SlideShare a Scribd company logo

Day in the Life of a Developer

Download as PPTX, PDF
WhiteHat Security
WhiteHat Security

WhiteHat Sentinel Source

Technology
1 of 24
Day in the Life of a Developer …with WhiteHat Sentinel Source
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”  Notices a new vulnerability  Produced by ticketing integration  Viewing verified & actionable result  15+ supported systems, including…
“I fire up my IDE and triage my issues…”
“I fire up my IDE and triage my issues…”  Search application vulnerabilities
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC  Apply Directed Remediation patch if available
“I commit the fix and update the ticket…”
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule  Ticket auto-updated to reflect results
Security Enhanced Developer Tooling ... during notification … during triage … during verification
Integration with Developer • Atlassian JIRA •…many more using WIS •Eclipse •IntelliJ •Xcode •Visual Studio • Git • SVN • Perforce • CVS • TFS •HTTP/S •SFTP •Java •C#.Net (incl. ASP.Net) •Objective-C (incl. iOS) •PHP •Java Script •HTML5 •Android Languages Code Repo Bug Tracking IDE Plugins
WhiteHat Integration Server (WIS) Bug Tracking & ALM Systems Atlassian JIRA Microsoft Team Foundation Server Atlassian JIRA Service Desk ThoughtWorks Mingle Borland StarTeam (Dev Services Required) Rally HP ALM VersionOne HP Quality Center Bugzilla IBM Rational Team Concert (Rational Quality Manager) Serena Business Manager IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
THE FRONT LINE Of Application Security

Recommended

Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job APISumo Logic
 
How to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsHow to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsNaviance
 
Migration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsMigration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsBitTitan
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
K8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateK8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateKenshoo
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 

Recommended

Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job APISumo Logic
 
How to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsHow to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsNaviance
 
Migration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsMigration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsBitTitan
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
K8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateK8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateKenshoo
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 
Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillFireEye, Inc.
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Conduent Transport
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automationConduent
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachAlithya
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial ageConduent
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Cincom Systems
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar Wealthfront
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceDynatrace
 
Why LEAP?
Why LEAP?Why LEAP?
Why LEAP?LEAP Media Solutions, a division of BlueVenn
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookLulu Self-Publishing
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationConduent Transport
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceNew Relic
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsMachine Learning Valencia
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsLouis Dorard
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingLorinda Brandon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015Claire Townend Gee
 

More Related Content

Viewers also liked

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillFireEye, Inc.
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Conduent Transport
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automationConduent
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachAlithya
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial ageConduent
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Cincom Systems
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar Wealthfront
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceDynatrace
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookLulu Self-Publishing
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationConduent Transport
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceNew Relic
 

Viewers also liked (13)

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand Still
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automation
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer Experience
 
Why LEAP?
Why LEAP?Why LEAP?
Why LEAP?
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your book
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's Transportation
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with Confidence
 

Similar to Day in the Life of a Developer

Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsMachine Learning Valencia
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsLouis Dorard
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingLorinda Brandon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgerymorisson
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless applicationYan Cui
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014Manuel Pais
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationAbhay Bhargav
 
Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...peihsin1980
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 

Similar to Day in the Life of a Developer (20)

Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIs
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIs
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and Virtualizing
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgery
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021
 
C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio Scale
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021
 
Ontrack abug-20140925-02
Ontrack abug-20140925-02Ontrack abug-20140925-02
Ontrack abug-20140925-02
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
 
Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In Security
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Day in the Life of a Developer

  • 1. Day in the Life of a Developer …with WhiteHat Sentinel Source
  • 2. “I roll out of bed and check my tickets…”
  • 3. “I roll out of bed and check my tickets…”
  • 4. “I roll out of bed and check my tickets…”  Notices a new vulnerability  Produced by ticketing integration  Viewing verified & actionable result  15+ supported systems, including…
  • 5. “I fire up my IDE and triage my issues…”
  • 6. “I fire up my IDE and triage my issues…”  Search application vulnerabilities
  • 7. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code
  • 8. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance
  • 9. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC
  • 10. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC  Apply Directed Remediation patch if available
  • 11. “I commit the fix and update the ticket…”
  • 12. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix
  • 13. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A
  • 14. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule
  • 15. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule  Ticket auto-updated to reflect results
  • 16. Security Enhanced Developer Tooling ... during notification … during triage … during verification
  • 17. Integration with Developer • Atlassian JIRA •…many more using WIS •Eclipse •IntelliJ •Xcode •Visual Studio • Git • SVN • Perforce • CVS • TFS •HTTP/S •SFTP •Java •C#.Net (incl. ASP.Net) •Objective-C (incl. iOS) •PHP •Java Script •HTML5 •Android Languages Code Repo Bug Tracking IDE Plugins
  • 18. WhiteHat Integration Server (WIS) Bug Tracking & ALM Systems Atlassian JIRA Microsoft Team Foundation Server Atlassian JIRA Service Desk ThoughtWorks Mingle Borland StarTeam (Dev Services Required) Rally HP ALM VersionOne HP Quality Center Bugzilla IBM Rational Team Concert (Rational Quality Manager) Serena Business Manager IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
  • 19. “I review significant vulns with my security team…”
  • 20. “I review significant vulns with my security team…”
  • 21. “I review significant vulns with my security team…”
  • 22. “I review significant vulns with my security team…”
  • 23. “I review significant vulns with my security team…”
  • 24. THE FRONT LINE Of Application Security

Editor's Notes

  1. Languages – 80% of most popular languages supported IDE – Vulnerability details available right within the development environment Code Repository -- Scan source code from most popular repositories Bug Tracking – Automatically open or close tickets for bugs and defects found or fixed by Sentinel Source
  2. WhiteHat Integration Server (WIS) helps bi-directionally integrate Sentinel Source with best-of-breed Bug Tracking & Application Lifecycle Management (ALM) tool