Dynamic, and Mobile with Fortify on Demand Rick Smith Product - - PowerPoint PPT Presentation

dynamic and mobile with fortify on demand
SMART_READER_LITE
LIVE PREVIEW

Dynamic, and Mobile with Fortify on Demand Rick Smith Product - - PowerPoint PPT Presentation

Apr 19, 2023 11 likes •262 views

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit Agenda Identifying the cost Identifying the tool A quick case study 2 Thinking about the cost 3

slide-1
SLIDE 1

#MicroFocusCyberSummit

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand

Rick Smith Product Manager

slide-2
SLIDE 2

Identifying the cost Identifying the tool A quick case study

2

Agenda

slide-3
SLIDE 3

Thinking about the cost

3

slide-4
SLIDE 4

Challenge becomes identifying the cost:

  • Opportunity
  • Time
  • Risk
  • Reputation
  • Features
  • Productivity
  • Relationships
  • Sanity!

Cliché Alert: Nothing in Life is Free

slide-5
SLIDE 5

Procuring secure software Certifying new releases Securing legacy applications

Demonstrating Compliance Legacy Software In-house Development

Application Security Today is Complex

5

Monitoring / Protecting Production Software

Open Source Outsourced Commercial

slide-6
SLIDE 6

6

It isn’t getting easier

2010

Release Frequency Number of Applications

2020+

App App

2015

Software @ DevOps Speed

slide-7
SLIDE 7

Identifying the Right Tool

slide-8
SLIDE 8

Enterprise DevSecOps

8

slide-9
SLIDE 9

To a Hammer, Everything is a Nail

Do you need a hammer?

slide-10
SLIDE 10

Choosing the Right Tool

slide-11
SLIDE 11

The Right Fit

  • Open Source Analysis
  • Real-time Static
  • Continuous Monitoring
  • Dynamic
  • Static
  • Mobile
slide-12
SLIDE 12

Easily upload source from the IDE, and audit there as well

Static Made Simple

slide-13
SLIDE 13

Fortify on Demand

Developers (IDE) Step 1: Develop & check-in code Step 4: Automated Audit Step 3: Start Static Assessment Source control repository Step 2: Scheduled or triggered check-out & build Continuous integration server Fortify SCA Fortify Scan Analytics FoD security expert (Optional) Step 5: Manual Audit Vulnerability Management

Vulnerabiliti es Vulnerabiliti es

Defect management Step 6: Triage, assign & fix vulnerabilities

Bill of materials Known vulnerabilities License risk

Open Source Analysis

Audited static results at DevOps speed

Static – Full Build Integration

slide-14
SLIDE 14

Our infrastructure & expertise Your applications

Fast dynamic, augmented with human testing

Dynamic Results at Scale – Speed and Depth

slide-15
SLIDE 15

Automated results in 1 minute Full device stack testing

Mobile – Blazing Fast + Thorough

slide-16
SLIDE 16

Are your libraries introducing risk?

Open Source Component Analysis

slide-17
SLIDE 17

Real-time Static Analysis

Instant feedback within the IDE

slide-18
SLIDE 18

Continuous Monitoring

18

Focusing on the OWASP Top 10 with fast & lightweight scanning

slide-19
SLIDE 19

Putting it all together

19

slide-20
SLIDE 20

Balancing the Pace of Development

slide-21
SLIDE 21
  • Flexibility is critical
  • Automate where possible
  • Leverage integrations
  • Build security in as quality

Balancing the Pace of Development

slide-22
SLIDE 22

Case Study: Fortify on Demand

22

slide-23
SLIDE 23

Case Study: Fortify on Demand

23

Continuous lightweight static Weekly static Dynamic after deploy Continuous monitoring in prod Defects to Octane Constant feedback

slide-24
SLIDE 24

Question & Answer

slide-25
SLIDE 25

Thank You.

#MicroFocusCyberSummit