SlideShare a Scribd company logo

IBM AppScan Source - The SAST solution

Download as PPT, PDF
hearme limited company
hearme limited company

IBM AppScan Source is a static application security testing (SAST) tool that scans source code to identify vulnerabilities like SQL injection and cross-site scripting. It has components for analysis, development, remediation, and automation. It can be deployed as a standard desktop tool, in a small workgroup, or in an enterprise environment integrated with other tools. AppScan Source features include importing apps, configuring scans, viewing results, and generating reports. It aims to help security analysts, developers, and organizations identify and fix issues to prevent data breaches and other security problems.

1 of 26
IBM AppScan Source The SAST solution Thuc X.Vu <thuc@labsofthings.com> Reseacher, founder of IoT and Data processing Labs Vietsoftware International Inc. Website: http://labsofthings.com/
IBM AppScan Solution2 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution3 Vietsoftware International Inc. Understanding what AppScan Source is  AppScan Source is a static application security testing (SAST) solution.  Scans application source code for security vulnerabilities: SQL injection, command injection, cross-site scripting, buffer overflow  These vulnerabilities are exploitable weaknesses in code that lead to: 1. Loss of reputation 2. Loss of money 3. A breach or an exposure of sensitive information 4. Business noncompliance  AppScan Source enables organizations to proactively identify and mitigate security risk.
IBM AppScan Solution5 Vietsoftware International Inc. AppScan Source components Source for Analysis, Source for Development, Source for Remediation, Source for Automation 1. AppScan Source for Automation Allow Build Teams to execute Scans at Build time Command line tooling and build tools allow for ease of automation Assessment Publishing and Reporting directly from Automation
IBM AppScan Solution6 Vietsoftware International Inc. AppScan Source components (Cont.) 2. AppScan Source for Development Allow Developers to perform Security Scans Plugins supplied for IDE Remediate Vulnerabilities 3. AppScan Source for Analysis  Allow Security Analysts to Configure Applications for SAST Scanning, Optimize Scan Configuration to Focus on Vulnerable Source Code  Analyze, isolate, and take action on priority vulnerabilities.  Provides security analysts, QA managers, and development managers with fast time-to-results.
IBM AppScan Solution7 Vietsoftware International Inc. AppScan Source components (Cont.) AppScan Source Database  An out-of-the-box database that persists the AppScan Source Security Knowledgebase data, assessment data, and application/project inventory. AppScan Source command line interface (CLI) client  Provides command line access to various AppScan Source functions to enable integration, automation, and scripting.  Plugins for Make, Ant, and Maven allow the configuration process to be automated
IBM AppScan Solution8 Vietsoftware International Inc. AppScan Source Edition Products vs Roles
IBM AppScan Solution9 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution10 Vietsoftware International Inc. Standard desktop deployment
IBM AppScan Solution11 Vietsoftware International Inc. Standard desktop deployment (Cont.) Used in small organization, for a security analyst/auditor who performs security assessments No defect tracking system integration or build integration Using the AppScan Source administrative account, and no LDAP Directory Server integration
IBM AppScan Solution12 Vietsoftware International Inc. Small workgroup deployment
IBM AppScan Solution13 Vietsoftware International Inc. Small workgroup deployment (Cont.) Used in small to moderate organization Dedicated to different roles: Administrator, Manager, Security Analyst, Developer Build Automation server integration
IBM AppScan Solution14 Vietsoftware International Inc. Enterprise workgroup deployment
IBM AppScan Solution15 Vietsoftware International Inc. Enterprise workgroup deployment (Cont.) Integrate with Defect tracking system Authentication with LDAP integration
IBM AppScan Solution16 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution17 Vietsoftware International Inc. AppScan Source Features and Tooling  Configuration perspective: - Import existing applications from IDEs - Configure AppScan Source applications and projects - Scan code - Create and manage applications, projects, and attributes  Triage perspective: - View scan results to prioritize remediation workflow - Organize findings - Filter findings - Promote, demote, and dispatch findings for remediation  Analysis perspective: - Drill down to individual findings - Track data flow visually though the source code (trace) - Access contextual remediation assistance - Generate Reports
IBM AppScan Solution18 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution19 Vietsoftware International Inc. Continuous Improvement Environment CONFIGURE TRIAGE ASSIGNREMEDIATE AppScan Source •For Analysis •For Development •For Automation AppScan Enterprise AppScan Source •For Remediation •For Development REPORT High-confidence findings >>>>> > > > > > >> > > > > > > AppScan Source •For Analysis AppScan Source •For Analysis SCAN
IBM AppScan Solution20 Vietsoftware International Inc. Security Analyst Workflow Security Professionals using AppScan Source for Security: Total time: 2-3 weeks / application • Applications are scanned once per year or less • Minimal carry-over for subsequent scans
IBM AppScan Solution21 Vietsoftware International Inc. Developer Workflow Any developer using AppScan Source for Development: Total Time: ½ - 1 day •Developers cannot develop while scanning (can take hours) •Developers are not security experts •Scan workflow interrupts agile workflows
IBM AppScan Solution22 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
IBM AppScan Solution23 Vietsoftware International Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose Magic Quadrant for Application Security Testing Neil MacDonald, Joseph Feiman July 2, 2013 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The link to the Gartner report is available upon request from IBM. “The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market.” Gartner has recognized IBM as a leader in the Magic Quadrant for Application Security Testing (AST)
IBM AppScan Solution24 Vietsoftware International Inc. Additional Information  Documents  EMA Impact Brief - IBM Security AppScan 8.7 Adds Support for iOS Mobile Apps https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg- WW_Security_Organic&S_PKG=ov14494&S_TACT=102PW29W  AppScan Source Data Sheet http://public.dhe.ibm.com/common/ssi/ecm/en/rad14105usen/RAD14105USEN.PDF  AppScan Standard Data Sheet: http://public.dhe.ibm.com/common/ssi/ecm/en/rad14019usen/RAD14019USEN.PDF  AppScan Enterprise Data Sheet ftp://public.dhe.ibm.com/common/ssi/ecm/en/rad14113usen/RAD14113USEN.PDF  Posts  2013 Gartner Application Security Testing MQ and the Evolution of Software Security http://securityintelligence.com/2013-gartner-application-security-testing-mq-and-the-evolution-of-software-security/  Gartner Publishes 2013 Magic Quadrant for Application Security Testing (AST) http://securityintelligence.com/gartner-magic-quadrant-for-application-security-testing-2013/  Podcasts  2013 Gartner Magic Quadrant for Application Security Testing  http://www.blogtalkradio.com/calebbarlow/2013/07/25/2013-gartner-magic-quadrant-for-application-security-testing  Application + Threat + Security intelligence = Priceless  http://www.blogtalkradio.com/calebbarlow/2012/08/13/threat-application-security-intelligence-priceless  Taking Application Security from the Whiteboard to Reality  http://www.blogtalkradio.com/calebbarlow/2012/06/11/taking-application-security-from-the-whiteboard-to-reality
IBM AppScan Solution25 Vietsoftware International Inc. Videos Overview of IBM Security AppScan http://www.youtube.com/watch?v=9R4IjZpKt8I How College Board is Building Security into Application Development http://www.youtube.com/watch?v=TtqhlcTnbg8 Building Better, More Secure Applications http://www.youtube.com/watch?v=UcN2uUolgKk Using Application Security Testing to Increase Deployment Speed http://www.youtube.com/watch?v=VImy3ilYUSk IBM Security AppScan 8.7 for iOS mobile application support http://www.youtube.com/watch?v=I73tbAmJIGw IBM Security AppScan 8.7 for iOS Applications http://www.youtube.com/watch?v=egnEH-GGQEI IBM Security AppScan: Analysis Perspective http://www.youtube.com/watch?v=UZD53ZgV848
IBM AppScan Solution26 Vietsoftware International Inc. Credits  Implemented IBM Appscan for customers in Vietnam: Vietcombank; VietinBank; Vietnam Customs  Some presentations on Enterprise Mobile Solution, IoT, Security, payment at  http://www.slideshare.net/papaiking/
IBM AppScan Solution27 Vietsoftware International Inc. Smarter security for a smarter planet

Recommended

IBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security SolutionIBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security Solution
hearme limited company
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
hearme limited company
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
Amazon Web Services
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 

Recommended

IBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security SolutionIBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security Solution
hearme limited company
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
hearme limited company
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
Amazon Web Services
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
Bhushan Gurav
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
Jorge Sebastiao
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
Kevin Fealey
 
Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
Denim Group
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
The Message Within - Using McAfee DLP to Detect Hidden Steganographic ContentThe Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
bfanelli
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
hearme limited company
 
TruLink hearing control app user guide
TruLink hearing control app user guideTruLink hearing control app user guide
TruLink hearing control app user guide
Starkey Hearing Technologies
 

More Related Content

What's hot

Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
Damon Small
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
Jorge Sebastiao
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
Piyush Jain
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
Maganathin Veeraragaloo
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
Kevin Fealey
 
Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
Denim Group
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
The Message Within - Using McAfee DLP to Detect Hidden Steganographic ContentThe Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
bfanelli
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 

What's hot (20)

Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Enterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to BasicsEnterprise Vulnerability Management: Back to Basics
Enterprise Vulnerability Management: Back to Basics
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...Static Application Security Testing Strategies for Automation and Continuous ...
Static Application Security Testing Strategies for Automation and Continuous ...
 
Application Assessment Techniques
Application Assessment TechniquesApplication Assessment Techniques
Application Assessment Techniques
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Application Security
Application SecurityApplication Security
Application Security
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
The Message Within - Using McAfee DLP to Detect Hidden Steganographic ContentThe Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
The Message Within - Using McAfee DLP to Detect Hidden Steganographic Content
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 

Viewers also liked

IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
hearme limited company
 
TruLink hearing control app user guide
TruLink hearing control app user guideTruLink hearing control app user guide
TruLink hearing control app user guide
Starkey Hearing Technologies
 
Is life insurance tax deductible in super?
Is life insurance tax deductible in super?Is life insurance tax deductible in super?
Is life insurance tax deductible in super?
Chris Strano
 
Coverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property InsuranceCoverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property Insurance
Nicholas Toscano
 
GENBAND G6 datasheet
GENBAND G6 datasheetGENBAND G6 datasheet
GENBAND G6 datasheet
GENBANDcorporate
 
Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?
Alan Walsh
 
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Lars Crama
 
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
Patrick Lowenthal
 
BURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insuranceBURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insuranceDuncan Waugh
 
Avaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingAvaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensing
Motty Ben Atia
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security Whitepaper
BoxHQ
 
Capacity Planning with Free Tools
Capacity Planning with Free ToolsCapacity Planning with Free Tools
Capacity Planning with Free Tools
Adrian Cockcroft
 

Viewers also liked (13)

IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
 
TruLink hearing control app user guide
TruLink hearing control app user guideTruLink hearing control app user guide
TruLink hearing control app user guide
 
Is life insurance tax deductible in super?
Is life insurance tax deductible in super?Is life insurance tax deductible in super?
Is life insurance tax deductible in super?
 
Recommended homeowners insurance endorsements for charleston, sc
Recommended homeowners insurance endorsements for charleston, scRecommended homeowners insurance endorsements for charleston, sc
Recommended homeowners insurance endorsements for charleston, sc
 
Coverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property InsuranceCoverage Insights - Vacant Property Insurance
Coverage Insights - Vacant Property Insurance
 
GENBAND G6 datasheet
GENBAND G6 datasheetGENBAND G6 datasheet
GENBAND G6 datasheet
 
Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?Business Advisors, Consultants, and Coaches: Whats The Difference?
Business Advisors, Consultants, and Coaches: Whats The Difference?
 
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...Bridging the gap between digital and relationship marketing - DMA 2013 Though...
Bridging the gap between digital and relationship marketing - DMA 2013 Though...
 
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
SOCIAL PRESENCE: WHAT IS IT? HOW DO WE MEASURE IT?
 
BURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insuranceBURGLAR ALARM BASICS and insurance
BURGLAR ALARM BASICS and insurance
 
Avaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensingAvaya Aura 6.x suite licensing
Avaya Aura 6.x suite licensing
 
Box Security Whitepaper
Box Security WhitepaperBox Security Whitepaper
Box Security Whitepaper
 
Capacity Planning with Free Tools
Capacity Planning with Free ToolsCapacity Planning with Free Tools
Capacity Planning with Free Tools
 

Similar to IBM AppScan Source - The SAST solution

Rational App Scan&Policy Tester
Rational App Scan&Policy TesterRational App Scan&Policy Tester
Rational App Scan&Policy TesterKristina O'Regan
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
Ivanti
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Jeff Williams
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
Ashish Patel
 
Application security vision - John b
Application security vision - John bApplication security vision - John b
Application security vision - John bRoopa Nadkarni
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
Wade Malone
 
App checker
App checkerApp checker
App checker
Startupvillage2015
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
Ben Rothke
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Spv Reddy
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
Alan Kan
 
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
Agile Testing Alliance
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Sauce Labs
 
Connecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in BluemixConnecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in Bluemix
IBM
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Black Duck by Synopsys
 
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
IBM Rational
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
Outpost24
 
Brochure Swascan Overview
Brochure Swascan OverviewBrochure Swascan Overview
Brochure Swascan OverviewSara Colnago
 
Swascan
Swascan Swascan
Swascan
Pierguido Iezzi
 

Similar to IBM AppScan Source - The SAST solution (20)

Rational App Scan&Policy Tester
Rational App Scan&Policy TesterRational App Scan&Policy Tester
Rational App Scan&Policy Tester
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
Application security vision - John b
Application security vision - John bApplication security vision - John b
Application security vision - John b
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
App checker
App checkerApp checker
App checker
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
ATAGTR2017 Cost-effective Security Testing Approaches for Web, Mobile & Enter...
 
Managing Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the EnterpriseManaging Continuous Delivery of Mobile Apps - for the Enterprise
Managing Continuous Delivery of Mobile Apps - for the Enterprise
 
Connecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in BluemixConnecting Xamarin Apps with IBM Worklight in Bluemix
Connecting Xamarin Apps with IBM Worklight in Bluemix
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
4.4.2013 Software Quality - Regression Testing Automated and Manual - RFT/RQM
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
Brochure Swascan Overview
Brochure Swascan OverviewBrochure Swascan Overview
Brochure Swascan Overview
 
Swascan
Swascan Swascan
Swascan
 

More from hearme limited company

TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
hearme limited company
 
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂMCHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
hearme limited company
 
Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6
hearme limited company
 
Trải nghiệm khách hàng
Trải nghiệm khách hàngTrải nghiệm khách hàng
Trải nghiệm khách hàng
hearme limited company
 
hearme solution for Customer experience measurement
hearme solution for Customer experience measurementhearme solution for Customer experience measurement
hearme solution for Customer experience measurement
hearme limited company
 
Giải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearmeGiải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearme
hearme limited company
 
Open Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application SystemOpen Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application System
hearme limited company
 
Mobile Enterprise Application vision
Mobile Enterprise Application visionMobile Enterprise Application vision
Mobile Enterprise Application vision
hearme limited company
 
Mobile payment solution
Mobile payment solutionMobile payment solution
Mobile payment solution
hearme limited company
 
on Sales Performance Management system
on Sales Performance Management systemon Sales Performance Management system
on Sales Performance Management system
hearme limited company
 
GIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM WorklightGIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM Worklight
hearme limited company
 
Apply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking systemApply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking system
hearme limited company
 
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺGIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
hearme limited company
 
Giới thiệu về Chợ xây dựng
Giới thiệu về Chợ xây dựngGiới thiệu về Chợ xây dựng
Giới thiệu về Chợ xây dựng
hearme limited company
 

More from hearme limited company (14)

TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
TOÀN DIỆN VỀ TRẢI NGHIỆM KHÁCH HÀNG TRONG KỶ NGUYÊN 4.0
 
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂMCHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
CHUYỂN ĐỐI SỐ LẤY KHÁCH HÀNG LÀM TRUNG TÂM
 
Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6Hướng dẫn sử dụng hearme - v1.8.6
Hướng dẫn sử dụng hearme - v1.8.6
 
Trải nghiệm khách hàng
Trải nghiệm khách hàngTrải nghiệm khách hàng
Trải nghiệm khách hàng
 
hearme solution for Customer experience measurement
hearme solution for Customer experience measurementhearme solution for Customer experience measurement
hearme solution for Customer experience measurement
 
Giải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearmeGiải pháp đo lường hài lòng khách hàng hearme
Giải pháp đo lường hài lòng khách hàng hearme
 
Open Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application SystemOpen Source solution for Mobile Enterprise Application System
Open Source solution for Mobile Enterprise Application System
 
Mobile Enterprise Application vision
Mobile Enterprise Application visionMobile Enterprise Application vision
Mobile Enterprise Application vision
 
Mobile payment solution
Mobile payment solutionMobile payment solution
Mobile payment solution
 
on Sales Performance Management system
on Sales Performance Management systemon Sales Performance Management system
on Sales Performance Management system
 
GIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM WorklightGIỚI THIỆU GIẢI PHÁP IBM Worklight
GIỚI THIỆU GIẢI PHÁP IBM Worklight
 
Apply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking systemApply Logistic Regression model in Making Celebrity's popularity ranking system
Apply Logistic Regression model in Making Celebrity's popularity ranking system
 
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺGIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
GIẢI PHÁP DI ĐỘNG CHO NGÂN HÀNG BÁN LẺ
 
Giới thiệu về Chợ xây dựng
Giới thiệu về Chợ xây dựngGiới thiệu về Chợ xây dựng
Giới thiệu về Chợ xây dựng
 

Recently uploaded

Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
Jelle | Nordend
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
ayushiqss
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 

Recently uploaded (20)

Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
Vitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume MontevideoVitthal Shirke Microservices Resume Montevideo
Vitthal Shirke Microservices Resume Montevideo
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Why React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdfWhy React Native as a Strategic Advantage for Startup Innovation.pdf
Why React Native as a Strategic Advantage for Startup Innovation.pdf
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 

IBM AppScan Source - The SAST solution

  • 1. IBM AppScan Source The SAST solution Thuc X.Vu <thuc@labsofthings.com> Reseacher, founder of IoT and Data processing Labs Vietsoftware International Inc. Website: http://labsofthings.com/
  • 2. IBM AppScan Solution2 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 3. IBM AppScan Solution3 Vietsoftware International Inc. Understanding what AppScan Source is  AppScan Source is a static application security testing (SAST) solution.  Scans application source code for security vulnerabilities: SQL injection, command injection, cross-site scripting, buffer overflow  These vulnerabilities are exploitable weaknesses in code that lead to: 1. Loss of reputation 2. Loss of money 3. A breach or an exposure of sensitive information 4. Business noncompliance  AppScan Source enables organizations to proactively identify and mitigate security risk.
  • 4. IBM AppScan Solution5 Vietsoftware International Inc. AppScan Source components Source for Analysis, Source for Development, Source for Remediation, Source for Automation 1. AppScan Source for Automation Allow Build Teams to execute Scans at Build time Command line tooling and build tools allow for ease of automation Assessment Publishing and Reporting directly from Automation
  • 5. IBM AppScan Solution6 Vietsoftware International Inc. AppScan Source components (Cont.) 2. AppScan Source for Development Allow Developers to perform Security Scans Plugins supplied for IDE Remediate Vulnerabilities 3. AppScan Source for Analysis  Allow Security Analysts to Configure Applications for SAST Scanning, Optimize Scan Configuration to Focus on Vulnerable Source Code  Analyze, isolate, and take action on priority vulnerabilities.  Provides security analysts, QA managers, and development managers with fast time-to-results.
  • 6. IBM AppScan Solution7 Vietsoftware International Inc. AppScan Source components (Cont.) AppScan Source Database  An out-of-the-box database that persists the AppScan Source Security Knowledgebase data, assessment data, and application/project inventory. AppScan Source command line interface (CLI) client  Provides command line access to various AppScan Source functions to enable integration, automation, and scripting.  Plugins for Make, Ant, and Maven allow the configuration process to be automated
  • 7. IBM AppScan Solution8 Vietsoftware International Inc. AppScan Source Edition Products vs Roles
  • 8. IBM AppScan Solution9 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 9. IBM AppScan Solution10 Vietsoftware International Inc. Standard desktop deployment
  • 10. IBM AppScan Solution11 Vietsoftware International Inc. Standard desktop deployment (Cont.) Used in small organization, for a security analyst/auditor who performs security assessments No defect tracking system integration or build integration Using the AppScan Source administrative account, and no LDAP Directory Server integration
  • 11. IBM AppScan Solution12 Vietsoftware International Inc. Small workgroup deployment
  • 12. IBM AppScan Solution13 Vietsoftware International Inc. Small workgroup deployment (Cont.) Used in small to moderate organization Dedicated to different roles: Administrator, Manager, Security Analyst, Developer Build Automation server integration
  • 13. IBM AppScan Solution14 Vietsoftware International Inc. Enterprise workgroup deployment
  • 14. IBM AppScan Solution15 Vietsoftware International Inc. Enterprise workgroup deployment (Cont.) Integrate with Defect tracking system Authentication with LDAP integration
  • 15. IBM AppScan Solution16 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 16. IBM AppScan Solution17 Vietsoftware International Inc. AppScan Source Features and Tooling  Configuration perspective: - Import existing applications from IDEs - Configure AppScan Source applications and projects - Scan code - Create and manage applications, projects, and attributes  Triage perspective: - View scan results to prioritize remediation workflow - Organize findings - Filter findings - Promote, demote, and dispatch findings for remediation  Analysis perspective: - Drill down to individual findings - Track data flow visually though the source code (trace) - Access contextual remediation assistance - Generate Reports
  • 17. IBM AppScan Solution18 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 18. IBM AppScan Solution19 Vietsoftware International Inc. Continuous Improvement Environment CONFIGURE TRIAGE ASSIGNREMEDIATE AppScan Source •For Analysis •For Development •For Automation AppScan Enterprise AppScan Source •For Remediation •For Development REPORT High-confidence findings >>>>> > > > > > >> > > > > > > AppScan Source •For Analysis AppScan Source •For Analysis SCAN
  • 19. IBM AppScan Solution20 Vietsoftware International Inc. Security Analyst Workflow Security Professionals using AppScan Source for Security: Total time: 2-3 weeks / application • Applications are scanned once per year or less • Minimal carry-over for subsequent scans
  • 20. IBM AppScan Solution21 Vietsoftware International Inc. Developer Workflow Any developer using AppScan Source for Development: Total Time: ½ - 1 day •Developers cannot develop while scanning (can take hours) •Developers are not security experts •Scan workflow interrupts agile workflows
  • 21. IBM AppScan Solution22 Vietsoftware International Inc. Agenda  Understanding what AppScan Source is  AppScan Source components  Deployment models  Features and Tooling  Workflow  DEMO
  • 22. IBM AppScan Solution23 Vietsoftware International Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose Magic Quadrant for Application Security Testing Neil MacDonald, Joseph Feiman July 2, 2013 This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The link to the Gartner report is available upon request from IBM. “The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing the need to combine dynamic and static testing capabilities, which is reshaping the overall market.” Gartner has recognized IBM as a leader in the Magic Quadrant for Application Security Testing (AST)
  • 23. IBM AppScan Solution24 Vietsoftware International Inc. Additional Information  Documents  EMA Impact Brief - IBM Security AppScan 8.7 Adds Support for iOS Mobile Apps https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg- WW_Security_Organic&S_PKG=ov14494&S_TACT=102PW29W  AppScan Source Data Sheet http://public.dhe.ibm.com/common/ssi/ecm/en/rad14105usen/RAD14105USEN.PDF  AppScan Standard Data Sheet: http://public.dhe.ibm.com/common/ssi/ecm/en/rad14019usen/RAD14019USEN.PDF  AppScan Enterprise Data Sheet ftp://public.dhe.ibm.com/common/ssi/ecm/en/rad14113usen/RAD14113USEN.PDF  Posts  2013 Gartner Application Security Testing MQ and the Evolution of Software Security http://securityintelligence.com/2013-gartner-application-security-testing-mq-and-the-evolution-of-software-security/  Gartner Publishes 2013 Magic Quadrant for Application Security Testing (AST) http://securityintelligence.com/gartner-magic-quadrant-for-application-security-testing-2013/  Podcasts  2013 Gartner Magic Quadrant for Application Security Testing  http://www.blogtalkradio.com/calebbarlow/2013/07/25/2013-gartner-magic-quadrant-for-application-security-testing  Application + Threat + Security intelligence = Priceless  http://www.blogtalkradio.com/calebbarlow/2012/08/13/threat-application-security-intelligence-priceless  Taking Application Security from the Whiteboard to Reality  http://www.blogtalkradio.com/calebbarlow/2012/06/11/taking-application-security-from-the-whiteboard-to-reality
  • 24. IBM AppScan Solution25 Vietsoftware International Inc. Videos Overview of IBM Security AppScan http://www.youtube.com/watch?v=9R4IjZpKt8I How College Board is Building Security into Application Development http://www.youtube.com/watch?v=TtqhlcTnbg8 Building Better, More Secure Applications http://www.youtube.com/watch?v=UcN2uUolgKk Using Application Security Testing to Increase Deployment Speed http://www.youtube.com/watch?v=VImy3ilYUSk IBM Security AppScan 8.7 for iOS mobile application support http://www.youtube.com/watch?v=I73tbAmJIGw IBM Security AppScan 8.7 for iOS Applications http://www.youtube.com/watch?v=egnEH-GGQEI IBM Security AppScan: Analysis Perspective http://www.youtube.com/watch?v=UZD53ZgV848
  • 25. IBM AppScan Solution26 Vietsoftware International Inc. Credits  Implemented IBM Appscan for customers in Vietnam: Vietcombank; VietinBank; Vietnam Customs  Some presentations on Enterprise Mobile Solution, IoT, Security, payment at  http://www.slideshare.net/papaiking/
  • 26. IBM AppScan Solution27 Vietsoftware International Inc. Smarter security for a smarter planet