Finding Resources to Implement your Application Security Program
This presentation will be the third in a 5 part series on developing an Application Security program.
Part 1: Building a Business case to get funding
Part 2: Prioritizing important applications to tackle first
Part 3 (this session): Finding Resources to Implement your program
Part 4: Now, that I’ve scanned it, what next?
Part 5: How to fix vulnerabilities, and build it into the SDLC?
Low-code platforms have become a critical factor in helping AD&D organizations rapidly deliver applications to win, serve and retain customers.
With these platforms, enterprises are routinely delivering apps much faster than conventional methods. But can these platforms truly scale across the full modern app lifecycle? What are the top use cases for deploying a low-code platform?
Join John Rymer of Forrester Research for an engaging discussion about the innovative ways organizations are utilizing low-code platforms across the app lifecycle. Hear from IT executives with Autoliv, Estafeta and NES Financial as they talk candidly about how low-code platforms have driven growth and competitive advantage in their organizations.
IT security risks are changing, and undoubtingly increasing in complexity and frequency. Enterprises across the globe are struggling to not only keep up, but to maintain a secure network environment. From a recent breach by hackers to gain sensitive information of more than 100,000 taxpayers, to the breach of 110 million consumer records, the cyber threat landscape is getting worse every year. Hackers are faster, and organizations are taking longer to discover the breaches, giving thieves hours, days, and even weeks to explore the most private and sensitive company data.
Gemalto has identified key steps to help secure your enterprise network, certainly one of the first areas fraudsters attempt to infiltrate.
Join us on September 28th for an informative presentation that will help you plan a strategy to protect your most critical assets.
VMware Horizon View allows IT organizations to deliver virtual or hosted desktops and applications through a single platform to users. The success of these virtual desktop deployments is linked to the user experience: virtual desktops have to deliver better performance than physical desktops.
The heterogeneous, multi-tier, inter-dependent nature of the underlying infrastructure makes performance monitoring, diagnosis and reporting a challenge. When users complain that “the virtual desktop or application is slow”, IT administrators often struggle to determine the actual cause of the problem. Is it the network, database, application, virtualization platform, connection server, storage or the virtual desktop?
This webinar will help you learn how to unlock the benefits of desktop and application virtualization by enabling your organization to monitor, diagnose and report on the performance of your VMware Horizon View infrastructure.
Robots and drones have captivated us for more than half a century. When you think about a robot, you might automatically think about Rosie from the Jetsons. However, the next revolution of robotics will be very different than what you think. Robotics will enhance everyday life by enabling a broad range of applications from smart home to healthcare and transportation.
Why now? Historically, robots have been pre-programmed to complete tasks in industrial settings, but thanks to the same technology powering our smart phones, robots are poised to evolve into intelligent, intuitive machines capable of processing their environments quickly and efficiently - both on the ground and in the air. Robots will be seamlessly integrated with everyday life, handling tasks once too time-consuming or tedious for us.
In this webinar, we'll discuss:
*The key consumer and commercial applications of robots and drones
*The role robots will play in societies and economies
*How smartphone technologies will pave the way to robotics' future
* How cognitive technologies will transform our lives and business
* How Qualcomm is fostering innovation and helping the ecosystem
* The foundation of many IoT applications in shaping the way to robotics
Jim McGregor, Principal Analyst, Tirias Research
Andra Keay, Managing Director of Silicon Valley Robotics
Anthony Lewis, Senior Director of Technology, Qualcomm
Maged Zaki, Director of Technical Marketing, Qualcomm Technologies, Inc.
There are many ways in which people approach adding real-time communications with WebRTC to their service. While the dominant approaches are probably self development and using a WebRTC PaaS vendor, there’s a wider range of approaches.
In this session, Tsahi Levent-Levi, consultant and analyst of everything WebRTC, will go over the various approaches, revealing their advantages along with real vendor use cases.
We've all heard how DevOps can greatly accelerate velocity and efficiency. The challenge is how to transform an enterprise which was not born with the cloud, with established processes and systems. Join us on this webinar and hear how HP IT is making the move from:
• organizational silos to integrated teams and continuous delivery pipelines
• physical systems and storage to cloud infrastructure and Docker containers
• templates and forms to infrastructure-as-code
• change requests to change records
IDC Announces the Best Vendors for Client Computing Software
In the multi-device workplace, there are many vendors IT can choose from to better manage applications and desktops. So, which vendors offer the best client computing solutions with a commitment to long-term end-user computing innovation?
Find out how a variety of vendors compare and the reasons why VMware has moved into the Leaders category in the IDC MarketScape: Worldwide Virtual Client Computing Software 2015 Vendor Assessment.
Join us and learn:
Which vendors are well aligned when it comes to customer needs
Which vendors offer the best client computing solutions with a commitment to long-term end-user computing innovation?
Which vendors have the commitment to providing resources and continued expansion of the EUC infrastructure
Are you communicating with your customers the same way you did 5 years ago? As technology evolves, so do your customers’ communication preferences. The customer service industry has seen a significant increase in SMS (aka texting) due to its ability to deliver convenient, proactive service for today’s on-the-go customer. Register for our webinar to learn how SMS technology can help you lower wait times and keep your customers informed.
In this webinar you’ll learn how SMS can:
- Reduce wait times and lower call volumes
- Help you stay proactive with your customers
- Mitigate risks for your business or customers
- Pair well with other communications solutions
Getting more from your UC investment:
Using Cisco APIs and SDKs to extend Cisco functionality directly to your users
Cisco provides APIs and SDKs which allow users to integrate their existing or new products on top of Cisco's UC platforms. Most customers don't realize these features are available to them out-of-the-box with their Cisco products.
Join us for a discussion and demonstration of how some of these APIs and SDKs, including the Jabber SDK, AXL API and other UC specific integrations that Cisco packages with their popular UC products.
In 2014, Hogan-De Paul joined the ranks at NYC-based Akkadian Labs as an experienced software engineer, specializing in custom Cisco Collaboration software with the company. His day to day role consists of gathering customer requirements, designing, testing, and implementing custom software solutions on top of Cisco VoIP platforms. Previously, Peter has also worked on configuring Cisco device firmware and technical marketing for VoIP based services. Peter graduated in 2013 from the New Jersey Institute of Technology with a degree in Software Engineering, with previous education credits from Rensselaer Polytechnic Institute and Stevens Institute of Technology.
Learn how to use the latest advances in cloud communications to activate your customer data and call activity into profitable sales accelerators. Every day, you collect more data in your CRM and telephone call reports. 8x8 will show you how to turn that data into higher close rates and more satisfying customer engagement experiences and provide you the analytics tools required to measure the results.
Frank Mong, Vice President & General Manager of HP Security Solutions
The old school of cyber defense emphasized securing infrastructure and restricting data flows, but data needs to run freely to power our organizations. The new school of cyber defense calls for security that is agile and intelligent. It emphasizes protecting the interactions between our users, our applications, and our data.
The world has changed, and we must change the way we secure it. Join Frank Mong, VP & General Manager of Security Solutions, and hear why you need to secure your:
- Cloud services
- Data (wherever it is)
- Apps (wherever they run)
No one wants to end up as the next headline from a cyber security attack. But application security can be hard to do and takes time. Perhaps you failed an audit or swallowed the risk of vulnerabilities to get a new business app online. You need to CYA (cover your apps) fast!
Learn how runtime application self-protection can protect you in minutes when your applications:
• are too complex, too fragile, or ill supported to risk changing the code to remove security vulnerabilities
• have thousands of vulnerabilities – or that have never been tested – but are in production
• rely on code that is off-the-shelf, third party, or in the cloud - don’t be at the vendor’s mercy.
Learn how to identify and defend software vulnerabilities while the app is still being used. Quickly implement compensating controls to breeze past that next audit.
Bruce C. Jenkins, AppSec Program Strategist, HPSW Fortify
In today's world where applications are distributed through cloud and mobile platforms, the risks to vulnerable applications are multiplying. Application managers are looking for ways to consolidate controls around their disparate applications and assign the proper staff, leadership and workflow processes to do this.
Based on the 2014 Application Security Programs and Practices survey, application security is on the rise, with 83% of 488 respondents reporting some sort of application security program in place (up from 66% in SANS' 2013 survey). In the 2014 survey, respondents' primary focus for their security programs was around web applications.
This year's survey intends to find out how the rise of mobility and cloud applications is changing respondents' application security program efforts and to gather best practice advice for secure management of disparate applications throughout their lifecycle.
This second part of the webcast will focus on issues in application development.
Shuying Liang, phD - Software Engineer, Michael Right - Product Manager
Higher-order features such as lambdas exist ubiquitously in web applications and frameworks. They make development easier, but at a cost of added complexity and exposure to high risk vulns and attacks. However, statically ruling out such vulnerabilities is theoretical and practically challenging, especially when high-order functions and complex control-flow collide with opaque, dynamic data structures such as objects.
This talk aims to provide an easy-to-understand explanation of higher-order function and the difficulties involved in assessing it. We’ll include a brief report on the how HP Fortify Static Code Analyzer handles higher-order analysis and our plans for future improvements. Note: Content focused on a technical-level viewer.
Download the SCA Solution Brief in the attachments for further reference.
There are a lot of reasons why you should fortify your application security to protect your business from hackers. And there are probably many reasons why you're not doing as much as you might.
In this video, HP and Slashdot Media detail the top 10 reasons you should enhance application security. And they go on to show you how HP Fortify static and dynamic application security testing products help you do it. Fortify uses the latest security intelligence to help you cut compliance testing time in half, find and fix vulnerabilities in hours, and enable the collaboration among development, testing, and security teams that make your applications and your business more secure.
Cindy Blake & Rob Putman, HPSW Enterprise Security Products
Greater than 80% of today’s breaches occur with application software, yet many companies continue to invest in ‘over the wire’ solutions that are not solving the problem. Runtime Application Self-Protection, or RASP, is an emerging market that promises to protect applications from the inside. Using the rich context of the application’s logic and associated core libraries, RASP identifies attacks in ‘real-time’ and stops them. Implementation is quick and requires no changes to your application’s code. Join us to learn more about what RASP can do for you.
•Why context from inside the application matters
•How easy it can be to use native capabilities of Java and .NET to protect your applications
•Use cases to get you started.
Help lead your enterprise to a stronger, more effective security program.
Jewel Timpe, Senior Manager- Threat Research, HP Security Research
In the world of information security, the past isn’t dead; it isn’t even the past. The 2015 edition of HP’s annual security-research analysis reveals a threat landscape still populated by old problems and known issues, even as the pace of new developments quickens. In 2014, well-known attacks and misconfigurations existed side-by-side with mobile and connected devices (the “Internet of Things”) that remained largely unsecured. As the global economy continues its recovery, enterprises continued to find inexpensive access to capital; unfortunately, network attackers did as well, some of whom launched remarkably determined and formidable attacks over the course of the year.
The 2015 edition of the HP Cyber Risk Report, drawn from innovative work by HP Security Research (HPSR), examines the nature of currently active vulnerabilities, how adversaries take advantage of them, and how defenders can prepare for what lies ahead. Jewel Timpe, HPSR’s senior manager of threat research, describes the report’s findings and explains how this intelligence can be used to better allocate security funds and personnel resources for enterprises looking toward tomorrow.
We all want our families and homes to be safe with the convenience of remote monitoring, but do these smart home security devices really make our families safer or put them at more risk by inviting easier access to our homes electronically via insecure Internet of Things? In a follow-up to HP’s 2014 report on the Internet of (Insecure) Things we explore the security of popular off-the-shelf connected Home Security Systems and discuss various testing techniques we used in our study along with recommendations for manufacturers, developers and consumers.
Art Gilliland, General Manager of HP Enterprise Security Products
Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
Jonathan Griggs, Brandon Spruth, Brooks Garrett, Jeremy Brooks
Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required in running the tools and interpreting the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end.
Security teams also wrestle with demand for dynamic scanning. Demand is not always consistent but hardware is expensive to purchase and maintain only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity.
In this talk we will explain how the new WebInspect API, introduced in the 10.20 release and expanded in the recent 10.30 release, can help security teams integrate dynamic scanning with WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company’s Software Security Assurance program.
Jonathan Griggs – WebInspect Product Manager
Brandon Spruth – Security Solutions Architect, HP Fortify
Brooks Garrett – Manager Operations and Architecture, Fortify on Demand
Jeremy Brooks – Senior Engineer, WebInspect Engineering
Michael Farnum, Practice Principal, HP Fortify on Demand, Hewlett-Packard
Many organizations have been building client-server and web applications for some time, and quite a few have reached a good level of maturity in regards to building security into their SDLC. Yet that traditional model of securing applications can’t fully address the security challenges presented by mobile and cloud infrastructures and the applications built around them. The business benefits of ubiquitous and quick data access (that come with mobile and cloud) are obvious, but the security issues are very real.
Join this discussion to find out how internal development and security groups can update their software security assurance processes so that they are embracing AND securing mobile and cloud solutions.
Bruce C. Jenkins, AppSec Program Strategist, HPSW Fortify
Software Security Assurance (SSA) programs take many forms across various industries. What remains constant across all programs and industries is the challenge of choosing appropriate measurements. We often ask: “Is this the right metric?” “Am I collecting enough data?” “What should be reported to my managers and senior executives?” In this webinar we help you answer those questions, and we also show you how the right metrics mature your SSA program and keep it focused on business priorities.
David Harper, Fortify on Demand Practice Principal, EMEA, HPSW ASC
Whether a mandate to secure all web and mobile apps comes from a newly enlightened CIO or in response to a major security breach, beginning even a small application security program can be a daunting task. How will you know how many digital assets you have, let alone their risk profile?
In this webinar we will explore how, using a cloud solution like Fortify on Demand, even the largest organizations can begin to scan apps immediately and rapidly scale an application security program. Identify and risk rank assets, fix critical vulnerabilities, and put in place a process to secure all new and existing applications - without hiring a separate security team.
Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
Explore cyber crime in Asia Pacific and Japan
The cost of cyber crime is on the rise in the APJ region, according to the 2014 Cost of Cyber Crime study from the Ponemon Institute. Among 30 companies surveyed in Australia, the reported per-company cost for Internet-driven crime was $4 million, up 8.4% from 2013. In Japan, the per-company average hit $6.9 million in the study, up 5.7% from 2013.
On the more optimistic side, companies in the region are achieving notable ROI for their investments in cyber security solutions. The average ROI for seven security technologies was 16% in Australia and 17% in Japan. For a close-up view of these and other findings from the institute’s research in Australia and Japan, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our APJ Security webinar.
Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
Explore cyber crime in the Americas
In the 2014 Cost of Cyber Crime study, U.S. companies reported an average of $12.7 million in losses to cyber crime. That was the highest national average in the study by the Ponemon Institute. Among the 59 U.S. companies in the survey, the average cost of cyber crime climbed by more than 9% over the course of the year.
Among other findings, the study noted that the most costly cyber crimes are those caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cyber crime costs. For a fuller look at these and other findings from the institute’s study of U.S. companies, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our AMS Security webinar
Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
Explore cyber crime in Europe
For its 2014 Cost of Cyber Crime study, the Ponemon Institute expanded its focus in Europe to encompass the Russian Federation, as well as France, Germany, and the United Kingdom. Collectively, the institute surveyed 137 companies in Europe in a study that found broad differences in the reported costs of cyber crime across the region. The per-company average ranged from $3.3 million in the Russian Federation to $8.1 million in Germany.
The study results indicate that over the course of the year, cyber crime rose 20.5% in France, 17.4% in the U.K., and 7.2% in Germany. For a closer look at these and other findings from the institute’ European research, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our EMEA Security webinar.
The Internet of Things (IoT) is a hot topic these days. Smart devices, systems, and services that “talk” to other devices via the internet means we can all be a lot more productive, but also opens us up to added security risk. Gartner says there will be 26 billion of these interconnected devices installed by 2020.
Until now there had been very little research done on the security of available devices and technologies, HP Fortify Security Research team decided to take this on. This is an overview of their findings.
In application vulnerability testing performed by HP, 52 percent of total vulnerabilities found are on the client side, and 48 percent are on the server. That is one of the real-world statistics uncovered by the HP 2013 Cyber Risk Report and summarized in this informative four-minute video.
The Cyber Risk Report video presents the data you need to separate the hype from the real threats and better plan how to spend your security dollars. View it to learn the most common kinds of attacks and to hear the one lesson learned from the in-depth study of the 2013 attack that took down South Korean Banks.
David Harper, Fortify on Demand Practice Principal, EMEA
Static analysis vs. Binary analysis, binary vs. bytecode, debug vs. obfuscation… Confused about Static Application Security Testing? In this webinar, David Harper, Fortify on Demand Practice Principal will explain all these terms, dispel some of the rumors and clear up any confusion. Afterwards, you will be able to authoritatively select the best approach for your Static Application Security Testing needs that will address your requirements for both comprehensive vulnerability detection and actionable remediation advice.