Web Application Security: HP and OutSystems to The Rescue

1,261 views

Published on

An overview of new security capabilities provided by the OutSystems Platform.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,261
On SlideShare
0
From Embeds
0
Number of Embeds
206
Actions
Shares
0
Downloads
29
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Web Application Security: HP and OutSystems to The Rescue

  1. 1. © 2001-2013 OutSystems - All rights reservedWeb Application Security:HP & OutSystemsto the Rescue!João Portela / Nuno Antunesfeat. Jaume Ayerbe (HP)http://bit.ly/webappsecuritywww.outsystems.com
  2. 2. © 2001-2013 OutSystems - All rights reservedApplication SecurityWhy should you care about it?Jaume AyerbeHP Enterprise Security Products@j_ayerbe
  3. 3. © 2001-2013 OutSystems - All rights reservedNetworksHardwareSecurity Measures• Switch/Router security• Firewalls• NIPS/NIDS• VPN• Net-Forensics• Anti-Virus/Anti-Spam• DLP• Host FW• Host IPS/IDS• Vuln. Assessment toolsHackers are targeting applications
  4. 4. © 2001-2013 OutSystems - All rights reservedNetworksHardwareSecurity Measures• Switch/Router security• Firewalls• NIPS/NIDS• VPN• Net-Forensics• Anti-Virus/Anti-Spam• DLP• Host FW• Host IPS/IDS• Vuln. Assessment toolsHackers are targeting applicationsIntellectualPropertyCustomerDataBusinessProcessesTradeSecretsApplications
  5. 5. © 2001-2013 OutSystems - All rights reservedWe convince &pay the developerto fix it4We are breached orpay to havesomeone tell usour code isinsecure3Today’s approach: expensive, reactiveIT deploys theinsecuresoftware2Somebody buildsinsecure software1
  6. 6. © 2001-2013 OutSystems - All rights reservedAfter an application is released into Production,it costs 30x more than during design.30x more costly to secure in productionWhy it doesn’t workSource: NIST30X15X10X5X2XCostProductionSystemtestingIntegration/ componenttestingCodingRequirements
  7. 7. © 2001-2013 OutSystems - All rights reservedHP Fortify Security Center• Protects business critical applications fromadvanced cyber attacks by removing securityvulnerabilities from software• Accelerates time-to-value for achievingsecure applications• Increases development productivity byenabling security to be built into software,rather than added on after it is deployed• Delivers risk intelligence from applicationdevelopment to improve operational securityIdentifies and eliminates risk in existing applications and prevents the introductionof risk during application development, in-house or from vendors.IN-HOUSE OUTSOURCEDCOMMERCIAL OPEN SOURCE
  8. 8. © 2001-2013 OutSystems - All rights reservedHow HP Fortify can helpUse SCA to ensurethat every single lineof code is developedsecurely, whetherinternal or from 3rdparty or built for onpremise, the cloud ormobilityUse WI to simulateattacks against webapplications. WI canidentify any SQLInjectionopportunities fromany poorly codedWeb applicationsoftwareUse SSC to buildsecurity into thesoftware indevelopment andproduction from theground up1 2 3
  9. 9. © 2001-2013 OutSystems - All rights reservedApplications Securityjoao.portela@outsystems.com
  10. 10. © 2001-2013 OutSystems - All rights reservedNetworksHardwareSecurity Measures• Switch/Router security• Firewalls• NIPS/NIDS• VPN• Net-Forensics• Anti-Virus/Anti-Spam• DLP• Host FW• Host IPS/IDS• Vuln. Assessment toolsIntellectualPropertyCustomerDataBusinessProcessesTradeSecretsApplicationsOutSystems Platform SecurityOverviewOutSystems Platform Generated ApplicationsAccessHTTPS/SSLInternalNetworkControlledAttackSurfaceExposureAuthenticationIntegratedAuthenticationCentralizedSecurityGovernanceData & LogicSQL/CodeInjectionPreventionDataEncryptionAutomaticSecurityExceptionHandling
  11. 11. © 2001-2013 OutSystems - All rights reservedWhats New?
  12. 12. © 2001-2013 OutSystems - All rights reservedOutSystems Platform SecurityWhat’s New?HP Fortify is now partof our quality assurance process
  13. 13. © 2001-2013 OutSystems - All rights reservedOutSystems Platform SecuritySystematic code security testingSourceControlBuildRegressionTestsReleaseHPFortifyHP Vulnerabilities RulesTestsTestsTestsTests
  14. 14. © 2001-2013 OutSystems - All rights reservedWhat did we find?
  15. 15. © 2001-2013 OutSystems - All rights reservedOutSystems Platform SecurityFindingsPercentage of vulnerability patternsfound in the generated applicationsless than 7%
  16. 16. © 2001-2013 OutSystems - All rights reservedOutSystems Platform SecurityAcceptance CriteriaNo CriticalNo HighNo Medium
  17. 17. © 2001-2013 OutSystems - All rights reservedOutSystems Platform SecurityResults00.10.20.30.40.50.67.0 8.0Issues/Vulnerabilities per 1K Lines of CodeIdentified Issues Not a vulnerability Resolved vulnerabilities
  18. 18. © 2001-2013 OutSystems - All rights reservedBottom line
  19. 19. © 2001-2013 OutSystems - All rights reservedSystematic testing of security vulnerabilities+Aggressive acceptance criteria enforced+Continuous monitoring and improvement=Applications Security Under Control
  20. 20. © 2001-2013 OutSystems - All rights reservedTakeawaysnuno.antunes@outsystems.com
  21. 21. © 2001-2013 OutSystems - All rights reserved#1Security is not optional andshould be addressed early
  22. 22. © 2001-2013 OutSystems - All rights reserved#2OutSystems Platform’s generated codeis inherently secure and under control
  23. 23. © 2001-2013 OutSystems - All rights reservedCode Security ProcessTraditionallyAlways startfrom scratchyou test ityou fix itNewApplicationNewsecuredApplicationAnotherApplication
  24. 24. © 2001-2013 OutSystems - All rights reservedCode Security ProcessWith the OutSystems Platformyou test itwe fix itviasecuritypatchAll yourapplicationsare fixedNewApplicationNewsecuredApplication
  25. 25. © 2001-2013 OutSystems - All rights reserved#3You benefit from the same securitylevel that our most heavy-regulatedcustomers need to comply with
  26. 26. © 2001-2013 OutSystems - All rights reserved#4The cost to deliver secure webapplications is compressed
  27. 27. © 2001-2013 OutSystems - All rights reservedThank Youhttp://bit.ly/webappsecuritywww.outsystems.com

×