Upload File

supermaraton - session 9 - ibm appscan - fernando imperiale v2

  • Home
  • Documents
  • SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2
11
1 BC Super Maratón 2016 © 2016 IBM Corporation BusinessConnect SuperMaraton 2016 Sesión #9

Upload: fernando-m-imperiale

Post on 09-Feb-2017

29 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

1

BC Super Maratón 2016

© 2016 IBM Corporation

BusinessConnect SuperMaraton 2016Sesión #9

Page 2: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

2

BC Super Maratón 2016

2 | BC SuperMaratón 2016

Solución del ciclo de vida IBM Security AppScan: la construcción de la seguridad en las aplicaciones de Web y Mobile, para la entrega de software y sistemas.

IBM Security AppScan® es una suite de soluciones de seguridad de las aplicaciones de Web líderes en el mercado que les dan a las organizaciones la visibilidad y el control necesarios para abordar este desafío crítico. La suite incluye: •IBM Security AppScan Standard (disponible como una aplicación o como software como un servicio [SaaS]). •IBM Security AppScan Enterprise (disponible como una solución basada en la Web o un SaaS).•IBM Application Security on Cloud (100% SaaS)

Cada una de estas amplias soluciones provee escaneo, informes y recomendaciones de arreglos, y es apropiada para todos los tipos de pruebas de seguridad por parte de una variedad de usuarios, incluyendo desarrolladores de aplicaciones, equipos de aseguramiento de calidad (QA), probadores de penetración, auditores de seguridad y gerentes senior

Page 3: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

3

BC Super Maratón 2016

3 | BC SuperMaratón 2016

Realice auditorías de seguridad y monitoreo de producción con: IBM Security AppScan Standard

La automatización de pruebas de aplicaciones de Web para auditores de seguridad y probadores de penetración requiere tecnologías de escaneo sofisticadas e inteligentes. IBM Security AppScan Standard Edition incluye dispositivos específicos que están diseñados para dar soporte a usuarios moderados y poderosos.

Page 4: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

4

BC Super Maratón 2016

4 | BC SuperMaratón 2016

Escale pruebas de seguridad de las aplicaciones a través de la empresa con IBM Security AppScan Enterprise

Con su arquitectura basada en la Web, IBM Security AppScan Enterprise Edition está diseñado para ayudar a las organizaciones a distribuir responsabilidad para las pruebas de seguridad entre múltiples partes interesadas, así como también ayudar a los usuarios a descubrir tempranamente vulnerabilidades en el ciclo de vida de la entrega de aplicaciones de Web, cuando el arreglo sea fácil y efectivo en costos.

Page 5: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

5

BC Super Maratón 2016

5 | BC SuperMaratón 2016

Capacidades de IBM AppScan Standard e IBM AppScan Enterprise disponibles como SaaS con IBM Application Security on CloudAccediendo a las capacidades de AppScan como un servicio administrado, usted puede obtener las ventajas de los beneficios del producto sin los costos de agregar personal o hardware.Aborde los problemas de la administración de la seguridad y del cumplimiento organizativo con una capacitación basada en la Web

Page 6: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

6

BC Super Maratón 2016

6 | BC SuperMaratón 2016

Encontrado mientras se desarrolla

$80 / defecto

Mientras es compilado

$240 / defecto

En las consultas o testing

$960 / defecto

En producción

$7,600 / defecto

80% de los costos de desarrollo son al solucionar defectos!

Source: Ponemon InstituteSource: National Institute of Standards and Technology

Page 7: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

7

BC Super Maratón 2016

7 | BC SuperMaratón 2016

Finding Application Vulnerabilities

Reduce the Cost of Being Secure

Oversight and Governance

“GlassBox scanning allowed us to improve results accuracy as well as test for new class of vulnerabilities undetected by conventional web application security scanning technologies” Boris Gorin, Amdocs

“AppScan not only helps us to avoid costs related to hacking attacks, but also reduces the manual effort needed for analysis and the costs for testing”

Michael Neumaier,Senior Quality Specialist, SAP AG

“We were able to increase the participation of the IT community in web application scanning”

Alex Jalso, Assistant Director, Office of Information Security, WVU

Page 8: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

8

BC Super Maratón 2016

8 | BC SuperMaratón 2016

• It’s Accurate, Mature and Flexible.• Best detection rate in the market according to most

benchmarks.• Supports Dynamic, Static, hybrid, and Glassbox scans• Simple to use (AppScan Standard’s Wizard, helpers, recorders)• Covers OWASP, SANS, & WASC security checks,

and SAST of most of used programming languages.• Issue management• Scalability & Control• Enterprise application security dashboards

– Trending of issues over time– Top security issues and risks

• Regulatory compliance reports (40+ including PCI, SOX, GLBA)• Detailed Reports and fix recommendations, and are available in Spanish.

Page 9: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

9

BC Super Maratón 2016

9 | BC SuperMaratón 2016

The application security threat??????????????????????XSS and SQL Injection Exploitations

Mobile Devices Targeted

Web Application Vulnerabilities

??????????????????????Mobile Malware Increasing

Malicious code is infecting more than

11.6 millionmobile devicesat any given timeSource: InfoSec, "Mobile Malware Infects Millions; LTE Spurs Growth," January 2014

Mobile devices and the apps we rely on are under attack

90% of the top mobile

apps have been hacked

Source: Arxan Technologies, “App Economy under Attack: Report Reveals More than 90 Percent of the Top 100 Mobile Apps Have Been Hacked”

Web Application Vulnerabilities

XSS and SQL injection exploits are continuing in high numbers

Source: IBM X-Force Threat Intelligence Quarterly, 1Q 2014Source: IBM X-Force Threat

Intelligence Quarterly, 1Q 2014

33%of vulnerability

disclosers are web application vulnerabilities

Page 10: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

10

BC Super Maratón 2016

10 | BC SuperMaratón 2016

Demonstración

CONSOLA ON CLOUD

https://appscan.ibmcloud.com/serviceui/home
Page 11: SuperMaraton - Session 9 - IBM AppScan - Fernando Imperiale v2

11

BC Super Maratón 2016

11 | BC SuperMaratón 2016

Qué preguntas tienen?


AppScan Reference Implementation

IBM AppScan Standard - The Web Application Security Solution

Lidea Imperiale Nel de Vulgari Eloquent

IBM Security AppScan Standard: Getting Started Guide · C:\Program Files (x86)\IBM\AppScan Standard\Glass box Java platforms: On Java platforms the following server platforms and

IBM AppScan Source The SAST solution - E-SPIN Group · 2015-08-17 · 2. AppScan Source for Development. Allow Developers to perform Security Scans Plugins supplied for IDE Remediate

Maria Grazia Imperiale University of Glasgow - Enlighteneprints.gla.ac.uk/140680/1/140680.pdf · Maria Grazia Imperiale University of Glasgow A CAPABILITY APPROACH TO LANGUAGE EDUCATION

Security Services and AppScan

IBM Security AppScan V8.8 portfolio supports collaborative and

Começando a utilizar o Appscan

IMPERIALE ACCADEMIA DI RUSSIA

Saga Imperiale

Hotel Imperiale - Taormina

Presentacion IBM AKTIO Punto Net Soluciones SRL - APPSCAN IBM

Fernando Imperiale - Una aguja en el pajar

IBM Rational AppScan deployed by SAP AG

Warhammer Quest - Nobile Imperiale

Introduction to AppScan Enterprise

Linguistic Resistance - Maria Grazia Imperiale

Grand Hotel Imperiale - Forte dei Marmi

Seric case study Trespass Security Appscan

IBM Security AppScan Source 9.0.3 · IBM Security AppScan Source 9.0.3.12 Detailed System Requirements Report data as of 2019-08-05 03:04:26 EDT 2 Included in this report This report

IBM Security AppScan Enterprise Edition€¦ · IBM Security AppScan Enterprise Edition (AppScan) offers advanced application security testing and risk management with a platform

IBM Security AppScan Standard Edition (PDF)

IBM Security AppScan Source: Installation and Administration Guide

BOOK 2019 | WIDEGRES 260 - manetas.net...ME263L Imperiale Effect ME123L Imperiale Effect ME264L Port Laurent Effect ME124L Port Laurent Effect FINITURE DISPONIBILI - Available Finishes

Fernando Imperiale - Security Intelligence para PYMES

BOOK 2019 | WIDEGRES 260 - Coem · 2019. 2. 22. · ME263L Imperiale Effect ME123L Imperiale Effect ME264L Port Laurent Effect ME124L Port Laurent Effect FINITURE DISPONIBILI - Available

The IBM Rational AppScan lifecycle solution: building Web

IBM Rational AppScan: enhancing Web application security and

IBM Tivoli Using Rational AppScan with Tivoli Integrated Portal(V2.2

Maison Imperiale

IBM Rational AppScan: enhancing Web application security

IBM Security AppScan Standard: Glass Box User …...4 IBM Security AppScan Standard: Glass Box User Guide for .NET platforms Chapter 3. Defining the glass box agent in AppScan This

IBM AppScan - the total software security solution

PhD Presentation - Brussels June 2015 (M.G. Imperiale)