SlideShare uma empresa Scribd logo

Security Services and Approach by Nazar Tymoshyk

Transferir como PPTX, PDF
SoftServe
SoftServe

Agile and Secure Development

Software
1 de 37
Security Services and Approach • Nazar Tymoshyk, SoftServe
Typical problem on project
Typical Security Report delivered by Security Testing Team
Typical Security Report delivered by AUDITOR
How security process looks in reality Than start process of re-Coding, re-Building, re-Testing, re-Auditing 3rd party or internal audit Tone of security defects BACK to re-Coding, re-Building, re-Testing, re-Auditing TIME to FIX
How much time you need to fix security issues in app?
How it should look like With proper Security Program number of security defects should decrease from phase to phase Automated security Tests CI integrated Manual Security/penetration Testing OWASP methodology Secure Coding trainings Regular Vulnerability Scans
Minimize the costs of the Security related issues Avoid repetitive security issues Avoid inconsistent level of the security Determine activities that pay back faster during current state of the project Primary Benefits
Simple ROI of Product security
Ok, we will bay Security Tool and scan our code…
Top AST Tools 2013 Which one likes you? Average Price near $100K
Why code analysis do not resolve all problems? Many of the CWE vulnerability types, are design issues, or business logic issues. Application security testing tools are being sold as a solution to the problem of insecure software.
55%45% Ability of Security Tools to identify real vulnerability Not Covered Claimed Coverage 13 Tools – At Best 12%  MITRE found that all application security tool vendors’ claims put together cover only 45% of the known vulnerability types (695)  They found very little overlap between tools, so to get 45% you need them all (assuming their claims are true)  Based on this new data from the CSA at the NSA, SAST has 12% vulnerability coverage MITRE's study
Security Tooling – No Silver Bullet Design Flaws Security Bugs 1. Occur during the architecture phase 2. High level 3. More expensive to remediate – requires architectural changes 4. Requires human analysis to uncover 5. Logical defects 6. Rights separation 7. Complex attack vectors 8. Defects in architecture and design 9. Real Cryptography level 1. Occur curing the code phase 2. Code level - Looking for known, defined and predictable patterns 3. Cheaper to remediate – requires code changes 4. Can be identified using automated tools Can be resolved by: SoftServe Expert Can be resolved by: Security Tool (Veracode, IBM Appscan,, HP Fortify SCA Both security tooling and security assessments are required to address both types of vulnerabilities
QA Engineer Security Analyst In functional and performance testing, the expected results are documented before the test begins, and the quality assurance team looks at how well the expected results match the actual results In security testing, security analysts team is concerned only with unexpected results and testing for the unknown and looking for weaknesses. VS.
Manual Pen testing Manual penetration testing adds the benefit of specialized human expertise to our automated static and dynamic analysis — and it uses the same methodology cyber- criminals use to exploit application weaknesses such as business logic vulnerabilities. Manual Penetration Testing involves one or more security experts performing tests and simulating “in the wild” attacks. The goal of such testing is to determine the potential for an attacker to successfully access and perform a variety of malicious activities by exploiting vulnerabilities, either previously known or unknown, in the software. The results of this review will help strengthen the established security controls, standards, and procedures to prevent unauthorized access to the organizational systems, applications, and critical resources. As a result of SoftServe tests, the SoftServe will prepare detailed work papers documenting the tests performed, a report of SoftServe findings including recommendations for additional security controls as required. SoftServe MPT is designed to compliment and extend an automated assessment
What we propose
Agile Secure Development Lifecycle •Every-Sprint practices: Essential security practices that should be performed in every release. •Bucket practices: Important security practices that must be completed on a regular basis but can be spread across multiple sprints during the project lifetime. •One-Time practices: Foundational security practices that must be established once at the start of every new Agile project.
Microsoft SDL
Integrated Security process Build • Build code with special debug options Deploy • Pack build and code • Deploy app to VM for test Test Security • Run code test • Run Test dynamic web application from VM with security tools Analyze • Collect and format results • Verify results • Filter false positive / negative • Tune scanning engine • Fix defects
High level vision Dynamic Security testingStatic Code Analysis CI tools Deploying application Security Reports Pull source code
Real project view Dynamic Security testing CI tools Deploying application Security Reports Pull source code
We have best tools… IBM AppScan license Burp Suite license HP Fortify certification Partnership with Veracode Available SaaS
Identity & Security …and Best Engineers Ph.D in Security
SoftServe Expertise by Vendors Mobile Security Data Security Cloud Security Enterprise Security
SoftServe offer • Certified security experts to control security on project • SoftServe utilize different set of tools to ensure coverage (IBM, Veracode, PortSwinger, OpenVAS) • Regulars scans that could be integrated to CI • Education and Case study based on defect severity for Dev and QA stuff • Following Secure SDLC practices • And many more
Annual development expense cost savings Application Development Cost Savings Vulnerability Remediation Cost Savings Compliance & Pen Testing Cost Savings Application Outsourcing Pay for Performance  Streamline & minimize remediation costs for application development by identifying /fixing vulnerabilities at their origin  Lower costs associated with compliance testing fees and penetration testing  Decrease 3rd party development fees by incenting software security performance
The Benefit of SoftServe Internal Testing vs. 3rd Party SoftServe Internal Testing 3rd Party Scan 1. Finds issues large and small 2. Reports and resolves issues directly to development 3. Objective 4. Credentialed 5. Industry standard toolset 1. Finds issues large and small 2. Reports issues to managers 3. Objective 4. Credentialed 5. Industry standard toolset 6. Can be scheduled any time 7. Keeps up with the 2 week development cycle 8. Regular QA and Dev Team trainings
The Benefit of SoftServe Security Testing vs. 3rd Party Benefit/Feature Description Easy to start • Low initial cost • Leverage internal resources to defray additional expense • Maximizes assistance • Maximizes internal resources and ongoing efforts Provide more actionable information • Focus on what really matters • Validate your own internal processes and test procedures Improve security knowledge • Security expertise within the solution • Can assist in keeping test plans up to date • Assist in validation of fixed items • Stay on top of testing regression issues and new features Increase technology coverage • Assurance in testing the latest technologies for the latest vulnerabilities • Increasing the speed and efficiency of building security into a development lifecycle
Value 20-40% time for testing/re-testing decrease Catch problems as soon as possible Avoid repetitive security issues Improve Security Expertise/Practices for current Team Automation, Integration, Continuously Proactive Security Reporting Full coverage
How our security results might look like
False positive regression testing
After build succeed we pack app to transfer it to Security testing tool We are able to detect line of bugged code
How your security results may look like
How your security results may look like AppScan Source
How your security results may looks like
Thank you USA TELEPHONE Toll-Free: 866.687.3588 Office: 239.690.3111 EMAIL info@softserveinc.com WEBSITE: www.softserveinc.com EUROPE OFFICES United Kingdom Germany Netherlands Ukraine Bulgaria US OFFICES Austin, TX Fort Myers, FL Boston, MA Newport Beach, CA Salt Lake City, UT

Recomendados

Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 

Recomendados

Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure DevelopmentNazar Tymoshyk, CEH, Ph.D.
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Mathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftMathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftAshley Zupkus
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and TipsSoftServe
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
The security sdlc
The security sdlcThe security sdlc
The security sdlcMohamed Siraj
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 

Mais conteúdo relacionado

Mais procurados

What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Mathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftMathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftAshley Zupkus
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and TipsSoftServe
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 

Mais procurados (20)

Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlc
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Mathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoftMathematically Guaranteeing Code Correctness with TrustInSoft
Mathematically Guaranteeing Code Correctness with TrustInSoft
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and Tips
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLC
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development Lifecycle
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Perforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and MovePerforce on Tour 2015 - Grab Testing By the Horns and Move
Perforce on Tour 2015 - Grab Testing By the Horns and Move
 
The security sdlc
The security sdlcThe security sdlc
The security sdlc
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav Breslavskyi
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 

Semelhante a Security Services and Approach by Nazar Tymoshyk

Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Mykhailo Antonishyn
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.pptgealehegn
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsCheckmarx
 
Lecture 08 (SQE, Testing, PM, RM, ME).pptx
Lecture 08 (SQE, Testing, PM, RM, ME).pptxLecture 08 (SQE, Testing, PM, RM, ME).pptx
Lecture 08 (SQE, Testing, PM, RM, ME).pptxSirRafiLectures
 
Welingkar_final project_ppt_IMPORTANCE & NEED FOR TESTING
Welingkar_final project_ppt_IMPORTANCE & NEED FOR TESTINGWelingkar_final project_ppt_IMPORTANCE & NEED FOR TESTING
Welingkar_final project_ppt_IMPORTANCE & NEED FOR TESTINGSachin Pathania
 
Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineeringMark Turner CRP
 
Software security testing
Software security testingSoftware security testing
Software security testingnehabsairam
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile worldStefan Streichsbier
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCSuman Sourav
 
How automation can help boost security
How automation can help boost securityHow automation can help boost security
How automation can help boost securityTestingXperts
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewAshish Patel
 
Object Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slidesObject Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slidesPunjab University
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 

Semelhante a Security Services and Approach by Nazar Tymoshyk (20)

Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile Development
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOps
 
Lecture 08 (SQE, Testing, PM, RM, ME).pptx
Lecture 08 (SQE, Testing, PM, RM, ME).pptxLecture 08 (SQE, Testing, PM, RM, ME).pptx
Lecture 08 (SQE, Testing, PM, RM, ME).pptx
 
Welingkar_final project_ppt_IMPORTANCE & NEED FOR TESTING
Welingkar_final project_ppt_IMPORTANCE & NEED FOR TESTINGWelingkar_final project_ppt_IMPORTANCE & NEED FOR TESTING
Welingkar_final project_ppt_IMPORTANCE & NEED FOR TESTING
 
Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineering
 
Quality Assurance and Testing services
Quality Assurance and Testing servicesQuality Assurance and Testing services
Quality Assurance and Testing services
 
Software security testing
Software security testingSoftware security testing
Software security testing
 
Null application security in an agile world
Null application security in an agile worldNull application security in an agile world
Null application security in an agile world
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
Qa analyst training
Qa analyst training Qa analyst training
Qa analyst training
 
Devops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLCDevops security-An Insight into Secure-SDLC
Devops security-An Insight into Secure-SDLC
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
How automation can help boost security
How automation can help boost securityHow automation can help boost security
How automation can help boost security
 
IBM Rational AppScan Product Overview
IBM Rational AppScan Product OverviewIBM Rational AppScan Product Overview
IBM Rational AppScan Product Overview
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
 
Object Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slidesObject Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slides
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 

Mais de SoftServe

Approaching Quality in Digital Era
Approaching Quality in Digital EraApproaching Quality in Digital Era
Approaching Quality in Digital EraSoftServe
 
Android Mobile Application Testing: Human Interface Guideline, Tools
Android Mobile Application Testing: Human Interface Guideline, ToolsAndroid Mobile Application Testing: Human Interface Guideline, Tools
Android Mobile Application Testing: Human Interface Guideline, ToolsSoftServe
 
Android Mobile Application Testing: Specific Functional, Performance, Device ...
Android Mobile Application Testing: Specific Functional, Performance, Device ...Android Mobile Application Testing: Specific Functional, Performance, Device ...
Android Mobile Application Testing: Specific Functional, Performance, Device ...SoftServe
 
How to Reduce Time to Market Using Microsoft DevOps Solutions
How to Reduce Time to Market Using Microsoft DevOps SolutionsHow to Reduce Time to Market Using Microsoft DevOps Solutions
How to Reduce Time to Market Using Microsoft DevOps SolutionsSoftServe
 
Containerization: The DevOps Revolution
Containerization: The DevOps Revolution Containerization: The DevOps Revolution
Containerization: The DevOps Revolution SoftServe
 
Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist SoftServe
 
Rapid Prototyping for Big Data with AWS
Rapid Prototyping for Big Data with AWS Rapid Prototyping for Big Data with AWS
Rapid Prototyping for Big Data with AWS SoftServe
 
Implementing Test Automation: What a Manager Should Know
Implementing Test Automation: What a Manager Should KnowImplementing Test Automation: What a Manager Should Know
Implementing Test Automation: What a Manager Should KnowSoftServe
 
Using AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondUsing AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondSoftServe
 
Advanced Analytics and Data Science Expertise
Advanced Analytics and Data Science ExpertiseAdvanced Analytics and Data Science Expertise
Advanced Analytics and Data Science ExpertiseSoftServe
 
Agile Big Data Analytics Development: An Architecture-Centric Approach
Agile Big Data Analytics Development: An Architecture-Centric ApproachAgile Big Data Analytics Development: An Architecture-Centric Approach
Agile Big Data Analytics Development: An Architecture-Centric ApproachSoftServe
 
Big Data as a Service: A Neo-Metropolis Model Approach for Innovation
Big Data as a Service: A Neo-Metropolis Model Approach for InnovationBig Data as a Service: A Neo-Metropolis Model Approach for Innovation
Big Data as a Service: A Neo-Metropolis Model Approach for InnovationSoftServe
 
Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...
Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...
Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...SoftServe
 
Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...
Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...
Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...SoftServe
 
Managing Requirements with Word and TFS by Max Markov
Managing Requirements with Word and TFS by Max MarkovManaging Requirements with Word and TFS by Max Markov
Managing Requirements with Word and TFS by Max MarkovSoftServe
 
How to Implement Hybrid Cloud Solutions Successfully
How to Implement Hybrid Cloud Solutions SuccessfullyHow to Implement Hybrid Cloud Solutions Successfully
How to Implement Hybrid Cloud Solutions SuccessfullySoftServe
 
Designing Big Data Systems Like a Pro
Designing Big Data Systems Like a ProDesigning Big Data Systems Like a Pro
Designing Big Data Systems Like a ProSoftServe
 
Product Management in Outsourcing by Roman Kolodchak and Roman Pavlyuk
Product Management in Outsourcing by Roman Kolodchak and Roman PavlyukProduct Management in Outsourcing by Roman Kolodchak and Roman Pavlyuk
Product Management in Outsourcing by Roman Kolodchak and Roman PavlyukSoftServe
 
From Sandbox to Production by Vadym Fedorov
From Sandbox to Production by Vadym FedorovFrom Sandbox to Production by Vadym Fedorov
From Sandbox to Production by Vadym FedorovSoftServe
 
Why Ukraine? by Brian Borack, COO
Why Ukraine? by Brian Borack, COOWhy Ukraine? by Brian Borack, COO
Why Ukraine? by Brian Borack, COOSoftServe
 

Mais de SoftServe (20)

Approaching Quality in Digital Era
Approaching Quality in Digital EraApproaching Quality in Digital Era
Approaching Quality in Digital Era
 
Android Mobile Application Testing: Human Interface Guideline, Tools
Android Mobile Application Testing: Human Interface Guideline, ToolsAndroid Mobile Application Testing: Human Interface Guideline, Tools
Android Mobile Application Testing: Human Interface Guideline, Tools
 
Android Mobile Application Testing: Specific Functional, Performance, Device ...
Android Mobile Application Testing: Specific Functional, Performance, Device ...Android Mobile Application Testing: Specific Functional, Performance, Device ...
Android Mobile Application Testing: Specific Functional, Performance, Device ...
 
How to Reduce Time to Market Using Microsoft DevOps Solutions
How to Reduce Time to Market Using Microsoft DevOps SolutionsHow to Reduce Time to Market Using Microsoft DevOps Solutions
How to Reduce Time to Market Using Microsoft DevOps Solutions
 
Containerization: The DevOps Revolution
Containerization: The DevOps Revolution Containerization: The DevOps Revolution
Containerization: The DevOps Revolution
 
Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist Essential Data Engineering for Data Scientist
Essential Data Engineering for Data Scientist
 
Rapid Prototyping for Big Data with AWS
Rapid Prototyping for Big Data with AWS Rapid Prototyping for Big Data with AWS
Rapid Prototyping for Big Data with AWS
 
Implementing Test Automation: What a Manager Should Know
Implementing Test Automation: What a Manager Should KnowImplementing Test Automation: What a Manager Should Know
Implementing Test Automation: What a Manager Should Know
 
Using AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and BeyondUsing AWS Lambda for Infrastructure Automation and Beyond
Using AWS Lambda for Infrastructure Automation and Beyond
 
Advanced Analytics and Data Science Expertise
Advanced Analytics and Data Science ExpertiseAdvanced Analytics and Data Science Expertise
Advanced Analytics and Data Science Expertise
 
Agile Big Data Analytics Development: An Architecture-Centric Approach
Agile Big Data Analytics Development: An Architecture-Centric ApproachAgile Big Data Analytics Development: An Architecture-Centric Approach
Agile Big Data Analytics Development: An Architecture-Centric Approach
 
Big Data as a Service: A Neo-Metropolis Model Approach for Innovation
Big Data as a Service: A Neo-Metropolis Model Approach for InnovationBig Data as a Service: A Neo-Metropolis Model Approach for Innovation
Big Data as a Service: A Neo-Metropolis Model Approach for Innovation
 
Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...
Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...
Personalized Medicine in a Contemporary World by Eugene Borukhovich, SVP Heal...
 
Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...
Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...
Health 2.0 WinterTech: Will Artificial Intelligence change healthcare? by Eug...
 
Managing Requirements with Word and TFS by Max Markov
Managing Requirements with Word and TFS by Max MarkovManaging Requirements with Word and TFS by Max Markov
Managing Requirements with Word and TFS by Max Markov
 
How to Implement Hybrid Cloud Solutions Successfully
How to Implement Hybrid Cloud Solutions SuccessfullyHow to Implement Hybrid Cloud Solutions Successfully
How to Implement Hybrid Cloud Solutions Successfully
 
Designing Big Data Systems Like a Pro
Designing Big Data Systems Like a ProDesigning Big Data Systems Like a Pro
Designing Big Data Systems Like a Pro
 
Product Management in Outsourcing by Roman Kolodchak and Roman Pavlyuk
Product Management in Outsourcing by Roman Kolodchak and Roman PavlyukProduct Management in Outsourcing by Roman Kolodchak and Roman Pavlyuk
Product Management in Outsourcing by Roman Kolodchak and Roman Pavlyuk
 
From Sandbox to Production by Vadym Fedorov
From Sandbox to Production by Vadym FedorovFrom Sandbox to Production by Vadym Fedorov
From Sandbox to Production by Vadym Fedorov
 
Why Ukraine? by Brian Borack, COO
Why Ukraine? by Brian Borack, COOWhy Ukraine? by Brian Borack, COO
Why Ukraine? by Brian Borack, COO
 

Último

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 

Último (20)

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 

Security Services and Approach by Nazar Tymoshyk

  • 1. Security Services and Approach • Nazar Tymoshyk, SoftServe
  • 3. Typical Security Report delivered by Security Testing Team
  • 5. How security process looks in reality Than start process of re-Coding, re-Building, re-Testing, re-Auditing 3rd party or internal audit Tone of security defects BACK to re-Coding, re-Building, re-Testing, re-Auditing TIME to FIX
  • 6. How much time you need to fix security issues in app?
  • 7. How it should look like With proper Security Program number of security defects should decrease from phase to phase Automated security Tests CI integrated Manual Security/penetration Testing OWASP methodology Secure Coding trainings Regular Vulnerability Scans
  • 8. Minimize the costs of the Security related issues Avoid repetitive security issues Avoid inconsistent level of the security Determine activities that pay back faster during current state of the project Primary Benefits
  • 9. Simple ROI of Product security
  • 10. Ok, we will bay Security Tool and scan our code…
  • 11. Top AST Tools 2013 Which one likes you? Average Price near $100K
  • 12. Why code analysis do not resolve all problems? Many of the CWE vulnerability types, are design issues, or business logic issues. Application security testing tools are being sold as a solution to the problem of insecure software.
  • 13. 55%45% Ability of Security Tools to identify real vulnerability Not Covered Claimed Coverage 13 Tools – At Best 12%  MITRE found that all application security tool vendors’ claims put together cover only 45% of the known vulnerability types (695)  They found very little overlap between tools, so to get 45% you need them all (assuming their claims are true)  Based on this new data from the CSA at the NSA, SAST has 12% vulnerability coverage MITRE's study
  • 14. Security Tooling – No Silver Bullet Design Flaws Security Bugs 1. Occur during the architecture phase 2. High level 3. More expensive to remediate – requires architectural changes 4. Requires human analysis to uncover 5. Logical defects 6. Rights separation 7. Complex attack vectors 8. Defects in architecture and design 9. Real Cryptography level 1. Occur curing the code phase 2. Code level - Looking for known, defined and predictable patterns 3. Cheaper to remediate – requires code changes 4. Can be identified using automated tools Can be resolved by: SoftServe Expert Can be resolved by: Security Tool (Veracode, IBM Appscan,, HP Fortify SCA Both security tooling and security assessments are required to address both types of vulnerabilities
  • 15. QA Engineer Security Analyst In functional and performance testing, the expected results are documented before the test begins, and the quality assurance team looks at how well the expected results match the actual results In security testing, security analysts team is concerned only with unexpected results and testing for the unknown and looking for weaknesses. VS.
  • 16. Manual Pen testing Manual penetration testing adds the benefit of specialized human expertise to our automated static and dynamic analysis — and it uses the same methodology cyber- criminals use to exploit application weaknesses such as business logic vulnerabilities. Manual Penetration Testing involves one or more security experts performing tests and simulating “in the wild” attacks. The goal of such testing is to determine the potential for an attacker to successfully access and perform a variety of malicious activities by exploiting vulnerabilities, either previously known or unknown, in the software. The results of this review will help strengthen the established security controls, standards, and procedures to prevent unauthorized access to the organizational systems, applications, and critical resources. As a result of SoftServe tests, the SoftServe will prepare detailed work papers documenting the tests performed, a report of SoftServe findings including recommendations for additional security controls as required. SoftServe MPT is designed to compliment and extend an automated assessment
  • 18. Agile Secure Development Lifecycle •Every-Sprint practices: Essential security practices that should be performed in every release. •Bucket practices: Important security practices that must be completed on a regular basis but can be spread across multiple sprints during the project lifetime. •One-Time practices: Foundational security practices that must be established once at the start of every new Agile project.
  • 20. Integrated Security process Build • Build code with special debug options Deploy • Pack build and code • Deploy app to VM for test Test Security • Run code test • Run Test dynamic web application from VM with security tools Analyze • Collect and format results • Verify results • Filter false positive / negative • Tune scanning engine • Fix defects
  • 21. High level vision Dynamic Security testingStatic Code Analysis CI tools Deploying application Security Reports Pull source code
  • 22. Real project view Dynamic Security testing CI tools Deploying application Security Reports Pull source code
  • 23. We have best tools… IBM AppScan license Burp Suite license HP Fortify certification Partnership with Veracode Available SaaS
  • 24. Identity & Security …and Best Engineers Ph.D in Security
  • 25. SoftServe Expertise by Vendors Mobile Security Data Security Cloud Security Enterprise Security
  • 26. SoftServe offer • Certified security experts to control security on project • SoftServe utilize different set of tools to ensure coverage (IBM, Veracode, PortSwinger, OpenVAS) • Regulars scans that could be integrated to CI • Education and Case study based on defect severity for Dev and QA stuff • Following Secure SDLC practices • And many more
  • 27. Annual development expense cost savings Application Development Cost Savings Vulnerability Remediation Cost Savings Compliance & Pen Testing Cost Savings Application Outsourcing Pay for Performance  Streamline & minimize remediation costs for application development by identifying /fixing vulnerabilities at their origin  Lower costs associated with compliance testing fees and penetration testing  Decrease 3rd party development fees by incenting software security performance
  • 28. The Benefit of SoftServe Internal Testing vs. 3rd Party SoftServe Internal Testing 3rd Party Scan 1. Finds issues large and small 2. Reports and resolves issues directly to development 3. Objective 4. Credentialed 5. Industry standard toolset 1. Finds issues large and small 2. Reports issues to managers 3. Objective 4. Credentialed 5. Industry standard toolset 6. Can be scheduled any time 7. Keeps up with the 2 week development cycle 8. Regular QA and Dev Team trainings
  • 29. The Benefit of SoftServe Security Testing vs. 3rd Party Benefit/Feature Description Easy to start • Low initial cost • Leverage internal resources to defray additional expense • Maximizes assistance • Maximizes internal resources and ongoing efforts Provide more actionable information • Focus on what really matters • Validate your own internal processes and test procedures Improve security knowledge • Security expertise within the solution • Can assist in keeping test plans up to date • Assist in validation of fixed items • Stay on top of testing regression issues and new features Increase technology coverage • Assurance in testing the latest technologies for the latest vulnerabilities • Increasing the speed and efficiency of building security into a development lifecycle
  • 30. Value 20-40% time for testing/re-testing decrease Catch problems as soon as possible Avoid repetitive security issues Improve Security Expertise/Practices for current Team Automation, Integration, Continuously Proactive Security Reporting Full coverage
  • 31. How our security results might look like
  • 33. After build succeed we pack app to transfer it to Security testing tool We are able to detect line of bugged code
  • 34. How your security results may look like
  • 35. How your security results may look like AppScan Source
  • 36. How your security results may looks like
  • 37. Thank you USA TELEPHONE Toll-Free: 866.687.3588 Office: 239.690.3111 EMAIL info@softserveinc.com WEBSITE: www.softserveinc.com EUROPE OFFICES United Kingdom Germany Netherlands Ukraine Bulgaria US OFFICES Austin, TX Fort Myers, FL Boston, MA Newport Beach, CA Salt Lake City, UT

Notas do Editor

  1. Note: Clearly a level 1 review can’t do any more than what the tools can do, since it’s a tool based review. Given that tools don’t yet provide a huge amount of coverage of the application security problem space, level 1 reviews are understandable limited in their scope. But they are just the first level in the model. Higher levels provide better coverage and more rigor, as defined by the standard itself.