1 / 22

Application Security Center Overview

Application Security Center Overview. Caleb Sima Chief Technologist – Application Security Founder and CTO – SPI Dynamics Erik Peterson Sr. Director of Security Products & Research Application Security Center. Objectives. Define Application Security Center at HP

emilie
Download Presentation

Application Security Center Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application Security Center Overview Caleb Sima Chief Technologist – Application SecurityFounder and CTO – SPI Dynamics Erik Peterson Sr. Director of Security Products & Research Application Security Center

  2. Objectives • Define Application Security Center at HP • Describe how HP Application Security Center fits into HP BTO Software arsenal • Articulate the Application Security Center value proposition • Review customer examples • Remember key points “As you walk into Kickoff!”

  3. HP BTO Software offerings STRATEGY APPLICATIONS OPERATIONS Project and Portfolio Management Center Quality Center Business Availability Center Client Automation Center Service Management Center • Business Process Insight • End User Management • Problem Isolation • Service Level Management • System Availability Mgmt. • Discovery and Dependency Mapping • Diagnostics • Center Management • TestDirector • Releases • Requirements • Risk-based testing • Defects • Business process testing • Service test Mgmt. • Test Lab Mgmt. • SAP Change impact testing • Functional Testing • QuickTest Professional • WinRunner • SOA Testing • Security Testing • ServiceCenter • Help Desk • Service Level Mgmt. • Change Mgmt. • Knowledge Mgmt. • Request Mgmt. • Catalog Mgmt. • AssetCenter • Portfolio Mgmt. • Financial Mgmt. • Contract Mgmt. • Procurement • Software Asset Mgmt. • DecisionCenter • IT Performance Analytics • Business Impact Analytics • Decision Optimization • Change Control Manager • Process Automation • Live Network • Client Automation • Inventory • Usage • OS • Patch • Application • Settings • Portfolio Management • Project Management • Program Management • Demand Management • Resource Management • Time Management • Financial Management Operations Center • Operations Mgmt. • Service Impact Mgmt. • System Performance Mgmt. • Server and Storage Infrastructure Mgmt. • Application Infrastructure Mgmt. • Consolidated Reporting Data Center Automation Center • Process Automation • Server Automation • Network Automation • Storage Automation • Application Storage Automation • Storage Essentials • Service Automation Reporter • Service Automation Visualizer • Live Network Performance Center • LoadRunner/Performance Ctr. • VuGen • Controller • Load Generator • Monitors • Analysis • Diagnostics (J2EE, .NET, SOA, SAP, ORCL) • Center Management SOA Center Network Management Center • SOA Systinet • Registry/Repository • Policy Management • Contract Management • SOA Manager • Performance Monitoring • Problem Isolation • Policy Enforcement • Network Fault and Availability Management • Network Change and Configuration Management • Network Process Automation • Network Performance Management and Capacity Planning • WAN Optimization Identity Center • Select Access • Select Audit • Select Federation • Select Identity Application Security Center • DevInspect • QAInspect • WebInspect • Assessment Management Platform (AMP) Universal CMDB • • UCMDB • Discovery and Dependency Mapping • Change Control Manager 3 25 August 2014

  4. Optimize Security Initiatives with HP Application Security Center

  5. Market Drivers for Application Security Web Security Risks are Growing • The web is the easiest entry point • Networks are secure • Hackers know web applications are not • And Organizations are under pressure • More web applications • More regulatory requirements • More customer & partner demands • More pressure from shareholders Sources: Computer Emergency Response Team Coordination Center (CERT/CC), National Vulnerability Database, Open-Source Vulnerability Database, and the Symantec Vulnerability Database.

  6. “By 2009, 80% of companies will have suffered an application security incident. As a result, 80% will react by creating roles in the AD and testing organizations to ensure security is handled at the application level.” Source: Gartner

  7. Application Security Center lifecycle coverage Plan Requirements Design Build Test Production Enterprise application security assurance Source code validation Production assessment QA, integration testing HP DevInspect HP QAInspect HP WebInspect Enterprise security assurance and reporting HP Assessment Management Platform

  8. HP + SPI Dynamics A leader in web application security lifecycle solutions • SPI Dynamics had been a long-time partner of HP • Application Security Testing is the third pillar of quality management • Does it function, does it perform, is it secure? • Delivers an integrated market-leading solution that targets security, development, QA and operations teams Source: Published analyst rankings; HP estimates

  9. IntroducingHP Application Security Center • A comprehensive application security lifecycle solution for developers, quality assurance (QA) and operations • Mitigates risk by identifying and remediating web application and web services security vulnerabilities and defects • Provides ongoing security operations and security audit capabilities throughout the life of an application

  10. HP Application Security Center HP Application Security Center Dashboard Assessment Management Platform Distributed scanning Policy and compliance Centralized administration Vulnerability and risk management Alerts and reporting DevInspect QAInspect Microsoft Visual Studio IBM RAD Eclipse WebInspect HP Quality Center HP Functional Testing Foundation Intelligent engines SecureBase SmartUpdate Reporting Open APIs Hybrid analysis Security toolkit

  11. HP Application Security Services • Professional web security assessment services • We can assess the security of your web site for you • Implementation and Consulting Services • Backed by leading experts in the web security field (HP Security Labs – formerly SPI Labs) Use security services to complement your deals or build relationships with existing or new customers to drive software sales

  12. Competitive landscape

  13. HP Application Security Center Customer Examples

  14. $1.3B On-Line Retailer “I can’t say enough good things about WebInspect. It’s an incredible tool. It’s unbelievably fast. And it’s so much more accurate than anything else that we’ve tried.” Security Engineer for intrusion prevention team Objective Approach Results • Required to comply with Payment Card Industry (PCI) Standard • Manual web application assessments were too expensive and time consuming • Began using HP WebInspect for automated assessments • Used HP Assessment Management Platform to build an enterprise-wide secure web application development lifecycle • Purchased HP DevInspect to help developers build secure applications • Complete web application assessments in hours—not days or weeks • Rapid assessment enables continuous compliance with PCI DSS and other regulations

  15. Global $7B Entertainment Company “Thekeyhasbeenourabilitytogainsecurityvisibilityintothedevelopmentandqualityassuranceprocesses,andexpressqualityintermsofactionablesecuritydefectsthatneedtobefixed.” VP of Enterprise Architecture and Planning Objective Approach Results • Coordinate 25 development teams Across eight business units • Needed an easily managed, quick-to-deploy, accurate web application vulnerability scanner • Needed to promote collaboration across the company’s development, security, audit, & management teams. • Implemented HP WebInspect and HP QAInspect for HP Quality Center • Integrated Security testing with existing quality assurance processes and activities • Automated web application security testing from within HP Quality Center using HP QAInspect • Maintained fast-moving production schedule • Enabled QA & dev teams to standardize the defect management process • Helped ensure compliance with Sarbanes-Oxley & privacy laws from other countries

  16. Your sales opportunity • Opportunity • Any organization with internal or external facing web applications needs to secure their applications • Most organizations have hundreds or more web applications that they are struggling to secure • Complements existing Quality Management business • Significant Security up sell opportunities with QM customer base • Who to sell to • CIO, CSO, VP/Director of Engineering, Security or IT Operations, VP/Director Quality, VP/Director Development

  17. Overall Strategy and recommendations for Selling Application Security • Keys to selling • Find the security champion to help drive business across Dev/QA and Operations • Create C-Level champions by showing them how all products working together under our HP Assessment Management Platform will provide actionable metrics • Seed deals in security are very powerful, once they start finding security holes Pandora's box has been opened. • Lead with HP Assessment Management Platform + Product most likely suited for customer • HP Assessment Management Platform + HP QAInspect or HP Assessment Management Platform + HP WebInspect will be the most common • Length of typical sales cycle • 3 to 6 months for single department • 9 to 12 for cross enterprise opportunities

  18. As you walk into Kickoff – remember this…….. Anyone with a web application should be concerned about security Security market is on fire – Huge up sell opportunities Not just for Quality – Security selling opportunities across Dev, QA and Ops

  19. Resources • Products • Sales • Online

  20. Knowledge Check

  21. SECURE YOUR OUTCOMEGOOD LUCK AND GOOD SELLING!!!!

  22. Congratulations! You have completed the Application Security Center Overview. To continue with the remainder of your Sales Kick Off pre-work assignment, you may close this window. IMPORTANT! Upon closure of this window, the original window connected to the HPSU will refresh. Please allow a few seconds for the screen to rebuild. The following message will be displayed: If you click “Yes”, this part of the pre-work assignment will be marked as completed and you will no longer be able to view it. If you click “No”, the status part of the pre-work assignment will be marked as in progress and you may continue any time. To return to the overview of the pre-work assignment, click Home on the top left corner of the HPSU window. Click on SKO pre-work under ‘Current Registrations’ (lower half of the HPSU home page).

More Related