SlideShare a Scribd company logo

Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING

I
Ievgenii Katsan

TestingStage18

Education
1 of 16
Download to read offline
Mobile testing IAST – A Simple Solution To Mobile Security Testing Florin Coada IBM Security
2 IBM Security About the speaker Florin N. Coada IBM Security United Kingdom Features: 1. 4.5 years with IBM doing security 2. Likes video Games 3. Will not answer random emails
3 IBM Security What’s IAST? • Interactive Application Security Testing ̶ Not quite DAST and not quite SAST ̶ “Behavioural analysis” • Analyse an application in an instrumented environment and observe the behaviour to detect potential vulnerabilities ASoC - Mobile Analyser Instrumented environment
4 IBM Security Terminology • SAST = Static Application Security Testing • DAST = Dynamic Application Security Testing • SDLC = Software Development Lifecycle • ASoC = Application Security on Cloud • Noise = findings that are not interesting • False positive = False finding reported by the tool
5 IBM Security Mobile Apps • So… there’s more than 1 type of apps Native Apps Hybrid apps Web view apps
6 IBM Security & Web ServicesMobile Apps • Most web apps will have some form of business logic provided by a back end service Business logic Presentation •Device Authentication •Environment analysis •Runtime protection •Device Authentication •Serve dynamic content •Improves app rendering •Basically a bookmark Authentication
7 IBM Security Testing strategies: {sast} • Native layer code can be handled with SAST • Pros: ̶ Can run it shortly after building the app ̶ Fast (once you set it up) ̶ Could potentially test both the service and the app • Cons: ̶ Takes a while to set up ̶ Doesn’ttake into account the platform ̶ Can’t keep up with the language updates ̶ Noise and false positives ̶ Not a lot of value for web view apps Data Source Sink
8 IBM Security Testing strategies: {dast} • Web services logic can be tested using DAST • A running web service • Test account • Disable 3rd party security systems • Access from the test system to the app
9 IBM Security Testing strategies: {dast} • Web services logic can be tested using DAST • Pros: ̶ Can find vulnerabilities in the logic layer ̶ Language agnostic ̶ Can be automated without using the app • Cons: ̶ You’re not actually testing the app ̶ Noise and false positives ̶ Not a lot of value for native apps Proxy DAST Scanner Recorded data
10 IBM Security Testing strategies: {iast} • IAST will enable you to test both parts of the app at the same time • Pros: ̶ Testthe app and some of the back end at the same time ̶ Easy to run (drag and drop) ̶ Can detected issues in the context of the platform being used ̶ Can be automated • Cons: ̶ Complexlog-in mechanisms are hard to scan ASoC - Mobile Analyser Instrumented environment
11 IBM Security Testing strategies: {iast}
12 IBM Security Choosing the right one for you • SAST : Difficult but works on both • DAST : Fairly easy to set up, but only for web service • IAST : Does a bit of both, very easy to use • More “actionable” results • Easier to understand • Does a combination of both of the above • Very easy to use
13 IBM Security Questions? Питання?
ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU
BACKUP
16 IBM Security Sample results

Recommended

3 florin coada - sast in the days of dev ops
3 florin coada - sast in the days of dev ops3 florin coada - sast in the days of dev ops
3 florin coada - sast in the days of dev opsIevgenii Katsan
 
Assessing IBM i Security Risks: A Conversation with Dan Riehl
Assessing IBM i Security Risks: A Conversation with Dan RiehlAssessing IBM i Security Risks: A Conversation with Dan Riehl
Assessing IBM i Security Risks: A Conversation with Dan RiehlPrecisely
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Fixico presentation
Fixico presentationFixico presentation
Fixico presentationFixico IT
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Mobility Training Series : Mobility 301 protect
Mobility Training Series : Mobility 301 protectMobility Training Series : Mobility 301 protect
Mobility Training Series : Mobility 301 protectAGILLY
 
Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...
Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...
Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...ControlEng
 

Recommended

3 florin coada - sast in the days of dev ops
3 florin coada - sast in the days of dev ops3 florin coada - sast in the days of dev ops
3 florin coada - sast in the days of dev opsIevgenii Katsan
 
Assessing IBM i Security Risks: A Conversation with Dan Riehl
Assessing IBM i Security Risks: A Conversation with Dan RiehlAssessing IBM i Security Risks: A Conversation with Dan Riehl
Assessing IBM i Security Risks: A Conversation with Dan RiehlPrecisely
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Fixico presentation
Fixico presentationFixico presentation
Fixico presentationFixico IT
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Mobility Training Series : Mobility 301 protect
Mobility Training Series : Mobility 301 protectMobility Training Series : Mobility 301 protect
Mobility Training Series : Mobility 301 protectAGILLY
 
Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...
Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...
Were we Just Hacked? Applying Digital Forensic Techniques for your Industrial...ControlEng
 
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
mHealth Summit EU 2015
mHealth Summit EU 2015mHealth Summit EU 2015
mHealth Summit EU 20153GDR
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoNCCOMMS
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 Cyd Isaak Francisco
 
Securing the continuous integration
Securing the continuous integrationSecuring the continuous integration
Securing the continuous integrationIrene Michlin
 
Signature Enterprise
Signature EnterpriseSignature Enterprise
Signature EnterpriseBioslimdisk
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Chaim Yudkowsky
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51Doree Garcia, CCNA, OSWP
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
Securing legacy systems
Securing legacy systemsSecuring legacy systems
Securing legacy systemsRevital Lapidot
 
Canadian Cyber Cecurity
Canadian Cyber CecurityCanadian Cyber Cecurity
Canadian Cyber CecurityPeter Scheffler
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i SecurityPrecisely
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best PracticesPrecisely
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Kevin Fealey
 

More Related Content

What's hot

Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Digital Bond
 
mHealth Summit EU 2015
mHealth Summit EU 2015mHealth Summit EU 2015
mHealth Summit EU 20153GDR
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoNCCOMMS
 
Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 Cyd Isaak Francisco
 
Securing the continuous integration
Securing the continuous integrationSecuring the continuous integration
Securing the continuous integrationIrene Michlin
 
Signature Enterprise
Signature EnterpriseSignature Enterprise
Signature EnterpriseBioslimdisk
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOSecureAuth
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Chaim Yudkowsky
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactTom Eston
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Security
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i SecurityPrecisely
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best PracticesPrecisely
 

What's hot (20)

Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
Sharing Plant Data with Phones, Tablets and the Cloud (Englsh)
 
mHealth Summit EU 2015
mHealth Summit EU 2015mHealth Summit EU 2015
mHealth Summit EU 2015
 
CSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami LaihoCSF18 - How to Block Ransomware - Sami Laiho
CSF18 - How to Block Ransomware - Sami Laiho
 
Android Security
Android SecurityAndroid Security
Android Security
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016
 
Securing the continuous integration
Securing the continuous integrationSecuring the continuous integration
Securing the continuous integration
 
Signature Enterprise
Signature EnterpriseSignature Enterprise
Signature Enterprise
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
 
Top 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSOTop 5 Reasons to Choose Adaptive SSO
Top 5 Reasons to Choose Adaptive SSO
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?
 
Security what it means to your business - circa 1999
Security what it means to your business - circa 1999Security what it means to your business - circa 1999
Security what it means to your business - circa 1999
 
Automated Penetration Testing With Core Impact
Automated Penetration Testing With Core ImpactAutomated Penetration Testing With Core Impact
Automated Penetration Testing With Core Impact
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
Core Impact Pro R1-Release Overview
Core Impact Pro R1-Release OverviewCore Impact Pro R1-Release Overview
Core Impact Pro R1-Release Overview
 
9. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber519. Vulnerability Assessments-cyber51
9. Vulnerability Assessments-cyber51
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT Staff
 
Securing legacy systems
Securing legacy systemsSecuring legacy systems
Securing legacy systems
 
Canadian Cyber Cecurity
Canadian Cyber CecurityCanadian Cyber Cecurity
Canadian Cyber Cecurity
 
Best Practices in IBM i Security
Best Practices in IBM i SecurityBest Practices in IBM i Security
Best Practices in IBM i Security
 
IBM i Security Best Practices
IBM i Security Best PracticesIBM i Security Best Practices
IBM i Security Best Practices
 

Similar to Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING

Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Kevin Fealey
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsIBM Security
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
IBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahasIBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahasShwetank Jayaswal
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...AGILLY
 
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.netBig Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.netxband
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...IBM Security
 
Mobility 101 : Provision
Mobility 101 : ProvisionMobility 101 : Provision
Mobility 101 : ProvisionAGILLY
 
Mobility 201 : Productivity
Mobility 201 : ProductivityMobility 201 : Productivity
Mobility 201 : ProductivityAGILLY
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the CrimeIBM Security
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 

Similar to Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING (20)

Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your EndpointsMalware in a JAR: How Rogue Java Applications Compromise your Endpoints
Malware in a JAR: How Rogue Java Applications Compromise your Endpoints
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
IBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahasIBM Security intelligence v1 - ahmed el nahas
IBM Security intelligence v1 - ahmed el nahas
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than ever
 
Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...Améliorer la productivité des employés et se protéger contre les menaces ...
Améliorer la productivité des employés et se protéger contre les menaces ...
 
IBM Cloud Security Enforcer
IBM Cloud Security EnforcerIBM Cloud Security Enforcer
IBM Cloud Security Enforcer
 
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.netBig Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
Big Fix Q-Radar Ahmed Sharaf - EmbeddedSecurity.net
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
Surviving the Mobile Phenomenon: Protecting Devices without Disrupting the Us...
 
Mobility 101 : Provision
Mobility 101 : ProvisionMobility 101 : Provision
Mobility 101 : Provision
 
Mobility 201 : Productivity
Mobility 201 : ProductivityMobility 201 : Productivity
Mobility 201 : Productivity
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
Follow the Money, Follow the Crime
Follow the Money, Follow the CrimeFollow the Money, Follow the Crime
Follow the Money, Follow the Crime
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
 

More from Ievgenii Katsan

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love youIevgenii Katsan
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teamsIevgenii Katsan
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterpriseIevgenii Katsan
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s productsIevgenii Katsan
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinityIevgenii Katsan
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...Ievgenii Katsan
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysisIevgenii Katsan
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...Ievgenii Katsan
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product ownerIevgenii Katsan
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...Ievgenii Katsan
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...Ievgenii Katsan
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employeesIevgenii Katsan
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...Ievgenii Katsan
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...Ievgenii Katsan
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 daysIevgenii Katsan
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our realityIevgenii Katsan
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking gameIevgenii Katsan
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product ownerIevgenii Katsan
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...Ievgenii Katsan
 

More from Ievgenii Katsan (20)

8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you8 andrew kalyuzhin - 30 ux-advices, that will make users love you
8 andrew kalyuzhin - 30 ux-advices, that will make users love you
 
5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams5 hans van loenhoud - master-class the 7 skills of highly successful teams
5 hans van loenhoud - master-class the 7 skills of highly successful teams
 
4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise4 alexey orlov - life of product in startup and enterprise
4 alexey orlov - life of product in startup and enterprise
 
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products3 dmitry gomeniuk - how to make data-driven decisions in saa s products
3 dmitry gomeniuk - how to make data-driven decisions in saa s products
 
7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity7 hans van loenhoud - the problem-goal-solution trinity
7 hans van loenhoud - the problem-goal-solution trinity
 
1 hans van loenhoud -
1 hans van loenhoud - 1 hans van loenhoud -
1 hans van loenhoud -
 
3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...3 denys gobov - change request specification the knowledge base or the task...
3 denys gobov - change request specification the knowledge base or the task...
 
5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis5 victoria cupet - learn to play business analysis
5 victoria cupet - learn to play business analysis
 
5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...5 alina petrenko - key requirements elicitation during the first contact wi...
5 alina petrenko - key requirements elicitation during the first contact wi...
 
3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner3 karabak kuyavets transformation of business analyst to product owner
3 karabak kuyavets transformation of business analyst to product owner
 
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
4 andrii melnykov - stakeholder management for pd ms and b-as and why it is...
 
3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...3 zornitsa nikolova - the product manager between decision making and facil...
3 zornitsa nikolova - the product manager between decision making and facil...
 
4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees4 viktoriya gudym - how to effectively manage remote employees
4 viktoriya gudym - how to effectively manage remote employees
 
9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...9 natali renska - product and outsource development, how to cook 2 meals in...
9 natali renska - product and outsource development, how to cook 2 meals in...
 
7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...7 denis parkhomenko - from idea to execution how to make a product that cus...
7 denis parkhomenko - from idea to execution how to make a product that cus...
 
6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days6 anton vitiaz - inside the mvp in 3 days
6 anton vitiaz - inside the mvp in 3 days
 
5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality5 mariya popova - ideal product management. unicorns in our reality
5 mariya popova - ideal product management. unicorns in our reality
 
2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game2 victor podzubanov - design thinking game
2 victor podzubanov - design thinking game
 
3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner3 sergiy potapov - analyst to product owner
3 sergiy potapov - analyst to product owner
 
4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...4 anton parkhomenko - how to make effective user research with no budget at...
4 anton parkhomenko - how to make effective user research with no budget at...
 

Recently uploaded

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 

Recently uploaded (20)

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 

Florin Coada: MOBILE TESTING - A SIMPLE SOLUTION TO YOUR MOBILE SECURITY TESTING

  • 1. Mobile testing IAST – A Simple Solution To Mobile Security Testing Florin Coada IBM Security
  • 2. 2 IBM Security About the speaker Florin N. Coada IBM Security United Kingdom Features: 1. 4.5 years with IBM doing security 2. Likes video Games 3. Will not answer random emails
  • 3. 3 IBM Security What’s IAST? • Interactive Application Security Testing ̶ Not quite DAST and not quite SAST ̶ “Behavioural analysis” • Analyse an application in an instrumented environment and observe the behaviour to detect potential vulnerabilities ASoC - Mobile Analyser Instrumented environment
  • 4. 4 IBM Security Terminology • SAST = Static Application Security Testing • DAST = Dynamic Application Security Testing • SDLC = Software Development Lifecycle • ASoC = Application Security on Cloud • Noise = findings that are not interesting • False positive = False finding reported by the tool
  • 5. 5 IBM Security Mobile Apps • So… there’s more than 1 type of apps Native Apps Hybrid apps Web view apps
  • 6. 6 IBM Security & Web ServicesMobile Apps • Most web apps will have some form of business logic provided by a back end service Business logic Presentation •Device Authentication •Environment analysis •Runtime protection •Device Authentication •Serve dynamic content •Improves app rendering •Basically a bookmark Authentication
  • 7. 7 IBM Security Testing strategies: {sast} • Native layer code can be handled with SAST • Pros: ̶ Can run it shortly after building the app ̶ Fast (once you set it up) ̶ Could potentially test both the service and the app • Cons: ̶ Takes a while to set up ̶ Doesn’ttake into account the platform ̶ Can’t keep up with the language updates ̶ Noise and false positives ̶ Not a lot of value for web view apps Data Source Sink
  • 8. 8 IBM Security Testing strategies: {dast} • Web services logic can be tested using DAST • A running web service • Test account • Disable 3rd party security systems • Access from the test system to the app
  • 9. 9 IBM Security Testing strategies: {dast} • Web services logic can be tested using DAST • Pros: ̶ Can find vulnerabilities in the logic layer ̶ Language agnostic ̶ Can be automated without using the app • Cons: ̶ You’re not actually testing the app ̶ Noise and false positives ̶ Not a lot of value for native apps Proxy DAST Scanner Recorded data
  • 10. 10 IBM Security Testing strategies: {iast} • IAST will enable you to test both parts of the app at the same time • Pros: ̶ Testthe app and some of the back end at the same time ̶ Easy to run (drag and drop) ̶ Can detected issues in the context of the platform being used ̶ Can be automated • Cons: ̶ Complexlog-in mechanisms are hard to scan ASoC - Mobile Analyser Instrumented environment
  • 11. 11 IBM Security Testing strategies: {iast}
  • 12. 12 IBM Security Choosing the right one for you • SAST : Difficult but works on both • DAST : Fairly easy to set up, but only for web service • IAST : Does a bit of both, very easy to use • More “actionable” results • Easier to understand • Does a combination of both of the above • Very easy to use
  • 14. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU