1 / 6

Advanced 360 Techniques

Advanced 360 Techniques. Eric Friese Software Security Consultant eric.friese@hp.com. Advanced 360 Techniques. Agenda Automating Fortify SCA Scans Fortify 360 Email Alerts Demo. Advanced 360 Techniques. First Phase – Initial scans with Fortify SCA.

cady
Download Presentation

Advanced 360 Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Advanced 360 Techniques Eric Friese Software Security Consultant eric.friese@hp.com

  2. Advanced 360 Techniques Agenda • Automating Fortify SCA Scans • Fortify 360 Email Alerts • Demo

  3. Advanced 360 Techniques • First Phase – Initial scans with Fortify SCA • Second Phase – Build Integration and Automation • Never have to worry about when the last scan was performed • Security vulnerabilities are found earlier in the lifecycle • Can be automatically uploaded to Fortify 360 Server Set it and forget it! ~Ron Popeil

  4. Advanced 360 Techniques Fortify SCA Supported Build Integration • Plugin Support • Apache ANT • Apache Maven • Make • Configuration Support • MS Build • Microsoft Team Foundation Server • Nant • Any system that can support running command line calls • Most continuous build systems use the above systems • What if I don’t have a build system? • Automating SCA is still possible • Batch/Shell Script scheduled with Windows Tasks or Cron

  5. Advanced 360 Techniques Fortify 360 Server Alerts • Alert Destinations • Alerts are sent via Email • Also displayed on the Dashboard • Alerts are generated on action (such as FPR upload) • Alert Examples • New Issues • Critical Vulnerability Threshold • Vulnerability Specific (Cross Site Scripting, SQL Injection, etc) • Audit Level Reached • Recipient Flexibility • You Only • All Users With Access

  6. Advanced 360 Techniques Demo Scenario Build Server FPR Fortify 360 Server User

More Related