Upload
sivamurugan-perumal
View
228
Download
0
Embed Size (px)
Citation preview
8/7/2019 Securing To Days Application
1/12
SWG Rational Marketing Software Delivery Program
Securing todaysapplicationsDesign, deliver and secure smarter software and services
8/7/2019 Securing To Days Application
2/12
2 Securing todays applications
The What, Where and How of Application
SecurityWhy is application security such a hot issue moving into
2010 and beyond?
Applications are becoming more pervasive, organizations are
growing and implementing smarter software to support
business process, product development and daily operations.
The way businesses are dealing with their customers, their
partners and their own internal businesses is changing andbecoming more complex. New SOA-oriented architectures and
the extension of things like the electrical grid are becoming an
essential part of an organizations everyday.
So it is natural that the security ramications of deploying all
of these applications are a very important concern for
customers. Theyve generally done a very good job over the
last 10 or 15 years in understanding the established security
technologies for tasks like networking and operations, and
managing security procedures like access control or
authentication. But now, as these new applications roll out,
theyre really changing the game.
In many ways, these applications can exist in a couple of
worlds. Sometimes they can have portions of their behavior
inside a rewall, while sometimes it will be external to the
rewall, such as the web-facing front end to a legacy back-end
application. The possible security problems are not just the
threat surface that gets exposed with new applications, but are
also the composite of behaviors that goes on outside the
rewall at the front end of the application, and all of the
possible unintended consequences of the new exposure to the
internal application.
All of these things are conspiring together: the inux of new
applications, the increased importance of applications for core
business goals and the difculty in terms of understanding the
way in which all these components will play together. These
forces are driving applications into a place of prominence in
the current environment.
Four strategic best practices for protecting webapplications
To address security-related issues as they pertain to web
applications, organizations can employ four broad, strategic
best practices.
1. Increase security awareness
This includes training, communication and monitoring
activities, preferably in cooperation with a consultant.
Training
Provide annual security training for all application team
members: developers, quality assurance professionals, analysts
and managers. Describe current attacks and a recommended
remediation process. Discuss the organizations currentsecurity practices. Require developers to attend training to
master the frameworks prebuilt security functions. Use
vendor-supplied material to train users on commercial off-the-
shelf (COTS) security tools, and include security training in
the project plan.
8/7/2019 Securing To Days Application
3/12
SWG Rational Marketing Software Delivery Program
Communication
Collect security best practices from across all teams and lines
of business in your organization. Distribute them in a brief
document and make them easily accessible on an intranet. Get
your IT security experts involved early and develop processes
that include peer mentoring. Assign a liaison from the security
team to every application team to help with application
requirements and design.
Monitoring
Ensure that managers stay aware of the security status of every
application in production. Track security errors through your
normal defect tracking and reporting infrastructures to give all
parties visibility.
2. Categorize application risk and liability
Every organization has limited resources and must manage
priorities. To help set security priorities, you can:
Dene risk thresholds and specify when the security team will
terminate application services. Categorize applications by risk factors (e.g., Internet or
intranet vs. extranet).
Generate periodic risk reports based on security scans that
match issues to dened risk thresholds.
Maintain a database that can analyze and rank applications by
risk, so you can inform teams of how their applications stack
up against deployed systems.
3. Set a zero-tolerance enorcement policy
An essential part of governing the development and delivery
process, a well-dened security policy can reduce your risk of
deploying vulnerable or noncompliant applications. Duringinception, determine which tests the application must pass
before deployment, and inform all team members. Formally
review requirements and design specications for security
issues during inception and elaborationbefore coding begins.
Allow security exceptions only during design and only with
appropriate executive-level approval.
4. Integrate security testing throughout the development
and delivery process
By integrating security testing throughout the delivery
lifecycle, you can have signicant positive effects on the design,
development and testing of applications. You should base
functional requirements on security tests your application must
pass, making sure that your test framework.
Application security planning and security strategy should bebased on systematic process and practices and not symptomatic
issues that arise during a testing cycle.
The Business Case for Data Protection was the rst study
to determine what senior executives think about the value
proposition of corporate data protection efforts within their
organizations
Poneman Business case for Data Protection (US)
Poneman Business case for Data Protection (UK
https://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptushttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-rtl-ponemonrptukhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptus8/7/2019 Securing To Days Application
4/12
4 Securing todays applications
Secure by DesignInnovation depends upon the safe and reliable operation of the
systems that will gather, transmit and analyze data,
communicate and act upon the results and advance the
capabilities of highly distributed organizations to unify and
focus on critical shared goals. This type of security, this type of
safety, is not something that can simply be bolted onto the
solutions as an afterthought. It must be considered from the
rst requirements to the nal implementation, and it must beinherent in the capabilities that are brought to bear as these
complex problems are solved. The reliability of these solutions
cannot be jeopardized by delay. They must be Secure by Design.
Secure by Design demonstrates that cost-effective security
begins with the creation of secure systems from the start.
Time-to-market, maintenance and the devastating costs of
public breaches are reduced through the benets of integrating
secure practices early in the development lifecycle. It is a
long-standing axiom that functional defects identied during
system development are orders of magnitude less costly to
repair than those found in production systems, and the benets
and savings are even higher when it comes to security. Current
models show us that the average data breach costs an
organization roughly $6.6M, and that the average cost per lost
customer data record is over $200. These numbers are
staggering. Vulnerability within some Smarter Planet systems
is even more destructive, as some systems manage critical
infrastructure, and failure can disable entire regions or worse,
jeopardize lives.
A critical enabler of trust in this process is the ongoing
validation of the security of critical applications. System
development history has shown us that there is a natural
tendency for implementations to veer from their original
designs, and that constant reinforcement of design objectives
through testing and assessment are the most practical means of
arriving at a deliverable with the proper attributes. Security is
no different, but can be more difcult to assess. Security,
particularly at the coding and implementation level, is not a
widely understood discipline, and its inclusion in the set of
critical deliverables will only be possible as organizations
simplify and automate security checking in ways similar to
those employed for functional and performance testing. The
IBMRational AppScan suite of products has been created
to integrate within this environment, whether through
application scanning on the developer desktop, at the nightly
or weekly build server, or through targeted penetration testing
of the nal application.
In practice, not every application can be protected from every
threat, and the continuous appearance of new attacks means
that todays results will never be sufcient to guarantee
tomorrows safety. As a result, the path to maximizing the
security of an application begins by rigorously testing that
application today, and planning for its continuing testing as the
application, and the threats it encounters, evolve.
Automated source code analysis is widely recognized as the
most effective method of this type of testing early in the life
cycle, because it allows for a consistent and repeatableassessment of source code without requiring the additional
assets that would be needed to eld a completed system to test.
The best of these technologies provide the most valuable
results by pinpointing the vulnerability at the precise line of
code and detailing information about the type of aw, degree of
criticality and how to x it. Ethnical hacking is also an
important element of software security, but its value comes later
in the life cycle, when it can be used on a completed application
with a functional interface. Together, these approaches can
paint a picture which is both comprehensive in its scope and
useful in the level and amount of detail that it provides.
8/7/2019 Securing To Days Application
5/12
SWG Rational Marketing Software Delivery Program
Securing components and systems from their inception
produces a exibility and sense of assurance that fuels the
growth and adaptability of the Smarter Planet. Early
implementations of smarter projects are only the beginning of
the potential for integrating information and technology to
solve fundamental infrastructural problems. Systems which are
gathering information to optimize a Smarter City today may
well be repurposed in the future to bring smarter healthcare or
smarter communications to the same area. By designing thecore components with security in mind, adapting them to a
new area of use becomes much more straightforward,
eliminating the need to re-engineer the component for the
next role it may fulll.
Roadblocks to building in security
Among the most common impediments to the adoption of
security testing in the software development life cycle, the
most difcult to overcome is typically the gap between
development group functions and the security teams priorities.
The skill sets themselves are rarely present in the same
individual or even group, and organizationally there is verylittle inherent synergy. While development goals focus on
product functionality and on-schedule delivery, security
analysts are often tasked with eliminating vulnerabilities and
implementing security controls only after the applications are
completed and deployed. Development is rewarded for
on-time delivery, while security is rewarded for preventing the
deployment of an insecure application. To effectively decrease
vulnerabilities created during the development process,
development and security teams must cooperate, and in all
cases, higher-level management support for improving security
during development is essential.
There also exists a general reluctance to alter an existing
software development life-cycle process which can delay
implementation of security testing. In these cases, an
understanding of the business-level benets to be gained is
usually enough incentive to move things forward. There are
some common misconceptions about the potential and
difculties of improving security within the development
process.
Fiction: The development schedule cannot delay any other
activities, not even to address security issues.
Fact:There might be initial delays to the development cycle as
individuals learn the new system, but this is indisputably the
most time-efcient method for reducing software risk. The
process eventually reduces development time by instilling
good, secure coding practices among developers, and these
practices reduce time spent elsewhere in the cycle, such as
during security and acceptance testing of the nal application.
Fiction: We are already doing peer review; therefore, we donot need additional security code reviews.
Fact:A peer review is not a substitute for a security review.
Peer reviews are typically used to nd functional bugs. Unless
reviewers have a deep understanding of application security,
many of the more critical security vulnerabilities and design
aws are missed. In many cases, the best-intentioned user
requirement implemented without functional error can lead to
the greatest security risk. Common security errors will traverse
thousands of lines of code and many les, leading to a very
challenging, if not impossible, task of manual identication.
Assigning core responsibilities
Many enterprises still nd it challenging to identify the most
appropriate method and resources to implement source code
analysis in their development life cycle. Utilizing a series of
workow models to help guide the implementation of
automated source code scanning into an existing development
process is the most effective way to achieve a favorable
approach. Although it is clear that development organizations
8/7/2019 Securing To Days Application
6/12
6 Securing todays applications
and processes each have their own distinct characteristics, the
functions below are primary to source code testing and must
be served by existing staff or experts brought in during
implementation.
Set security requirements: A manager or central source of
business requirements meets with groups with security
expertise to dene the security requirements of the application,
the vulnerabilities that would most jeopardize its function, and
assign criticality based on business needs.
Confgure analysis: Internal denitions are used to customize
the source code analysis tool to match policies, ensuring
sufcient and consistent review of applications.
Scan source code:The source code analysis tool is run againstthe target application or parts of the application to pinpoint
vulnerabilities. These scans are commonly automated, but can
also be executed on demand.
Prioritize results: Staff members with knowledge of security
and the application study results to prioritize remediation and
resources workow appropriately.
Remediate aws: Vulnerabilities are eliminated by rewriting
code, removing awed components, or adding security-related
functions.
Veriy fxes:The code is rescanned and studied to ensure the
code changes have eliminated the vulnerability while
maintaining application functionality.
Organizations which have already adopted this methodology
have seen very positive results. One major telecommunications
rm has gone so far as to apply the knowledge of their relevant
threats and the operational implementation goals of their
software components to devise an automated testing regimenthat is kicked off regularly with the software build. The
information generated has already been tailored by the security
team, and the results are regularly reviewed to ensure relevance
and continuing accuracy. In the interim, each build
automatically assesses the security of the software, and forwards
any newly found vulnerabilities to the appropriate development
groups for remediation. This integrated process has led to
much faster cycle times, decreased rework, and a far better
performance during rigorous pre-deployment certication.
Secure by Design as a goal has two different meanings. The
rst, as described here, relates to assembling the knowledge,tools and processes to generate components and systems that
will perform reliably and securely, through efforts at all phases
of the construction lifecycle. The second meaning, though, is
equally important: As we enter this instrumented age, and we
come to expect technology to improve our day-to-day
existence in new ways, we must acknowledge our responsibility
to make our organizations Secure by Design. We must
educate ourselves and our teams on the importance of security,
on the cost savings and benets of secure development, and on
the balance that must be reached between that concern and
concerns of functionality, performance, and time-to-market.
If we do this, then soon secure will be as natural a
characteristic of the Smarter Planet as fast, stable, or
easy-to-use.
For detailed information on three development models,
including workows and best practices, please see the
whitepaper Secure at the Source in the Web Application
Security e-Kit.
http://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsp8/7/2019 Securing To Days Application
7/12
SWG Rational Marketing Software Delivery Program
Hackers and Malware
The proliferation of malware designed to inltrate computer
systems without the owners informed consent has become one
of the most challenging security issues facing users today.
Hackers are engineering ever more sophisticated viruses,
worms and Trojan horses that can outsmart traditional defense
mechanisms.
Malicious software can be distributed in a variety of ways,and
attackers generally do not limit themselves to a single channel.
For a long time, email was the primary delivery mechanism,
and it is still signicant today. Network vulnerabilities and
instant messaging have also been used for pushing worms from
one machine to another.
Today, web applications are the primary delivery mechanisms
for malware via drive-by downloads or social engineering.
A drive-by download happens when a users machine becomes
compromised simply by browsing an infected web page. The
browser executes components that are maliciously crafted toexploit vulnerabilities in the browser, operating system or other
plug-ins as the page renders images, in-line scripts and videos,
for example.
Social engineering is a term used to describe tricking a user
into performing some action, such as downloading a le or
accepting a prompt. Scareware, such as an alarming pop-up
that prompts users to perform an action, is a good example of
this. A pop-up designed to look like an antivirus alert may read
A virus has been detected on your system and prompt a user
to download a cleanup utility, which is actually malware (often
a Trojan horse). In the fall of 2009, a major national newspaper
in the United States faced a version of this tactic in the form of
a scam that was designed to scare users into buying useless
antivirus software.
In recent years, occurrences of legitimate websites servingmalware have become more widespread. Previously, cautious
web surfers who avoided questionable sites, such as adult-
oriented or illegal download sites, could reasonably expect to
avoid attacks. This is not so today. Moreover, site owners rarely
even know that the compromise has occurred. Consider the
consequences. Users are no longer able to avoid exposure
through good judgment alone. The malware is delivered
through the sites they use and trust on a regular basisfor
personal and business needs. Web gateways can no longer rely
on blacklists of malicious sites without blocking legitimate sites
as well. So how are users expected to protect themselves, and
how can website owners avoid putting their users in harmsway? That question cant be addressed without understanding
how legitimate sites are compromised.
A look at how legitimate websites are compromised
In most cases, reputable websites are attacked using one or a
combination of four primary methods.
Vulnerability exploitation
Vulnerabilities on a site are a favorite target of criminals. These
could be 0-day vulnerabilities in the software running the
website or vulnerabilities in the application-specic code. Such
vulnerabilities can allow attackers to deface the site, making itlink or serve malicious content. Exploiting 0-day or very recent
vulnerabilities in web infrastructure (for example, web servers,
application servers and operating systems) is the primary
method of compromising websites today.
Uploaded malware on user-driven sites
User-driven Web 2.0 community sitesincluding blogs, wikis
and social media sitesthat let users create and post data likely
provides another popular malware delivery source. Worse,
technical vulnerabilities arent even necessary. If users are
8/7/2019 Securing To Days Application
8/12
8 Securing todays applications
allowed to add content and links to the site, they may be
uploading malicious items. For example, PDF document les
holding malicious content or images that exploit a security
hole in a graphics library can cause a legitimate website to
serve malware.
Internal attacksWebsite defenses are often not as robust when accessed from
within an internal network. As a result, internal resources, such
as disgruntled employees or an employee who has been
blackmailed, can modify a web application from within and
make it serve or link to malware.
Third-party content
Including third-party content such as ads or mashup
applications can multiply the risk of malware on your website.
Third-party sources may be malicious or may have been
compromised by yet another party, resulting in malware being
served through your applications pages. Consider anadvertising service serving Flashbased advertising banners.
Flash applications are powerful and dynamic and have potent
scripting engines. If an advertising company is not properly
vetting and analyzing each banner it posts, it may be serving
malicious banners that deliver malware.
Existing solutions
How can users be expected to protect themselves from
malware on legitimate websites? Certainly, users need to take
precautions by installing appropriate endpoint security
solutions, such as antivirus software, rewalls and other
security tools. But this will only get them so far. As a result,
website owners have signicant responsibilities in the matter,
as their users should expect a reasonable level of protection
against malicious code.
There are several ways companies and organizations can
protect the server side: an intrusion prevention system (IPS) or
similar network protection device that monitors outgoing
trafc, and server-side antivirus solutions. An IPS can examineall trafc returned from the site and block anything deemed
malicious. The problem with this approach is the depth of the
analysisthe IPS needs to work at a very high velocity to
support huge volumes of data, and thus can only afford a
fraction of a second to analyze passing content. As a result, its
analysis is mostly limited to matching known malicious
patterns against the content.
A server-side antivirus solution can be used to examine les on
the server and identify whether they are malicious. The
problem with this approach is visibility. Antivirus solutions are
designed to look for viruses in les, but are limited in theirability to examine content residing in the databases where most
applications store their dynamic content. Similarly, antivirus
solutions dont see or understand web pages, making them
blind to content that is linked from the website but not hosted
on them.
Currently, the most common way for criminals to make
legitimate websites serve malware is by injecting an iframe that
leads to a malicious site. The existing solutions discussed above
cannot nd this very common manifestation of the problem.
An alternative approach: HTTP-based malware scanning uses
a new approach, combining the HTTP view with antivirus-like
capabilities. Scanning and detection capabilities can help you
overcome the inherent problems of existing security
technologies.
Please see the demo of Rational AppScan std edition for a
full view of the the AppScan Standard Edition and Express
products.
http://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.html8/7/2019 Securing To Days Application
9/12
SWG Rational Marketing Software Delivery Program
Security and Cloud Computing
Cloud computing is a exible, cost-effective and proven
delivery platform for providing business or consumer IT
services over the Internet. Cloud resources can be rapidly
deployed and easily scaled, with all processes, applications and
services provided on demand, regardless of user location or
device. As a result, cloud computing gives organizations the
opportunity to increase their service delivery efciencies,
streamline IT management and better align IT services with
dynamic business requirements.
Both public and private cloud models are now in use. Available
to anyone with Internet access, public models include Software
as a Service (SaaS) clouds like IBM LotusLive, Platform as a
Service (PaaS) clouds such as IBM Computing on Demand,
and Security and Data Protection as a Service (SDPaaS) clouds
like the IBM Vulnerability Management Service.
Private clouds are owned and used by a single organization.
They offer many of the same benets as public clouds, andthey give the owner organization greater exibility and control.
Many organizations embrace both public and private cloud
computing by integrating the two models into hybrid clouds.
These hybrids are designed to meet specic business and
technology requirements, helping optimize security and
privacy with a minimum investment in xed IT costs. Although
the benets of cloud computing are clear, so is the need to
develop proper security for cloud implementations.
In addition to the usual challenges of developing secure IT
systems, cloud computing presents an added level of risk
because essential services are often outsourced to a third party.The externalized aspect of outsourcing makes it harder to
maintain data integrity and privacy, support data and service
availability and demonstrate compliance. As a result, clients
must establish trust relationships with their providers and
understand risk in terms of how these providers implement,
deploy and manage security on their behalf. This trust but
verify relationship between cloud service providers and clients
is critical because the clients are still ultimately responsible for
compliance and protection of their critical data, even if that
workload has moved to the cloud.
Infrastructure sharing calls for a high degree of standardized
and process automation, which can help improve security by
eliminating the risk of operator error and oversight. However,
the risks inherent with a massively-shared infrastructure mean
that cloud computing models must still place a strong emphasis
on isolation, identity and compliance. In other words, the
framework of governance, risk management and compliance
can be broken into ve security focus areas:
People and Identity: Address the risks associated with user
access to corporate resources
Data and Information: Understand, deploy and properly test
controls for access to and usage of sensitive business data
Application and Process: Help keep applications secure,
protected from malicious or fraudulent use, and hardened
against failure
Network, Server and End Point: Optimize service availability
by mitigating risks to network components
Physical Infrastructure: Provide actionable intelligence on the
desired state of physical infrastructure security and make
improvementsEach focus area has its own value proposition and
corresponding nancial payback that must be balanced.
While cloud computing is often seen as increasing security
risks and introducing new threat vectors, it also presents an
exciting opportunity to improve security. Characteristics of
clouds such as standardization, automation and increased
visibility into the infrastructure can dramatically boost security
levels. For example, the use of a dened set of cloud interfaces,
along with centralized identity and access control policies, will
reduce the risk of user access to unrelated resources. Running
computing services in isolated domains, providing default
encryption of data in motion and at rest, and controlling data
through virtual storage have all become activities that can
improve accountability and reduce the loss of data. In addition,
automated provisioning and reclamation of hardened run-time
images can reduce the attack surface and improve forensics.
For more information on how the Rise of Cloud is creating
new requirements for Security please see our podcast.
http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=26188/7/2019 Securing To Days Application
10/12
10 Securing todays applications
Security in IndustryIndustry specic software assets that allow you to deploy
business solution with lower costs and risk:
Financial Services: Banking and Insurance companies need to
manage risk more efciently, at a lower cost through online
channels including web-based applications and cloud-
implemented solutions. With the ever changing environment
facing nancial institutions, maintaining system integrity andautomating all security and compliance initiatives is imperative
to keeping up with the integration of mergers and acquisitions.
Please review this case study of how a Financial Services
and Banking company managed a response to security
mandates.
Government: Growing concerns over government data
security driven by increasing vulnerabilities and cyber securitythreats have agencies looking for cost-effective and efcient
solutions to manage their data systems, including fullling
various changing requirements for compliance (accessibility,
etc.) and security to governing bodies.
As Government agencies are opening citizen access to new
Internet-based services and establishing efcient methods for
creating trusted identities, the need for stronger authentication
and portal security is increasing. Greater accountability &
transparency means more exposure of data vulnerabilities.
Please review the case study of how a branch of the armed
forces secured the needs of the military.
Healthcare: Securing sensitive patient information and
adhering to compliance mandates is an overwhelming
requirement for all healthcare professionals at every level of
the industry. With funding for use of Electronic Health
Records (EHR), the access and security of health records is
becoming a pressing issue. A more reliable infrastructure
management, reducing the possibility and impact of security
vulnerabilities while adhering to industry regulations, is
needed.
Please see the demo of Rational AppScan std edition for a
full view of the the AppScan Standard Edition and Express
products.
Energy and Utilities: The Smart Grid raises privacy and
safety concerns, and standards like the North American
Electric Reliability Corporation (NERC) and the Federal
Energy Regulatory Commission (FERC) are driving
heightened protection from cyber attack. These efforts to
strengthen access and data loss are critical to the success of not
only the project, but also the customers that utilize the system.
Please review the case study of an International
Telecommunications Company.
http://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDF8/7/2019 Securing To Days Application
11/12
SWG Rational Marketing Software Delivery Program
ResourcesWeb Application Security e-Kit
IBM Rational AppScan can help you effectively design security
into your products and services early in the lifecycle, in a way
which is resilient to change. Download your complimentary
e-Kit now. Youll receive white papers, demos, podcasts and
additional information on helping you design, deliver, and
manage smarter software and services faster, in a more secure
and cost-efcient manner.
Rational AppScan ROI Calculator
Automated application security analysis enables you to detect
exploitable vulnerabilities to protect against the threat of
cyber-attack and also signicantly reduces costs associated with
manual vulnerability testing. This Rational AppScan ROI
calculator will help provide estimates on your ROI from
implementing a web application security testing solution
Podcasts:
What, Why and How o Application Security
In this podcast you can learn how application security strategyand policy can mitigate risk and thus safeguard not only your
companys informational assets but also your bottom line and
brand.
Rise o Cloud is creating new requirements or Security
In this BizTech Reports podcast, David Grant discusses the
new and elevated role application security must play to protect
vital corporate interests in as efcient a manner possible.
According to IBM X-Forces most recent research from the
end of 2008, over 50% of all vulnerabilities disclosed last year
were related to the application layer.
Securing sotware at the source is good or Quality
Hear from Ryan Berg, Security Architect, IBM on how to
promote secure software delivery starting in QA. Learn how to
you ensure that security standards are met as part of your
quality measures.
Whitepapers:
Poneman Business case for Data Protection (US)
Poneman Business case for Data Protection (UK)
The Business Case for Data Protection was conducted by
Ponemon Institute and sponsored by Ounce Labs, an IBM
Company. It is the rst study to determine what senior
executives think about the value proposition of corporate data
protection efforts within their organizations
The Right Tool for the Right Job
A range of application security tools was developed to support
the efforts to secure the enterprise from the threat posed by
insecure applications. This white paper examines the most
common tools found in the enterprise application security
environment.
Trust, but Verify
This white paper will discuss the need for addressing security
concerns in outsourced applications. Will outline a framework
for addressing these concerns with outsourcing partners and
explore the role of source code review and related technologiesto assess and certify outsourced applications.
Knowledge is Power
Your software has a lot to say about data privacy. Your software
is the engine for your data, where it gets processed,
transformed, and transmitted. Understanding what your
software can tell you puts power in your hands.
Maintaining trust: protecting your website users from
malware
This paper explores the problem of malware and how it is
increasingly being delivered through legitimate websites.
http://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttp://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3https://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptushttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_RA_USEN&htmlfid=RAW14158USEN&attachment=RAW14158USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14202USEN&attachment=RAW14202USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14200USEN&attachment=RAW14200USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=SA&subtype=WH&appname=SWGE_RA_ZT_USEN&htmlfid=RAW14201USEN&attachment=RAW14201USEN.PDFhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptukhttps://www.ibm.com/services/forms/signup.do?source=swg-rtl-ponemonrptushttp://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/Ryan_Berg_Securing_Software-12182009.mp3http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://www.servicemanagementcenter.com/main/pages/IBMRBMS/SMRC/ShowCollateral.aspx?oid=68627&ssid=66&hid=11348&sid=11356&cp=2618http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3http://download.boulder.ibm.com/ibmdl/pub/software/info/television/swtv/Rational_Software/podcasts/rttu/danahy_app_security_120809.mp3https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttps://www14.software.ibm.com/webapp/iwm/web/signup.do?source=appscanhttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsphttp://www-01.ibm.com/software/info/sdp/appscan/index.jsp8/7/2019 Securing To Days Application
12/12
Please Recycle
ESW03001-USEN-01
Demos:
IBMs Development and Test Enterprise Cloud Solution
IBM Smart Business Development & Test on the IBM Cloud
is your gateway to the cloud. With an ever-growing list of
images and functionality, you can provision, manage, and
customize your instances in minutes.
Rational AppScan Standard Edition
This demo takes you through the process of scanning a webapplication for security vulnerabilities using Rational AppScan
Standard Edition.
Case Studies:
A branch of the armed forces secured the needs of the military
A nancial services and banking company managed a response
to security mandates.
A nancial services and banking company managed a
response to security mandates.
An International Telecommunication Company Buildingsecurity into the software development life cycle with low cost
and high value.
Copyright IBM Corporation 2010
IBM Software GroupRoute 100Somers, NY 10589U.S.A.
Produced in the United States of AmericaAugust 2010
All Rights ReservedIBM, the IBM logo, ibm.com, Smarter Planet, the Smarter Planet logo,AppScan, LotusLive and Rational are trademarks or registered trademarksof International Business Machines Corporation in the United States, othercountries, or both. If these and other IBM trademarked terms are markedon their rst occurrence in this information with a trademark symbol ( or), these symbols indicate U.S. registered or common law trademarksowned by IBM at the time this information was published. Such trademarksmay also be registered or common law trademarks in other countries. Acurrent list of IBM trademarks is available on the Web at Copyright andtrademark information at ibm.com/legal/copytrade.shtml
http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14123USEN&attachment=RAC14123USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14122USEN&attachment=RAC14122USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/common/ssi/fcgi-bin/ssialias?infotype=PM&subtype=AB&appname=SWGE_RA_ZT_USEN&htmlfid=RAC14117USEN&attachment=RAC14117USEN.PDFhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.ibm.com/developerworks/offers/lp/demos/summary/appscanintro.htmlhttp://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4http://www.youtube.com/watch?v=jnx_Erfn_K4