Upload File

threadfix 2.5 webinar

51
© 2017 Denim Group All Rights Reserved Building a world where technology is trusted. ThreadFix 2.5 Application Security at DevOps Speed April 18th, 2017 Dan Cornell, CTO Kyle Pippin, Product Manager

Upload: denim-group

Post on 21-Jan-2018

533 views

Category:

Technology


2 download

Report

TRANSCRIPT

Page 1: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Building  a  world  where  technology  is trusted. ThreadFix 2.5Application  Security  at  DevOps  SpeedApril  18th,  2017

Dan  Cornell,  CTOKyle  Pippin,  Product  Manager

Page 2: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Agenda

Page 3: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Agenda• Application  Security  and  DevOps• ThreadFix Background• ThreadFix 2.5  Release• Coming  Up  in  the  2.5  Series

2

Page 4: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Application  Security  and  DevOps

Page 5: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

DevOps  Is  Coming

Page 6: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Some  Security  Teams  Will  Adapt

(Others  Will  Not)

5

Page 7: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Use  This  Transition  to  Your  Advantage

6

Page 8: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Move  Security  to  the  Left  and  Get  Buy-­In

7

Page 9: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Better  Security  Insight,  More  Often

8

Page 10: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

What  Does  Application  Security  Want

• Reduce  Risk  Exposure

• Introduce  Fewer  Vulnerabilities

• Find  Vulnerabilities  Early

• Fix  Vulnerabilities  Quickly

9

Page 11: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

What  Do  DevOps  Teams  Want?

10

Page 12: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

How  Do  We  Make  This  a  Reality?

11

Page 13: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Application  Security  Testing  in  CI/CD  Pipelines

12

Page 14: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

AppSec Testing  Policies  for  DevOps

13

Page 15: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  Tradeoffs

14

Page 16: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Decision-­Making  Factors

15

Page 17: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Reporting  Recommendations

(Hint:  Not  With  These)

16

Page 18: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

ThreadFix Background

Page 19: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

ThreadFix Overview• Create  a  consolidated  view  of  your  applications  and  vulnerabilities

• Prioritize  application  risk  decisions  based  on  data

• Translate  vulnerabilities  to  developers  in  the  tools  they  are  already  using

18

Page 20: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

ThreadFix Overview

19

Page 21: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Create  a  consolidated  view  of  your  

applications  and  vulnerabilities

20

Page 22: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Application  Portfolio  Tracking

21

Page 23: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Vulnerability  Consolidation

22

Page 24: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Prioritize  application  risk  decisions  based  on  

data

23

Page 25: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Vulnerability  Prioritization

24

Page 26: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Prioritization  with  Hotspot

Page 27: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Reporting  and  Metrics

26

Page 28: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Translate  vulnerabilities  to  developers  in  the  tools  they  are  already  

using

27

Page 29: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Defect  Tracker  Integration

28

Page 30: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

ThreadFix 2.5  Release

Page 31: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Secure  DevOps with  ThreadFix

• What  does  your  pipeline  look  like?

http://www.slideshare.net/mtesauro/mtesauro-­keynote-­appseceu http://www.slideshare.net/denimgroup/rsa2015-­blending-­theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally

https://blog.samsungsami.io/development/security/2015/06/16/getting-­security-­up-­to-­speed.html

Page 32: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

AppSec Testing  for  DevOps

• Configuring  Testing  Policies

• AppSec Testing  for  DevOps  in  Action

Page 33: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Policy  Configuration• Testing• Synchronous• Asynchronous

• Decision• Reporting

32

Blog  Post:  Effective  Application  Security  Testing  in  DevOps  Pipelineshttp://www.denimgroup.com/blog/2016/12/effective-­application-­security-­testing-­in-­devops-­pipelines/

https://www.denimgroup.com/resources/effective-­application-­security-­for-­devops/

Page 34: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  Configuration

33

Page 35: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  Configuration

34

Page 36: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Decision  Configuration

35

Page 37: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Decision  Configuration

36

Page 38: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Reporting  Configuration

37

Page 39: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Reporting  Configuration

38

Page 40: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Reporting  Configuration

39

Page 41: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Reporting  Configuration

40

Page 42: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

41

Page 43: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

42

Page 44: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

43

Page 45: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

44

Page 46: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

45

Page 47: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

46

Page 48: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Testing  in  Action

47

Page 49: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Coming  Up  in  the  2.5  Series

Page 50: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Coming  Soon• Support  for  more  SAST  and  DAST  tools

• “Easy  Mode”  for  CI/CD  plugins

Page 51: ThreadFix 2.5 Webinar

©  2017  Denim  Group  – All  Rights  Reserved

Building  a  world  where  technology  is trusted.

@denimgroupwww.denimgroup.com

50

www.threadfix.it


Number of Medications · 2019-12-21 · 1 (2.5%) Endocrine. 1 (2.5%) Gastrointestinal. 1 (2.5%) Genitourinary. 1 (2.5%) Neurologic. 1 (2.5%) Pain Relief. 3 (7.5%) 1 (2.5%) Psychiatric:

Welcome to the CIAQ Webinar/Meeting Wednesday, 14th ......Focus on Fine Particulate Matter (PM 2.5) Higher ambient PM 2.5 … causes increased cardiovascular morbidity and mortality;

MONOPLUG 2.5 CONNECTOR - mu.elecfans.netmu.elecfans.net/201802/Heilind_pdf21_MONOPLUG-2.5-Connector.pdf · APPLIANCES /// MONOPLUG 2.5 MONOPLUG 2.5 CONNECTOR The next generation female

ALTIMA - Fox Dealer · 2.5 2.5 S INCLUDES 2.5 EQUIPMENT PLUS: 2.5 SR INCLUDES 2.5 S EQUIPMENT PLUS: 2.5 SV 65INCLUDES 2.5 S EQUIPMENT PLUS: 2.5-liter DOHC 16-valve 4-cylinder engine,

Benchmarking Web Application Scanners for YOUR …€¦ · Login to ThreadFix (“user” and “password”) 23 ... // ... (210) 572-4400 . Author:

feb 2013photo 2.5" x 2" photo 2.5" x 2" title photo 2" x 2.5" title Maps photo 2.5" x 2.5" photo 2.5" x 2.5" photo 5.5" x titl photo titles 3.5" x 2.5" 6) photo 3.5" x 2.5

ID+ 2.5 x 2.5

Using ThreadFix to Manage Application Vulnerabilities

EPA Tools and Resources Webinar: Non-Potable Water Reuse · 6.0-9.0 6.0-9.0 Storage vessel residual chlorine (mg/l) ≥ 0.5 - ≥ 2.5 ≥ 0.5 - ≥ 2.5 a Class R: Flows through graywater

WSO2 Product Release webinar - WSO2 BAM 2.5

zhengzheng.buaa.edu.cnzhengzheng.buaa.edu.cn/en/pdf/linux.xlsx · XLS file · Web view2 2.5 2. 3 2.5 1. 7 2.5 2. 9 2.5 10. 10 2.5 89. 14 2.5 19. 16 2.5 10. 17 2.5 3. 20 2.5 4. 23

Application Security Management with ThreadFix

2.5 COILOVER SHOCKS & 2.5 DSC COILOVER SHOCKS

Running a High-Efficiency, High-Visibility Application Security Program with Prevoty and ThreadFix

Clear AppSec Visibility with AppSpider and ThreadFix

AQS Webinar - epa.gov · 10, PM 10, PM 10-2.5, and PM 2.5 • Continuous PM 2.5 monitors • Filter-based PM 2.5 speciation monitors - (total mass and speciated components) • NCore

DEVELOPMENT STANDARDS 2.5 Oracle Workflow 2.5

Webinar Wednesday Transportation Transcript 2.5 · Master Plan for Aging Webinar Wednesdays Transportation February 5, 2020 Captioners Transcript Kim: Good morning. Welcome. Thank

URFA –20S-2.5” URFA-20-2.5” URFA-25-2.5” INSTALLATION AND ... · urfa –20s-2.5” urfa-20-2.5” urfa-25-2.5” installation and operating instructions for field adjustable

T500 - assets.tennantco.com · Superviser and Operator ID log-in ... Smart-FillTM Automatic Battery Watering Tank Capacity (Option) 2.5 L 2.5 L 2.5 L 2.5 L 2.5 L PROPELLING SYSTEM

Elevate Your Application Security Program with Burp Suite and ThreadFix

Published ahead of Print Interventions to Reduce Sedentary ... · group of sedentary behavior researchers who participated in a 2.5-hour webinar workshop, and were modified according

Comfort+Convenience’=’ MoreWomenBiking webinar Handy.pdfShare’biking’in’last7’days’ 50% 56% 0% 10% 20% 30% 40% 50% 60% Women’ Men’ 2.8 3.3 0.0 0.5 1.0 1.5 2.0 2.5

MANIPULATION OF SPIN CURRENT & SPIN HALL EFFECTS IN ... · 0 2.5 5-5-2.5 0 2.5 5 0 2.5 5-5-2.5 0 2.5 5 0 2.5 5-5-2.5 0 2.5 5 Spin accumulation is suppressed by the Py contact. Taking

Brownfields Financing Webinar Series · Intro Food Systems Finance Course Seed & Venture Capital Course Intro Brownfield Finance Course ... at auction for $2.5 Million to UrbanStreet

Courtesy of Steven Engineering, Inc. - 230 Ryan Way, South ... · 2 x 0.5 mm2 403 PTDA series ... Rated surge voltage [kV] 2.5 2.5 2.5 2.5 2.5 2.5 Approval data (UL/CUL) Use Group

LMx85-2.5, LM385B-2.5 Micropower Voltage References … · 2020. 12. 13. · LM285-2.5, LM385-2.5, LM385B-2.5 SLVS023L –JANUARY 1989–REVISED FEBRUARY 2018 LMx85-2.5, LM385B-2.5

Webinar on: Cities, Climate Change and Technologies: An … Webinar AIT... · Source: IPCC WGII AR5-2013 14 . Urban agglomeration and projected climate change For RCP 2.5 scenario

ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Management for Applications

Running a Comprehensive Application Security Program with Checkmarx and ThreadFix 

ThreadFix 2.1 and Your Application Security Program

ThreadFix 2.2 Preview Webinar with Dan Cornell

STEREO AMPLIFIER 2.5+2.5 W RMS AMPLIFICATEUR … UK111... · uk 111 stereo amplifier 2.5+2.5 w rms amplificatore stereo 2,5+2, w 5 amplificateur stereo 2.5+2.5 w rms stereo-verstÄrker

Create a Unified View of Your Application Security Program – Black Duck Hub and ThreadFix

Secure DevOps with ThreadFix 2.3