advanced 360 techniques n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Advanced 360 Techniques PowerPoint Presentation
Download Presentation
Advanced 360 Techniques

Loading in 2 Seconds...

play fullscreen
1 / 6

Advanced 360 Techniques - PowerPoint PPT Presentation


  • 193 Views
  • Uploaded on

Advanced 360 Techniques. Eric Friese Software Security Consultant eric.friese@hp.com. Advanced 360 Techniques. Agenda Automating Fortify SCA Scans Fortify 360 Email Alerts Demo. Advanced 360 Techniques. First Phase – Initial scans with Fortify SCA.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Advanced 360 Techniques' - cady


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
advanced 360 techniques

Advanced 360 Techniques

Eric Friese

Software Security Consultant

eric.friese@hp.com

advanced 360 techniques1
Advanced 360 Techniques

Agenda

  • Automating Fortify SCA Scans
  • Fortify 360 Email Alerts
  • Demo
advanced 360 techniques2
Advanced 360 Techniques
  • First Phase – Initial scans with Fortify SCA
  • Second Phase – Build Integration and Automation
      • Never have to worry about when the last scan was performed
      • Security vulnerabilities are found earlier in the lifecycle
      • Can be automatically uploaded to Fortify 360 Server

Set it and forget it! ~Ron Popeil

advanced 360 techniques3
Advanced 360 Techniques

Fortify SCA Supported Build Integration

  • Plugin Support
    • Apache ANT
    • Apache Maven
    • Make
  • Configuration Support
    • MS Build
    • Microsoft Team Foundation Server
    • Nant
    • Any system that can support running command line calls
  • Most continuous build systems use the above systems
  • What if I don’t have a build system?
    • Automating SCA is still possible
    • Batch/Shell Script scheduled with Windows Tasks or Cron
advanced 360 techniques4
Advanced 360 Techniques

Fortify 360 Server Alerts

  • Alert Destinations
    • Alerts are sent via Email
    • Also displayed on the Dashboard
  • Alerts are generated on action (such as FPR upload)
  • Alert Examples
    • New Issues
    • Critical Vulnerability Threshold
    • Vulnerability Specific (Cross Site Scripting, SQL Injection, etc)
    • Audit Level Reached
  • Recipient Flexibility
    • You Only
    • All Users With Access
advanced 360 techniques5
Advanced 360 Techniques

Demo Scenario

Build Server

FPR

Fortify 360 Server

User