SlideShare uma empresa Scribd logo

Healthcare application-security-practices-survey-veracode

Veracode
Veracode

Even though Healthcare applications are a primary target for cyber-attacks, a new study from IDG Research reveals that sixty percent of internally developed applications are not assessed for critical security vulnerabilities such as SQL Injection and Cross-Site Scripting. IT leaders expect the number of healthcare applications to increase as organizations increasingly rely on software innovation. How will healthcare application security teams close this gap?

Tecnologia
1 de 18
Baixar para ler offline
Application Security Best Practices SurveyInsights for the Healthcare Industry
2 Application Security Benchmark Survey Insights for the Healthcare Industry •About this survey •What is being developed by enterprises? •What is not being tested? •How will things change in 12 months? •Executive commitment •A plan to close the gap
3 About The Survey •Conducted by IDGResearch from May-June 2014 •Respondents: -100 US -100 UK -106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution Computing (HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
What is being developed by enterprises?
5 Healthcare enterprise application portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 34% 42% 24% Source: Veracode and IDGResearch Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfoliois internally developed vs. externally-developed/ sourced? Healthcare Base: 18 Average number of internally developed enterprise applications 1829 Source: Veracode and IDGResearch Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Healthcare Base: 18
6 Taxonomy of internally developed applications Source: Veracode and IDGResearch Services Q3. With the total equal to 100%, approximately what percent of your internally developedenterprise application portfolio falls into the following application architecture categories? Healthcare Base: 18 31% 25% 22% 24% Mobile Applications Web Applications Client/Server Applications Terminal Applications HEALTHCARE
What is being spent on securing internally developed applications?
8 Security spending on internally developed enterprise applications HEALTHCARE 0% 17% 22% 17% 11% 22% 11% 0% 0% 35% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $1.12M Source: Veracode and IDGResearch Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Healthcare Base: 18
9 Breakdown of application security spending on internally developed applications HEALTHCARE Penetration Testing SAST DAST Application Discovery/Inventory 20% 26% 31% 22% Source: Veracode and IDGResearch Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Healthcare Base: 18
What is not being tested?
11 Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 HEALTHCARE MOBILE APPLICATIONS 63% not tested for vulnerabilities WEB APPLICATIONS 57%not tested for vulnerabilities TERMINAL APPLICATIONS 64%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 59%not tested for vulnerabilities ALL APPLICATIONS 60%not tested for vulnerabilities A
12 Importance of closing the gaps in application security testing HEALTHCARE Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? Healthcare Base: 18 87% MOBILE APPLICATIONS (N = 15) 80% WEB APPLICATIONS (N = 15) 69% CLIENT/SERVER APPLICATIONS (N = 16) 69% TERMINAL APPLICATIONS (N = 16) Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
How will things change in 12 months?
14 Changes in application security programs: 12 month projection for Healthcare industry Source: Veracode and IDGResearch Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 2.92% average increase Change in security spend for internally developed applications (or 177 new apps) Average growth of internally developed applications 9.7% average increase Estimated 2015 Budget: $1.15M Estimated 2015 Need: $3.11M To test all current and new applications with existing approaches $1.95M Average gap between need and budget Source: Veracode and IDGResearch Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Healthcare Base: 18
Executive commitment
16 Executive commitment to application security testing HEALTHCARE Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 44% 28% 28% 0% Source: Veracode and IDGResearch Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Healthcare Base: 18
17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDGdetermined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSOin an untenable budgetary situation. The key is rethinking these elements: •How security gets built into applications as they are being developed •How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months •How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOsand CSOscan use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDGResearch, Aug 2014
Start the assessment http://www.veracode.com/application-security-assessment

Recomendados

Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilitySonatype
 

Recomendados

Veracode - Inglês
Veracode - InglêsVeracode - Inglês
Veracode - InglêsDeServ - Tecnologia e Servços
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - OverviewStephen Durrant
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris WysopalThreat Stack
 
Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Mobile Security: Apps are our digital lives.
Mobile Security: Apps are our digital lives.Veracode
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - PrintAndrew Kanikuru
 
Strengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilityStrengthening cyber resilience with Software Supply Chain Visibility
Strengthening cyber resilience with Software Supply Chain VisibilitySonatype
 
Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFixVirtual Forge
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsVeracode
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionhearme limited company
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous DeliveryMainstay
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Sonatype
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to EnlightenmentBlack Duck by Synopsys
 
Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Dinis Cruz
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1Khody Afkhami
 

Mais conteúdo relacionado

Mais procurados

Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply ChainMark Sherman
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web applicationTestingXperts
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementSonatype
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceSonatype
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Appsmlogvinov
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFixVirtual Forge
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsVeracode
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionhearme limited company
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous DeliveryMainstay
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Sonatype
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar finalDevOps.com
 

Mais procurados (20)

Risks in the Software Supply Chain
Risks in the Software Supply ChainRisks in the Software Supply Chain
Risks in the Software Supply Chain
 
7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application7 measures to overcome cyber attacks of web application
7 measures to overcome cyber attacks of web application
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI ComplianceTools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
Tools & Techniques for Addressing Component Vulnerabilities for PCI Compliance
 
OWASP: Building Secure Web Apps
OWASP: Building Secure Web AppsOWASP: Building Secure Web Apps
OWASP: Building Secure Web Apps
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Application Security Management with ThreadFix
Application Security Management with ThreadFixApplication Security Management with ThreadFix
Application Security Management with ThreadFix
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
Retail Industry Application Security Survey Insights
Retail Industry Application Security Survey InsightsRetail Industry Application Security Survey Insights
Retail Industry Application Security Survey Insights
 
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
IBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solutionIBM AppScan Enterprise - The total software security solution
IBM AppScan Enterprise - The total software security solution
 
Fortify Continuous Delivery
Fortify Continuous DeliveryFortify Continuous Delivery
Fortify Continuous Delivery
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
Snippets, Scans and Snap Decisions: How Component Identification Methods Impa...
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
5 things about os sharon webinar final
5 things about os sharon webinar final5 things about os sharon webinar final
5 things about os sharon webinar final
 
The AppSec Path to Enlightenment
The AppSec Path to EnlightenmentThe AppSec Path to Enlightenment
The AppSec Path to Enlightenment
 

Destaque

Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Dinis Cruz
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1Khody Afkhami
 
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineScripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineSherif Mansour
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
AllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CIAllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CISimon Bennetts
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesThreat Stack
 
Building a deployment pipeline
Building a deployment pipelineBuilding a deployment pipeline
Building a deployment pipelineNoam Shochat
 
Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Christian Bogeberg
 
Iot for e-health system project concept
Iot for e-health system project conceptIot for e-health system project concept
Iot for e-health system project conceptVakhtang Mosidze
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Simon Bennetts
 
advantage and disadvantage of technology
advantage and disadvantage of technology advantage and disadvantage of technology
advantage and disadvantage of technology Ziyad Siso
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stackKris Buytaert
 
Managing the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaManaging the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaAmazon Web Services
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...Amazon Web Services
 

Destaque (18)

Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)Veracode Automation CLI (using Jenkins for SDL integration)
Veracode Automation CLI (using Jenkins for SDL integration)
 
ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1ANSYS-Advantage-Healthcare-AA-V9-I1
ANSYS-Advantage-Healthcare-AA-V9-I1
 
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipelineScripts that automate OWASP ZAP as part of a continuous delivery pipeline
Scripts that automate OWASP ZAP as part of a continuous delivery pipeline
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 
AllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CIAllDayDevOps ZAP automation in CI
AllDayDevOps ZAP automation in CI
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
 
Building a deployment pipeline
Building a deployment pipelineBuilding a deployment pipeline
Building a deployment pipeline
 
Development stack for an healthcare application
Development stack for an healthcare applicationDevelopment stack for an healthcare application
Development stack for an healthcare application
 
Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...Highly efficient container orchestration and continuous delivery with DC/OS a...
Highly efficient container orchestration and continuous delivery with DC/OS a...
 
Iot for e-health system project concept
Iot for e-health system project conceptIot for e-health system project concept
Iot for e-health system project concept
 
Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk Automating OWASP ZAP - DevCSecCon talk
Automating OWASP ZAP - DevCSecCon talk
 
advantage and disadvantage of technology
advantage and disadvantage of technology advantage and disadvantage of technology
advantage and disadvantage of technology
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
 
Another 7 tools for your #devops stack
Another 7 tools for your #devops stackAnother 7 tools for your #devops stack
Another 7 tools for your #devops stack
 
Managing the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS LambdaManaging the Continuous Delivery of Code to AWS Lambda
Managing the Continuous Delivery of Code to AWS Lambda
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
 

Semelhante a Healthcare application-security-practices-survey-veracode

application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodesciccone
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application SecurityVeracode
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Mainstay
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyJennifer Walker
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameDennis Stoutjesdijk
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfdotco
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseThe Economist Media Businesses
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Jeremiah Grossman
 
Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Brian Metzger
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software marketHarshalBamble
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013Bee_Ware
 
Apperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportApperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportJennifer Walker
 
Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14InvestorSymantec
 
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...IMARC Group
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactTata Consultancy Services
 

Semelhante a Healthcare application-security-practices-survey-veracode (20)

application-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracodeapplication-security-fallacies-and-realities-veracode
application-security-fallacies-and-realities-veracode
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...Does Application Security Pay? Measuring the Business Impact of Software Secu...
Does Application Security Pay? Measuring the Business Impact of Software Secu...
 
Webinar: CX up AND costs down?
Webinar: CX up AND costs down?Webinar: CX up AND costs down?
Webinar: CX up AND costs down?
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracode
 
Apperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility SurveyApperian 2015 Executive Enterprise Mobility Survey
Apperian 2015 Executive Enterprise Mobility Survey
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
Market landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the gameMarket landscape how pervasive technology has changed the game
Market landscape how pervasive technology has changed the game
 
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdfTraining Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016Web Application Security Statistics Report 2016
Web Application Security Statistics Report 2016
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020Caspio Low-Code Report, 2020
Caspio Low-Code Report, 2020
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
 
SECURITY
SECURITYSECURITY
SECURITY
 
Website Security Statistics Report 2013
Website Security Statistics Report 2013Website Security Statistics Report 2013
Website Security Statistics Report 2013
 
Apperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility ReportApperian 2014 Executive Enterprise Mobility Report
Apperian 2014 Executive Enterprise Mobility Report
 
Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14Symantec corporate presentation 3 28-14
Symantec corporate presentation 3 28-14
 
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
Healthcare Information Software Market PPT 2022: Size, Growth, Demand and For...
 
Digital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the ImpactDigital Readiness and the Pandemic: Assessing the Impact
Digital Readiness and the Pandemic: Assessing the Impact
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Último (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Healthcare application-security-practices-survey-veracode

  • 1. Application Security Best Practices SurveyInsights for the Healthcare Industry
  • 2. 2 Application Security Benchmark Survey Insights for the Healthcare Industry •About this survey •What is being developed by enterprises? •What is not being tested? •How will things change in 12 months? •Executive commitment •A plan to close the gap
  • 3. 3 About The Survey •Conducted by IDGResearch from May-June 2014 •Respondents: -100 US -100 UK -106 Germany & Switzerland 26% 5% 6% 6% 8% 9% 11% 14% 16% Other Telecommunications Retail, Wholesale Healthcare, Medical, Biotech, Pharmaceuticals Advertising, PR, Marketing Business services, Consulting Manufacturing & Distribution Computing (HW, SW, Services) Financial services (banking, accounting,insurance) 0% 10% 20% 30% 17% 27% 16% 21% 18% $500 million - $999.9 million $1 billion - $2.9 billion $3 billion - $4.9 billion $5 billion - $9.9 billion $10 billion or more
  • 4. What is being developed by enterprises?
  • 5. 5 Healthcare enterprise application portfolio Internally Developed vs. Externally Sourced Internally developed Sourced from commercial software vendor Outsourced (developed by third party) 34% 42% 24% Source: Veracode and IDGResearch Services Q1. With the total equal to 100%, please estimate what proportion of your organization’s total enterprise application portfoliois internally developed vs. externally-developed/ sourced? Healthcare Base: 18 Average number of internally developed enterprise applications 1829 Source: Veracode and IDGResearch Services Q9. How many internally developed enterprise applications are currently deployed within your organization? Healthcare Base: 18
  • 6. 6 Taxonomy of internally developed applications Source: Veracode and IDGResearch Services Q3. With the total equal to 100%, approximately what percent of your internally developedenterprise application portfolio falls into the following application architecture categories? Healthcare Base: 18 31% 25% 22% 24% Mobile Applications Web Applications Client/Server Applications Terminal Applications HEALTHCARE
  • 7. What is being spent on securing internally developed applications?
  • 8. 8 Security spending on internally developed enterprise applications HEALTHCARE 0% 17% 22% 17% 11% 22% 11% 0% 0% 35% Less than $100,000 $100,000 to $249,999 $250,000 to $499,999 $500,000 to $749,999 $750,000 to $999,999 $1M to $2.49M $2.5M to $4.9M $5M or more $1.12M Source: Veracode and IDGResearch Services Q7a. Please estimate your organization’s overall spend on application security for internally developed applications? Total Healthcare Base: 18
  • 9. 9 Breakdown of application security spending on internally developed applications HEALTHCARE Penetration Testing SAST DAST Application Discovery/Inventory 20% 26% 31% 22% Source: Veracode and IDGResearch Services Q7b. Approximately what percent of your organization’s application security budget for internally developed applications is spent on the following: Healthcare Base: 18
  • 10. What is not being tested?
  • 11. 11 Internally developed applications not tested for security vulnerabilities Source: Veracode and IDG Research Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 HEALTHCARE MOBILE APPLICATIONS 63% not tested for vulnerabilities WEB APPLICATIONS 57%not tested for vulnerabilities TERMINAL APPLICATIONS 64%not tested for vulnerabilities CLIENT/SERVER APPLICATIONS 59%not tested for vulnerabilities ALL APPLICATIONS 60%not tested for vulnerabilities A
  • 12. 12 Importance of closing the gaps in application security testing HEALTHCARE Source: Veracode and IDG Research Services Q5b. For each application architecture listed below, how important is it for your organization to close the gaps in coverage and move closer to testing 100% of your internally developed applications for security vulnerabilities? Healthcare Base: 18 87% MOBILE APPLICATIONS (N = 15) 80% WEB APPLICATIONS (N = 15) 69% CLIENT/SERVER APPLICATIONS (N = 16) 69% TERMINAL APPLICATIONS (N = 16) Respondent organizations reporting less than 100% coverage citing a critical or very important need to close gaps in coverage:
  • 13. How will things change in 12 months?
  • 14. 14 Changes in application security programs: 12 month projection for Healthcare industry Source: Veracode and IDGResearch Services Q5a. For each application architecture listed below, approximately what percentage of your organization’s internally developed applications do you test for security vulnerabilities? (Total does not have to add up to 100%) Healthcare Base: 18 2.92% average increase Change in security spend for internally developed applications (or 177 new apps) Average growth of internally developed applications 9.7% average increase Estimated 2015 Budget: $1.15M Estimated 2015 Need: $3.11M To test all current and new applications with existing approaches $1.95M Average gap between need and budget Source: Veracode and IDGResearch Services Q8. How do you expect your organization’s overall spending on application security for internally developed enterprise applications to change over the next 12 months? Healthcare Base: 18
  • 16. 16 Executive commitment to application security testing HEALTHCARE Executives have mandated an enterprise-wide program and are tracking implementation Executives are aware of but have not mandated an enterprise-wide program Executives are interested in application security for business critical applications only Executives have little interest in application security programs 44% 28% 28% 0% Source: Veracode and IDGResearch Services Q9. Which of the following most accurately describes the level of executive commitment to application security testing (for internally developed applications) within your organization? Healthcare Base: 18
  • 17. 17 A Plan to Close the Gap* Anticipated spending increases are dramatically lower than the minimum spending increase that IDGdetermined is required to close the gap. Simply extrapolating the existing assessment approaches to close the gap puts the CSOin an untenable budgetary situation. The key is rethinking these elements: •How security gets built into applications as they are being developed •How to build in security at the scale and pace required to support the more than 340 anticipated new applications that enterprises, on average, will develop in the next 12 months •How to build in security so that it lowers the financial burden of proactively managing risk By seeking out best practices for implementing application security at scale, CIOsand CSOscan use their expected budget increases for initiatives that tackle their existing gap in a significant way. * Except from “Why Application Security is a Business Imperative” IDGResearch, Aug 2014
  • 18. Start the assessment http://www.veracode.com/application-security-assessment