Magic Numbers - Guide to the 5 Key Metrics for Security

Rafal Los
Magic Numbers - An In-Depth Guide to the 5 Key Metrics for Web Application Security
Oct 5 2010
53 mins
Magic Numbers - Guide to the 5 Key Metrics for Security
HP Security
More from this community:

Application Development

  • Live and recorded (1476)
  • Upcoming (25)
  • Date
  • Rating
  • Views
  • HP Propel on-premise was introduced in the summer of 2014, and since then, its set of features is growing at a brisk pace. Join us for this webinar and learn about our newest features from the HP Propel 1.1 release. We will discuss the new Jumpstart module which helps you extend the portal so that you can provide more services to your business users without increasing costs or resources. You will hear about our SDK (Software Development Kit) module for Service Exchange which enables you to modify the existing connectors or create brand new integration.

    This session will include live demos of:
    HP Propel portal and aggregated catalog, including the composite bundling from different catalogs
    Case exchange
  • Mobile is no longer a supplementary channel for the enterprise; It is quickly becoming the primary channel to deliver business critical information and experiences to partners, customers and employees. Join Sarvesh Jagannivas, VP of Product Marketing at MuleSoft, and Uri Sarid, CTO at MuleSoft, as they discuss the mobile enterprise opportunity, and the biggest challenges preventing successful mobile delivery.

    Join this webinar to learn:
    - Why mobile applications are the new imperative for the enterprise
    - The top challenges preventing rapid, scalable and secure mobile application development
    - Three case studies of industry leaders who are building mobile enterprises
  • SaaS-based applications like Salesforce.com are increasingly relevant to companies to compete and grow their business. However, the opportunity of faster time to value and availability offered by Cloud and SaaS comes with an urgent need to automate the application development and release processes. Learn how CA’s internal IT team used CA Release Automation to reduce software release times by simplifying and standardizing the release process and minimizing errors.
    oAn 80% reduction in release errors during deployment
    oSoftware release times reduced by 4-5x times
  • Building your own connector may be a good option to explore whether you need a connector with a specific functionality or want to connect to a system without a pre-built connector. While getting started can seem daunting at first, the challenge often becomes much more manageable when you understand the tools and resources that are available.

    Join this webinar to:
    - Get an introduction to MuleSoft’s SDK, DevKit
    - Watch a demo on how to build a reusable connector in 15 minutes
    - Get tips and advice from experts who’ve successfully built connectors using DevKit
    - Learn what’s coming in the roadmap
  • The ROI numbers don’t lie. Service virtualization technology is critical to the success of a vibrant application economy. That’s the conclusion from voke, Inc. on their research of 500 companies across the globe. Organizations using service virtualization experience reduced defects and software lifecycles, and increased customer satisfaction.

    Specific ROI data from companies surveyed include:
    •46% reported a 41% or greater reduction in TOTAL defects
    •More than one-third reduced test cycle times by 50% or more
    •36% reported a 41% or greater reduction in production defects
    •More than 25% at least doubled test execution rates

    Hear service virtualization should be a cornerstone of testing automation to remove the barrier to releasing software faster and with greater quality.

    voke, Inc., will review the research showing how service virtualization is an essential technology with a strong and proven ROI used to deliver software that drives optimal business outcomes and removes constraints throughout the software delivery lifecycle.
  • The answer is YES! The ‘I’ in team doesn’t represent one single person in the apps development plan, rather it highlights the transformation of the once silo’d teams who support specific functions within the app lifecycle. The straight line of the ‘I’ symbolizes the one team approach that is making DevOps successful. Operations people are showing up in the testing phase of the application and the apps people are doing some measures and monitoring in operations. Recently, TechTarget named DevOps as one of six major data center trends for 2015. DevOps is no longer a new way to think about transformation; it is the ONLY way to bring together the silos that weigh down your business’ bottom line.

    Join our lively panel discussion with DevOps industry experts Paul Muller and Damon Edwards as they discuss:

    Common problems in traditional DevOps teams
    How these teams have changed to truly transform and become innovators
    How you can apply these ideas to your business to boost your bottom line
  • Many organizations have not been able to demonstrate that they have effective compliance management. In this session Stu Henderson describes failed attempts at compliance management, the factors causing the failures, and what you can do to develop effective compliance management. Recommendations will address relevant changes in technology, regulation, and tools, as well as organizational and procedural issues. Stu's practical recommendations are based on over a decade of observing real-life mainframe security practices, and the factors blocking their effectiveness. If you are a CISO, mainframe auditor, or the person responsible for regulatory compliance, you will learn useful steps you can take to improve the quality of your compliance and your ability to demonstrate it!
  • What’s new in ALM and Quality Center 12.2—Enhancing your teams efforts to delivering amazing Apps with confidence

    In March of 2014, HP Software released Apps 12, bringing a new standard of efficiency, ease of use and insight for application teams working to deliver high quality applications fast with confidence. Now, we are doubling-down on this experience and launching HP ALM and HP Quality Center 12.2, continuing to break new ground in ease of use, expanding the web client experience and driving simplified reporting and business rules support to meet your unique organizational needs.

    Join the HP ALM team as we walk through the key newly released capabilities of ALM and Quality Center 12.2 and visually demonstrate the enhanced user experience and web feature set.
  • Virtualization has come a long way since just being able to offer more efficient resources and improved HA. You’ve already invested heavily in VMware technology, but are you really getting the most from what they have to offer? Naturally you can’t be experts in everything, so join this session with Rackspace, the VMware specialists, as Lindsay shows you how to fully benefit from the latest developments and enable you to offer IT as a more cloud-like experience, without having to re-write any of your applications.

    o Understand the benefits of an Outsource model v’s On-Premise

    o Critical Success Factors to consider when outsourcing IT to managed hosting or the cloud

    o How to start your journey to the Managed Infrastructure Services

    o DR-to the-Cloud: Best Practices

    o VMware Dedicated vCenter, Server Virtualization and Dedicated VMware vCloud offerings
  • Channel
  • Channel profile
  • Runtime Application Self-Protection Mar 19 2015 6:00 pm UTC 60 mins
    Greater than 80% of today’s breaches occur with application software, yet many companies continue to invest in ‘over the wire’ solutions that are not solving the problem. Runtime Application Self-Protection, or RASP, is an emerging market that promises to protect applications from the inside. Using the rich context of the application’s logic and associated core libraries, RASP identifies attacks in ‘real-time’ and stops them. Implementation is quick and requires no changes to your application’s code. Join us to learn more about what RASP can do for you.

    Learn:
    •Why context from inside the application matters
    •How easy it can be to use native capabilities of Java and .NET to protect your applications
    •Use cases to get you started.

    Help lead your enterprise to a stronger, more effective security program.
  • Outthinking the Bad Guys Recorded: Feb 6 2015 22 mins
    Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
  • Dynamically Controllable Dynamic Scanning Recorded: Jan 28 2015 41 mins
    Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required in running the tools and interpreting the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end.
    Security teams also wrestle with demand for dynamic scanning. Demand is not always consistent but hardware is expensive to purchase and maintain only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity.
    In this talk we will explain how the new WebInspect API, introduced in the 10.20 release and expanded in the recent 10.30 release, can help security teams integrate dynamic scanning with WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company’s Software Security Assurance program.


    Jonathan Griggs – WebInspect Product Manager
    Brandon Spruth – Security Solutions Architect, HP Fortify
    Brooks Garrett – Manager Operations and Architecture, Fortify on Demand
    Jeremy Brooks – Senior Engineer, WebInspect Engineering
  • Adapting Software Security Assurance for Cloud and Mobile Recorded: Nov 18 2014 49 mins
    Many organizations have been building client-server and web applications for some time, and quite a few have reached a good level of maturity in regards to building security into their SDLC. Yet that traditional model of securing applications can’t fully address the security challenges presented by mobile and cloud infrastructures and the applications built around them. The business benefits of ubiquitous and quick data access (that come with mobile and cloud) are obvious, but the security issues are very real.

    Join this discussion to find out how internal development and security groups can update their software security assurance processes so that they are embracing AND securing mobile and cloud solutions.
  • Measuring and Maturing an AppSec program Recorded: Nov 6 2014 44 mins
    Software Security Assurance (SSA) programs take many forms across various industries. What remains constant across all programs and industries is the challenge of choosing appropriate measurements. We often ask: “Is this the right metric?” “Am I collecting enough data?” “What should be reported to my managers and senior executives?” In this webinar we help you answer those questions, and we also show you how the right metrics mature your SSA program and keep it focused on business priorities.
  • Taking an AppSec Program from 0 to 60 in 30 days Recorded: Oct 16 2014 39 mins
    Whether a mandate to secure all web and mobile apps comes from a newly enlightened CIO or in response to a major security breach, beginning even a small application security program can be a daunting task. How will you know how many digital assets you have, let alone their risk profile?
    In this webinar we will explore how, using a cloud solution like Fortify on Demand, even the largest organizations can begin to scan apps immediately and rapidly scale an application security program. Identify and risk rank assets, fix critical vulnerabilities, and put in place a process to secure all new and existing applications - without hiring a separate security team.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: APJ Recorded: Oct 10 2014 56 mins
    Explore cyber crime in Asia Pacific and Japan

    The cost of cyber crime is on the rise in the APJ region, according to the 2014 Cost of Cyber Crime study from the Ponemon Institute. Among 30 companies surveyed in Australia, the reported per-company cost for Internet-driven crime was $4 million, up 8.4% from 2013. In Japan, the per-company average hit $6.9 million in the study, up 5.7% from 2013.

    On the more optimistic side, companies in the region are achieving notable ROI for their investments in cyber security solutions. The average ROI for seven security technologies was 16% in Australia and 17% in Japan. For a close-up view of these and other findings from the institute’s research in Australia and Japan, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our APJ Security webinar.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: Americas Recorded: Oct 9 2014 60 mins
    Explore cyber crime in the Americas

    In the 2014 Cost of Cyber Crime study, U.S. companies reported an average of $12.7 million in losses to cyber crime. That was the highest national average in the study by the Ponemon Institute. Among the 59 U.S. companies in the survey, the average cost of cyber crime climbed by more than 9% over the course of the year.

    Among other findings, the study noted that the most costly cyber crimes are those caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cyber crime costs. For a fuller look at these and other findings from the institute’s study of U.S. companies, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our AMS Security webinar
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: EMEA Recorded: Oct 8 2014 59 mins
    Explore cyber crime in Europe

    For its 2014 Cost of Cyber Crime study, the Ponemon Institute expanded its focus in Europe to encompass the Russian Federation, as well as France, Germany, and the United Kingdom. Collectively, the institute surveyed 137 companies in Europe in a study that found broad differences in the reported costs of cyber crime across the region. The per-company average ranged from $3.3 million in the Russian Federation to $8.1 million in Germany.

    The study results indicate that over the course of the year, cyber crime rose 20.5% in France, 17.4% in the U.K., and 7.2% in Germany. For a closer look at these and other findings from the institute’ European research, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our EMEA Security webinar.
  • The Internet of (Insecure) Things Recorded: Aug 14 2014 20 mins
    The Internet of Things (IoT) is a hot topic these days. Smart devices, systems, and services that “talk” to other devices via the internet means we can all be a lot more productive, but also opens us up to added security risk. Gartner says there will be 26 billion of these interconnected devices installed by 2020.

    Until now there had been very little research done on the security of available devices and technologies, HP Fortify Security Research team decided to take this on. This is an overview of their findings.
  • HP Cyber Risk Report Recorded: Jul 23 2014 4 mins
    In application vulnerability testing performed by HP, 52 percent of total vulnerabilities found are on the client side, and 48 percent are on the server. That is one of the real-world statistics uncovered by the HP 2013 Cyber Risk Report and summarized in this informative four-minute video.

    The Cyber Risk Report video presents the data you need to separate the hype from the real threats and better plan how to spend your security dollars. View it to learn the most common kinds of attacks and to hear the one lesson learned from the in-depth study of the 2013 attack that took down South Korean Banks.
  • Static Application Security Testing Demystified Recorded: Jun 23 2014 41 mins
    Static analysis vs. Binary analysis, binary vs. bytecode, debug vs. obfuscation… Confused about Static Application Security Testing? In this webinar, David Harper, Fortify on Demand Practice Principal will explain all these terms, dispel some of the rumors and clear up any confusion. Afterwards, you will be able to authoritatively select the best approach for your Static Application Security Testing needs that will address your requirements for both comprehensive vulnerability detection and actionable remediation advice.
  • Do You Trust Your Mobile Apps? Recorded: Jun 17 2014 45 mins
    While users are more mobile than ever, that flexibility has also come with increased risk. As business managers push for more mobile apps, faster development, newer features and broader distribution of these apps, the businesses’ risk exposure grows exponentially. Organizations are at risk of exposing their corporate data, losing brand equity, and ultimately suffering financial loss through breaches of their mobile applications. IT must ensure these apps are secure, even if they are developed by a third party, so understanding the mobile vulnerability landscape is critical and its tough to keep this expertise in-house.

    HP Security Research leveraged HP Fortify on Demand (FoD) Mobile to scan more than 2,000 mobile applications from more than 600 companies, revealing alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
  • Closing the Book on Heartbleed - and Avoiding Future Sad Stories Recorded: May 14 2014 61 mins
    The Heartbleed vulnerability in OpenSSL forced millions of users to changed passwords and enterprises to rapidly patch thousands of servers.Because of all the publicity there continues to be a lot of CXO-level awareness around cyber security and now is the perfect time to recommend strategies for avoiding or mitigating the next Heartbleed - and there *will* be a next one. There were many lessons learned during Heartbleed than can be used to bolster your plans and your presentations to management to gain funding.
    In this SANS Special webcast, John Pescatore, SANS Director of Emerging Security Trends will present an overview on the details around Heartbleed and an update on the current status, risks and industry efforts around software security. He will then moderate a panel of vendor experts in a discussion around lessons learned from dealing with Heartbleed and best practices for mitigating or shielding the risks due to vulnerabilities in open source and other third party software. Panelists will include Joanna Burkey, TippingPoint DVLabs Manager, and Joe Sechman, Manager, Software Security Research for HP.
  • Software Security Assurance-Developing an Effective Application Security Program Recorded: Apr 25 2014 41 mins
    Do you trust your software?
    Software security has never been more important to the success of your business. Using the BSIMM framework, this session covers best practices for application development; why you should put people and process before technology, how to pitch the value of coding standards to CIOs and developers, and how to build security into the software development life cycle as opposed to the all-too-often-seen reactive, bolt-on approach.
  • Introducing a New Level of on Demand Application Security Recorded: Mar 27 2014 58 mins
    According to Gartner, by 2015, ninety-nine percent of mission -critical applications in Global 2000 companies will contain open source. The ease of using open source components speeds development and creates competitive advantage but can introduce security risk into your organization. Do you know what open source components are used in your application landscape?

    Sonatype and HP Fortify are the first to deliver a new level of application security that includes static and dynamic testing coupled with open source component analysis. Join this session to learn how your organization can use Fortify on Demand to gain complete visibility into what components you are using and if there are known vulnerabilities or license obligation that bring risk to your organization and your customers.
  • The Application Blind-spot Recorded: Feb 18 2014 28 mins
    In many organizations, Security Operation Center teams have little to no visibility into application security events. This is a significant challenge because security teams can’t protect the organization If they can't identify threats. With the evolution of threats targeting applications as the weakest link in the security ecosystem, security teams need help closing the security gap that results from improper user access as well as an improper usage of applications. For many organizations it takes up to 270 days to recognize that they have been breached and it’s often a 3rd party such as customer that highlights the issue. Can your organization wait for a breach to happen to react? Attend this webcast to hear from HP security experts, as they articulate specific use case examples.
  • The 6 Deadly Mistakes of Mobile Application Development Recorded: Dec 13 2013 39 mins
    Everyone's heading to mobile and attackers are following. To stay ahead of the curve you need to think like the enemy. In this talk Fortify on Demand Principal Security Architect, Daniel Miessler, talks about what makes mobile security different, the OWASP (mobile) top ten and deadly mistakes NOT to make during mobile app development.
  • HP Fortify Secure Agile SDLC Recorded: Nov 22 2013 28 mins
    As the number of web application intrusions rise, the need for application software developers to identify and remediate vulnerabilities is more apparent than ever. This webinar will cover tools, education, and techniques that help security teams partner with development to maintain a secure application posture without slowing the pace of development or hindering the rapid delivery of business value in an agile development framework.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Asia Recorded: Oct 31 2013 60 mins
    2013 Cost of Cyber Crime Study: Australia & Japan

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for Australia and Japan. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 64 Australian and Japanese organizations participated. According to the findings, cyber attacks increased 12 percent in Australia and 32 percent in Japan. The costs associated with this increase in Australia were $772,903 and ¥265 million in Japan. “Findings from the report also show that each week Australian and Japanese organizations experienced on average 1.4 successful attacks per company”
Proactively Securing Software for the Enterprise.
Listen to experts from HP, partners and customers discuss pressuring issues across application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Magic Numbers - Guide to the 5 Key Metrics for Security
  • Live at: Oct 5 2010 4:00 pm
  • Presented by: Rafal Los
  • From:
Your email has been sent.
or close
You must be logged in to email this