day in the life of a developer
TRANSCRIPT
Day in the Life of a Developer…with WhiteHat Sentinel Source
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”
Notices a new vulnerability
Produced by ticketing integration
Viewing verified & actionable result
15+ supported systems, including…
“I fire up my IDE and triage my issues…”
“I fire up my IDE and triage my issues…”
Search application vulnerabilities
“I fire up my IDE and triage my issues…”
Search application vulnerabilities
Step through vulnerability in code
“I fire up my IDE and triage my issues…”
Search application vulnerabilities
Step through vulnerability in code
Review remediation guidance
“I fire up my IDE and triage my issues…”
Search application vulnerabilities
Step through vulnerability in code
Review remediation guidance
Ask for help from TRC
“I fire up my IDE and triage my issues…”
Search application vulnerabilities
Step through vulnerability in code
Review remediation guidance
Ask for help from TRC
Apply Directed Remediation patch if available
“I commit the fix and update the ticket…”
“I commit the fix and update the ticket…”
Updates ticket to reflect the fix
“I commit the fix and update the ticket…”
Updates ticket to reflect the fix
Moves ticket to Q&A
“I commit the fix and update the ticket…”
Updates ticket to reflect the fix
Moves ticket to Q&A
Source scan triggered via schedule
“I commit the fix and update the ticket…”
Updates ticket to reflect the fix
Moves ticket to Q&A
Source scan triggered via schedule
Ticket auto-updated to reflect results
Security Enhanced Developer Tooling... during notification
… during triage… during verification
Integration with Developer
• Atlassian JIRA• …many more using WIS
• Eclipse• IntelliJ• Xcode• Visual Studio
• Git• SVN• Perforce• CVS• TFS• HTTP/S• SFTP
• Java• C#.Net (incl. ASP.Net)• Objective-C (incl. iOS)• PHP• Java Script• HTML5• Android
Languages Code Repo
Bug Tracking
IDE Plugins
WhiteHat Integration Server (WIS)Bug Tracking & ALM Systems
Atlassian JIRA Microsoft Team Foundation Server
Atlassian JIRA Service Desk ThoughtWorks Mingle
Borland StarTeam (Dev Services Required)
Rally
HP ALM VersionOne
HP Quality Center Bugzilla
IBM Rational Team Concert (Rational Quality Manager)
Serena Business Manager
IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
THE FRONT LINEOf Application Security