security services and appscan. why develop secure applications 1.prevent vulnerabilities. [account...
TRANSCRIPT
Security Servicesand AppScan
Why Develop Secure Applications
1.Prevent Vulnerabilities.[account and data theft]
2.Prevent Breaches.[$200/record notifications]
3.Prevent Regulatory Violations[FERPA, 201 CMR 17]
Why YOU Develop Secure Applications
1.Reduces future maintenanceand “fire-fighting” emergencies.
2.Easier to figure out while “in your head”3.Patching production sucks.4.Security is fun and cool (right?)5.Jumbo in the room:
reputation and prestige
How to Develop Secure Applications
1. Conduct Security Assessments Throughout Development–Automated Code Review (doesn’t even have to compile)–Automated Black Box Scans–Manual Risk Assessments
2. Talk to Information Security–We pretend to be nice if you talk to use before launch!
3. Learn about security relevant to your areas of expertise.–OWASP–Stack Exchange
Key Points to Discuss while Demo Fails
•Badnessometer•Why automatedscanning is thebare minimum•Canned Tests - Known Good vs Test Result
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScanDemo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
AppScan Demo
Options:• Throttle Test Speed• Enable Flash / JavaScript• Record Custom Logic• Define Custom Error Pages (!!!)