appsec at high speed and scale - micro focus€¦ · appsec at high speed and scale scott johnson,...
TRANSCRIPT
![Page 1: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/1.jpg)
#MicroFocusCyberSummit
AppSec at High Speed and Scale
Scott Johnson, Fortify GM
Agility, Integration & Automation
![Page 2: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/2.jpg)
This document contains forward looking statements regarding future operations, product
development, product capabilities and availability dates. This information is subject to
substantial uncertainties and is subject to change at any time without prior notification.
Statements contained in this document concerning these matters only reflect Micro Focus's
predictions and / or expectations as of the date of this document and actual results and future
plans of Micro Focus may differ significantly as a result of, among other things, changes in
product strategy resulting from technological, internal corporate, market and other changes.
This is not a commitment to deliver any material, code or functionality and should not be relied
upon in making purchasing decisions.
2
Forward Looking Statements: Legal DisclaimerThis document contains forward looking statements
![Page 3: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/3.jpg)
AppSec trends
Today’s trend is tomorrow’s challenge
Meeting the challenge, accelerating for tomorrow
Roadmap
3
Agenda
![Page 4: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/4.jpg)
AppSec Trends
![Page 5: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/5.jpg)
Tsunami of Apps
5
1000 applications and counting…
![Page 6: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/6.jpg)
Speed vs Depth
6
“I want 5 minute scans with no false positives.”
![Page 7: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/7.jpg)
Developer User Story
7
We have seen the AppSec team AND IT IS YOU! (the developer)
![Page 8: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/8.jpg)
More Code, More Problems …
![Page 9: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/9.jpg)
More code…
9
![Page 10: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/10.jpg)
More code,more vulns …
10
![Page 11: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/11.jpg)
More vulns …
11
![Page 12: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/12.jpg)
More vulns,more risk …
12
![Page 13: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/13.jpg)
More risk, more pressure!
13
![Page 14: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/14.jpg)
Solutions and Examples
![Page 15: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/15.jpg)
You need an AppSecpressure relief valve!
15
![Page 16: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/16.jpg)
Innovation/Roadmap Themes
16
Integration Automation Agility
On-premise / On Demand
Fortify Ecosystem
Software Security Research
Static Analysis – SCA
Scan and Assess Source Code
Dynamic Analysis – WebInspect
Web Application Vuln Scanning
Runtime Analysis – App Defender
Application Protection & Monitoring
![Page 17: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/17.jpg)
Fortify Integration Fortify Ecosystem
17
![Page 18: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/18.jpg)
JS Sandbox Project
Jenkins Plugin
Bug Tracker Tools
Swagger supported RestAPIs
SSC Parser Sample
Fortify Integration
18
https://fortify.github.io/
![Page 19: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/19.jpg)
Bamboo Plugin
Fortify Integration
19
https://marketplace.atlassian.com/plugins/com.fortify.plugins.atlassian.bamboo.sca.bamboo-fortify-sca-plugin/server/overview
VSTS Extension
https://marketplace.visualstudio.com/items?itemName=fortifyvsts.hpe-security-fortify-vsts
![Page 20: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/20.jpg)
Fortify IntegrationSnyk Integration
20
![Page 21: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/21.jpg)
Fortify AutomationAudit Assistant
21
Auto-train
Auto-predict
Auto-tag
Unauditedresults enter
SSC
Auditedissues arrivein SSC
Audit assistantderives anonymousissue metrics andsecurely sends to
scan analytics Classifiers reportverified
vulnerabilitieswith up to
98% accuracy
![Page 22: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/22.jpg)
Fortify AutomationCentralized Translation & Scanning
22
Light weight utility for Devs
No need to install SCA on build server
Payload automatically transferred to controller
Smart control queueing & monitoring
Automated scan results submission
Benefits Cross language support
Removes dependency issues
Reduced infrastructure costs
Centrally managed
Designed for Enterprise Dev enablement
![Page 23: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/23.jpg)
Slack Enabled FoD!
Release updates
Applications changes
Reports and scan status
23
Fortify Automation
![Page 24: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/24.jpg)
Fortify AgilitySecurity Assistant for Visual Studio
24
![Page 25: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/25.jpg)
Swift Language Support
SCA 18.10 has support for:
Swift 4
Xcode 9, 9.1, 9.2
Latest Obj-C
SCA 18.11 has support for:
Swift 4.1.x
Xcode 9.3, 9.4
Latest Obj-C
Fortify Agility
25
Support within 3 to 6 weeks of Apple updates!
![Page 26: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/26.jpg)
Fortify Roadmap
![Page 27: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/27.jpg)
Q118 Q218
28
Fortify RoadmapFortify- SCA / SSC / WebInspect / Fortify on Demand
This is a rolling (up to three year) Roadmap and is subject to change without notice
TargetedAvailable
Application issue templates
“Your Scans” page view
Nexgen Open Source integration with Sonatype
Tools update: IntelliJ audit
Delivery optimization
FoD 18.1
Audit assistant prediction automation (analytics built-in)
Languages updates: ECMA 2016/2017, Swift 4/4.1,Xcode 9.x, Python 3.x, Xamarin, Scala- Play
SSC scalability and token management
SSC UX refresh and branding
Tools update: Security Assistant for Visual Studio, Bamboo plugin
Headless dynamic architecture
Dynamic setup simplification and dockerized deployment
On-Premise 18.1
Nexgen dynamic scanning automation
Tools update: Security Assistant for Visual Studio, Bamboo plugin
Dashboarding & analytics
Delivery optimization
Dynamic automation
Performance & scalability
Faster remediation
Improved new user UX
Improved open source analysis (JS support)
FoD Upcoming
Dynamic automation (WI + nexgen platform)
Performance & scalability
Integrations (API v4, DevOps toolchain)
False positive reduction
Dashboarding & analytics
Static automation
FoD Future
‒ High level themesOn-Premise Upcoming
Continued focus on customer driven innovation features for:
Integration / Automation / Agility
Examples include: Plugin consolidation, Angular, Java 11, Python- Django, Swift 5, Go, Ruby on Rails, centralized scanning and dependency orchestration, dynamic shift left
Licensing simplification
On-Premise Future
FoD 18.2
SSC Audit page redesign, SSC scalability
Centralized scanning phase 1
Languages updates: TypeScript, Swift 4.2/Xcode 10, Python 2 update, Obj-C, .NET MSBuild, SCA logging enhancements, C/C++
New Jenkins plugin with pipelines and build fail support
Dynamic headless tech preview
WI Firefox update, extended crawling support w/Angular 4+, REST API improvements, sensor management
![Page 28: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/28.jpg)
Thanks!
#MicroFocusCyberSummit
![Page 29: AppSec at High Speed and Scale - Micro Focus€¦ · AppSec at High Speed and Scale Scott Johnson, Fortify GM Agility, ... This is not a commitment to deliver any material, code or](https://reader035.vdocuments.site/reader035/viewer/2022062922/5f08dc3b7e708231d42412e0/html5/thumbnails/29.jpg)
#MicroFocusCyberSummit