Upload File

ssa: what is wrong and how to make it right

10
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Security Assurance Why is not working and how to make it right Eduardo Vianna de Camargo Neves, CISSP Fortify Sales Specialist, Southern Latin America

Upload: eduardo-vianna-de-camargo-neves

Post on 18-Jul-2015

31 views

Category:

Software


1 download

Report

TRANSCRIPT

Page 1: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Software Security AssuranceWhy is not working and how to make it rightEduardo Vianna de Camargo Neves, CISSP

Fortify Sales Specialist, Southern Latin America

Page 2: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

Defining Software Security

Use of software, hardware, and procedural methods to protect applications from being exploited by any type of threat.• Identification of all security defects

• Protection for applications on productive environment

• Build security within the software development lifecycle

• Shift from reactive actions to a Risk Management approach

Page 3: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3

According to Gartner, 84% of breaches occur at the application layer

Software Security is not working as expected

Software Security

56%

31% Prone to leak system information through poor error handling

Weaknesses revealing information about application, implementation, or user

Mobile Apps Security

52%

48% Insecure server-side application code or code quality issues

Security issues were a result of insecure client-side operation

Unnecessary permissions74%

Source: HP Cyber Risk Report 2013

Page 4: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4

Discovery

The Adversary Marketplace

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration

Page 5: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5

The causes are well known for years

There is no Silver Bullet We are predictable

Different priorities Reactive approach only

Page 6: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6

Discovery

Organize our capability to disrupt the market

Research

Our enterprise

Their ecosystem

Infiltration

Capture

ExfiltrationPlanning damage mitigation

Protecting the target access

Finding them

Educating usersCounter intel

Stopping access

Page 7: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7

HP Fortify as a enabler for a Software Security Assurance program

ApplicationProtection

Software Security Assurance

Application Assessment

Find Fix Fortify

Page 8: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8

HP Fortify on the Software Development Lifecycle

HP Fortify SCA

HP WebInspect

Design Build Test Deploy

HP Fortify RTA

HP ApplicationView

HP Fortify SSC

HP Fortify on Demand

HP FortifyIDE Plug-Ins

Training Sessions

ProfessionalServices

Page 9: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9

Summary: Find, Fix and Fortify

1

2

3

4

Find & Fix security issues in development

Fortify applications against attack

Save money in development

Reduce business risk from applications

Page 10: SSA: What is wrong and how to make it right

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Thank you.

Eduardo Vianna de Camargo Neves, CISSP

Fortify Sales Specialist, Southern Latin America


Right and Wrong Thinking

What's Wrong and Right With Microfinance

3D Ornaments CE - Cricutus.cricut.com/res/ccrehandbooks/3DOrnaments_CE.pdf · digital images Honeycomb Ornament Simplified Ornament Right Side Wrong Side Right Side Right Side Wrong

USA: RIGHT THE WRONG

When right triangles go wrong

Right-Wrong in Business

Wrong Way to be Right

RIGHT ya WRONG

Separating RIGHT from Wrong and LEFT

Wrong Belief- Right Belief

Right goals wrong tools

Ethics: Inventing Right and Wrong

RIGHT TIME, WRONG PLACE

Right or Wrong

Right Wrong - ICAEW

Right View & Wrong eBook)

Right for the wrong reason; wrong for the right reason

06。right and wrong

1 Chronicles 13 “Right Thing, Wrong Way” “Right Thing, Wrong Way” Pg 371 In Church Bibles

UNIT 1 – East of Eden Right & Wrong. ESSENTIAL QUESTION #4 How do we determine right from wrong?

Copy Left, Right, or Wrong

Right vs. Wrong

Knowing Right from Wrong Exodus 20:1-17. Knowing Right from Wrong Introduction

Do Wrong Right — Hornall Anderson

Right & Wrong

TRYOUTS: RIGHT OR WRONG?

Wrong picture! Dealing with temptations. Right picture! Right picture? Wrong picture! 2 Samuel 11

Mackie - Ethics - Inventing Right and Wrong

Right or wrong alex dean

Women Always Right, Men Never Wrong

Reasons: Wrong, Right, Normative, Fundamental

Same Sex Marriage Right or Wrong?

Electronic Bidding: The Right Way & The Wrong Wayofcc.ohio.gov/Portals/0/Cinci - The Right Way and The Wrong Way.pdfThe Right Way & The Wrong Way. AIA CES Provider Name: Ohio Facilities

Right Man Wrong Job

Karmayuga - right every wrong