security services and appscan. why develop secure applications 1.prevent vulnerabilities. [account...

Security Servicesand AppScan

Why Develop Secure Applications

1.Prevent Vulnerabilities.[account and data theft]

2.Prevent Breaches.[$200/record notifications]

3.Prevent Regulatory Violations[FERPA, 201 CMR 17]

Why YOU Develop Secure Applications

1.Reduces future maintenanceand “fire-fighting” emergencies.

2.Easier to figure out while “in your head”3.Patching production sucks.4.Security is fun and cool (right?)5.Jumbo in the room:

reputation and prestige

How to Develop Secure Applications

1. Conduct Security Assessments Throughout Development–Automated Code Review (doesn’t even have to compile)–Automated Black Box Scans–Manual Risk Assessments

2. Talk to Information Security–We pretend to be nice if you talk to use before launch!

3. Learn about security relevant to your areas of expertise.–OWASP–Stack Exchange

Key Points to Discuss while Demo Fails

•Badnessometer•Why automatedscanning is thebare minimum•Canned Tests - Known Good vs Test Result

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScanDemo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

AppScan Demo

Options:• Throttle Test Speed• Enable Flash / JavaScript• Record Custom Logic• Define Custom Error Pages (!!!)