Решение КРОК для управления эффективностью розничной сетиКРОК
Бизнес-аналитика из облака КРОК позволяет заказчикам прогнозировать риски и колебания спроса, сокращать затраты, повышать общую эффективность бизнес-процессов и выстраивать цепочки поставок таким образом, чтобы на складах не создавался затор из товаров.
Подробней на http://www.croc.ru/promo/bi/
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
Published on Nov 26, 2013
AppSec at DevOps Speed and Portfolio Scale - Jeff Williams
Watch this talk on YouTube: https://www.youtube.com/watch?v=cIvOth0fxmI
Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, and methodologies like Agile and Devops.
Unfortunately, software assurance hasn't kept up with the times. For the most part, our security techniques were built to work with the way software was built in 2002. Here are some of the technologies and practices that today's best software assurance techniques *can't*handle: JavaScript, Ajax, inversion of control, aspect-oriented programming, frameworks, libraries, SOAP, REST, web services, XML, JSON, raw sockets, HTML5, Agile, DevOps, WebSocket, Cloud, and more. All of these rest pretty much at the core of modern software development.
Although we're making progress in application security, the gains are much slower than the stunning advances in software development. After 10 years of getting further behind every day, software *assurance* is now largely incompatible with modern software *development*. It's not just security tools -- application security processes are largely incompatible as well. And the result is that security has very little influence on the software trajectory at all.
Unless the application security community figures out how to be a relevant part of software development, we will continue to lag behind and effect minimal change. In this talk, I will explore a radically different approach based on instrumenting an entire IT organization with passive sensors to collect realtime data that can be used to identify vulnerabilities, enhance security architecture, and (most importantly) enable application security to generate value. The goal is unprecedented real-time visibility into application security across an organization's entire application portfolio, allowing all the stakeholders in security to collaborate and finally become proactive.
Speaker
Jeff Williams
CEO, Aspect Security
Jeff is a founder and CEO of Aspect Security and recently launched Contrast Security, a new approach to application security analysis. Jeff was an OWASP Founder and served as Global Chairman from 2004 to 2012, contributing many projects including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and more. Jeff is passionate about making it possible for anyone to do their own continuous application security in real time.
Приведенные авторские избранные анаграммы-ребусы по информатике могут служить основой для создания аналогичных авторских анаграмм- ребусов и проверки решений с помощью программы «Калькулятор ребусов», а также для развития вербальной, математической и технологической компетентности, в том числе с помощью «Энциклопедии вербальной информатики», размещенных в Интернет.
Для педагогов и пользователей, решающих практические задачи по развитию компетенции в сфере информатики и в смежных областях.
Решение КРОК для управления эффективностью розничной сетиКРОК
Бизнес-аналитика из облака КРОК позволяет заказчикам прогнозировать риски и колебания спроса, сокращать затраты, повышать общую эффективность бизнес-процессов и выстраивать цепочки поставок таким образом, чтобы на складах не создавался затор из товаров.
Подробней на http://www.croc.ru/promo/bi/
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
Published on Nov 26, 2013
AppSec at DevOps Speed and Portfolio Scale - Jeff Williams
Watch this talk on YouTube: https://www.youtube.com/watch?v=cIvOth0fxmI
Software development is moving much faster than application security with new platforms, languages, frameworks, paradigms, and methodologies like Agile and Devops.
Unfortunately, software assurance hasn't kept up with the times. For the most part, our security techniques were built to work with the way software was built in 2002. Here are some of the technologies and practices that today's best software assurance techniques *can't*handle: JavaScript, Ajax, inversion of control, aspect-oriented programming, frameworks, libraries, SOAP, REST, web services, XML, JSON, raw sockets, HTML5, Agile, DevOps, WebSocket, Cloud, and more. All of these rest pretty much at the core of modern software development.
Although we're making progress in application security, the gains are much slower than the stunning advances in software development. After 10 years of getting further behind every day, software *assurance* is now largely incompatible with modern software *development*. It's not just security tools -- application security processes are largely incompatible as well. And the result is that security has very little influence on the software trajectory at all.
Unless the application security community figures out how to be a relevant part of software development, we will continue to lag behind and effect minimal change. In this talk, I will explore a radically different approach based on instrumenting an entire IT organization with passive sensors to collect realtime data that can be used to identify vulnerabilities, enhance security architecture, and (most importantly) enable application security to generate value. The goal is unprecedented real-time visibility into application security across an organization's entire application portfolio, allowing all the stakeholders in security to collaborate and finally become proactive.
Speaker
Jeff Williams
CEO, Aspect Security
Jeff is a founder and CEO of Aspect Security and recently launched Contrast Security, a new approach to application security analysis. Jeff was an OWASP Founder and served as Global Chairman from 2004 to 2012, contributing many projects including the OWASP Top Ten, WebGoat, ESAPI, ASVS, and more. Jeff is passionate about making it possible for anyone to do their own continuous application security in real time.
Приведенные авторские избранные анаграммы-ребусы по информатике могут служить основой для создания аналогичных авторских анаграмм- ребусов и проверки решений с помощью программы «Калькулятор ребусов», а также для развития вербальной, математической и технологической компетентности, в том числе с помощью «Энциклопедии вербальной информатики», размещенных в Интернет.
Для педагогов и пользователей, решающих практические задачи по развитию компетенции в сфере информатики и в смежных областях.