Federal Mobile Computing Summit

March 2014

Carwash

February 2014 | Agenda

Introductions

The Carwash offering

2

The Carwash Offering

The Carwash | A foundation for value added offerings

4

Carwash provides an integrated platform of tools and service management processes that support a variety of technologies, cloud services, and cloud systems.

Carwash

WCMaaS Mobile ALM Future

Tenants

Services

OMB Max Auth. Akamai

Carwash 2.0 The Carwash 2.0 provides the backbone to support all solutions and services.

This shared platform allows common elements to be reused across all offerings.

The Carwash | The Vision

The Carwash | Current Status - ALM

The Carwash provides a core set of ALM features to users:

Issues: A full-featured issue and risk tracking system

Content: A wiki-like team collaboration and publishing space

Automate: A continuous integration (CI) orchestrator to support build, test, and deploy

Source: Project source code repositories, and shared repositories for the storage of in-development efforts

In addition to the user functionality, all tenants and systems are supported by tools and teams to ensure system availability:

Monitoring

Patching

System Support

Federated authentication & access (through OMBMax Credentials)

Business

Development

Systems

The Carwash | Current Status - Scans and Tests

7

Tenant users can view in-depth reports generated by each of the security, quality, and accessibility scanners. Tests executed may include:

Security • Data release

• Data leakage

• Intercept

• Data modification

• Malware

• Communications

• Permissions

OWASP Top 10 Vulnerabilities • Injection

• Cross-Site Scripting (XSS)

• Broken Authentication and Session Management

• Insecure Direct Object References

• Cross-Site Request Forgery (CSRF)

• Security Misconfiguration

• Insecure Cryptographic Storage

• Failure to Restrict URL Access

• Insufficient Transport Layer Protection

• Un-validated Redirects and Forwards

Accessibility • Usability: Typography

• Usability: Icons

• Usability: Content

Quality • Complexity Analysis

• Design Analysis

• Duplications Analysis

• Size Analysis

• Correctness

• Performance

• Internationalization

• HTML, CSS, Validation

• mobileOK checker

The Carwash | Current Status – Web Content Management as a Service (WCMaaS)

WCMaaS is operational with full system Authority to Operate (ATO). Currently WCMaaS has 11 live tenants with 4 more slated to migrate in FY14.

WCMaaS includes the following Features/Capabilities:

Public facing .gov site hosting

Drupal Baseline

Full System ATO

8

Live Tenants: FEMA DHS TSA Ready Disaster Assistance m.fema niccs.us-cert.gov us-cert.gov Ics-cert.us-cert.gov Buildsecurityin.use-cert.gov USCIS.gov

Onboarding: CBP FLETC FLETA ICE

The Carwash | Current Status - Mobile

On November 2013, Mobile 1.0 was deployed into a Production environment with full system Authority to Operate (ATO).

Release 1.0 includes the following Features/Capabilities:

Build HTML5 to Droid

Summary results dashboard

HTML5 Kickstart templates

HTML5 Shared Code modules

HTML5 Scans: Security, Accessibility, Quality

Droid Scans: Security, Accessibility, Quality

Full System ATO

9

INITIATE BUILD SCAN RESULTS

The Carwash | Mobile - An Automated One-Stop-Shop For Mobile App Testing

10

2 Start

Cycle 3 Review

Results

4 Choose

Action

EXIT

The Developer determines they’re

ready to engage the DHS/OCIO

platform by consulting the code

library and/or starting the cycle 1 Engage

Platform

The orchestrator moves

source code through each

phase of the cycle. Each

cycle outputs a results

dashboard

The Developer reviews the

results dashboard to see

how the source code

scored against

accessibility and security

measures

Source

Code

Source

Code

Restart

Cycle

Publish

App

The Carwash - Mobile The Developer chooses to either make

changes to the source code based on

the results and restart the cycle, or

publish their app

SETUP

Access

Library

Start

Cycle

Access

reusable

code and

references

ENTRANCE

Development activities occur within existing development environments

The Carwash | DevOps Support

Because of the established Carwash platform and system offering, the Carwash team is well positioned to support development efforts in a number of significant ways.

Carwash enables Devops processes by using automation and promoting collaboration

We have already seen: • Tool Access

• Cloud Infrastructure Access

• CI Build, Scan, Deploy systems

But additionally we have and can provide support in the following ways:

• Concepting and Design support

• Shared, Reusable Code

• Future offerings

11

The Carwash | Quick Start with Shared Code

While the Concept phase is always critical to a new application, much of the Define and Development phase can be abbreviated through the use of Carwash Shared Code.

Example: • Concept - We need a way to easily distribute public information to citizens

at an upcoming, week-long federal event.

• Assess - We feel this concept meets the threshold of our “Ask First” questions.

• Define / Design - We want a simple app that displays:

A map of the area, with event locations

Information published to the event blog

Information published to twitter with the #BigEvent hashtag

Information on who to contact for questions

12

The Shared Code Advantage? This App Already Exists!

The Carwash | Future Offerings

While the team is committed to delivering the highest value to users today, current discussions with tenants have already identified a number of areas for assessment, and possible enhancement. Including:

• Data services and endpoint secure consolidation

• Cloud development support (Cloud Design, Cloud IDE, Cloud Learning)

• Integrated unit and functional testing

• Integrated physical device testing

• And many others

13

Thank You

Question & Answer

carwash@hq.dhs.gov