1) The SAS Software Security Framework defines SAS's secure software development process, which includes education on security threats, secure architecture and design principles, secure development standards, security testing and validation, and processes for responding to and remediating issues.
2) A key component is educating software engineers on security issues so they can design, develop, and support secure products. SAS implements standards like the OWASP Top 10 and works to eliminate common vulnerabilities.
3) SAS performs various security tests using internal and third-party tools, and addresses any issues found before releasing software. The goal is to deliver products that meet customers' security requirements and expectations.
Integrating Application Security into a Software Development ProcessAchim D. Brucker
Static Code Analysis (SCA) is an important means for detecting software vulnerabilities at an early stage in the software development lifecycle. The wide-spread introducing static code analysis at a large software vendor is challenging. Besides the technical challenges, e.g., caused by the large number of software development projects, large number of used programming languages (e.g., ABAP, C, Objective-C, ...), the use of dynamic programming models such as HTML5/JavaScript, there are also many non-technical challenges, e.g, creating security awareness among the developers, organizing trainings, integration of static code analysis into the development and maintenance processes. In this talk, we report the experiences we made while introducing static code analysis at SAP AG.
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."
Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP.
In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.
Realizing Software Security Maturity: The Growing Pains and GainsPriyanka Aash
Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seeks to grow in maturity over time? Come hear how one team has taken on this challenge and learn what has, and has not, worked on their own journey.
Learning Objectives:
1: Gain real-world insight on how to realize the Security Development Lifecycle.
2: Learn approaches to make working with engineers a great experience for all.
3: Understand how to track progress and maturity without simply “bug counting.”
(Source: RSA Conference USA 2018)
DevSecOps is a recent offshoot of the DevOps movement, which doubles down on the importance of security. As security continues to be downplayed or ignored even as the threat landscape explodes, DevSecOps promotes a set of well-developed design principles and engineering patterns which involve security owners and product designers much earlier. DevSecOps lays out a robust and practical blueprint for building security features into the design process, leveraging new engineering tools and patterns and creating a secure, defensible software right from the start.
Join Chris Knotts, Innovation Product Director at Cprime, to:
- Learn how the concept of "shifting left" applies to application security and how to prioritize security requirements earlier in the design process
- Get an introduction to a few of the most effective engineering tools for implementing DevSecOps, including popular code scanners, dependency checkers, and free open-source products
- Understand how progress with DevSecOps depends on roles and stakeholders outside of just security staff
Integrating security into the development of an application or software is necessary to decrease its risk of susceptibility to attacks and exploits. Traditional methods of security testing were performed on a finished product. However, with the rise in the intensity and the number of attack vectors, it has become necessary for organizations to include it as a part of every phase of an SDLC.
Integrating Application Security into a Software Development ProcessAchim D. Brucker
Static Code Analysis (SCA) is an important means for detecting software vulnerabilities at an early stage in the software development lifecycle. The wide-spread introducing static code analysis at a large software vendor is challenging. Besides the technical challenges, e.g., caused by the large number of software development projects, large number of used programming languages (e.g., ABAP, C, Objective-C, ...), the use of dynamic programming models such as HTML5/JavaScript, there are also many non-technical challenges, e.g, creating security awareness among the developers, organizing trainings, integration of static code analysis into the development and maintenance processes. In this talk, we report the experiences we made while introducing static code analysis at SAP AG.
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."
Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP.
In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.
Realizing Software Security Maturity: The Growing Pains and GainsPriyanka Aash
Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seeks to grow in maturity over time? Come hear how one team has taken on this challenge and learn what has, and has not, worked on their own journey.
Learning Objectives:
1: Gain real-world insight on how to realize the Security Development Lifecycle.
2: Learn approaches to make working with engineers a great experience for all.
3: Understand how to track progress and maturity without simply “bug counting.”
(Source: RSA Conference USA 2018)
DevSecOps is a recent offshoot of the DevOps movement, which doubles down on the importance of security. As security continues to be downplayed or ignored even as the threat landscape explodes, DevSecOps promotes a set of well-developed design principles and engineering patterns which involve security owners and product designers much earlier. DevSecOps lays out a robust and practical blueprint for building security features into the design process, leveraging new engineering tools and patterns and creating a secure, defensible software right from the start.
Join Chris Knotts, Innovation Product Director at Cprime, to:
- Learn how the concept of "shifting left" applies to application security and how to prioritize security requirements earlier in the design process
- Get an introduction to a few of the most effective engineering tools for implementing DevSecOps, including popular code scanners, dependency checkers, and free open-source products
- Understand how progress with DevSecOps depends on roles and stakeholders outside of just security staff
Integrating security into the development of an application or software is necessary to decrease its risk of susceptibility to attacks and exploits. Traditional methods of security testing were performed on a finished product. However, with the rise in the intensity and the number of attack vectors, it has become necessary for organizations to include it as a part of every phase of an SDLC.
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
CompTIA Advanced Security Practitioner Study Guide:CAS-002 is the updated edition of the bestselling book covering the CASP certification exam.http://www.examcollectionvce.com/vce-CAS-002.html
4 approaches to integrate dev secops in development cycleEnov8
DevSecOps is an advanced extension of the DevOps technique in application engineering. In this model, developers/software engineers, operations teams and security teams collaborate and function closely throughout the software development lifecycle (SDLC) workflows and continuous integration / continuous deployment (CI/CD) pipelines.
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
The combination of growing component usage, coupled with lack of security, requires us to urgently re-evaluate traditional application security approaches and identify practical next steps for closing these security gaps.
Threat simulation and modeling training shows you the different sorts of threat modeling procedures and encourages you to apply threat modeling as a propelled preventive type of security. TONEX as a pioneer in security industry for over 15 years is presently declaring the threat simulation and modeling training which encourages you to perceive procedures, apparatuses and contextual investigations of effective threat modeling method.
Threat Simulation and Modeling Training course covers a variety of topics in cybersecurity area such as:
Process for attack simulation and threat analysis (PASTA)
PASTA steps
Common attack patter enumeration and classification (CAPEC)
Threat modeling with SDLC and existing threat modeling approaches.
Moreover, you will be introduced to threat analysis, weakens
and vulnerability analysis, attack modeling and simulation,
and residual risk analysis and management.
Learn About:
PASTA, objectives of risk analysis, risk centric threat modeling, and weakness and vulnerability analysis basics.
Common attack pattern enumeration such as: HTTP response splitting, SQL injection, XSS strings, phishing, buffer overflow, authentication protocol attacks or even cache poisoning.
Threat analysis approaches and principles to give you the step by step straight forward methodology to conduct the threat modeling and analysis. Moreover, a detailed introduction of existing threat modeling approaches are included in the course. Examples of such approaches can be: CVSS, CERT, DREAD, and SDL threat modeling.
Who Can Benefit from Threat Simulation and Modeling Training ?
If you are an IT professional who specialize in computer security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of threat simulation and modeling training and will prepare yourself for your career.
Threat Simulation and Modeling Training Features :
Threat simulation and modeling training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle all the related computer threat challenges.
Our instructors at TONEX will help you to understand the step by step procedure for attack simulation and modeling such as enumerating the attack vector, assessing the probability of attacks, attack driven security tests or attack library update
Learn more about course audience, course objectives, course outline, workshop pricing, etc.
Threat Simulation and Modeling Training
https://www.tonex.com/training-courses/threat-simulation-and-modeling-training/
Devops security-An Insight into Secure-SDLCSuman Sourav
The integration of Security into DevOps is already happening out of necessity. DevOps is a powerful paradigm shift and companies often don’t understand how security fits. Aim of this session is to give an overview of DevOps security and How security can be integrated and automated into each phases of software development life-cycle.
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
Threat modeling is a valuable technique for identifying potential security issues in complex applications but many teams have been slow to adopt. This presentation looks at Threat Modeling from two perspectives – from that of a system builder trying to avoid introducing security defects into a new system and from that of a system tester trying to identify security issues in an existing system. The materials include discussion of where threat modeling is best done during the development lifecycle as well as the process of creating and refining a threat model.
Follow Dan Cornell on twitter - @danielcornell
Most application security efforts are misguided and ineffective. Why? Because while many security practitioners have a good understanding of how to find application vulnerabilities and exploit them, they often don't understand how software development teams work, especially in Agile/DevOps organizations. This leads to flawed programs. If we want to build secure applications, we have to meet development teams where they are by embedding security into their processes.
Importance of Azure infrastructure?-Microsoft Azure security infrastructureZabeel Institute
Microsoft Azure security infrastructure as a solution (IaaS) is an instant computer facility, provisioned and handled over the internet. A cloud computing company, such as Azure, manages the facilities, while you acquire, set up, set up as well as manage your very own software program– operating systems, middleware, and applications.
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Sonatype
In 2013, the Open Web Application Security Project (OWASP) was updated to include “A9: using components with known vulnerabilities.” This paper explains this new threat with practical ideas for reducing risk from open source components which now comprise 80% of an average application.
AV-Comparatives’ 2017 business software reviewJermund Ottermo
The review looks at security products for business Windows endpoints, focusing the following:
- EDR features
- Management Console
- Windows client (desktop and server) protection software
These are slides from local security chapters meetup, Here I tried to explain the challenges in appsec and complete framework for different life cycle of secure software development cycle
CompTIA Advanced Security Practitioner Study Guide:CAS-002 is the updated edition of the bestselling book covering the CASP certification exam.http://www.examcollectionvce.com/vce-CAS-002.html
4 approaches to integrate dev secops in development cycleEnov8
DevSecOps is an advanced extension of the DevOps technique in application engineering. In this model, developers/software engineers, operations teams and security teams collaborate and function closely throughout the software development lifecycle (SDLC) workflows and continuous integration / continuous deployment (CI/CD) pipelines.
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsSonatype
The combination of growing component usage, coupled with lack of security, requires us to urgently re-evaluate traditional application security approaches and identify practical next steps for closing these security gaps.
Threat simulation and modeling training shows you the different sorts of threat modeling procedures and encourages you to apply threat modeling as a propelled preventive type of security. TONEX as a pioneer in security industry for over 15 years is presently declaring the threat simulation and modeling training which encourages you to perceive procedures, apparatuses and contextual investigations of effective threat modeling method.
Threat Simulation and Modeling Training course covers a variety of topics in cybersecurity area such as:
Process for attack simulation and threat analysis (PASTA)
PASTA steps
Common attack patter enumeration and classification (CAPEC)
Threat modeling with SDLC and existing threat modeling approaches.
Moreover, you will be introduced to threat analysis, weakens
and vulnerability analysis, attack modeling and simulation,
and residual risk analysis and management.
Learn About:
PASTA, objectives of risk analysis, risk centric threat modeling, and weakness and vulnerability analysis basics.
Common attack pattern enumeration such as: HTTP response splitting, SQL injection, XSS strings, phishing, buffer overflow, authentication protocol attacks or even cache poisoning.
Threat analysis approaches and principles to give you the step by step straight forward methodology to conduct the threat modeling and analysis. Moreover, a detailed introduction of existing threat modeling approaches are included in the course. Examples of such approaches can be: CVSS, CERT, DREAD, and SDL threat modeling.
Who Can Benefit from Threat Simulation and Modeling Training ?
If you are an IT professional who specialize in computer security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of threat simulation and modeling training and will prepare yourself for your career.
Threat Simulation and Modeling Training Features :
Threat simulation and modeling training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle all the related computer threat challenges.
Our instructors at TONEX will help you to understand the step by step procedure for attack simulation and modeling such as enumerating the attack vector, assessing the probability of attacks, attack driven security tests or attack library update
Learn more about course audience, course objectives, course outline, workshop pricing, etc.
Threat Simulation and Modeling Training
https://www.tonex.com/training-courses/threat-simulation-and-modeling-training/
Devops security-An Insight into Secure-SDLCSuman Sourav
The integration of Security into DevOps is already happening out of necessity. DevOps is a powerful paradigm shift and companies often don’t understand how security fits. Aim of this session is to give an overview of DevOps security and How security can be integrated and automated into each phases of software development life-cycle.
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
Threat modeling is a valuable technique for identifying potential security issues in complex applications but many teams have been slow to adopt. This presentation looks at Threat Modeling from two perspectives – from that of a system builder trying to avoid introducing security defects into a new system and from that of a system tester trying to identify security issues in an existing system. The materials include discussion of where threat modeling is best done during the development lifecycle as well as the process of creating and refining a threat model.
Follow Dan Cornell on twitter - @danielcornell
Most application security efforts are misguided and ineffective. Why? Because while many security practitioners have a good understanding of how to find application vulnerabilities and exploit them, they often don't understand how software development teams work, especially in Agile/DevOps organizations. This leads to flawed programs. If we want to build secure applications, we have to meet development teams where they are by embedding security into their processes.
Importance of Azure infrastructure?-Microsoft Azure security infrastructureZabeel Institute
Microsoft Azure security infrastructure as a solution (IaaS) is an instant computer facility, provisioned and handled over the internet. A cloud computing company, such as Azure, manages the facilities, while you acquire, set up, set up as well as manage your very own software program– operating systems, middleware, and applications.
Understanding & Addressing OWASP’s Newest Top Ten Threat: Using Components wi...Sonatype
In 2013, the Open Web Application Security Project (OWASP) was updated to include “A9: using components with known vulnerabilities.” This paper explains this new threat with practical ideas for reducing risk from open source components which now comprise 80% of an average application.
AV-Comparatives’ 2017 business software reviewJermund Ottermo
The review looks at security products for business Windows endpoints, focusing the following:
- EDR features
- Management Console
- Windows client (desktop and server) protection software
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Perforce
Be sure to register for a demo, if you would like to see how Klocwork can help ensure that your code is secure, reliable, and compliant.
https://www.perforce.com/products/klocwork/live-demo
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
"Adapt what is useful, reject what is useless, and add what is specifically your own." -Bruce Lee
Full transcript is here, https://www.linkedin.com/pulse/warriors-journey-building-global-appsec-program-owasp-brian-levine
This talk covers critical foundations for building a scalable Application Security Program.
Drawing on warrior-tested strategies and assurance frameworks such as OWASP SAMM and BSIMM, this session gives actionable guidance on building and advancing a global application security program.
Whether you are starting a fledgling security journey or managing a mature SSDLC, these foundational elements are core for achieving continuous security at scale.
Brian Levine is Senior Director of Product Security for Axway, an enterprise software company, delivering product solutions and cloud services to global Fortune 500 enterprises and government customers.
If you were tasked with building a security program, imagine it's day 1 in your new role as an application security manager, which playbook would you use? There’s an Alphabet Soup of standards to choose from, you have ISO, SOC2, OWASP, NIST, BSIMM, PCI, CSA, and on and on.
Is there a script you could follow? And which set of frameworks would you use to get started in the right direction?
My talk today is going to draw on this quote and the wisdoms of the martial arts master and philosopher Bruce Lee. Adapt what is useful, reject what is useless, and add what is specifically your own. So, in that spirit I’m going to draw on my own experience with some of these frameworks and guidelines and cover the core foundational components that I feel have led to my success and I hope will help you get started.
What I’m hoping you’ll get out of this talk are some strategies and tactics that you can use to develop and improve your program.
[Slide 6] What we’re going to cover in these three core areas. We’ll focus on establishing a security Culture, we’ll look at developing and scaling security Processes and we’ll look at Governance for ensuring visibility and executive accountability
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxDev Software
DevSecOps is a practice that integrates security into every stage of the software development lifecycle. It helps software teams to deliver software that is efficient, secure, and reliable. DevSecOps also brings cultural transformation that makes security a shared responsibility for everyone who is building the software. By adopting DevSecOps, software teams can enjoy faster software delivery, improved security, better collaboration, and higher quality.
The development world has come to realize that the way we build applications opens the door to hackers.
We are starting to realize that it is the code itself that is enabling the attacks. It’s the responsibility of the
development team to build software that is inherently impervious to attack. Catching and dealing with
security defects earlier in the development lifecycle is much more economical than dealing with them once
the applications have been deployed.
Product Engineering teams have started to realize the importance of software security. This has resulted in the trend where teams are taking efforts to include it as part of their software development life cycle; as opposed to treating it as another item in their checklist prior to release. However, the real challenge is in trying to find the balance between agility and quality which is where many team find this an uphill task.
While there is no golden standard when it comes to implementing software security, product teams should focus on bringing about systematic and cultural practices within their teams. This should help them to bring about the required efficiency to enable software security as a market differentiator.
This slide-deck on Software Security Initiative focuses on translating a plan of action into sustainable activities as part of the secure software development life cycle that can be adopted by engineering teams. The slides will delve deep into aspects like identifying and designing security checkpoints in the SDLC alongside concepts such as Threat Modelling in Agile, AppSec Toolchain and Security Regressions.
This was presented as a we45 Webinar on April 12, 2018
In Agile’s fast-paced environment with frequent releases,
security reviews and testing can sound like an impediment to success. How can you keep up with Agile development's demands of continuous integration and deployment without
abandoning security best practices? These 10 steps will help you get the best of both worlds.
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle.
We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.
Why Implement DevSecOps with AWS? | The Enterprise WorldTEWMAGAZINE
Like traditional DevOps, the DevSecOps culture implies a close collaboration between development and IT operations teams to streamline software deployment.
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedPrateek Mishra
The DevSecOps concept is widely accepted yet its implementation at enterprise-scale presents challenges. This session will describe three challenges and software solutions that address them: 1) dozens of autonomous teams using varied tooling to build applications; 2) use of many different scanning tools and security information sources; and 3) Identity and context aware security guidance to development teams.
Whether you're a huge enterprise or a small start-up, you can't escape global digitalization. As digital technologies like machine-2-machine communication, device-2-device telematics, connected cars, and the Internet of Things become more integral in today’s world, more threats will appear as hackers use new ways to exploit weaknesses in your organization and products.
During SoftServe’s free security webinar, Nazar Tymoshyk will explore the reasons why recent victims of digital attacks couldn’t withstand a threat to their security and share how you can build secure and compliant software with the help of security experts. A real-life case study will demonstrate how SoftServe assessed and mitigated security threats for a top organization.
Streamlining Your Security with These Essential DevSecOps ToolsDev Software
Securing your applications is a top priority in today's world, but with software development teams under pressure to deliver new features and functionality at an ever-increasing pace, it can be challenging to ensure security is integrated into the entire development process. That's where DevSecOps comes in - it is a practice that combines development, security, and operations to streamline security throughout the software development lifecycle. DevSecOps Tools are essential for making this happen, and in this blog, we will explore some of the most important DevSecOps Tools that can help streamline your security efforts.
DevSecOps is a word that combines development, security, and operations. DevSecOps deals with software development, operations, security, and services. It emphasizes communication, collaboration, and integration between software developers, security teams, and information technology operations personnel.
In this session, you will learn how to integrate security techniques into the DevOps process.
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/mi8Zo9O6OUY
TechTalkThai Conference: Enterprise Cybersecurity 2021
October 5, 2021
DevOps Security: How to Secure Your Software Development and DeliveryDev Software
Software development and delivery is a complex and dynamic process that requires collaboration, automation, and quality. To meet the increasing demands of customers and businesses, software teams need to deliver software faster and more efficiently. But they also need to ensure that the software is secure and reliable.
DevOps security, also known as DevSecOps, is a practice that integrates security into every stage of the software development lifecycle, from planning to deployment and beyond. DevOps security aims to improve efficiency and reduce risk by making security a shared responsibility for developers, IT operators, and security specialists.
Link to Youtube video: https://youtu.be/-awH_CC4DLo
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Basic Introduction to DevSecOps concept
Why What and How for DevSecOps
Basic intro for Threat Modeling
Basic Intro for Security Champions
3 pillars of DevSecOps
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
How to integrate security in CI/CD pipeline
DevSecOps: Integrating Security Into Your SDLCDev Software
DevSecOps is a methodology that integrates security into your software development lifecycle (SDLC). It aims to help you build secure applications and services by integrating security practices into your daily workflow.
In this article, we'll cover some of the basics of DevSecOps, including why it's important and how it can help you build more secure applications.
Similar to Sas software-security-framework-107607 (20)
Fundamentos necessários para que os usuários iniciem o processo de cotação usando a plataforma Salesforce. Ele levará mais de uma hora para ser concluído e permitirá que os usuários comecem a executar o CPQ aprendendo métodos de precificação, modelo de dados de objeto do CPQ, configuração técnica de descontos, documentos de saída.
The Salesforce Automation Landscape
The Salesforce Automation Landscape
Declarative Tolls points and clicks admins
Coding tools Salesforce Gods
For Developers it is very important understand
the tools available and know when they should be applied.
Declarative tool set – Workflowrules, same object updates
Email notifications, limited applications.
Process Builder – Related object updates
Create a records, no unrelated objects
Bulk issues everywhere
Visual flow unrelated object updates variables and loops.
Same learning curve as code, but without the benefits.
A high-level overview of the key features and benefits of Workflow and Approval process automation in Enterprise Edition. Your sales force operates more efficiently with standardized internal procedures and automated business processes. Many of the tasks you normally assign, the emails you regularly send, and other record updates are part of an organization's standard processes. Instead of doing this work manually, you can configure workflow and approvals to do it automatically.
Begin by designing workflow rules and approval processes, and associating them with actions such as email alerts, tasks, field updates, or outbound messages.
Migrating
your
existing applications and IT assets to the Amazon Web Services
(AWS)
Cloud
presents
an opportunity to transform the way your organization
does
business.
It can help
you
lower costs, become more agile, develop new
skills
more quickly
, and deliver reliable, globally available services to your
customers.
Our goal is to help you to
implement
your cloud strategy
successfully.
BREEDING METHODS FOR DISEASE RESISTANCE.pptxRASHMI M G
Plant breeding for disease resistance is a strategy to reduce crop losses caused by disease. Plants have an innate immune system that allows them to recognize pathogens and provide resistance. However, breeding for long-lasting resistance often involves combining multiple resistance genes
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptxMAGOTI ERNEST
Although Artemia has been known to man for centuries, its use as a food for the culture of larval organisms apparently began only in the 1930s, when several investigators found that it made an excellent food for newly hatched fish larvae (Litvinenko et al., 2023). As aquaculture developed in the 1960s and ‘70s, the use of Artemia also became more widespread, due both to its convenience and to its nutritional value for larval organisms (Arenas-Pardo et al., 2024). The fact that Artemia dormant cysts can be stored for long periods in cans, and then used as an off-the-shelf food requiring only 24 h of incubation makes them the most convenient, least labor-intensive, live food available for aquaculture (Sorgeloos & Roubach, 2021). The nutritional value of Artemia, especially for marine organisms, is not constant, but varies both geographically and temporally. During the last decade, however, both the causes of Artemia nutritional variability and methods to improve poorquality Artemia have been identified (Loufi et al., 2024).
Brine shrimp (Artemia spp.) are used in marine aquaculture worldwide. Annually, more than 2,000 metric tons of dry cysts are used for cultivation of fish, crustacean, and shellfish larva. Brine shrimp are important to aquaculture because newly hatched brine shrimp nauplii (larvae) provide a food source for many fish fry (Mozanzadeh et al., 2021). Culture and harvesting of brine shrimp eggs represents another aspect of the aquaculture industry. Nauplii and metanauplii of Artemia, commonly known as brine shrimp, play a crucial role in aquaculture due to their nutritional value and suitability as live feed for many aquatic species, particularly in larval stages (Sorgeloos & Roubach, 2021).
This presentation explores a brief idea about the structural and functional attributes of nucleotides, the structure and function of genetic materials along with the impact of UV rays and pH upon them.
Professional air quality monitoring systems provide immediate, on-site data for analysis, compliance, and decision-making.
Monitor common gases, weather parameters, particulates.
Phenomics assisted breeding in crop improvementIshaGoswami9
As the population is increasing and will reach about 9 billion upto 2050. Also due to climate change, it is difficult to meet the food requirement of such a large population. Facing the challenges presented by resource shortages, climate
change, and increasing global population, crop yield and quality need to be improved in a sustainable way over the coming decades. Genetic improvement by breeding is the best way to increase crop productivity. With the rapid progression of functional
genomics, an increasing number of crop genomes have been sequenced and dozens of genes influencing key agronomic traits have been identified. However, current genome sequence information has not been adequately exploited for understanding
the complex characteristics of multiple gene, owing to a lack of crop phenotypic data. Efficient, automatic, and accurate technologies and platforms that can capture phenotypic data that can
be linked to genomics information for crop improvement at all growth stages have become as important as genotyping. Thus,
high-throughput phenotyping has become the major bottleneck restricting crop breeding. Plant phenomics has been defined as the high-throughput, accurate acquisition and analysis of multi-dimensional phenotypes
during crop growing stages at the organism level, including the cell, tissue, organ, individual plant, plot, and field levels. With the rapid development of novel sensors, imaging technology,
and analysis methods, numerous infrastructure platforms have been developed for phenotyping.
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Sérgio Sacani
Since volcanic activity was first discovered on Io from Voyager images in 1979, changes
on Io’s surface have been monitored from both spacecraft and ground-based telescopes.
Here, we present the highest spatial resolution images of Io ever obtained from a groundbased telescope. These images, acquired by the SHARK-VIS instrument on the Large
Binocular Telescope, show evidence of a major resurfacing event on Io’s trailing hemisphere. When compared to the most recent spacecraft images, the SHARK-VIS images
show that a plume deposit from a powerful eruption at Pillan Patera has covered part
of the long-lived Pele plume deposit. Although this type of resurfacing event may be common on Io, few have been detected due to the rarity of spacecraft visits and the previously low spatial resolution available from Earth-based telescopes. The SHARK-VIS instrument ushers in a new era of high resolution imaging of Io’s surface using adaptive
optics at visible wavelengths.
Toxic effects of heavy metals : Lead and Arsenicsanjana502982
Heavy metals are naturally occuring metallic chemical elements that have relatively high density, and are toxic at even low concentrations. All toxic metals are termed as heavy metals irrespective of their atomic mass and density, eg. arsenic, lead, mercury, cadmium, thallium, chromium, etc.
DERIVATION OF MODIFIED BERNOULLI EQUATION WITH VISCOUS EFFECTS AND TERMINAL V...Wasswaderrick3
In this book, we use conservation of energy techniques on a fluid element to derive the Modified Bernoulli equation of flow with viscous or friction effects. We derive the general equation of flow/ velocity and then from this we derive the Pouiselle flow equation, the transition flow equation and the turbulent flow equation. In the situations where there are no viscous effects , the equation reduces to the Bernoulli equation. From experimental results, we are able to include other terms in the Bernoulli equation. We also look at cases where pressure gradients exist. We use the Modified Bernoulli equation to derive equations of flow rate for pipes of different cross sectional areas connected together. We also extend our techniques of energy conservation to a sphere falling in a viscous medium under the effect of gravity. We demonstrate Stokes equation of terminal velocity and turbulent flow equation. We look at a way of calculating the time taken for a body to fall in a viscous medium. We also look at the general equation of terminal velocity.
ANAMOLOUS SECONDARY GROWTH IN DICOT ROOTS.pptxRASHMI M G
Abnormal or anomalous secondary growth in plants. It defines secondary growth as an increase in plant girth due to vascular cambium or cork cambium. Anomalous secondary growth does not follow the normal pattern of a single vascular cambium producing xylem internally and phloem externally.
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...University of Maribor
Slides from:
11th International Conference on Electrical, Electronics and Computer Engineering (IcETRAN), Niš, 3-6 June 2024
Track: Artificial Intelligence
https://www.etran.rs/2024/en/home-english/
2. Contents
The SAS® Software Security Framework ......................1
Education .................................................................................2
Secure Architecture and Design.........................................2
Secure Development Standards ........................................2
Security Testing and Validation............................................3
SAS Product Security Response and Remediation..........3
The SAS® Commitment to Security ..............................4
3. 1
Across an increasingly interconnected marketplace, the impact
of software security breaches on organizations and consumers
is driving more investment in security. Technology analysts
report software security as a top initiative that will get increasing
attention and investment.
At SAS, ensuring the quality and security of our products is
more than a goal. It’s a requirement that drives the way that
we develop and test technology. To create the most stable and
secure products possible, we develop, test and deliver tech-
nology using proven methodologies for secure software
development. We know that keeping data and software
secure is a fundamental expectation for our customers.
Organizations are establishing dialogues and building partner-
ships with their vendors to focus on security requirements. They
want to know how the software they purchase can meet those
demands. SAS welcomes that partnership with its customers,
especially since feedback from the field is critical to delivering
high-quality and secure software that exceeds customer expec-
tations and industry requirements.
This document provides an overview of the SAS Software
Security Framework. It explains the structures, processes and
procedures that SAS has in place to deliver secure software for
our global customer base.
The SAS® Software Security
Framework
The SAS Software Security Framework defines the SAS software
development process and provides principles for the develop-
ment, delivery and support processes used to build and
support SAS software. The framework includes a process for
continuous learning and awareness of global security activities
and standards – and incorporating them into SAS development
practices.
The components of the framework include:
• Education – At its core, the SAS Software Security Framework
is based on building a team trained to meet today’s security
challenges. SAS software engineers receive education on
current and emerging industry security threats, and they
leverage that information to design, develop and support
products that are built with security requirements in mind.
• Secure architecture and design – SAS implements a security
architecture that provides strong authentication, authoriza-
tion, availability, data integrity and confidentiality.
• Secure development standards – SAS developers work with
standards and guidelines that provide the foundation for
building secure software. These coding guidelines and
examples help SAS developers and the services staff
create and implement secure software.
• Security testing and validation – The SAS Software Security
Framework includes testing and validation processes that
provide checks for security throughout the development
process. SAS runs industry-standard security scanning
software during the development cycle. These scans are
designed to detect security vulnerabilities, and SAS follows
up to evaluate and address identified issues before
completing product development.
• Product security response and remediation – SAS recognizes
that some security issues or questions occur after products
are released. The SAS Software Security Framework includes
a method to provide clear updates about these issues. After
identifying a vulnerability, SAS will deliver workarounds and
fixes as appropriate – and announce those fixes publicly
through the appropriate customer communications
channels.
4. 2
SECURITYASSURA
NCE
SECURITY
PRODUCT SECURITY
RESPONSE AND
REMEDIATION
SECURE
ARCHITECTURE
& DESIGN
SECURE
DEVELOPMENT
STANDARDS
SECURITY
TESTING AND
VALIDATION
Figure 1: The SAS Software Security Framework uses broad-
based education to train the development staff on security
issues – and how to apply best practices throughout the
SAS software development life cycle.
Education
Education is the foundation for our efforts to identify and
resolve security issues. The SAS Software Security Framework
helps everyone responsible for creating, testing and imple-
menting SAS technology to share knowledge of the scope and
importance of security topics. The education element of the
framework takes a number of forms, including:
• Development, test and support organizations receive
training classes, refresher training, and peer mentoring for
security topics.
• SAS security teams provide guidelines and coding examples
associated with development standards.
• SAS internal IT teams collaborate with SAS development to
provide insight into the security challenges faced by IT, and
to guide choices based on proven practices and internal
consistency.
• SAS development and test engineers strive to implement
and validate a consistent set of protections and features
across SAS products. The education program allows these
teams to recognize and avoid potential vulnerabilities during
the software development life cycle. Additionally, the tech-
nical support staff receives training on how to identify and
handle security issues after software release so that issues are
resolved quickly and communicated to customers.
SecureArchitectureandDesign
Delivering secure software begins with a product design based
on standards and processes. SAS developers work with the
architecture team to conduct design reviews. Checkpoints
throughout the development process help SAS engineers prior-
itize secure design concepts in product development tasks.
Overseeing the architecture and design efforts is an internal,
specialized security architecture team that consults with devel-
opers during design and development phases. This design
phase provides a framework for planning new features that are
built on strong security architecture options. The architectural
design guides developers to maintain security for processes like
authentication, authorization, availability, integrity and confiden-
tiality. Security features implemented by many SAS products
may include role-based access control, single sign-on integra-
tion, audit logging, and encryption of data in transit and at rest.
SecureDevelopmentStandards
The SASTechnology Office monitors current and evolving security
trends and standards as input to the SAS Software Security
Framework. From this, the team creates specific coding guide-
linesandbestpracticeexamplestoguideSASsoftwaredevelopment.
SAS development standards employ industry standards.
The standards used by SAS development include the Open
Web Application Security Project (OWASP) list of the top 10
critical web security flaws and the CWE/SANS Top 25. These
lists provide awareness of common security vulnerabilities in
software as well as the methods to avoid them during develop-
ment and testing.
At SAS, security extends beyond the code being developed.
SAS developers work in a secure environment. In addition to
infrastructure security maintained by the SAS IT organization,
SAS source code is accessible only to those who have a legiti-
mate need for access. Once access is granted, password
policies are strictly enforced. For more information about
campus and code security, see the Quality Imperative, which
provides a guide to SAS’ commitment to product quality and
customer satisfaction.
5. 3
SecurityTestingandValidation
SAS performs a variety of security tests, including authentication
testing, authorization (access) testing and web application
vulnerability testing. SAS performs vulnerability testing before
delivering feature releases and maintenance releases. This
testing reinforces development standards to support secure
software throughout the process.
In addition to scanning web applications and the web applica-
tion server environment (using guidance from leading security
organizations), SAS employs a suite of tests specific to SAS tech-
nology. Depending on the type of software being tested, the
tests can include:
• Testing with users who have different security levels to make
sure that each has the appropriate access levels.
• Confirming data access permissions, based on row-level
permissions, to confirm that data authorization is applied
appropriately for each user.
• Validating password and encryption security for SAS and for
SAS Scalable Performance Data Server data sets.
• Testing SAS/ACCESS® engines for connectivity security (such
as user ID and password) during connection testing.
• Testing appropriate user authorization and error handling.
• Testing web applications via static-source scanning and
external security assessments, along with assessments using
guidance from OWASP and SANS Institute.
Test teams use third-party dynamic vulnerability scanning tools
to focus on classes of vulnerabilities that have been the root
cause of known security issues in web-based software. These
tools and test cases help developers focus on eliminating
security vulnerabilities such as the OWASP Top 10 and the
CWE/SANS Top 25. Issues found during a scan are entered into
a defect tracking system and evaluated for appropriate
response and remediation.
As part of the SAS Software Security Framework, our testing
processes, strategies and tools are kept up to date with current
security requirements. The testing and validation process for
SAS products combines both internally-developed and third-
party scanning and vulnerability tools. In addition, SAS continu-
ally expands the test suites for our software.
SAS recognizes that organizations use a variety of testing tools
to scan for vulnerabilities. When customer-driven assessments
raise potential security issues, customers should contact SAS
Technical Support for response and feedback.
Results of vulnerability tests and scans conducted by SAS are
company confidential. By policy, SAS does not share the tests or
the individual results. The SAS security bulletins page provides
updates about security issues, and security fixes for released
products are highlighted through the standard technical
support process for hot fixes. Customers can sign up for the
support newsletter to receive regular updates about hot fixes
and other important news from SAS. Visit the technical support
hot fixes site for more information.
SAS performs a variety of security tests, including authentication testing,
authorization (access) testing and web application vulnerability testing.
6. 4
SASProductSecurityResponse
andRemediation
SAS recognizes that some security issues emerge after products
are released. As a result, the SAS Software Security Framework
includes processes to assess vulnerabilities and provide clear
and timely updates about their status. Customers with questions
about security, including potential security vulnerabilities,
should use the SAS Technical Support process to start a
dialogue and get more information.
Once a security question surfaces, a multidivisional team helps
respond to questions and assess potential vulnerabilities. Like
most technology vendors, SAS has a Product Security Incident
Response Team (PSIRT) process that investigates security vulner-
ability incidents and mobilizes resources to address identified
incidents. Incidents are prioritized based on the potential
severity of the vulnerability. SAS leverages the Common
Vulnerability Scoring System (CVSS) during the vulnerability
assessment.
After the initial investigation, SAS provides updates to our
customers through SAS Technical Support. Depending on
the severity of the security situation, SAS may communicate
responses via one or more channels, such as software release
notes, bulletins, support forum updates or direct customer
outreach emails. Some resolutions may require configuration
changes or deployment of software fixes. Ultimately, the resolu-
tion of a reported incident may require customers to upgrade
to a more current version of SAS software.
Throughout the assessment and remediation processes for
reported vulnerabilities, SAS is committed to clear and consis-
tent communication with affected customers. The SAS Technical
Support team provides one-on-one support around the world,
including support for security incidents. In addition, SAS
publishes updates and summaries of known problems on
the SAS security bulletins page.
The SAS® Commitment
to Security
Maintaining software security requires diligence and commitment.
The SAS Software Security Framework applies industry-standard
best practices for secure development life cycles to all organiza-
tions that perform SAS product engineering and maintenance
processes. This helps SAS deliver and maintain products
designed to meet the business needs and security require-
ments of our customers.