Dynamics. Introducing Al-Futtaim Technologies  One of the region’s leading System Integrators  Strong partnerships with leading global ICT.

Microsoft Dynamics. Introducing Al-Futtaim Technologies  One of the region’s leading System Integrators  Strong partnerships with leading global ICT.
HP Quality Center – Test Management Tool : Dibyendu Saha Finance Transformation Focus on Results.

HP Quality Center – Test Management Tool : Dibyendu Saha Finance Transformation Focus on Results.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Copyright © Panaya Oracle ® E-Business Suite Testing: How to Get Your Business Users On-Board Amir Farhi Director, Product Marketing.

Copyright © Panaya Oracle ® E-Business Suite Testing: How to Get Your Business Users On-Board Amir Farhi Director, Product Marketing.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Integration Story: Rational Quality Manager / Team Foundation Server / Quality Center Introductions This presentation will provide an introduction.

The Integration Story: Rational Quality Manager / Team Foundation Server / Quality Center Introductions This presentation will provide an introduction.
Getting Smarter with Information An Information Agenda Approach

Getting Smarter with Information An Information Agenda Approach
WEB329 ASP.NET: A Lap Around the New Enhancements for Web Developers in Microsoft Visual Studio 2005 Omar Khan Lead Program Manager Web Platform and Tools.

WEB329 ASP.NET: A Lap Around the New Enhancements for Web Developers in Microsoft Visual Studio 2005 Omar Khan Lead Program Manager Web Platform and Tools.

Similar presentations

Ads by Google