SA
Uploaded byScott Althouse
PPTX, PDF1,763 views

Rational application-security-071411

This document discusses IBM's Rational Application Security solution. It begins with current trends in application security, noting that web applications are the greatest risk and source of vulnerabilities. It then introduces Rational AppScan Suite for comprehensive application vulnerability management. The document discusses strategies for customer success, including integrating application security into the development lifecycle. It provides an overview of the Rational AppScan Suite and how IBM offers full application security coverage through additional products that complement Rational AppScan.

Embed presentation

Downloaded 33 times
IBM Security SolutionsIBM Rational Application Security
2AgendaCurrent Trends in Application SecurityThe SolutionStrategies for Customer SuccessRational AppScan SuiteIBM Application Security Coverage
Executive SummaryWeb applications are the greatest source of risk for organizationsRational Application Security enables organizations to address root cause of this riskAppScan leverages a mix of technologies (static & dynamic)AppScan is a key part of IBM Security’s full solution view of application security 3Rational AppScan SuiteenablesComprehensive Application Vulnerability Management
The Costs from Security Breaches are Staggering4285 Million records compromised in 2008Verizon 2009 data Breach Investigations Report$204 Cost per Compromised RecordPonemon 2009-2010 Cost of a data Breach ReportTranslates to $58.1BCost to CoRporations
Sources of Security Breach Costs5Unbudgeted Costs: Customer notification / care
Government fines
Litigation
Reputational damage
Brand erosion
Cost to repair1,000,000x10x1xSecurity FlawDamage to EnterpriseFunctional FlawDevelopmentTestDeployment
Web Applications are the greatest risk to organizations6Web application vulnerabilities represented the largest category in vulnerability disclosures
In 2009, 49% of all vulnerabilities were Web application vulnerabilities
SQL injection and Cross-Site Scripting are neck and neck in a race for the top spotIBM Internet Security Systems 2009 X-Force®Year End Trend & Risk Report
Why are Web Applications so Vulnerable?7Developers are mandated to deliver functionality on-time and on-budget - but not to develop secure applicationsDevelopers are not generally educated in secure code practicesProduct innovation is driving development of increasingly complicated software for a Smarter PlanetNetwork scanners won’t find application vulnerabilities and firewalls/IPS don’t block application attacksVolumes of applications continue to be deployed that are riddled with security flaws… …and are non compliant with industry regulations
8Clients’ security challenges in a smarter planet Key drivers for security projectsIncreasing ComplexityRising CostsEnsuring Compliance Spending by U.S. companies on governance, risk and compliance will grow to $29.8 billionin 2010Soon, there will be 1 trillionconnected devices in the world, constituting an “internet of things”The cost of a data breach increased to $204 per compromised customer record Source  http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html
Market DriversRegulatory & Standards ComplianceeCommerce: PCI-DSS, PA-DSSFinancial Services: GLBAEnergy: NERC / FERCGovernment: FISMAUser demand Rich application demand is pushing development to advanced code techniques – Web 2.0 introducing more exposuresCost cutting in current economic climate Demands increased efficienciesCyber Blitz Hits U.S., Korea Websites -WSJJuly 9th, 2009“Web-based malware up 400%, 68% hosted on legitimate sites” — ZDnet, June 2008Hackers Break Into Virginia Health Website, Demand Ransom — Washington Post, May, 2009
10AgendaCurrent Trends in Application SecurityThe SolutionStrategies for Customer SuccessRational AppScan SuiteIBM Application Security Coverage
The Solution - Security for Smarter ProductsSmarter Products require secure applications
Security needs to be built into the development process and addressed throughout the development lifecycle
Providing security for smarter products requires comprehensive security solutions deployed in concert with application lifecycle management offerings that:
Provide integrated testing solutions for developers, QA, Security and Compliance stakeholders
Leveragemultiple appropriate testing technologies (static & dynamic analysis)
Provide effortless security that allows development to be part of the solution
Supportgovernance, reporting and dashboards
Can facilitate collaboration between development and security teams11

More Related Content

PPT
IBM Rational AppScan Product Overview
byAshish Patel
 
PPT
Business cases for software security
byMarco Morana
 
PPT
IBM AppScan Enterprise - The total software security solution
byhearme limited company
 
PPT
Software Security Initiatives
byMarco Morana
 
PDF
Healthcare application-security-practices-survey-veracode
byVeracode
 
PPT
Core.co.enterprise.deck.06.16.10
byCore Security Technologies
 
PDF
IBM Rational App Scan Tester Edition and Quality Manager
byАлександр Шамрай
 
PPTX
Veracode - Inglês
byDeServ - Tecnologia e Servços
 
IBM Rational AppScan Product Overview
byAshish Patel
 
Business cases for software security
byMarco Morana
 
IBM AppScan Enterprise - The total software security solution
byhearme limited company
 
Software Security Initiatives
byMarco Morana
 
Healthcare application-security-practices-survey-veracode
byVeracode
 
Core.co.enterprise.deck.06.16.10
byCore Security Technologies
 
IBM Rational App Scan Tester Edition and Quality Manager
byАлександр Шамрай
 
Veracode - Inglês
byDeServ - Tecnologia e Servços
 

What's hot

PDF
Cybersecurity Best Practices for 3rd Party Supply Chain
byAnthony Braddy
 
PDF
Irv Badr: Managing Risk Safety and Security Compliance
byEnergyTech2015
 
PPT
IBM AppScan - the total software security solution
byhearme limited company
 
PDF
Applicaiton Security - Building The Audit Program
byMichael Davis
 
PPT
IBM AppScan Standard - The Web Application Security Solution
byhearme limited company
 
PDF
Veracode - Overview
byStephen Durrant
 
PPTX
Strengthening cyber resilience with Software Supply Chain Visibility
bySonatype
 
PPTX
Intelligence on the Intractable Problem of Software Security
byTyler Shields
 
PPTX
What’s making way for secure sdlc
byAvancercorp
 
PPT
IBM Rational AppScan Technical Overview
byAshish Patel
 
PPTX
Secure Software Development Life Cycle
byMaurice Dawson
 
PPT
IBM AppScan Source - The SAST solution
byhearme limited company
 
PDF
Risks in the Software Supply Chain
byMark Sherman
 
PDF
Veracode State of Software Security vol 4
bystemkat
 
PDF
IRJET-A Review of Testing Technology in Web Application System
byIRJET Journal
 
PDF
Security results of_the_wqr_2015_16
byEmily Brady
 
PDF
Applying Software Quality Models to Software Security
byCAST
 
PDF
Qualitykiosk And Its Deliverables
bybibhupadhi
 
PPTX
Lean and (Prepared for) Mean: Application Security Program Essentials
byPhilip Beyer
 
PPTX
Secure SDLC Framework
byRishi Kant
 
Cybersecurity Best Practices for 3rd Party Supply Chain
byAnthony Braddy
 
Irv Badr: Managing Risk Safety and Security Compliance
byEnergyTech2015
 
IBM AppScan - the total software security solution
byhearme limited company
 
Applicaiton Security - Building The Audit Program
byMichael Davis
 
IBM AppScan Standard - The Web Application Security Solution
byhearme limited company
 
Veracode - Overview
byStephen Durrant
 
Strengthening cyber resilience with Software Supply Chain Visibility
bySonatype
 
Intelligence on the Intractable Problem of Software Security
byTyler Shields
 
What’s making way for secure sdlc
byAvancercorp
 
IBM Rational AppScan Technical Overview
byAshish Patel
 
Secure Software Development Life Cycle
byMaurice Dawson
 
IBM AppScan Source - The SAST solution
byhearme limited company
 
Risks in the Software Supply Chain
byMark Sherman
 
Veracode State of Software Security vol 4
bystemkat
 
IRJET-A Review of Testing Technology in Web Application System
byIRJET Journal
 
Security results of_the_wqr_2015_16
byEmily Brady
 
Applying Software Quality Models to Software Security
byCAST
 
Qualitykiosk And Its Deliverables
bybibhupadhi
 
Lean and (Prepared for) Mean: Application Security Program Essentials
byPhilip Beyer
 
Secure SDLC Framework
byRishi Kant
 

Similar to Rational application-security-071411

PPTX
Digital Product Security
bySoftServe
 
PDF
Unified application security analyser
byTim Youm
 
PDF
Cyber security series Application Security
byJim Kaplan CIA CFE
 
PPTX
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
bylior mazor
 
PDF
Top 6 Web Application Security Best Practices.pdf
bySolviosTechnology
 
PPTX
Best Practices for a Mature Application Security Program Webinar - February 2016
bySecurity Innovation
 
PDF
Ibm עמרי וייסמן
bylihig
 
PDF
Omri
bylihig
 
PDF
Ibm עמרי וייסמן
bylihig
 
PDF
Streamlining AppSec Policy Definition.pptx
bytmbainjr131
 
PDF
Application security vision - John b
byRoopa Nadkarni
 
PDF
AppSec in an Agile World
byDavid Lindner
 
PDF
application-security-fallacies-and-realities-veracode
bysciccone
 
PDF
Outpost24 Webinar - Creating a sustainable application security program to dr...
byOutpost24
 
PPT
Software Security in the Real World
byMark Curphey
 
PPTX
Application Hackers Have A Handbook. Why Shouldn't You?
byLondon School of Cyber Security
 
PDF
Web Application Security - Everything You Should Know
byNarola Infotech
 
PDF
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
byDenim Group
 
PDF
Application Security Testing for Software Engineers: An approach to build sof...
byMichael Hidalgo
 
PPTX
Application Security TRENDS – Lessons Learnt- Firosh Ummer
byOWASP-Qatar Chapter
 
Digital Product Security
bySoftServe
 
Unified application security analyser
byTim Youm
 
Cyber security series Application Security
byJim Kaplan CIA CFE
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
bylior mazor
 
Top 6 Web Application Security Best Practices.pdf
bySolviosTechnology
 
Best Practices for a Mature Application Security Program Webinar - February 2016
bySecurity Innovation
 
Ibm עמרי וייסמן
bylihig
 
Omri
bylihig
 
Ibm עמרי וייסמן
bylihig
 
Streamlining AppSec Policy Definition.pptx
bytmbainjr131
 
Application security vision - John b
byRoopa Nadkarni
 
AppSec in an Agile World
byDavid Lindner
 
application-security-fallacies-and-realities-veracode
bysciccone
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
byOutpost24
 
Software Security in the Real World
byMark Curphey
 
Application Hackers Have A Handbook. Why Shouldn't You?
byLondon School of Cyber Security
 
Web Application Security - Everything You Should Know
byNarola Infotech
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
byDenim Group
 
Application Security Testing for Software Engineers: An approach to build sof...
byMichael Hidalgo
 
Application Security TRENDS – Lessons Learnt- Firosh Ummer
byOWASP-Qatar Chapter
 

More from Scott Althouse

PDF
Passing internal and external audits with reporting and dashboards nov 2011
byScott Althouse
 
PDF
Passing internal and external audits with reporting and dashboards nov 2011
byScott Althouse
 
PPT
Risk management in development of life critical systems
byScott Althouse
 
PDF
Rhapsody reverseengineering
byScott Althouse
 
PPTX
Saving resources with simulation webinar 092011
byScott Althouse
 
PDF
Ed Mayer- Getting from Good Requirements to Good Code
byScott Althouse
 
PDF
IBM Rational 8/16 Webinar Presentation
byScott Althouse
 
Passing internal and external audits with reporting and dashboards nov 2011
byScott Althouse
 
Passing internal and external audits with reporting and dashboards nov 2011
byScott Althouse
 
Risk management in development of life critical systems
byScott Althouse
 
Rhapsody reverseengineering
byScott Althouse
 
Saving resources with simulation webinar 092011
byScott Althouse
 
Ed Mayer- Getting from Good Requirements to Good Code
byScott Althouse
 
IBM Rational 8/16 Webinar Presentation
byScott Althouse
 

Recently uploaded

PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 

Rational application-security-071411

  • 1.
    IBM Security SolutionsIBMRational Application Security
  • 2.
    2AgendaCurrent Trends inApplication SecurityThe SolutionStrategies for Customer SuccessRational AppScan SuiteIBM Application Security Coverage
  • 3.
    Executive SummaryWeb applicationsare the greatest source of risk for organizationsRational Application Security enables organizations to address root cause of this riskAppScan leverages a mix of technologies (static & dynamic)AppScan is a key part of IBM Security’s full solution view of application security 3Rational AppScan SuiteenablesComprehensive Application Vulnerability Management
  • 4.
    The Costs fromSecurity Breaches are Staggering4285 Million records compromised in 2008Verizon 2009 data Breach Investigations Report$204 Cost per Compromised RecordPonemon 2009-2010 Cost of a data Breach ReportTranslates to $58.1BCost to CoRporations
  • 5.
    Sources of SecurityBreach Costs5Unbudgeted Costs: Customer notification / care
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
    Cost torepair1,000,000x10x1xSecurity FlawDamage to EnterpriseFunctional FlawDevelopmentTestDeployment
  • 11.
    Web Applications arethe greatest risk to organizations6Web application vulnerabilities represented the largest category in vulnerability disclosures
  • 12.
    In 2009, 49%of all vulnerabilities were Web application vulnerabilities
  • 13.
    SQL injection andCross-Site Scripting are neck and neck in a race for the top spotIBM Internet Security Systems 2009 X-Force®Year End Trend & Risk Report
  • 14.
    Why are WebApplications so Vulnerable?7Developers are mandated to deliver functionality on-time and on-budget - but not to develop secure applicationsDevelopers are not generally educated in secure code practicesProduct innovation is driving development of increasingly complicated software for a Smarter PlanetNetwork scanners won’t find application vulnerabilities and firewalls/IPS don’t block application attacksVolumes of applications continue to be deployed that are riddled with security flaws… …and are non compliant with industry regulations
  • 15.
    8Clients’ security challengesin a smarter planet Key drivers for security projectsIncreasing ComplexityRising CostsEnsuring Compliance Spending by U.S. companies on governance, risk and compliance will grow to $29.8 billionin 2010Soon, there will be 1 trillionconnected devices in the world, constituting an “internet of things”The cost of a data breach increased to $204 per compromised customer record Source  http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1375707,00.html
  • 16.
    Market DriversRegulatory &Standards ComplianceeCommerce: PCI-DSS, PA-DSSFinancial Services: GLBAEnergy: NERC / FERCGovernment: FISMAUser demand Rich application demand is pushing development to advanced code techniques – Web 2.0 introducing more exposuresCost cutting in current economic climate Demands increased efficienciesCyber Blitz Hits U.S., Korea Websites -WSJJuly 9th, 2009“Web-based malware up 400%, 68% hosted on legitimate sites” — ZDnet, June 2008Hackers Break Into Virginia Health Website, Demand Ransom — Washington Post, May, 2009
  • 17.
    10AgendaCurrent Trends inApplication SecurityThe SolutionStrategies for Customer SuccessRational AppScan SuiteIBM Application Security Coverage
  • 18.
    The Solution -Security for Smarter ProductsSmarter Products require secure applications
  • 19.
    Security needs tobe built into the development process and addressed throughout the development lifecycle
  • 20.
    Providing security forsmarter products requires comprehensive security solutions deployed in concert with application lifecycle management offerings that:
  • 21.
    Provide integrated testingsolutions for developers, QA, Security and Compliance stakeholders
  • 22.
    Leveragemultiple appropriate testingtechnologies (static & dynamic analysis)
  • 23.
    Provide effortless securitythat allows development to be part of the solution
  • 24.
  • 25.
    Can facilitate collaborationbetween development and security teams11

Editor's Notes

  • #4 Web applications are the greatest source of risk for organizations today. And Rational application security can allow organizations to address the root cause of this risk. That’s a significant statement because there are different application security solutions out there that are more protection and patch that don’t address the root case. recard).  We leverage a mix of technologies both static and dynamic to enable the right use cases. So not only do we speak to the technologies but we focus on building the right solution for the right stakeholder whether you’re talking to a security auditor, build manager, developer, QUA tester. We’ve built our portfolios to support these different - these cases.  And beyond that AppScan is the key part of IBM’s full solution view of application security so we’re not just a point solution like many of thetier two competitors that we see in the market. We’re a full solution for application vulnerability management but we’re also full solution for application security from vulnerability management to identity and access management to application firewalls and IPSs. So there’s a full story that we’ll get into shortly but in summary: we’re a comprehensive application vulnerability management solution.
  • #5 some new stats that may be new to your customer f they’re not already aware of the severity and prevalence. Verizon business report, in their report from 2009 they found that there were 285 million records that were compromised. We married this data point with Ponemon’s research that cost of a compromised record cost to an organization is $204 per record and that translates to over $58 billion cost to corporations. That’s a pretty significant problem and one that CIOs, (CSOs) can’t ignore
  • #6 There’re multiple sources of breach cost but the key point on this slide is that you should fix security issues early in the process. If that doesn’t happen, if this gets in the field and there’s a breach as a result, the cost of a security flaw is exponentially higher then what is typically seen for a functional flaw.  And these cost organizations come in in many different forms from government litigation, brand damage, revenue, cost repair and audits
  • #7 More data from IBM X source year end report. About half - Web application vulnerabilities is the largest category. Vulnerability disclosures represent about half of all vulnerabilities that exist for the organization.
  • #8 Why are applications so vulnerable? Developers are mandated to deliver functionality on time and on budget, not to develop secure applications. So security is not a priority for them.  They’re also not generally education in secure code practices. Additionally, product innovation, the whole smarter planet discussion is driving development of increasingly complex software. We’re all over that. When developers limits are being stretched, they’re focusing on the functionality of those applications, not the security, and increasing complexity generally increases risk within these applications.  And of course the discussion that we continue to see, network scanners don’t find application vulnerabilities and the firewall IPSs don’t block application attack.  So what’s happening is that we just continue to see volumes of applications that are deployed which are riddled with security flaws and they’re also non-compliant in industry regulations. 
  • #9 These new risks are significant drivers for security products. There’s increase in complexity. And then of course, compliance continues to be a main focal point in these discussions.
  • #12 Security should be build into the development process vs. bolted on. Testing for vulnerabilities should be a seamless part of development that happens throughout the development lifecycle.Integrated testing solution for developers, QA, Security and Compliance stakeholdersIntegrated solution that allows for testing at all steps of Software Delivery from coding, build, QA, audit to production. Leverage best of both leading testing technologiesSolutions leverage a combination of Blackbox + Whitebox technologiesEffortless Security Developers should not have to be security experts Tools should be easy to configure, results should be accurateGovernance, reporting and dashboardsCentral control over test policiesVisibility through dashboards and reportsFacilitate collaboration between development and security teamsIssues can be assigned and tracked