Introducing a New Level of on Demand Application Security

Ryan Berg, Chief Security Officer, Sonatype and Ryan English, Director of Fortify on Demand & Mobile Security Services
According to Gartner, by 2015, ninety-nine percent of mission -critical applications in Global 2000 companies will contain open source. The ease of using open source components speeds development and creates competitive advantage but can introduce security risk into your organization. Do you know what open source components are used in your application landscape?

Sonatype and HP Fortify are the first to deliver a new level of application security that includes static and dynamic testing coupled with open source component analysis. Join this session to learn how your organization can use Fortify on Demand to gain complete visibility into what components you are using and if there are known vulnerabilities or license obligation that bring risk to your organization and your customers.
Mar 27 2014
58 mins
Introducing a New Level of on Demand Application Security
More from this community:

Application Development

  • Live and recorded (1482)
  • Upcoming (27)
  • Date
  • Rating
  • Views
  • This video explains the 80:20 rule for developing a mobile strategy for your company. 80% of mobile uses cases are the same for most organizations, like managing approvals and internal communications. Sitrion ONE is a simple, secure end-to-end solution with pre-built use cases and connectors to enterprise systems like SAP, SharePoint, Salesforce, Office 365, Exchange and other REST endpoints.
  • Enterprise mobility video explaining how common approval processes from SAP, SharePoint, Salesforce, Office 365 and Exchange are integrated into Sitrion ONE's simple, native mobile app. Employees and managers simply manage tasks in their productivity stream within the native iOS, Android or Windows Phone app.
  • Reactive development is fueling a new wave of business application. Typesafe is dedicated to helping developers build Reactive applications on the JVM. With the Typesafe Reactive Platform, you can create modern, message-driven applications that scale on multicore and cloud computing architectures. Typesafe Activator, a browser-based tool with reusable templates, makes it easy to get started with Play Framework,
  • Join us for this webinar to learn how HP customers use automation to become more efficient, reduce errors, improve quality and become more responsive to business requirements. In this webinar we will focus on areas where our customers have gained the greatest benefit from automation such as incident resolution; server lifecycle management and user lifecycle management. We will also look at the process organisations take to implement automation technology and drive change in their businesses and where they were able to demonstrate strong return on investment.
  • We all want our families and homes to be safe with the convenience of remote monitoring, but do these smart home security devices really make our families safer or put them at more risk by inviting easier access to our homes electronically via insecure Internet of Things? In a follow-up to HP’s 2014 report on the Internet of (Insecure) Things we explore the security of popular off-the-shelf connected Home Security Systems and discuss various testing techniques we used in our study along with recommendations for manufacturers, developers and consumers.
  • You may not know much about it, but Hadoop is coming in a big way. The list of services you provide and support grows larger by the day and very soon Hadoop related technologies will likely play a critical role in many of those services. Much of the processing that happens in Hadoop is batch related but the built in tools for managing that batch is inferior and will cause delays when trying to deploy the related applications and services. Join us to learn:

    •What Hadoop is and what it is used for
    •The type of processing performed in Hadoop environments
    •How to deliver better Hadoop workload related services
  • Anyone involved in a QA project understands the competing pressures of delivering high quality applications and the business realities of schedule pressures, cost and resource constraints. This creates a balancing act and a set of decisions around project realities and business risk.

    Today’s test automation tools still have a lot of "manual” in the process, limiting just how much QA can be accomplished in a given release cycle. Scriptless testing changes this dynamic entirely by eliminating the manual steps of script creation and maintenance.

    Join us for an informative webinar where we’ll share how this new software is being used to expand test coverage and test your applications more quickly and efficiently. See how scriptless testing coupled with HP ALM can help you:
    Simplify testing and eliminate the need for special programming expertise
    Automate the test maintenance process and save between 50 and 80 percent of your time and costs
    Support virtually any application and technology, and jumpstart testing for your core business processes such as SAP, Oracle, Temenos, Guidewire and others
  • Anyone involved in a QA project understands the competing pressures of delivering high quality applications and the business realities of schedule pressures, cost and resource constraints. This creates a balancing act and a set of decisions around project realities and business risk.

    Today’s test automation tools still have a lot of "manual” in the process, limiting just how much QA can be accomplished in a given release cycle. Scriptless testing changes this dynamic entirely by eliminating the manual steps of script creation and maintenance.

    Join us for an informative webinar where we’ll share how this new software is being used to expand test coverage and test your applications more quickly and efficiently. See how scriptless testing coupled with HP ALM can help you:
    Simplify testing and eliminate the need for special programming expertise
    Automate the test maintenance process and save between 50 and 80 percent of your time and costs
    Support virtually any application and technology, and jumpstart testing for your core business processes such as SAP, Oracle, Temenos, Guidewire and others
  • Most IT providers have offers related to big data, cloud, mobility and security, and companies are looking at IT as the way to reduce costs and be competitive during an economic crisis. Investments in IT trends such as cloud computing and big data will rise thanks to a new player in the game: the business departments. This analyst briefing will show why companies are investing in IT, and what will change in 2015.

    Why you should attend:

    - Discover how many companies will adopt big data, cloud, mobility and security in 2015
    - Understand the current scenario of these trends in Latin America
    - Learn what will be different in 2015 regarding each trend
  • HP Propel on-premise was introduced in the summer of 2014, and since then, its set of features is growing at a brisk pace. Join us for this webinar and learn about our newest features from the HP Propel 1.1 release. We will discuss the new Jumpstart module which helps you extend the portal so that you can provide more services to your business users without increasing costs or resources. You will hear about our SDK (Software Development Kit) module for Service Exchange which enables you to modify the existing connectors or create brand new integration.

    This session will include live demos of:
    HP Propel portal and aggregated catalog, including the composite bundling from different catalogs
    Case exchange
  • Channel
  • Channel profile
  • Runtime Application Self-Protection Mar 19 2015 6:00 pm UTC 60 mins
    Greater than 80% of today’s breaches occur with application software, yet many companies continue to invest in ‘over the wire’ solutions that are not solving the problem. Runtime Application Self-Protection, or RASP, is an emerging market that promises to protect applications from the inside. Using the rich context of the application’s logic and associated core libraries, RASP identifies attacks in ‘real-time’ and stops them. Implementation is quick and requires no changes to your application’s code. Join us to learn more about what RASP can do for you.

    Learn:
    •Why context from inside the application matters
    •How easy it can be to use native capabilities of Java and .NET to protect your applications
    •Use cases to get you started.

    Help lead your enterprise to a stronger, more effective security program.
  • Who’s watching your home? Internet of Things Security Study Recorded: Mar 4 2015 43 mins
    We all want our families and homes to be safe with the convenience of remote monitoring, but do these smart home security devices really make our families safer or put them at more risk by inviting easier access to our homes electronically via insecure Internet of Things? In a follow-up to HP’s 2014 report on the Internet of (Insecure) Things we explore the security of popular off-the-shelf connected Home Security Systems and discuss various testing techniques we used in our study along with recommendations for manufacturers, developers and consumers.
  • Outthinking the Bad Guys Recorded: Feb 6 2015 22 mins
    Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
  • Dynamically Controllable Dynamic Scanning Recorded: Jan 28 2015 41 mins
    Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required in running the tools and interpreting the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end.
    Security teams also wrestle with demand for dynamic scanning. Demand is not always consistent but hardware is expensive to purchase and maintain only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity.
    In this talk we will explain how the new WebInspect API, introduced in the 10.20 release and expanded in the recent 10.30 release, can help security teams integrate dynamic scanning with WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company’s Software Security Assurance program.


    Jonathan Griggs – WebInspect Product Manager
    Brandon Spruth – Security Solutions Architect, HP Fortify
    Brooks Garrett – Manager Operations and Architecture, Fortify on Demand
    Jeremy Brooks – Senior Engineer, WebInspect Engineering
  • Adapting Software Security Assurance for Cloud and Mobile Recorded: Nov 18 2014 49 mins
    Many organizations have been building client-server and web applications for some time, and quite a few have reached a good level of maturity in regards to building security into their SDLC. Yet that traditional model of securing applications can’t fully address the security challenges presented by mobile and cloud infrastructures and the applications built around them. The business benefits of ubiquitous and quick data access (that come with mobile and cloud) are obvious, but the security issues are very real.

    Join this discussion to find out how internal development and security groups can update their software security assurance processes so that they are embracing AND securing mobile and cloud solutions.
  • Measuring and Maturing an AppSec program Recorded: Nov 6 2014 44 mins
    Software Security Assurance (SSA) programs take many forms across various industries. What remains constant across all programs and industries is the challenge of choosing appropriate measurements. We often ask: “Is this the right metric?” “Am I collecting enough data?” “What should be reported to my managers and senior executives?” In this webinar we help you answer those questions, and we also show you how the right metrics mature your SSA program and keep it focused on business priorities.
  • Taking an AppSec Program from 0 to 60 in 30 days Recorded: Oct 16 2014 39 mins
    Whether a mandate to secure all web and mobile apps comes from a newly enlightened CIO or in response to a major security breach, beginning even a small application security program can be a daunting task. How will you know how many digital assets you have, let alone their risk profile?
    In this webinar we will explore how, using a cloud solution like Fortify on Demand, even the largest organizations can begin to scan apps immediately and rapidly scale an application security program. Identify and risk rank assets, fix critical vulnerabilities, and put in place a process to secure all new and existing applications - without hiring a separate security team.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: APJ Recorded: Oct 10 2014 56 mins
    Explore cyber crime in Asia Pacific and Japan

    The cost of cyber crime is on the rise in the APJ region, according to the 2014 Cost of Cyber Crime study from the Ponemon Institute. Among 30 companies surveyed in Australia, the reported per-company cost for Internet-driven crime was $4 million, up 8.4% from 2013. In Japan, the per-company average hit $6.9 million in the study, up 5.7% from 2013.

    On the more optimistic side, companies in the region are achieving notable ROI for their investments in cyber security solutions. The average ROI for seven security technologies was 16% in Australia and 17% in Japan. For a close-up view of these and other findings from the institute’s research in Australia and Japan, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our APJ Security webinar.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: Americas Recorded: Oct 9 2014 60 mins
    Explore cyber crime in the Americas

    In the 2014 Cost of Cyber Crime study, U.S. companies reported an average of $12.7 million in losses to cyber crime. That was the highest national average in the study by the Ponemon Institute. Among the 59 U.S. companies in the survey, the average cost of cyber crime climbed by more than 9% over the course of the year.

    Among other findings, the study noted that the most costly cyber crimes are those caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cyber crime costs. For a fuller look at these and other findings from the institute’s study of U.S. companies, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our AMS Security webinar
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: EMEA Recorded: Oct 8 2014 59 mins
    Explore cyber crime in Europe

    For its 2014 Cost of Cyber Crime study, the Ponemon Institute expanded its focus in Europe to encompass the Russian Federation, as well as France, Germany, and the United Kingdom. Collectively, the institute surveyed 137 companies in Europe in a study that found broad differences in the reported costs of cyber crime across the region. The per-company average ranged from $3.3 million in the Russian Federation to $8.1 million in Germany.

    The study results indicate that over the course of the year, cyber crime rose 20.5% in France, 17.4% in the U.K., and 7.2% in Germany. For a closer look at these and other findings from the institute’ European research, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our EMEA Security webinar.
  • The Internet of (Insecure) Things Recorded: Aug 14 2014 20 mins
    The Internet of Things (IoT) is a hot topic these days. Smart devices, systems, and services that “talk” to other devices via the internet means we can all be a lot more productive, but also opens us up to added security risk. Gartner says there will be 26 billion of these interconnected devices installed by 2020.

    Until now there had been very little research done on the security of available devices and technologies, HP Fortify Security Research team decided to take this on. This is an overview of their findings.
  • HP Cyber Risk Report Recorded: Jul 23 2014 4 mins
    In application vulnerability testing performed by HP, 52 percent of total vulnerabilities found are on the client side, and 48 percent are on the server. That is one of the real-world statistics uncovered by the HP 2013 Cyber Risk Report and summarized in this informative four-minute video.

    The Cyber Risk Report video presents the data you need to separate the hype from the real threats and better plan how to spend your security dollars. View it to learn the most common kinds of attacks and to hear the one lesson learned from the in-depth study of the 2013 attack that took down South Korean Banks.
  • Static Application Security Testing Demystified Recorded: Jun 23 2014 41 mins
    Static analysis vs. Binary analysis, binary vs. bytecode, debug vs. obfuscation… Confused about Static Application Security Testing? In this webinar, David Harper, Fortify on Demand Practice Principal will explain all these terms, dispel some of the rumors and clear up any confusion. Afterwards, you will be able to authoritatively select the best approach for your Static Application Security Testing needs that will address your requirements for both comprehensive vulnerability detection and actionable remediation advice.
  • Do You Trust Your Mobile Apps? Recorded: Jun 17 2014 45 mins
    While users are more mobile than ever, that flexibility has also come with increased risk. As business managers push for more mobile apps, faster development, newer features and broader distribution of these apps, the businesses’ risk exposure grows exponentially. Organizations are at risk of exposing their corporate data, losing brand equity, and ultimately suffering financial loss through breaches of their mobile applications. IT must ensure these apps are secure, even if they are developed by a third party, so understanding the mobile vulnerability landscape is critical and its tough to keep this expertise in-house.

    HP Security Research leveraged HP Fortify on Demand (FoD) Mobile to scan more than 2,000 mobile applications from more than 600 companies, revealing alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
  • Closing the Book on Heartbleed - and Avoiding Future Sad Stories Recorded: May 14 2014 61 mins
    The Heartbleed vulnerability in OpenSSL forced millions of users to changed passwords and enterprises to rapidly patch thousands of servers.Because of all the publicity there continues to be a lot of CXO-level awareness around cyber security and now is the perfect time to recommend strategies for avoiding or mitigating the next Heartbleed - and there *will* be a next one. There were many lessons learned during Heartbleed than can be used to bolster your plans and your presentations to management to gain funding.
    In this SANS Special webcast, John Pescatore, SANS Director of Emerging Security Trends will present an overview on the details around Heartbleed and an update on the current status, risks and industry efforts around software security. He will then moderate a panel of vendor experts in a discussion around lessons learned from dealing with Heartbleed and best practices for mitigating or shielding the risks due to vulnerabilities in open source and other third party software. Panelists will include Joanna Burkey, TippingPoint DVLabs Manager, and Joe Sechman, Manager, Software Security Research for HP.
  • Software Security Assurance-Developing an Effective Application Security Program Recorded: Apr 25 2014 41 mins
    Do you trust your software?
    Software security has never been more important to the success of your business. Using the BSIMM framework, this session covers best practices for application development; why you should put people and process before technology, how to pitch the value of coding standards to CIOs and developers, and how to build security into the software development life cycle as opposed to the all-too-often-seen reactive, bolt-on approach.
  • Introducing a New Level of on Demand Application Security Recorded: Mar 27 2014 58 mins
    According to Gartner, by 2015, ninety-nine percent of mission -critical applications in Global 2000 companies will contain open source. The ease of using open source components speeds development and creates competitive advantage but can introduce security risk into your organization. Do you know what open source components are used in your application landscape?

    Sonatype and HP Fortify are the first to deliver a new level of application security that includes static and dynamic testing coupled with open source component analysis. Join this session to learn how your organization can use Fortify on Demand to gain complete visibility into what components you are using and if there are known vulnerabilities or license obligation that bring risk to your organization and your customers.
  • The Application Blind-spot Recorded: Feb 18 2014 28 mins
    In many organizations, Security Operation Center teams have little to no visibility into application security events. This is a significant challenge because security teams can’t protect the organization If they can't identify threats. With the evolution of threats targeting applications as the weakest link in the security ecosystem, security teams need help closing the security gap that results from improper user access as well as an improper usage of applications. For many organizations it takes up to 270 days to recognize that they have been breached and it’s often a 3rd party such as customer that highlights the issue. Can your organization wait for a breach to happen to react? Attend this webcast to hear from HP security experts, as they articulate specific use case examples.
  • The 6 Deadly Mistakes of Mobile Application Development Recorded: Dec 13 2013 39 mins
    Everyone's heading to mobile and attackers are following. To stay ahead of the curve you need to think like the enemy. In this talk Fortify on Demand Principal Security Architect, Daniel Miessler, talks about what makes mobile security different, the OWASP (mobile) top ten and deadly mistakes NOT to make during mobile app development.
  • HP Fortify Secure Agile SDLC Recorded: Nov 22 2013 28 mins
    As the number of web application intrusions rise, the need for application software developers to identify and remediate vulnerabilities is more apparent than ever. This webinar will cover tools, education, and techniques that help security teams partner with development to maintain a secure application posture without slowing the pace of development or hindering the rapid delivery of business value in an agile development framework.
Proactively Securing Software for the Enterprise.
Listen to experts from HP, partners and customers discuss pressuring issues across application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Introducing a New Level of on Demand Application Security
  • Live at: Mar 27 2014 5:00 pm
  • Presented by: Ryan Berg, Chief Security Officer, Sonatype and Ryan English, Director of Fortify on Demand & Mobile Security Services
  • From:
Your email has been sent.
or close
You must be logged in to email this