SlideShare uma empresa Scribd logo

Outpost24 webinar - Protecting Cezanne HR’s cloud web application with continuous assessment

Transferir como PPTX, PDF
Outpost24
Outpost24

We discuss the importance of data protection in HR, and how a hybrid continuous assessment approach has helped secure their business critical apps and maintain ISO certification standards at scale.

Software
1 de 15
Outpost24 Template 2019 Protecting Cezanne HR’s cloud web application with continuous assessment Simon Roe, Outpost24 & John Hixon, Cezanne HR 30th September 2020
Full stack cybersecurity assessment Helping customers improve security posture since 2001 Over 2,000 customers in all regions of the world Really good at breaking technology 2
3Application Security in the news…..
4 HR & Security go hand-in-hand • Security automation to protect fast growing Saas business • Protecting customer data is #1 priority • ISO certification and prevent data leakage • Reduce security stress on resources & budget • Release with speed and confidence with secure SDLC
5
6
7
8
9
10
11
12 SWAT for Business-Critical Applications • Delivery through portal • Findings published once reviewed • Zero false positives • Generate reports on demand • Liaise with testers • Integrate into SDLC through RestAPI • Crest approved methodology • Managed by O24 • Daily assessment • DAST scanning • Change detection • Regular manual assessment • Web application assessment • Quarterly • Findings • Manual review of ALL findings
Brief service description SWAT offers a combination of a state- of-art web application scanning technology and Security Consultants to provide an accurate and continuous web application assessments for a 12- month period. 13 What it is not • A network and host layer penetration test. Instead it focuses on up to four manual tests of the web application. • ‘A scanner’. We provide zero false- positives, something that is not feasible with just a scanner. SWAT at a glance Day <1 Scoping Day 1-30 Onboarding, review & manual test Day 30-365 Daily monitoring Scoping Submit a SWAT scoping request via either the Appsec UI or through the Sales representative. On receipt the request is reviewed by the AppSec team. Once approved the team returns a final scoping document including the number of applications/instances within two days. Daily monitoring After discovery, findings are verified by the AppSec team and published within 5-7 days of initial discovery. With a further 3 manual tests per year. Questions asked, and verification tests requested through the portal are answered within 5 business days. Onboarding, review & manual testing On license start date, each application is setup in the portal, initial scanning is setup, and the first manual test is scheduled to commence within the first 30 days. After 30 days, continuous assessments are performed including: Daily scanning and manual review of changes for any new risks. Service lifecycle What it is • Continuous security monitoring of web applications. • Guaranteed zero false positives. • A fully managed service perfect for applications that undergo many development changes/releases or applications that are business critical.
Takeaways • Application security hygiene – shift left for continuous assessment & secure SDLC • Education – understand your attack surface to protect customer data & prove compliance • Risk assessment – do your homework when stepping into new growth areas • Stay current – strive to understand latest attacker and industry trends 14
Outpost24 Template 2019 Simon Roe Application Security Product Manager sro@outpost24.com Q & A

Recomendados

An update to software testing trends
An update to software testing trendsAn update to software testing trends
An update to software testing trends
BugRaptors
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing control
matthewabq
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management
matthewabq
 
How automation can help boost security
How automation can help boost securityHow automation can help boost security
How automation can help boost security
TestingXperts
 
Msp saner 2.0
Msp saner 2.0Msp saner 2.0
Msp saner 2.0
SecPod Technologies
 
The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software Development
Sonatype
 
Saner 2.0
Saner 2.0Saner 2.0
Saner 2.0
SecPod Technologies
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?
QAI Global
 

Recomendados

An update to software testing trends
An update to software testing trendsAn update to software testing trends
An update to software testing trends
BugRaptors
 
Software supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing controlSoftware supply chain management: Gaining velocity without losing control
Software supply chain management: Gaining velocity without losing control
matthewabq
 
Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management Accelerating innovation with software supply chain management
Accelerating innovation with software supply chain management
matthewabq
 
How automation can help boost security
How automation can help boost securityHow automation can help boost security
How automation can help boost security
TestingXperts
 
Msp saner 2.0
Msp saner 2.0Msp saner 2.0
Msp saner 2.0
SecPod Technologies
 
The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software Development
Sonatype
 
Saner 2.0
Saner 2.0Saner 2.0
Saner 2.0
SecPod Technologies
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?
QAI Global
 
[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing
Perforce
 
Benefits of regression testing
Benefits of regression testingBenefits of regression testing
Benefits of regression testing
Mindfire LLC
 
Why software testing is very important for banking applications?
Why software testing is very important for banking applications?Why software testing is very important for banking applications?
Why software testing is very important for banking applications?
BugRaptors
 
Automation
AutomationAutomation
Automation
Mphasis
 
Alliance session 4373 risk management from on premise to the cloud – a foc...
Alliance session 4373 risk management from on premise to the cloud – a foc...Alliance session 4373 risk management from on premise to the cloud – a foc...
Alliance session 4373 risk management from on premise to the cloud – a foc...
Smart ERP Solutions, Inc.
 
Testing Practice: Lera Technologies
Testing Practice: Lera TechnologiesTesting Practice: Lera Technologies
Testing Practice: Lera Technologies
Lera Technologies
 
Accelerate technology
Accelerate technologyAccelerate technology
Accelerate technology
Daniel Villani
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Why the Future of Analytics Is Embedded
Why the Future of Analytics Is EmbeddedWhy the Future of Analytics Is Embedded
Why the Future of Analytics Is Embedded
Logi Analytics
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning edited
Milind Kelkar
 
Mobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data AnalyticsMobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data Analytics
TechWell
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
WhiteSource
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
evatjohnson
 
Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software Testing
Pavan Kumar Kodedela
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1
D Larson
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
DevOps Indonesia
 
Outpost24 webinar - Reinventing application security with Omnicom
Outpost24 webinar - Reinventing application security with OmnicomOutpost24 webinar - Reinventing application security with Omnicom
Outpost24 webinar - Reinventing application security with Omnicom
Outpost24
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qa
Taras Lytvyn
 
Software testing companies to monitor programs
Software testing companies to monitor programsSoftware testing companies to monitor programs
Software testing companies to monitor programs
Maveric Systems
 
Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01
Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01
Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01
Nandini Narayanan
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
London School of Cyber Security
 
Security Testing
Security TestingSecurity Testing
Security Testing
Pratham Software (PSI)
 

Mais conteúdo relacionado

Mais procurados

Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
konchada
 
Mobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data AnalyticsMobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data Analytics
TechWell
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
evatjohnson
 
Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software Testing
Pavan Kumar Kodedela
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1
D Larson
 
Outpost24 webinar - Reinventing application security with Omnicom
Outpost24 webinar - Reinventing application security with OmnicomOutpost24 webinar - Reinventing application security with Omnicom
Outpost24 webinar - Reinventing application security with Omnicom
Outpost24
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qa
Taras Lytvyn
 

Mais procurados (20)

[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing[Europe merge world tour] Coverity Development Testing
[Europe merge world tour] Coverity Development Testing
 
Benefits of regression testing
Benefits of regression testingBenefits of regression testing
Benefits of regression testing
 
Why software testing is very important for banking applications?
Why software testing is very important for banking applications?Why software testing is very important for banking applications?
Why software testing is very important for banking applications?
 
Automation
AutomationAutomation
Automation
 
Alliance session 4373 risk management from on premise to the cloud – a foc...
Alliance session 4373 risk management from on premise to the cloud – a foc...Alliance session 4373 risk management from on premise to the cloud – a foc...
Alliance session 4373 risk management from on premise to the cloud – a foc...
 
Testing Practice: Lera Technologies
Testing Practice: Lera TechnologiesTesting Practice: Lera Technologies
Testing Practice: Lera Technologies
 
Accelerate technology
Accelerate technologyAccelerate technology
Accelerate technology
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Why the Future of Analytics Is Embedded
Why the Future of Analytics Is EmbeddedWhy the Future of Analytics Is Embedded
Why the Future of Analytics Is Embedded
 
Automated testing of software applications using machine learning edited
Automated testing of software applications using machine learning editedAutomated testing of software applications using machine learning edited
Automated testing of software applications using machine learning edited
 
Mobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data AnalyticsMobile Test Automation with Big Data Analytics
Mobile Test Automation with Big Data Analytics
 
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource WebinarFind Out What's New With WhiteSource September 2018- A WhiteSource Webinar
Find Out What's New With WhiteSource September 2018- A WhiteSource Webinar
 
How to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded SystemsHow to Achieve Functional Safety in Safety-Citical Embedded Systems
How to Achieve Functional Safety in Safety-Citical Embedded Systems
 
Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software Testing
 
42396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D142396_HP Risk Report App Highlights infographic_042715_D1
42396_HP Risk Report App Highlights infographic_042715_D1
 
API Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIsAPI Security Webinar : Security Guidelines for Providing and Consuming APIs
API Security Webinar : Security Guidelines for Providing and Consuming APIs
 
Outpost24 webinar - Reinventing application security with Omnicom
Outpost24 webinar - Reinventing application security with OmnicomOutpost24 webinar - Reinventing application security with Omnicom
Outpost24 webinar - Reinventing application security with Omnicom
 
Artificial intelligence in qa
Artificial intelligence in qaArtificial intelligence in qa
Artificial intelligence in qa
 
Software testing companies to monitor programs
Software testing companies to monitor programsSoftware testing companies to monitor programs
Software testing companies to monitor programs
 
Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01
Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01
Qaanalytics customerstory-forpublishing-150412120638-conversion-gate01
 

Semelhante a Outpost24 webinar - Protecting Cezanne HR’s cloud web application with continuous assessment

Sumi jain_Resume
Sumi jain_ResumeSumi jain_Resume
Sumi jain_Resume
sumi jain
 
Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...
Alisha Henderson
 
Blankenship application insights overview
Blankenship application insights overviewBlankenship application insights overview
Blankenship application insights overview
Jason Alinen
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
SoftServe
 
Muthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_ResumeMuthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_Resume
Muthu Vel P
 
Alaman- Resume for Technical Support
Alaman- Resume for Technical SupportAlaman- Resume for Technical Support
Alaman- Resume for Technical Support
Mohammed Alaman
 

Semelhante a Outpost24 webinar - Protecting Cezanne HR’s cloud web application with continuous assessment (20)

Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
Cloud Application Security Service
Cloud Application Security ServiceCloud Application Security Service
Cloud Application Security Service
 
Sumi jain_Resume
Sumi jain_ResumeSumi jain_Resume
Sumi jain_Resume
 
Maximizing Efficiency in Finance_ The Critical Role of Testing Financial Apps...
Maximizing Efficiency in Finance_ The Critical Role of Testing Financial Apps...Maximizing Efficiency in Finance_ The Critical Role of Testing Financial Apps...
Maximizing Efficiency in Finance_ The Critical Role of Testing Financial Apps...
 
Step by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategiesStep by-step mobile testing approaches and strategies
Step by-step mobile testing approaches and strategies
 
Best SaaS App Development Company In USA
Best SaaS App Development Company In USABest SaaS App Development Company In USA
Best SaaS App Development Company In USA
 
Selecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideSelecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuide
 
Procuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerProcuring an Application Security Testing Partner
Procuring an Application Security Testing Partner
 
Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...Why web application security is important in every step of web application de...
Why web application security is important in every step of web application de...
 
Blankenship application insights overview
Blankenship application insights overviewBlankenship application insights overview
Blankenship application insights overview
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Guide to FinTech App Testing For Improved Functionality and Security.pdf
Guide to FinTech App Testing For Improved Functionality and Security.pdfGuide to FinTech App Testing For Improved Functionality and Security.pdf
Guide to FinTech App Testing For Improved Functionality and Security.pdf
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 
Gangadhara_Resume
Gangadhara_ResumeGangadhara_Resume
Gangadhara_Resume
 
Muthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_ResumeMuthu_Senior Test Engineer_Resume
Muthu_Senior Test Engineer_Resume
 
Resume
ResumeResume
Resume
 
Alaman- Resume for Technical Support
Alaman- Resume for Technical SupportAlaman- Resume for Technical Support
Alaman- Resume for Technical Support
 
Project Risk Management Report (Mobile App)
Project Risk Management Report (Mobile App)Project Risk Management Report (Mobile App)
Project Risk Management Report (Mobile App)
 

Mais de Outpost24

Mais de Outpost24 (20)

Outpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystem
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
Outpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security ProgramOutpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security Program
 
Outpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theftOutpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theft
 
Outpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictionsOutpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictions
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
Outpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technologyOutpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technology
 
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
 
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev ops
 

Último

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Último (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 

Outpost24 webinar - Protecting Cezanne HR’s cloud web application with continuous assessment

  • 1. Outpost24 Template 2019 Protecting Cezanne HR’s cloud web application with continuous assessment Simon Roe, Outpost24 & John Hixon, Cezanne HR 30th September 2020
  • 2. Full stack cybersecurity assessment Helping customers improve security posture since 2001 Over 2,000 customers in all regions of the world Really good at breaking technology 2
  • 3. 3Application Security in the news…..
  • 4. 4 HR & Security go hand-in-hand • Security automation to protect fast growing Saas business • Protecting customer data is #1 priority • ISO certification and prevent data leakage • Reduce security stress on resources & budget • Release with speed and confidence with secure SDLC
  • 5. 5
  • 6. 6
  • 7. 7
  • 8. 8
  • 9. 9
  • 10. 10
  • 11. 11
  • 12. 12 SWAT for Business-Critical Applications • Delivery through portal • Findings published once reviewed • Zero false positives • Generate reports on demand • Liaise with testers • Integrate into SDLC through RestAPI • Crest approved methodology • Managed by O24 • Daily assessment • DAST scanning • Change detection • Regular manual assessment • Web application assessment • Quarterly • Findings • Manual review of ALL findings
  • 13. Brief service description SWAT offers a combination of a state- of-art web application scanning technology and Security Consultants to provide an accurate and continuous web application assessments for a 12- month period. 13 What it is not • A network and host layer penetration test. Instead it focuses on up to four manual tests of the web application. • ‘A scanner’. We provide zero false- positives, something that is not feasible with just a scanner. SWAT at a glance Day <1 Scoping Day 1-30 Onboarding, review & manual test Day 30-365 Daily monitoring Scoping Submit a SWAT scoping request via either the Appsec UI or through the Sales representative. On receipt the request is reviewed by the AppSec team. Once approved the team returns a final scoping document including the number of applications/instances within two days. Daily monitoring After discovery, findings are verified by the AppSec team and published within 5-7 days of initial discovery. With a further 3 manual tests per year. Questions asked, and verification tests requested through the portal are answered within 5 business days. Onboarding, review & manual testing On license start date, each application is setup in the portal, initial scanning is setup, and the first manual test is scheduled to commence within the first 30 days. After 30 days, continuous assessments are performed including: Daily scanning and manual review of changes for any new risks. Service lifecycle What it is • Continuous security monitoring of web applications. • Guaranteed zero false positives. • A fully managed service perfect for applications that undergo many development changes/releases or applications that are business critical.
  • 14. Takeaways • Application security hygiene – shift left for continuous assessment & secure SDLC • Education – understand your attack surface to protect customer data & prove compliance • Risk assessment – do your homework when stepping into new growth areas • Stay current – strive to understand latest attacker and industry trends 14
  • 15. Outpost24 Template 2019 Simon Roe Application Security Product Manager sro@outpost24.com Q & A

Notas do Editor

  1. Application security trends pre/post covid discussion
  2. How the needs of HR personnel and HR management has evolved (from offline spreadsheets to secure online platform) Brief intro to Cezanne HR and John’s role How transformaion in HR management has facilited the growth of the Cezanne HR in the mid-tier market globally Key challenges with security within HR sector (Single sign on and authentication)
  3. How Cezanne HR customer demands have changed since introduction of GDPR and importance of data protection Creating a security lead culture and ensuring security is a top priority throughout Cezanne HR and across different functions How the increase in customer demands has meant the need to grow the product and roadmap to include new features i.e to support new business and retention rates for Cezanne HR (new training modules etc) without impacting security
  4. How Cezanne HR came to the decison to move away from manual testing to automated contiuous assessment and how our relationship has developed How John’s team are measured and how SWAT helps them achieve their goals as a team – continuous scanning means we can focus on the top priorities
  5. ISO271001 certification and what it means for the business and Cezanne clients (we can speak from our perspective here as a Cezanne customer)
  6. Improved speed to market as app is tested every time there is a new update Economics of pen testing from business and security sense (Simon) how it helps achieve/ prove compliance more easily More efficient development to production cycle – John knows the app is secure before its released Access to Swat team and reporting
  7. How application security slots into John’s strategy and workflow and how Outpost24 enables Cezanne to deliver new versions to market on time and in budget How security testing can boost sales process and RFP’s
  8. John’s view of being a security professional and how having awareness of commercial success is important for his role Using continuous assessment for quality assurance testing before product is ready to go to market (speed to market and supporting SDLC) AWS and Cloud and how everything fits together