SlideShare a Scribd company logo

Leverage DevOps & Agile to Transform Application Testing

Download as PPTX, PDF
DevOps for Enterprise Systems
DevOps for Enterprise Systems

Leverage DevOps & Agile Development to Transform Your Application Testing Program: Client Case Study

Software
1 of 20
© 2017 IBM Corporation Leverage DevOps & Agile Development to Transform Your Application Testing Program: Client Case Study
Speakers Shuchita Gupta Senior Software Client Architect & Leader IBM Sona Srinivasan Senior IT Architect, Global Architecture and Technology Services IT CISCO Systems, Inc. Alan Shimel Moderator, Editor-in-Chief DevOps.com 2
State of Application Security Average time to detect APT 256 days Average cost of a U.S. data breach $6.5M Percentage of breaches due to Web attacks 40% Sources: IBM X-Force Threat Intelligence 2015; 2016 Verizon Data Breach Investigations Report; 2016 Cost of Data Breach Study: Global Analysis Average size of a U.S. data breach 30K records 3
Conversations & Challenges How often should you think about security in the SDLC? Are automated DAST scans enough? Should I stop my release in a continuous delivery pipeline if my critical vulnerabilities aren't fixed? Can running SAST scans on each build reduce my need to run DAST scans? Should my user stories for security be incorporated in a sprint, or be a part of my design? Key: SAST – Static Application Security Testing DAST – Dynamic Application Security Testing 4
Poll Question #1 5
The Sec Ops Journey Conversations that launched with Agile The Steps to Cognitive Security Examples of Continuous Security Continuous Security at Cisco Adapting to Threats & Attacks Together 6 6
Continuous Security Example #1 Architecture & Security Requirements • Threat Modeling By Feature & Design - For every major application re-design or major feature change, Threat Models must be built based on the application’s design changes • Security assessments and User Stories Tie in, where security assessments answer the Who, Why and What of the feature and application. Documented Security Design Revisit of the data classification for data at Rest, and Transit • E.g.: Employee data on Company System becomes Customer Data on Insurance System, data changes classification from system to system, depending on the consuming application • Application Profiling at the time of Provisioning for baselining 7
Continuous Security Example #2 Running static security scans on GIT repo branches is considered continuous security with: • Code Tagging (E.g.: deployed code tags needs to have meta data about the code) with insights into code patterns (E.g.: Singleton Usages, Factory patterns etc. tied to security insights) • Developer Behaviors (E.g.: Developers who code in JAVA might need training in SQL Injections etc., novice developers might need training in XSS) • Code-branch Patterns (E.g.: Code reposes with fewer branches might have more to catch as branched code might be more modularized and secure) • Vulnerability Trends (E.g.: HR apps have SQL Injections, while Service X might have the most vulnerable code) • Types of Languages used tied to type of data classification (E.g.: Cisco is a big JAVA and PL/SQL Shop with movement towards Apex and Angular etc.…) 8
Continuous Security Example #3 Automated DAST is seen as continuous security with security benchmarking • Quality Pre-requisites for DAST – Can Deployment workflows check for Quality & Load Tests before running DAST scans? (Have QA bugs been fixed so DAST is spending more time on the security threat classes?) • Are the DAST Test environments close to Production and stable enough for graceful recovery from the DAST attacks (DMZ, Core Zone, Data Center, PaaS profile), especially in a continuous environment? Example - Network latency of the source call of the DAST scan to the Application Destination environment (Eg: India to Richardson) 9
Continuous Security Example #4 Management of Incident Response data and mapping to application attacks, environment attacks with: • Pre-Deployment Security Posture and: • SAST • DAST • Open Source Scanning • App Profiling (Cloud native, hybrid, on premise etc.) • Penetration Test Results • Post-Deployment Security Posture of: • Applications • Data • Environment 10
Poll Question #2 11
Development Platform as a Service Cloud Apps Apps Built Apps Bought Web Mobile Mobile Web DAST Deployment …… Repo Mgmt. Binary Executable Mgmt. Executable Mgmt. …… …… …… …… Binary Analyzer Mobile DAST Build Automation SAST Cloud Ready DAST Quality Assurance Deployment Post-Deployment Mgmt. Penetration Test Deployment Repo Mgmt. Repo Mgmt. Build Automation Build Automation Quality Assurance Quality Assurance SAST SAST Penetration Test Penetration Test Post-Deployment Mgmt. Post-Deployment Mgmt. Quality Assurance Quality Assurance DAST Binary Analyzer Mobile DAST Deployment Deployment Penetration Test Penetration Test Post-Deployment Mgmt. Post-Deployment Mgmt. APIs Repo Mgmt. Build Automation Quality Assurance SAST Deployment Cloud Ready DAST Penetration Test Post-Deployment Mgmt. 12
APP Profiling & DPAAS Choice App Stack Provisioning & App Profiling Cloud API Web App Built Cloud App Mobile App Built Web App Packaged Mobile App Packaged Incidents & Security Breaches App Profile (comp- osite) 13
Poll Question #3 14
Continuous Security at Cisco People & Skillset Technology & Automation Governance & Audits 1. Continuous Education on Process & Technology 2. In-Context Training as opposed to On-Demand  3. Federated Security Personnel in the functions 1. Watch the Market & Developer world 2. Our eyes are on PaaS changes and Developer Tools & Technology Changes 1. Bringing The Policy to the user 2. Moving Governance into the Life Cycle – Start Right, rather than shift left  3. Multi-Check Points 15
Journey to COGNITIVE •Good Domain Knowledge • Developer Skill-Set will range from beginner to seasoned Simplify • Process is simple and mature for automation •Intermediate Skill-Set of the Developer Automate • Go from multiple sub- systems to digital components in streams • Expert Developer Digitize • Developer is knowledgeable enough on when to apply machine learning to enable speed • Adding Specific Bots to address bottlenecks is a great way to ease the experience problem for security tools & their complexity Machine Learning • Developer is a Highly Seasoned with domain expertise and data architectures which then leverage cognitive APIs for Proactive Security Guidance Cognitive Process Complexity Developer Skillset 16
Managing Risk Holistically Comprehensive attack surface minimization through insights Bottoms up & Top down Vulnerability management Technology ecosystem – with Vendors Always remember the application is the front door - Trained Ninjas 17
Key Resources to Learn More 18 • Forrester Report “Secure Applications at the Speed of DevOps” • Gartner 2017 Magic Quadrant for Application Security Testing • Forrester Total Economic Impact (TEI) Study • E-Guide: 5 Steps to Achieve Risk-Based Application Security Management
Q & A 19
© 2017 IBM Corporation Thank You!

Recommended

InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...
InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...
InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...DevOps for Enterprise Systems
 
InterConnect 2017 : Programming languages in the enterprise: Which language s...
InterConnect 2017 : Programming languages in the enterprise: Which language s...InterConnect 2017 : Programming languages in the enterprise: Which language s...
InterConnect 2017 : Programming languages in the enterprise: Which language s...DevOps for Enterprise Systems
 
InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...
InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...
InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...DevOps for Enterprise Systems
 
InterConnect 2017 : Mastering the z Systems Development and Test Environment ...
InterConnect 2017 : Mastering the z Systems Development and Test Environment ...InterConnect 2017 : Mastering the z Systems Development and Test Environment ...
InterConnect 2017 : Mastering the z Systems Development and Test Environment ...DevOps for Enterprise Systems
 
Fault Analyzer for z/OS Overview
Fault Analyzer for z/OS OverviewFault Analyzer for z/OS Overview
Fault Analyzer for z/OS OverviewDevOps for Enterprise Systems
 
File Manager for z/OS - Overview
File Manager for z/OS - OverviewFile Manager for z/OS - Overview
File Manager for z/OS - OverviewDevOps for Enterprise Systems
 
InterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make Sense
InterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make SenseInterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make Sense
InterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make SenseDevOps for Enterprise Systems
 
Drinking our own champagne - z Systems Development and Test Environment V10
Drinking our own champagne - z Systems Development and Test Environment V10Drinking our own champagne - z Systems Development and Test Environment V10
Drinking our own champagne - z Systems Development and Test Environment V10DevOps for Enterprise Systems
 

Recommended

InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...
InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...
InterConnect 2017 : Cognitive DevOps: Get Rid of the Guesswork to Improve Sof...DevOps for Enterprise Systems
 
InterConnect 2017 : Programming languages in the enterprise: Which language s...
InterConnect 2017 : Programming languages in the enterprise: Which language s...InterConnect 2017 : Programming languages in the enterprise: Which language s...
InterConnect 2017 : Programming languages in the enterprise: Which language s...DevOps for Enterprise Systems
 
InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...
InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...
InterConnect 2017 : Do You Have the Right Solution for z/OS Application Devel...DevOps for Enterprise Systems
 
InterConnect 2017 : Mastering the z Systems Development and Test Environment ...
InterConnect 2017 : Mastering the z Systems Development and Test Environment ...InterConnect 2017 : Mastering the z Systems Development and Test Environment ...
InterConnect 2017 : Mastering the z Systems Development and Test Environment ...DevOps for Enterprise Systems
 
Fault Analyzer for z/OS Overview
Fault Analyzer for z/OS OverviewFault Analyzer for z/OS Overview
Fault Analyzer for z/OS OverviewDevOps for Enterprise Systems
 
File Manager for z/OS - Overview
File Manager for z/OS - OverviewFile Manager for z/OS - Overview
File Manager for z/OS - OverviewDevOps for Enterprise Systems
 
InterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make Sense
InterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make SenseInterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make Sense
InterConnect 2017 : Git for COBOL and PL/I?—Yes, It Can Make SenseDevOps for Enterprise Systems
 
Drinking our own champagne - z Systems Development and Test Environment V10
Drinking our own champagne - z Systems Development and Test Environment V10Drinking our own champagne - z Systems Development and Test Environment V10
Drinking our own champagne - z Systems Development and Test Environment V10DevOps for Enterprise Systems
 
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARInterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARDevOps for Enterprise Systems
 
Rational Development & Test for z Systems 9.5 Webinar with Rogers Communications
Rational Development & Test for z Systems 9.5 Webinar with Rogers CommunicationsRational Development & Test for z Systems 9.5 Webinar with Rogers Communications
Rational Development & Test for z Systems 9.5 Webinar with Rogers CommunicationsSherri Hanna
 
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2Susan Yoskin
 
IBM Application Delivery Foundation for z Systems
IBM Application Delivery Foundation for z SystemsIBM Application Delivery Foundation for z Systems
IBM Application Delivery Foundation for z SystemsDevOps for Enterprise Systems
 
Mainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live DataMainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live DataDevOps for Enterprise Systems
 
Enabling z Agility with DevOps and Enterprise Transformation
Enabling z Agility with DevOps and Enterprise TransformationEnabling z Agility with DevOps and Enterprise Transformation
Enabling z Agility with DevOps and Enterprise TransformationDevOps for Enterprise Systems
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems
 
Rational developer for z systems : DevOps benefits here and now
Rational developer for z systems : DevOps benefits here and nowRational developer for z systems : DevOps benefits here and now
Rational developer for z systems : DevOps benefits here and nowDevOps for Enterprise Systems
 
Converting to the latest COBOL Compiler made simple with the right tools
Converting to the latest COBOL Compiler made simple with the right toolsConverting to the latest COBOL Compiler made simple with the right tools
Converting to the latest COBOL Compiler made simple with the right toolsDevOps for Enterprise Systems
 
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITAligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITDevOps for Enterprise Systems
 
Continuous Integration and Deployment on Rational Development and Test Enviro...
Continuous Integration and Deployment on Rational Development and Test Enviro...Continuous Integration and Deployment on Rational Development and Test Enviro...
Continuous Integration and Deployment on Rational Development and Test Enviro...DevOps for Enterprise Systems
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudRosalind Radcliffe
 
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems SoftwareLessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems SoftwareDevOps for Enterprise Systems
 
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudFlexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudDevOps for Enterprise Systems
 
Quantifying DevOps Adoption Empirically for Demonstrable ROI
Quantifying DevOps Adoption Empirically for Demonstrable ROIQuantifying DevOps Adoption Empirically for Demonstrable ROI
Quantifying DevOps Adoption Empirically for Demonstrable ROIDevOps for Enterprise Systems
 
Introduction to IBM UrbanCode Deploy and Release
Introduction to IBM UrbanCode Deploy and ReleaseIntroduction to IBM UrbanCode Deploy and Release
Introduction to IBM UrbanCode Deploy and ReleaseRob Cuddy
 
NRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
NRB - BE MAINFRAME DAY 2017 - Compuware Dev OpsNRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
NRB - BE MAINFRAME DAY 2017 - Compuware Dev OpsNRB
 
Cics Ts 4.1 Technical Overview
Cics Ts 4.1 Technical OverviewCics Ts 4.1 Technical Overview
Cics Ts 4.1 Technical OverviewCICS ROADSHOW
 
A Software Factory Integrating Rational Team Concert and WebSphere tools
A Software Factory Integrating Rational Team Concert and WebSphere toolsA Software Factory Integrating Rational Team Concert and WebSphere tools
A Software Factory Integrating Rational Team Concert and WebSphere toolsProlifics
 
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems - Rosalind RadcliffeDevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems - Rosalind RadcliffeDevOps for Enterprise Systems
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
Sumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkSumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkAnna Royzman
 

More Related Content

What's hot

InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARInterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARDevOps for Enterprise Systems
 
Rational Development & Test for z Systems 9.5 Webinar with Rogers Communications
Rational Development & Test for z Systems 9.5 Webinar with Rogers CommunicationsRational Development & Test for z Systems 9.5 Webinar with Rogers Communications
Rational Development & Test for z Systems 9.5 Webinar with Rogers CommunicationsSherri Hanna
 
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2Susan Yoskin
 
Mainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live DataMainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live DataDevOps for Enterprise Systems
 
Enabling z Agility with DevOps and Enterprise Transformation
Enabling z Agility with DevOps and Enterprise TransformationEnabling z Agility with DevOps and Enterprise Transformation
Enabling z Agility with DevOps and Enterprise TransformationDevOps for Enterprise Systems
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems
 
Rational developer for z systems : DevOps benefits here and now
Rational developer for z systems : DevOps benefits here and nowRational developer for z systems : DevOps benefits here and now
Rational developer for z systems : DevOps benefits here and nowDevOps for Enterprise Systems
 
Converting to the latest COBOL Compiler made simple with the right tools
Converting to the latest COBOL Compiler made simple with the right toolsConverting to the latest COBOL Compiler made simple with the right tools
Converting to the latest COBOL Compiler made simple with the right toolsDevOps for Enterprise Systems
 
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITAligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITDevOps for Enterprise Systems
 
Continuous Integration and Deployment on Rational Development and Test Enviro...
Continuous Integration and Deployment on Rational Development and Test Enviro...Continuous Integration and Deployment on Rational Development and Test Enviro...
Continuous Integration and Deployment on Rational Development and Test Enviro...DevOps for Enterprise Systems
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudRosalind Radcliffe
 
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems SoftwareLessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems SoftwareDevOps for Enterprise Systems
 
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudFlexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudDevOps for Enterprise Systems
 
Quantifying DevOps Adoption Empirically for Demonstrable ROI
Quantifying DevOps Adoption Empirically for Demonstrable ROIQuantifying DevOps Adoption Empirically for Demonstrable ROI
Quantifying DevOps Adoption Empirically for Demonstrable ROIDevOps for Enterprise Systems
 
Introduction to IBM UrbanCode Deploy and Release
Introduction to IBM UrbanCode Deploy and ReleaseIntroduction to IBM UrbanCode Deploy and Release
Introduction to IBM UrbanCode Deploy and ReleaseRob Cuddy
 
NRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
NRB - BE MAINFRAME DAY 2017 - Compuware Dev OpsNRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
NRB - BE MAINFRAME DAY 2017 - Compuware Dev OpsNRB
 
Cics Ts 4.1 Technical Overview
Cics Ts 4.1 Technical OverviewCics Ts 4.1 Technical Overview
Cics Ts 4.1 Technical OverviewCICS ROADSHOW
 
A Software Factory Integrating Rational Team Concert and WebSphere tools
A Software Factory Integrating Rational Team Concert and WebSphere toolsA Software Factory Integrating Rational Team Concert and WebSphere tools
A Software Factory Integrating Rational Team Concert and WebSphere toolsProlifics
 

What's hot (20)

InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPARInterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
InterConnect 2017 : z/OS-as-a-Service: The Disposable LPAR
 
Rational Development & Test for z Systems 9.5 Webinar with Rogers Communications
Rational Development & Test for z Systems 9.5 Webinar with Rogers CommunicationsRational Development & Test for z Systems 9.5 Webinar with Rogers Communications
Rational Development & Test for z Systems 9.5 Webinar with Rogers Communications
 
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
RDZ for Cobol Programmers slides 7 14 Debugger deep dive final2
 
IBM Application Delivery Foundation for z Systems
IBM Application Delivery Foundation for z SystemsIBM Application Delivery Foundation for z Systems
IBM Application Delivery Foundation for z Systems
 
Mainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live DataMainframe Application Testing both With and Without Live Data
Mainframe Application Testing both With and Without Live Data
 
Enabling z Agility with DevOps and Enterprise Transformation
Enabling z Agility with DevOps and Enterprise TransformationEnabling z Agility with DevOps and Enterprise Transformation
Enabling z Agility with DevOps and Enterprise Transformation
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a Startup
 
Rational developer for z systems : DevOps benefits here and now
Rational developer for z systems : DevOps benefits here and nowRational developer for z systems : DevOps benefits here and now
Rational developer for z systems : DevOps benefits here and now
 
Converting to the latest COBOL Compiler made simple with the right tools
Converting to the latest COBOL Compiler made simple with the right toolsConverting to the latest COBOL Compiler made simple with the right tools
Converting to the latest COBOL Compiler made simple with the right tools
 
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed ITAligning the Fast & the Slow: The Reality of Multi-Speed IT
Aligning the Fast & the Slow: The Reality of Multi-Speed IT
 
Continuous Integration and Deployment on Rational Development and Test Enviro...
Continuous Integration and Deployment on Rational Development and Test Enviro...Continuous Integration and Deployment on Rational Development and Test Enviro...
Continuous Integration and Deployment on Rational Development and Test Enviro...
 
Gartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid CloudGartner EA Architecting for DevOps and Hybrid Cloud
Gartner EA Architecting for DevOps and Hybrid Cloud
 
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems SoftwareLessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
Lessons Learned from Large Scale Adoption of DevOps for IBM z Systems Software
 
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the CloudFlexible DevOps Deployment of Enterprise Test Environments in the Cloud
Flexible DevOps Deployment of Enterprise Test Environments in the Cloud
 
Quantifying DevOps Adoption Empirically for Demonstrable ROI
Quantifying DevOps Adoption Empirically for Demonstrable ROIQuantifying DevOps Adoption Empirically for Demonstrable ROI
Quantifying DevOps Adoption Empirically for Demonstrable ROI
 
Introduction to IBM UrbanCode Deploy and Release
Introduction to IBM UrbanCode Deploy and ReleaseIntroduction to IBM UrbanCode Deploy and Release
Introduction to IBM UrbanCode Deploy and Release
 
NRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
NRB - BE MAINFRAME DAY 2017 - Compuware Dev OpsNRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
NRB - BE MAINFRAME DAY 2017 - Compuware Dev Ops
 
Cics Ts 4.1 Technical Overview
Cics Ts 4.1 Technical OverviewCics Ts 4.1 Technical Overview
Cics Ts 4.1 Technical Overview
 
A Software Factory Integrating Rational Team Concert and WebSphere tools
A Software Factory Integrating Rational Team Concert and WebSphere toolsA Software Factory Integrating Rational Team Concert and WebSphere tools
A Software Factory Integrating Rational Team Concert and WebSphere tools
 
DevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems - Rosalind RadcliffeDevOps for Enterprise Systems - Rosalind Radcliffe
DevOps for Enterprise Systems - Rosalind Radcliffe
 

Similar to Leverage DevOps & Agile to Transform Application Testing

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
Sumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkSumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkAnna Royzman
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Trupti Shiralkar, CISSP
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentationaksit_services
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 

Similar to Leverage DevOps & Agile to Transform Application Testing (20)

Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
Sumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkSumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing Framework
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
AKS IT Corporate Presentation
AKS IT Corporate PresentationAKS IT Corporate Presentation
AKS IT Corporate Presentation
 
Aksit profile final
Aksit profile finalAksit profile final
Aksit profile final
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 

More from DevOps for Enterprise Systems

Webcast : Uncover buried treasure code with business-rule mining and ADDI
Webcast : Uncover buried treasure code with business-rule mining and ADDIWebcast : Uncover buried treasure code with business-rule mining and ADDI
Webcast : Uncover buried treasure code with business-rule mining and ADDIDevOps for Enterprise Systems
 
Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...
Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...
Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...DevOps for Enterprise Systems
 
Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...
Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...
Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...DevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise - Microservices, APIs
IBM Z for the Digital Enterprise - Microservices, APIsIBM Z for the Digital Enterprise - Microservices, APIs
IBM Z for the Digital Enterprise - Microservices, APIsDevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise - IBM Z Software Keynote
IBM Z for the Digital Enterprise - IBM Z Software KeynoteIBM Z for the Digital Enterprise - IBM Z Software Keynote
IBM Z for the Digital Enterprise - IBM Z Software KeynoteDevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise - IBM Z Open Data Analytics
IBM Z for the Digital Enterprise - IBM Z Open Data AnalyticsIBM Z for the Digital Enterprise - IBM Z Open Data Analytics
IBM Z for the Digital Enterprise - IBM Z Open Data AnalyticsDevOps for Enterprise Systems
 
Webinar : Modernize and Simplify IT Operations Management for DevOps Success
Webinar : Modernize and Simplify IT Operations Management for DevOps Success Webinar : Modernize and Simplify IT Operations Management for DevOps Success
Webinar : Modernize and Simplify IT Operations Management for DevOps Success DevOps for Enterprise Systems
 
Webinar : So you want to provision a test environment...
Webinar : So you want to provision a test environment... Webinar : So you want to provision a test environment...
Webinar : So you want to provision a test environment... DevOps for Enterprise Systems
 
Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...
Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...
Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...DevOps for Enterprise Systems
 
Replace Outdated DevOps Tools with Innovative & Modern Pipelines
Replace Outdated DevOps Tools with Innovative & Modern PipelinesReplace Outdated DevOps Tools with Innovative & Modern Pipelines
Replace Outdated DevOps Tools with Innovative & Modern PipelinesDevOps for Enterprise Systems
 
Beyond Build Pipelines - Continuous Delivery's Messy Reality
Beyond Build Pipelines - Continuous Delivery's Messy RealityBeyond Build Pipelines - Continuous Delivery's Messy Reality
Beyond Build Pipelines - Continuous Delivery's Messy RealityDevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise 2018 - API Discovery & Debugging
IBM Z for the Digital Enterprise 2018 - API Discovery & DebuggingIBM Z for the Digital Enterprise 2018 - API Discovery & Debugging
IBM Z for the Digital Enterprise 2018 - API Discovery & DebuggingDevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...DevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...
IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...
IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...DevOps for Enterprise Systems
 
IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...
IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...
IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...DevOps for Enterprise Systems
 

More from DevOps for Enterprise Systems (20)

Webcast : Uncover buried treasure code with business-rule mining and ADDI
Webcast : Uncover buried treasure code with business-rule mining and ADDIWebcast : Uncover buried treasure code with business-rule mining and ADDI
Webcast : Uncover buried treasure code with business-rule mining and ADDI
 
Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...
Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...
Webinar [Nov 15, 1 PM EST]: Release Orchestration and the Future of Continuou...
 
Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...
Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...
Webcast : Develop Mainframe Software with Open Source SCMs and IBM Dependency...
 
IBM Z for the Digital Enterprise - Microservices, APIs
IBM Z for the Digital Enterprise - Microservices, APIsIBM Z for the Digital Enterprise - Microservices, APIs
IBM Z for the Digital Enterprise - Microservices, APIs
 
IBM Z for the Digital Enterprise - IBM Z Software Keynote
IBM Z for the Digital Enterprise - IBM Z Software KeynoteIBM Z for the Digital Enterprise - IBM Z Software Keynote
IBM Z for the Digital Enterprise - IBM Z Software Keynote
 
IBM Z for the Digital Enterprise - DevOps for Z
IBM Z for the Digital Enterprise - DevOps for Z IBM Z for the Digital Enterprise - DevOps for Z
IBM Z for the Digital Enterprise - DevOps for Z
 
IBM Z for the Digital Enterprise - Java performance
IBM Z for the Digital Enterprise - Java performanceIBM Z for the Digital Enterprise - Java performance
IBM Z for the Digital Enterprise - Java performance
 
IBM Z for the Digital Enterprise - IBM Z Open Data Analytics
IBM Z for the Digital Enterprise - IBM Z Open Data AnalyticsIBM Z for the Digital Enterprise - IBM Z Open Data Analytics
IBM Z for the Digital Enterprise - IBM Z Open Data Analytics
 
IBM Z for the Digital Enterprise - Zowe overview
IBM Z for the Digital Enterprise - Zowe overviewIBM Z for the Digital Enterprise - Zowe overview
IBM Z for the Digital Enterprise - Zowe overview
 
IBM Z for the Digital Enterprise 2018 - Z Keynote
IBM Z for the Digital Enterprise 2018 - Z KeynoteIBM Z for the Digital Enterprise 2018 - Z Keynote
IBM Z for the Digital Enterprise 2018 - Z Keynote
 
Webinar : Modernize and Simplify IT Operations Management for DevOps Success
Webinar : Modernize and Simplify IT Operations Management for DevOps Success Webinar : Modernize and Simplify IT Operations Management for DevOps Success
Webinar : Modernize and Simplify IT Operations Management for DevOps Success
 
Webinar : So you want to provision a test environment...
Webinar : So you want to provision a test environment... Webinar : So you want to provision a test environment...
Webinar : So you want to provision a test environment...
 
Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...
Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...
Webinar : Don't Fumble the Data! Integrate Database Automation into your DevO...
 
Replace Outdated DevOps Tools with Innovative & Modern Pipelines
Replace Outdated DevOps Tools with Innovative & Modern PipelinesReplace Outdated DevOps Tools with Innovative & Modern Pipelines
Replace Outdated DevOps Tools with Innovative & Modern Pipelines
 
Beyond Build Pipelines - Continuous Delivery's Messy Reality
Beyond Build Pipelines - Continuous Delivery's Messy RealityBeyond Build Pipelines - Continuous Delivery's Messy Reality
Beyond Build Pipelines - Continuous Delivery's Messy Reality
 
Webcast : Are Your Cloud Applications Performing?
Webcast : Are Your Cloud Applications Performing?Webcast : Are Your Cloud Applications Performing?
Webcast : Are Your Cloud Applications Performing?
 
IBM Z for the Digital Enterprise 2018 - API Discovery & Debugging
IBM Z for the Digital Enterprise 2018 - API Discovery & DebuggingIBM Z for the Digital Enterprise 2018 - API Discovery & Debugging
IBM Z for the Digital Enterprise 2018 - API Discovery & Debugging
 
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
IBM Z for the Digital Enterprise 2018 - Offering API channel to application a...
 
IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...
IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...
IBM Z for the Digital Enterprise 2018 - Leverage best language for Transforma...
 
IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...
IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...
IBM Z for the Digital Enterprise 2018 - IBM ADDI as an Enabler for Digital Tr...
 

Recently uploaded

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Recently uploaded (20)

Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

Leverage DevOps & Agile to Transform Application Testing

  • 1. © 2017 IBM Corporation Leverage DevOps & Agile Development to Transform Your Application Testing Program: Client Case Study
  • 2. Speakers Shuchita Gupta Senior Software Client Architect & Leader IBM Sona Srinivasan Senior IT Architect, Global Architecture and Technology Services IT CISCO Systems, Inc. Alan Shimel Moderator, Editor-in-Chief DevOps.com 2
  • 3. State of Application Security Average time to detect APT 256 days Average cost of a U.S. data breach $6.5M Percentage of breaches due to Web attacks 40% Sources: IBM X-Force Threat Intelligence 2015; 2016 Verizon Data Breach Investigations Report; 2016 Cost of Data Breach Study: Global Analysis Average size of a U.S. data breach 30K records 3
  • 4. Conversations & Challenges How often should you think about security in the SDLC? Are automated DAST scans enough? Should I stop my release in a continuous delivery pipeline if my critical vulnerabilities aren't fixed? Can running SAST scans on each build reduce my need to run DAST scans? Should my user stories for security be incorporated in a sprint, or be a part of my design? Key: SAST – Static Application Security Testing DAST – Dynamic Application Security Testing 4
  • 6. The Sec Ops Journey Conversations that launched with Agile The Steps to Cognitive Security Examples of Continuous Security Continuous Security at Cisco Adapting to Threats & Attacks Together 6 6
  • 7. Continuous Security Example #1 Architecture & Security Requirements • Threat Modeling By Feature & Design - For every major application re-design or major feature change, Threat Models must be built based on the application’s design changes • Security assessments and User Stories Tie in, where security assessments answer the Who, Why and What of the feature and application. Documented Security Design Revisit of the data classification for data at Rest, and Transit • E.g.: Employee data on Company System becomes Customer Data on Insurance System, data changes classification from system to system, depending on the consuming application • Application Profiling at the time of Provisioning for baselining 7
  • 8. Continuous Security Example #2 Running static security scans on GIT repo branches is considered continuous security with: • Code Tagging (E.g.: deployed code tags needs to have meta data about the code) with insights into code patterns (E.g.: Singleton Usages, Factory patterns etc. tied to security insights) • Developer Behaviors (E.g.: Developers who code in JAVA might need training in SQL Injections etc., novice developers might need training in XSS) • Code-branch Patterns (E.g.: Code reposes with fewer branches might have more to catch as branched code might be more modularized and secure) • Vulnerability Trends (E.g.: HR apps have SQL Injections, while Service X might have the most vulnerable code) • Types of Languages used tied to type of data classification (E.g.: Cisco is a big JAVA and PL/SQL Shop with movement towards Apex and Angular etc.…) 8
  • 9. Continuous Security Example #3 Automated DAST is seen as continuous security with security benchmarking • Quality Pre-requisites for DAST – Can Deployment workflows check for Quality & Load Tests before running DAST scans? (Have QA bugs been fixed so DAST is spending more time on the security threat classes?) • Are the DAST Test environments close to Production and stable enough for graceful recovery from the DAST attacks (DMZ, Core Zone, Data Center, PaaS profile), especially in a continuous environment? Example - Network latency of the source call of the DAST scan to the Application Destination environment (Eg: India to Richardson) 9
  • 10. Continuous Security Example #4 Management of Incident Response data and mapping to application attacks, environment attacks with: • Pre-Deployment Security Posture and: • SAST • DAST • Open Source Scanning • App Profiling (Cloud native, hybrid, on premise etc.) • Penetration Test Results • Post-Deployment Security Posture of: • Applications • Data • Environment 10
  • 12. Development Platform as a Service Cloud Apps Apps Built Apps Bought Web Mobile Mobile Web DAST Deployment …… Repo Mgmt. Binary Executable Mgmt. Executable Mgmt. …… …… …… …… Binary Analyzer Mobile DAST Build Automation SAST Cloud Ready DAST Quality Assurance Deployment Post-Deployment Mgmt. Penetration Test Deployment Repo Mgmt. Repo Mgmt. Build Automation Build Automation Quality Assurance Quality Assurance SAST SAST Penetration Test Penetration Test Post-Deployment Mgmt. Post-Deployment Mgmt. Quality Assurance Quality Assurance DAST Binary Analyzer Mobile DAST Deployment Deployment Penetration Test Penetration Test Post-Deployment Mgmt. Post-Deployment Mgmt. APIs Repo Mgmt. Build Automation Quality Assurance SAST Deployment Cloud Ready DAST Penetration Test Post-Deployment Mgmt. 12
  • 13. APP Profiling & DPAAS Choice App Stack Provisioning & App Profiling Cloud API Web App Built Cloud App Mobile App Built Web App Packaged Mobile App Packaged Incidents & Security Breaches App Profile (comp- osite) 13
  • 15. Continuous Security at Cisco People & Skillset Technology & Automation Governance & Audits 1. Continuous Education on Process & Technology 2. In-Context Training as opposed to On-Demand  3. Federated Security Personnel in the functions 1. Watch the Market & Developer world 2. Our eyes are on PaaS changes and Developer Tools & Technology Changes 1. Bringing The Policy to the user 2. Moving Governance into the Life Cycle – Start Right, rather than shift left  3. Multi-Check Points 15
  • 16. Journey to COGNITIVE •Good Domain Knowledge • Developer Skill-Set will range from beginner to seasoned Simplify • Process is simple and mature for automation •Intermediate Skill-Set of the Developer Automate • Go from multiple sub- systems to digital components in streams • Expert Developer Digitize • Developer is knowledgeable enough on when to apply machine learning to enable speed • Adding Specific Bots to address bottlenecks is a great way to ease the experience problem for security tools & their complexity Machine Learning • Developer is a Highly Seasoned with domain expertise and data architectures which then leverage cognitive APIs for Proactive Security Guidance Cognitive Process Complexity Developer Skillset 16
  • 17. Managing Risk Holistically Comprehensive attack surface minimization through insights Bottoms up & Top down Vulnerability management Technology ecosystem – with Vendors Always remember the application is the front door - Trained Ninjas 17
  • 18. Key Resources to Learn More 18 • Forrester Report “Secure Applications at the Speed of DevOps” • Gartner 2017 Magic Quadrant for Application Security Testing • Forrester Total Economic Impact (TEI) Study • E-Guide: 5 Steps to Achieve Risk-Based Application Security Management
  • 20. © 2017 IBM Corporation Thank You!

Editor's Notes

  1. Slides 1-2: Alan General introductions and topic overview