ssa: what is wrong and how to make it right
TRANSCRIPT
![Page 1: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/1.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Software Security AssuranceWhy is not working and how to make it rightEduardo Vianna de Camargo Neves, CISSP
Fortify Sales Specialist, Southern Latin America
![Page 2: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/2.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Defining Software Security
Use of software, hardware, and procedural methods to protect applications from being exploited by any type of threat.• Identification of all security defects
• Protection for applications on productive environment
• Build security within the software development lifecycle
• Shift from reactive actions to a Risk Management approach
![Page 3: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/3.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
According to Gartner, 84% of breaches occur at the application layer
Software Security is not working as expected
Software Security
56%
31% Prone to leak system information through poor error handling
Weaknesses revealing information about application, implementation, or user
Mobile Apps Security
52%
48% Insecure server-side application code or code quality issues
Security issues were a result of insecure client-side operation
Unnecessary permissions74%
Source: HP Cyber Risk Report 2013
![Page 4: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/4.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Discovery
The Adversary Marketplace
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
![Page 5: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/5.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
The causes are well known for years
There is no Silver Bullet We are predictable
Different priorities Reactive approach only
![Page 6: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/6.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
Discovery
Organize our capability to disrupt the market
Research
Our enterprise
Their ecosystem
Infiltration
Capture
ExfiltrationPlanning damage mitigation
Protecting the target access
Finding them
Educating usersCounter intel
Stopping access
![Page 7: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/7.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
HP Fortify as a enabler for a Software Security Assurance program
ApplicationProtection
Software Security Assurance
Application Assessment
Find Fix Fortify
![Page 8: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/8.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
HP Fortify on the Software Development Lifecycle
HP Fortify SCA
HP WebInspect
Design Build Test Deploy
HP Fortify RTA
HP ApplicationView
HP Fortify SSC
HP Fortify on Demand
HP FortifyIDE Plug-Ins
Training Sessions
ProfessionalServices
![Page 9: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/9.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Summary: Find, Fix and Fortify
1
2
3
4
Find & Fix security issues in development
Fortify applications against attack
Save money in development
Reduce business risk from applications
![Page 10: SSA: What is wrong and how to make it right](https://reader035.vdocuments.site/reader035/viewer/2022080907/55a93de11a28abb5758b4824/html5/thumbnails/10.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you.
Eduardo Vianna de Camargo Neves, CISSP
Fortify Sales Specialist, Southern Latin America