20080403 hans wallentin.ppt

© 2006 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice

Hasses hörna...

Hans Wallentin

HP Software

Agenda

•What’s new in Quality Management?−Quality Center

−Performance Center

−Application Security Center

•The BTO Symphony

2 Confidential & Proprietary

3 April 8, 2023

HP Software BTO centers

Business outcomes

APPLICATIONSSTRATEGY

Project & Portfolio

Management Center

CIO office

CTO office

SOACenter

SAP, Oracle, SOA, J2EE, .NET

QualityCenter

PerformanceCenter

Application Security Center

Quality management

OPERATIONSBusiness service

managementIT service

management

Business Availability

Center

Operations Center

Network Managemen

t Center

Service Managemen

t Center

Identity Center

Client Automation

Center

Data Center Automation

Center

Business service

automation

Universal CMDB

Operations OrchestrationQualityCenter

PerformanceCenter



BTO Applications Roadmaps

APPLICATIONS

SAP, Oracle, SOA, J2EE, .Net

QualityCenter

PerformanceCenter


Quality Management

5

HP Quality Center

Foundation

Shared data repository

Central administration

Workflows Open APIs

TestDirector for Quality Center

Dashboard

HP Quality Center

Center Management

Core modules Add-on modules

Functional TestingQuickTest

ProfessionalWinRunnerService Test

SOA Testing

QAInspect

Security Testing

Release Mgmt.

Requirement Mgmt.

Risk-basedTest

Mgmt.

Defect Mgmt.

BusinessProcessTesting

ServiceTest

Mgmt.

QA LabMgmt.

SAP ChangeImpact Testing

HP Restricted & Subject to Change without NoticeJanuary 2008

Quality Center News• TestDirector version 9.2

−Released Q3 2007

• QTP version 9.5−Released Q1 2008

• AJAX – Web Extensibility, Firefox 3, Oracle Apps 12i, etc.

• Process Guidance, Maintenance Mode, Checkpoint

• BPT 4 SAP

• WinRunner EOS


77

Process Guidance• Adding best practices to

QTP

• QuickTest will be shipped

with several built-in

processes.

• Keyword driven testing

• Business process

testing

• QTP helps you define and

propagate your company

processes to your

colleagues and partners

• Easily create your own

process

• How to create your own

process guidance

HP and Partner Internal Use

88

Maintenance Run Mode


99

Checkpoint Management

• Checkpoint and Output objects are now stored in

and managed through the Object Repository

• Shared Checkpoint and Output using Shared Object

Repository


1010

All-in-one QuickTest Installation

• All QuickTest Add-ins come together with QTP on a single

DVD

• Improved silent

installation

• Pure MSI installation for

easy distributed

deployment


BPT 4 SAP - Objectives

Create a solution that will allow the business analyst (a non-technical user) to:

11 April 8, 2023

Quickly and efficiently create a suite of tests that run against the SAP

environment

Use these tests to validate SAP customizations

Update the relevant tests when necessary in a simple and efficient way

Components for the Flow are automatically created, with the appropriate parameters

and default values

Components for the Flow are automatically created, with the appropriate parameters

and default values

WinRunner EOS• End-of-support for HP WinRunner - all

versions, all editions on February 15, 2008. • Customers who are paying full support for

their WinRunner licenses will be entitled to an equivalent Functional Test license at the end of the renewal period for their WinRunner license.

• Full support will be available until August 1, 2009. Limited support will be available from August 1, 2009 to January 1, 2011


18

HP Performance Center

Foundation

User/privilege management

Infrastructure management Central repository Global access and

collaboration

Dashboard

HP Performance Center

Center Management

Demand Project Resource

Diagnostics

J2EE .NET SOA SAP Oracle

LoadRunner/Performance Center

VuGen Controller Load Generator Analysis Monitors


Performance Center News• Performance Center / LoadRunner 9.1

−Web 2.0 enhancements• Flex support

• Ajax frameworks

−Protocol SDK recording

−Click’n Script protocol support


For HP and Partner Internal Use. May not be shared externally.

Visual Script Creation Environment

•The Click & Script technology family:

• Web C&S• PeopleSoft C&S• AJAX C&S• SAP C&S • Oracle C&S

Faster Learning

CurveShorter

Development Time

More Users Enabled

21

HP Application Security Center

Foundation

Dashboard

HP Application Security Center

Assessment Management Platform

Policy and compliance

Centralized administratio

n

Vulnerability and risk

management

Alerts and reporting

Distributed scanning

DevInspect

Microsoft Visual Studio

Eclipse

IBM RAD

QAInspect

HP Quality Center

HP Functional

Testing

Intelligent engines

SecureBase

Security toolkit

Open APIsSmartUpdateReportingHybrid

analysis

WebInspect


22 April 8, 2023

HP + SPI Dynamics

• SPI Dynamics had been a long-time partner of HP (Mercury)

• Extends our application portfolio and quality management solutions with new control

• Addresses the growing demand for increased application security

• Delivers an integrated market-leading solution that targets security, development, QA and operations teams

A leader in web application security lifecycle solutions

Source: Published analyst rankings; HP estimates

23 April 8, 2023

Application security is weakness in security

Security is many things to many people

• Network layer• ID theft• Physical• Administrative• Patches• Infrastructure• Denial-of-service attacks• Hacks• Worms and viruses• Terrorism (cyber or physical

Figure 1. Security 101

Network

Application

Database server

Web server

Application server

Operating system

75 percent of hacks occur at

the application

level

Source: Gartner (November 2005)

24 April 8, 2023

Enterprise application security assurance

24

Assessment Management Platform

Source code validation

Source code validation

QA, integration

testing

QA, integration

testing

Production assessmentProduction assessment

DevInspect QAInspect WebInspect

PlanPlan Requirements Requirements DesignDesign BuildBuild ProductionProductionTestTest

Enterprise security assurance and reporting

Application Security Center lifecycle coverage

25 April 8, 2023

HP DevInspect

• Find security defects in development−Source code analysis + black box testing = Hybrid Analysis

• Fix using HP SecureObjects code library• Integrations available for leading IDEs

−Microsoft Visual Studio, OBM Rational Application Developer, Eclipse, C#, Visual Basic, .NET, Java

• Integrates with HP Application Management Platform for management and reporting

Find, fix and protect: Accelerate more secure application development


26 April 8, 2023

HP DevInspect: Hybrid Analysis

In this example, source code analysis identifies input that black box testing determines is vulnerable to SQL injection.

27 April 8, 2023

HP QAInspect

• Automatic security defect detection: Find and prioritize security defects

• Built-in security expertise: Combine daily updates for vulnerability checks with Intelligent Engines

• Comprehensive defect reporting: Get detailed information and remediation advice for each vulnerability

• Regulatory compliance support: Use reports for more than 20 laws, regulations and best practices, including Sarbanes-Oxley Act (SOX), HIPAA and Payment Card Industry (PCI) Data Security Standard (DSS)

• Integrates with HP Quality Center, HP TestDirector for Quality Center, HP QuickTest Professional, HP WinRunner and HP Business Process Testing

• Integrates with HP Application Management Platform for management and reporting

Find security defects during QA testing


28 April 8, 2023

HP Quality Center: integrated testing• Easily add

security tests to your existing testing plans

• Run all QA tests from HP TestDirector or HP Quality Center

29 April 8, 2023

HP Quality Center: embedded configuration• Use an

embedded configuration user interface

• Dynamically pull details from HP TestDirector and HP Quality Center customizations

30 April 8, 2023

HP Quality Center: built-in security expertise• Detailed descriptions of security defects • Vulnerability summary, fix details, severity and others

31 April 8, 2023

HP WebInspect

• Find security defects during production• Detailed reporting and compliance

−More than 20 major regulations, including Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley Act (SOX) and HIPAA

• Extensible, custom check wizard• Advanced penetration tester toolkit• Integrates with HP Application Management

Platform for management and reporting

For security professionals and advanced security testers


32 April 8, 2023

HP WebInspect 7.5 overview

33 April 8, 2023

HP Assessment Management Platform

• Manage the assessment process• Plan and mitigate risk• Enable virtual, global teams across the lifecycle• Centralize scanning administration• Scale the assessment process• Track and manage using sophisticated reports

Assess and manage application security risk across the enterprise


34 April 8, 2023

HP Assessment Management Platform

• Configurable dashboard−Users can get

the snapshot view they need to make decisions

−Users can add or remove parts, reorganize information and create their own graphs

Manage global, virtual security teams with a web user interface


BTOSymphony

36 January 200836

HP Software BTO system

Business outcomes


Project & Portfolio

Management Center

CIO Office

CTO Office

SOACenter

SAP, Oracle, SOA, J2EE, .Net

QualityCenter

PerformanceCenter


Quality Management

OPERATIONSBusiness Service

ManagementIT Service

Management


Center

Operations

Center

Network Management

Center

Service Management

Center

Identity Center

Client Automation Center

Data Center

Automation Center

Business Service

Automation

Universal CMDB

Operations Orchestration

The industry’s most comprehensive IT management portfolio

37 January 200837


SOACenter

QualityCenter

PerformanceCenter


OPERATIONS


Center

Operations

Center

Network Managemen

t Center

Project & Portfolio

Management Center

Service Managemen

t Center

Identity Center

Client Automation Center

Data Center

Automation Center

1. Common orchestration system

2. Common virtual data model

3. Common extensibility interfaces (SOA/Web Services APIs)

End-to-end automation to maximize IT efficiency and business value

The BTO approach to integration

38 January 2008

BTO Configuratio

n Management

BTO Data

Warehouse

SOA architecture implementation with shared

architectural services

SOA reference architecture and shared architectural services

Cross-portfolio reporting and

analytics

Integration strategy focus

Orchestrations & composition of solutions

BTO Center A

Single common

data model

Standard ETL

technology

Embedded reporting and operational data

store

BTO Center B

BTO Center A

Standard reporting

and analytics

technology

Common service

definitions

BTO Center B

3rd Party product

3rd Party product

Integration Blueprints

published & governed

Management capabilities

as Web services

Reference architecture

& deployments descriptors

E.g. Registry, Security,

Transformation…

Reference implementat

ion

E.g. Registry, Security,

Transformation…

Integration methodology, catalogue and governance for product releases in support

of integrated solutions

Cross-portfolio reports, custom

reports & analytics

Analytic Packs

DATA INTEGRATION PROCESS INTEGRATION

3rd Party data

stores

HP Restricted & Subject to Change without Notice


Questions?


Thank You

20080403 hans wallentin.ppt

Documents

packard development company

data security standard

hp quality center

hp winrunner

partner internal

oxley act

information contained

support