Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The CA Technologies | Veracode Platform: A 360-Degree View of Your Application's Security

373 views

Published on

The CA Technologies | Veracode Platform: A 360-Degree View of Your Application's Security

For more information on DevSecOps, please visit: http://ow.ly/LcyX50g63fO

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The CA Technologies | Veracode Platform: A 360-Degree View of Your Application's Security

  1. 1. The CA Technologies | Veracode Platform: A 360-Degree View of Your Application's Security Austin Britt DST43T DEVSECOPS Solutions Architect Team Lead Veracode
  2. 2. 2 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS © 2017 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2017 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
  3. 3. 3 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Abstract Having a single view into the security of your application code, any third-party components and current state and changes to your Web perimeter provides valuable insight into your overall application security program. Integrating that capability into your software development environment allows security to partner with development rather than impede it. Enabling access to security results across local and distributed development and security teams allows for faster remediation efforts. Providing relevant secure coding educational resources in the same platform where code vulnerabilities are reported supports developers in fixing flaws faster and developing improved secure coding practices. This session will provide a full demonstration of Veracode's cloud- based application security platform, which addresses each of these areas. Austin Britt Veracode Solutions Architect – Team Lead
  4. 4. 4 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Agenda RIGHT SIZING SECURITY PLUG INTO PREEXISTING SOLUTIONS AUTOMATION BEST PRACTICES APPLICATION SECURITY MATURITY PRODUCT DEMONSTRATION 1 2 3 4 5
  5. 5. 5 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Manage Application Risk Through a Centralized Platform $80 (X) $240 (4X) $960 (10X) $7,600 (100X) CODE BUILD TEST PROD Greenlight File level analysis from IDE Sandbox Developers can check code without effecting policy compliance Software Composition Analysis (SCA) Identify and eliminate risk in third-party components Binary Static Analysis (SAST) Asses your applications for policy compliance Web Application Security (DAST) Find flaws in applications deployed to production Focused Manual Penetration Testing (MPT) Test application for business logic attacks that automation cannot find Developer Secure Code Training Enable Developers with computer based training On-Demand Application Security Consultants (ASC) On-demand remediation guidance for developers and security Security Program Management (SPM) Successfully launch your program for immediate results and scale without adding headcount
  6. 6. 6 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Integrate into existing Agile, DevOps & CI/CD Toolchain Centralized AppSec Platform
  7. 7. 7 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS AppSecProgram Maturity Optimal time to onboard additional apps or dev teams ContinuousRefinement/Improvement Gain commitment from executive level, security, and development Define application inventory, business criticality, and target rollout phases Define policy(s) Baseline scan of 1st phase of applications Define program metrics Develop a remediation & mitigation strategy, adjust policy(s) accordingly Integrate into IDE(s) Automate scans with build server plugins Deploy a defense in depth strategy - i.e. Greenlight, IAST, or RASP Develop internal AppSec expertise Automated security into CI/CD pipeline – gate repo, build(s), or deployment(s) Include SCA in design phase & SAST in the requirements phase development Vendor application security testing (VAST) Integrate into defect tracking system Phased Activities AppSec Maturity Roadmap
  8. 8. 8 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS CODE BUILD TEST STAGE PROD Veracode Plugin Veracode Step Automate Security into Existing SDLC Staging ProductionStatic Analysis SCA Sandbox IDE Greenlight Code Repo Build Server Dynamic Analysis Defect Tracking System
  9. 9. 9 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Veracode Platform Overview
  10. 10. 10 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Recommended Sessions SESSION # TITLE DATE/TIME DST50T How Components Increase Speed and Risk 11/15/2017 at 1:45 pm DST40T Scale Your Application Security Program Effectively with the Right Program Management Model 11/15/2017 at 3:30 pm SCT40T Don’t Overreact: How to Respond to Vulnerability Disclosures 11/15/2017 at 3:30 pm DST39T DevOps: Security’s Chance to Get It Right 11/16/2017 at 12:45 pm SCT41T Testing the Fences: Recent Attacks Are Harbingers of a More Serious Threat 11/16/2017 at 4:15 pm
  11. 11. 11 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Must See Demos – Wed & Thurs Securing Apps from Dev to Production CA Veracode Static Analysis CA Veracode Greenlight CA Veracode Remediation Guidance Manage Your Software Risk Open Sourced Component Scanning Developer Training on Secure Coding Integrations into Your Dev Tools 301 Manage Your Software Risk CA Veracode Static Analysis CA Veracode Web Application Scanning CA Veracode Greenlight CA Veracode Static Analysis CA Veracode Greenlight CA Veracode Remediation Guidance 506P 509P DevOps-CD SecuritySecurity
  12. 12. 12 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS Stay connected at https://community.veracode.com Thank you.
  13. 13. 13 COPYRIGHT © 2017 CA. ALL RIGHTS RESERVED#CAWORLD #NOBARRIERS DevSecOps For more information on DevSecOps, please visit: http://cainc.to/CAW17-DevSecOps

×