SlideShare a Scribd company logo

Enabling Developers in Your Application Security Program With Coverity and ThreadFix

Denim Group
Denim Group

Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.

1 of 33
Download to read offline
© 2019 Denim Group – All Rights Reserved Thanks for joining our webinar! We will begin shortly. Enabling Developers in Your Application Security Program With Coverity and ThreadFix Presented by, Dan Cornell and Mehdi Hashemian
© 2019 Denim Group – All Rights Reserved Enabling Developers in Your Application Security Program With Coverity and ThreadFix August 22, 2019 Dan Cornell, CTO, Denim Group Mehdi Hashemian, Coverity Product Manager, Synopsys
© 2019 Denim Group – All Rights Reserved Agenda 2
© 2019 Denim Group – All Rights Reserved Agenda • Synopsys and Coverity Background • ThreadFix Background • Coverity and ThreadFix Together 3
© 2019 Denim Group – All Rights Reserved Synopsys and Coverity 4
© 2019 Denim Group – All Rights Reserved Who is Synopsys? 5 Team and technology that found Heartbleed The Leading Static Analysis solution for security AND quality 400+ security experts and full portfolio of managed and professional services The authority on open source security and risk management
© 2019 Denim Group – All Rights Reserved Selecting a static analysis solution Your developers are the front line for security & quality – do they have the tools they need? Will your security & development teams be able to trust the results the solution produces? Accuracy Does the solution support all the languages and frameworks you use? Coverage Will the solution provide consistent results across desktop and build server analysis? Consistency Will the solution perform and scale to meet the volume and speed of your development? Scalability
© 2019 Denim Group – All Rights Reserved Coverity Static Analysis Find critical defects and security weaknesses in code as it’s written Fast Incremental analysis; easily analyzes hundreds of millions of lines of code with ease; supports thousands of developers Accurate Patented technology enables deep, full path coverage; includes interprocedural analysis, false- path pruning Integrated Open platform; easily integrated with IDEs, CI build servers, SCM and issue tracking systems
© 2019 Denim Group – All Rights Reserved Security guidelines Standards compliance Language support SDLC workflow Coverity Static Analysis Broad standards compliance and SDLC integrations
© 2019 Denim Group – All Rights Reserved ThreadFix 9
© 2019 Denim Group – All Rights Reserved ThreadFix Overview • Create a consolidated view of your applications, assets, and vulnerabilities • Prioritize risk decisions based on data • Translate vulnerabilities to developers in the tools they are already using 10
© 2019 Denim Group – All Rights Reserved ThreadFix Overview 11
© 2019 Denim Group – All Rights Reserved Create a consolidated view of your assets, applications, and vulnerabilities 12
© 2019 Denim Group – All Rights Reserved
© 2019 Denim Group – All Rights Reserved
© 2019 Denim Group – All Rights Reserved
© 2019 Denim Group – All Rights Reserved
© 2019 Denim Group – All Rights Reserved Test Result Consolidation 17 • Organizations typically see a 15-35% reduction in finding count due to normalization and de- duplication. • Includes technology from Denim Group patents: • US 10,043,012 Method of Correlating Static and Dynamic Application Security Testing Results for Web Applications • US 10,043,004 Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application
© 2019 Denim Group – All Rights Reserved Prioritize risk decisions based on data 18
© 2019 Denim Group – All Rights Reserved Vulnerability Prioritization 19
© 2019 Denim Group – All Rights Reserved Analytics 20
© 2019 Denim Group – All Rights Reserved Translate vulnerabilities to developers in the tools they are already using 21
© 2019 Denim Group – All Rights Reserved Defect Tracker Integration 22
© 2019 Denim Group – All Rights Reserved Defect Tracker Integration 23 • Bi-directional integration: bundle vulnerabilities into software defects, track development team progress resolving them • Reduction of Mean Time To Fix (MTTF) up to 44%
© 2019 Denim Group – All Rights Reserved Secure DevOps with ThreadFix • What does your pipeline look like? http://www.slideshare.net/mtesauro/mtesauro-keynote-appseceu http://www.slideshare.net/denimgroup/rsa2015-blending- theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally https://blog.samsungsami.io/development/security/2015/06/16/getting-security-up-to-speed.html 24
© 2019 Denim Group – All Rights Reserved Policy Configuration • Testing • Synchronous • Asynchronous • Decision • Reporting Blog Post: Effective Application Security Testing in DevOps Pipelines http://www.denimgroup.com/blog/2016/12/effective-application-security-testing-in-devops-pipelines/ https://www.denimgroup.com/resources/effective-application-security-for-devops/ 25
© 2019 Denim Group – All Rights Reserved Coverity and ThreadFix Together 26
© 2019 Denim Group – All Rights Reserved Connecting To Coverity 27
© 2019 Denim Group – All Rights Reserved Coverity Results in ThreadFix 28
© 2019 Denim Group – All Rights Reserved Coverity Detail 29
© 2019 Denim Group – All Rights Reserved Coverity Results in ThreadFix 30
© 2019 Denim Group – All Rights Reserved Application and Infrastructure 31
© 2019 Denim Group – All Rights Reserved @denimgroup www.threadfix.it www.denimgroup.com @synopsys @CoverityScan www.synopsys.com 32

Recommended

Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
Webinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportWebinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis Report
Synopsys Software Integrity Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Denim Group
 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
NetworkCollaborators
 
ThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarThreadFix 2.5 Webinar
ThreadFix 2.5 Webinar
Denim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
Denim Group
 

Recommended

Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
Webinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportWebinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis Report
Synopsys Software Integrity Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...Running a Comprehensive Application Security Program with Checkmarx and Threa...
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Denim Group
 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
NetworkCollaborators
 
ThreadFix 2.5 Webinar
ThreadFix 2.5 WebinarThreadFix 2.5 Webinar
ThreadFix 2.5 Webinar
Denim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
Denim Group
 
Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020
DevOps.com
 
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA (European Emergency Number Association)
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
Yuri Anisimov
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017
Matthew Howard
 
Fostering National Incident Response Capacity
Fostering National Incident Response CapacityFostering National Incident Response Capacity
Fostering National Incident Response Capacity
APNIC
 
Is 5G The Future of Mobile App Development?
Is 5G The Future of Mobile App Development?Is 5G The Future of Mobile App Development?
Is 5G The Future of Mobile App Development?
Consagous Technologies
 
Cisco - The Security Scoop
Cisco - The Security ScoopCisco - The Security Scoop
Cisco - The Security Scoop
Derek Lewis
 
Achieving Software Assurance with Hybrid Analysis Mapping
Achieving Software Assurance with Hybrid Analysis Mapping Achieving Software Assurance with Hybrid Analysis Mapping
Achieving Software Assurance with Hybrid Analysis Mapping
Denim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
Denim Group
 
Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving Cars
Automotive IQ
 
Digital Security by Design Vision
Digital Security by Design VisionDigital Security by Design Vision
Digital Security by Design Vision
KTN
 
Open source IoT
Open source IoTOpen source IoT
Open source IoT
IoT613
 
InVID project presentation at SMVW16
InVID project presentation at SMVW16InVID project presentation at SMVW16
InVID project presentation at SMVW16
InVID Project
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
Phil Reynolds
 
NetCom learning webinar cnd first look by netcom learning - network defender fre
NetCom learning webinar cnd first look by netcom learning - network defender freNetCom learning webinar cnd first look by netcom learning - network defender fre
NetCom learning webinar cnd first look by netcom learning - network defender fre
Tuan Yang
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
FIDO Alliance
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Denim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
Denim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
Denim Group
 
An OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless ComputingAn OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless Computing
Denim Group
 

More Related Content

What's hot

Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020
DevOps.com
 
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA (European Emergency Number Association)
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
Yuri Anisimov
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017
Matthew Howard
 
Fostering National Incident Response Capacity
Fostering National Incident Response CapacityFostering National Incident Response Capacity
Fostering National Incident Response Capacity
APNIC
 
Is 5G The Future of Mobile App Development?
Is 5G The Future of Mobile App Development?Is 5G The Future of Mobile App Development?
Is 5G The Future of Mobile App Development?
Consagous Technologies
 
Cisco - The Security Scoop
Cisco - The Security ScoopCisco - The Security Scoop
Cisco - The Security Scoop
Derek Lewis
 
Achieving Software Assurance with Hybrid Analysis Mapping
Achieving Software Assurance with Hybrid Analysis Mapping Achieving Software Assurance with Hybrid Analysis Mapping
Achieving Software Assurance with Hybrid Analysis Mapping
Denim Group
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
Denim Group
 
Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving Cars
Automotive IQ
 
Digital Security by Design Vision
Digital Security by Design VisionDigital Security by Design Vision
Digital Security by Design Vision
KTN
 
Open source IoT
Open source IoTOpen source IoT
Open source IoT
IoT613
 
InVID project presentation at SMVW16
InVID project presentation at SMVW16InVID project presentation at SMVW16
InVID project presentation at SMVW16
InVID Project
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
Phil Reynolds
 
NetCom learning webinar cnd first look by netcom learning - network defender fre
NetCom learning webinar cnd first look by netcom learning - network defender freNetCom learning webinar cnd first look by netcom learning - network defender fre
NetCom learning webinar cnd first look by netcom learning - network defender fre
Tuan Yang
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
FIDO Alliance
 

What's hot (17)

Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020
 
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017
 
Fostering National Incident Response Capacity
Fostering National Incident Response CapacityFostering National Incident Response Capacity
Fostering National Incident Response Capacity
 
Is 5G The Future of Mobile App Development?
Is 5G The Future of Mobile App Development?Is 5G The Future of Mobile App Development?
Is 5G The Future of Mobile App Development?
 
Cisco - The Security Scoop
Cisco - The Security ScoopCisco - The Security Scoop
Cisco - The Security Scoop
 
Achieving Software Assurance with Hybrid Analysis Mapping
Achieving Software Assurance with Hybrid Analysis Mapping Achieving Software Assurance with Hybrid Analysis Mapping
Achieving Software Assurance with Hybrid Analysis Mapping
 
Enumerating Enterprise Attack Surface
Enumerating Enterprise Attack SurfaceEnumerating Enterprise Attack Surface
Enumerating Enterprise Attack Surface
 
Testing ADAS & Self Driving Cars
Testing ADAS & Self Driving CarsTesting ADAS & Self Driving Cars
Testing ADAS & Self Driving Cars
 
Digital Security by Design Vision
Digital Security by Design VisionDigital Security by Design Vision
Digital Security by Design Vision
 
Open source IoT
Open source IoTOpen source IoT
Open source IoT
 
InVID project presentation at SMVW16
InVID project presentation at SMVW16InVID project presentation at SMVW16
InVID project presentation at SMVW16
 
InsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in InsuranceInsureTechs Pioneering New Practices in Insurance
InsureTechs Pioneering New Practices in Insurance
 
NetCom learning webinar cnd first look by netcom learning - network defender fre
NetCom learning webinar cnd first look by netcom learning - network defender freNetCom learning webinar cnd first look by netcom learning - network defender fre
NetCom learning webinar cnd first look by netcom learning - network defender fre
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
 

Similar to Enabling Developers in Your Application Security Program With Coverity and ThreadFix

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Denim Group
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
Denim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
Denim Group
 
An OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless ComputingAn OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless Computing
Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program
Denim Group
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
Denim Group
 
Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix
Denim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
Denim Group
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
Denim Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Synopsys Software Integrity Group
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan Cornell
Denim Group
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
HARMAN Connected Services
 
Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your Organization
Synopsys Software Integrity Group
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Software Integrity Group
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained Environments
Denim Group
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
VMware Tanzu
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
Carlos Andrés García
 

Similar to Enabling Developers in Your Application Security Program With Coverity and ThreadFix (20)

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
 
Application Asset Management with ThreadFix
Application Asset Management with ThreadFix Application Asset Management with ThreadFix
Application Asset Management with ThreadFix
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...Assessing Business Operations Risk With Unified Vulnerability Management in T...
Assessing Business Operations Risk With Unified Vulnerability Management in T...
 
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixA New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
 
An OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless ComputingAn OWASP SAMM Perspective on Serverless Computing
An OWASP SAMM Perspective on Serverless Computing
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsThe As, Bs, and Four Cs of Testing Cloud-Native Applications
The As, Bs, and Four Cs of Testing Cloud-Native Applications
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix Elevate Your Application Security Program with Burp Suite and ThreadFix
Elevate Your Application Security Program with Burp Suite and ThreadFix
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team SportUsing Collaboration to Make Application Vulnerability Management a Team Sport
Using Collaboration to Make Application Vulnerability Management a Team Sport
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan CornellThreadFix 2.2 Preview Webinar with Dan Cornell
ThreadFix 2.2 Preview Webinar with Dan Cornell
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
 
Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your Organization
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained Environments
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 

More from Denim Group

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Denim Group
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
Denim Group
 
Optimize Your Security Program with ThreadFix 2.7
Optimize Your Security Program with ThreadFix 2.7Optimize Your Security Program with ThreadFix 2.7
Optimize Your Security Program with ThreadFix 2.7
Denim Group
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
Denim Group
 
Securing Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsSecuring Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term Elections
Denim Group
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT Systems
Denim Group
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 

More from Denim Group (13)

Long-term Impact of Log4J
Long-term Impact of Log4JLong-term Impact of Log4J
Long-term Impact of Log4J
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20OWASP San Antonio Meeting 10/2/20
OWASP San Antonio Meeting 10/2/20
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramAppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
An Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT SystemsAn Updated Take: Threat Modeling for IoT Systems
An Updated Take: Threat Modeling for IoT Systems
 
Optimize Your Security Program with ThreadFix 2.7
Optimize Your Security Program with ThreadFix 2.7Optimize Your Security Program with ThreadFix 2.7
Optimize Your Security Program with ThreadFix 2.7
 
Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset Application Security Testing for a DevOps Mindset
Application Security Testing for a DevOps Mindset
 
Securing Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term ElectionsSecuring Voting Infrastructure before the Mid-Term Elections
Securing Voting Infrastructure before the Mid-Term Elections
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT Systems
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Enabling Developers in Your Application Security Program With Coverity and ThreadFix

  • 1. © 2019 Denim Group – All Rights Reserved Thanks for joining our webinar! We will begin shortly. Enabling Developers in Your Application Security Program With Coverity and ThreadFix Presented by, Dan Cornell and Mehdi Hashemian
  • 2. © 2019 Denim Group – All Rights Reserved Enabling Developers in Your Application Security Program With Coverity and ThreadFix August 22, 2019 Dan Cornell, CTO, Denim Group Mehdi Hashemian, Coverity Product Manager, Synopsys
  • 3. © 2019 Denim Group – All Rights Reserved Agenda 2
  • 4. © 2019 Denim Group – All Rights Reserved Agenda • Synopsys and Coverity Background • ThreadFix Background • Coverity and ThreadFix Together 3
  • 5. © 2019 Denim Group – All Rights Reserved Synopsys and Coverity 4
  • 6. © 2019 Denim Group – All Rights Reserved Who is Synopsys? 5 Team and technology that found Heartbleed The Leading Static Analysis solution for security AND quality 400+ security experts and full portfolio of managed and professional services The authority on open source security and risk management
  • 7. © 2019 Denim Group – All Rights Reserved Selecting a static analysis solution Your developers are the front line for security & quality – do they have the tools they need? Will your security & development teams be able to trust the results the solution produces? Accuracy Does the solution support all the languages and frameworks you use? Coverage Will the solution provide consistent results across desktop and build server analysis? Consistency Will the solution perform and scale to meet the volume and speed of your development? Scalability
  • 8. © 2019 Denim Group – All Rights Reserved Coverity Static Analysis Find critical defects and security weaknesses in code as it’s written Fast Incremental analysis; easily analyzes hundreds of millions of lines of code with ease; supports thousands of developers Accurate Patented technology enables deep, full path coverage; includes interprocedural analysis, false- path pruning Integrated Open platform; easily integrated with IDEs, CI build servers, SCM and issue tracking systems
  • 9. © 2019 Denim Group – All Rights Reserved Security guidelines Standards compliance Language support SDLC workflow Coverity Static Analysis Broad standards compliance and SDLC integrations
  • 10. © 2019 Denim Group – All Rights Reserved ThreadFix 9
  • 11. © 2019 Denim Group – All Rights Reserved ThreadFix Overview • Create a consolidated view of your applications, assets, and vulnerabilities • Prioritize risk decisions based on data • Translate vulnerabilities to developers in the tools they are already using 10
  • 12. © 2019 Denim Group – All Rights Reserved ThreadFix Overview 11
  • 13. © 2019 Denim Group – All Rights Reserved Create a consolidated view of your assets, applications, and vulnerabilities 12
  • 14. © 2019 Denim Group – All Rights Reserved
  • 15. © 2019 Denim Group – All Rights Reserved
  • 16. © 2019 Denim Group – All Rights Reserved
  • 17. © 2019 Denim Group – All Rights Reserved
  • 18. © 2019 Denim Group – All Rights Reserved Test Result Consolidation 17 • Organizations typically see a 15-35% reduction in finding count due to normalization and de- duplication. • Includes technology from Denim Group patents: • US 10,043,012 Method of Correlating Static and Dynamic Application Security Testing Results for Web Applications • US 10,043,004 Method of Correlating Static and Dynamic Application Security Testing Results for a Web and Mobile Application
  • 19. © 2019 Denim Group – All Rights Reserved Prioritize risk decisions based on data 18
  • 20. © 2019 Denim Group – All Rights Reserved Vulnerability Prioritization 19
  • 21. © 2019 Denim Group – All Rights Reserved Analytics 20
  • 22. © 2019 Denim Group – All Rights Reserved Translate vulnerabilities to developers in the tools they are already using 21
  • 23. © 2019 Denim Group – All Rights Reserved Defect Tracker Integration 22
  • 24. © 2019 Denim Group – All Rights Reserved Defect Tracker Integration 23 • Bi-directional integration: bundle vulnerabilities into software defects, track development team progress resolving them • Reduction of Mean Time To Fix (MTTF) up to 44%
  • 25. © 2019 Denim Group – All Rights Reserved Secure DevOps with ThreadFix • What does your pipeline look like? http://www.slideshare.net/mtesauro/mtesauro-keynote-appseceu http://www.slideshare.net/denimgroup/rsa2015-blending- theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally https://blog.samsungsami.io/development/security/2015/06/16/getting-security-up-to-speed.html 24
  • 26. © 2019 Denim Group – All Rights Reserved Policy Configuration • Testing • Synchronous • Asynchronous • Decision • Reporting Blog Post: Effective Application Security Testing in DevOps Pipelines http://www.denimgroup.com/blog/2016/12/effective-application-security-testing-in-devops-pipelines/ https://www.denimgroup.com/resources/effective-application-security-for-devops/ 25
  • 27. © 2019 Denim Group – All Rights Reserved Coverity and ThreadFix Together 26
  • 28. © 2019 Denim Group – All Rights Reserved Connecting To Coverity 27
  • 29. © 2019 Denim Group – All Rights Reserved Coverity Results in ThreadFix 28
  • 30. © 2019 Denim Group – All Rights Reserved Coverity Detail 29
  • 31. © 2019 Denim Group – All Rights Reserved Coverity Results in ThreadFix 30
  • 32. © 2019 Denim Group – All Rights Reserved Application and Infrastructure 31
  • 33. © 2019 Denim Group – All Rights Reserved @denimgroup www.threadfix.it www.denimgroup.com @synopsys @CoverityScan www.synopsys.com 32