A New View of Your Application Security Program with Snyk and ThreadFix
•
0 recomendaciones•892 vistas
Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a A New View of Your Application Security Program with Snyk and ThreadFix
Similar a A New View of Your Application Security Program with Snyk and ThreadFix (20)
Más de Denim Group
Más de Denim Group (17)
Último
Último (20)
A New View of Your Application Security Program with Snyk and ThreadFix
- 1. © 2019 Denim Group – All Rights Reserved A New View of Your Application Security Program with Snyk and ThreadFix November 12, 2019 Dan Cornell, CTO, Denim Group Hayley Denbraver, Developer Advocate, Snyk
- 2. © 2019 Denim Group – All Rights Reserved Agenda 2
- 3. © 2019 Denim Group – All Rights Reserved Agenda • Snyk Background and Demo • ThreadFix Background • Snyk and ThreadFix 3
- 4. © 2019 Denim Group – All Rights Reserved Snyk 4
- 5. © 2019 Denim Group – All Rights Reserved Production Code 5
- 6. © 2019 Denim Group – All Rights Reserved Production Code 6 Original Code
- 7. © 2019 Denim Group – All Rights Reserved Production Code 7
- 8. © 2019 Denim Group – All Rights Reserved Production Code 8
- 9. © 2019 Denim Group – All Rights Reserved Snyk: Use Open Source, Stay Secure • Snyk helps you find and fix vulnerabilities in your open source dependencies • Snyk allows developers to address open source security throughout the software development lifecycle • Snyk meets developers where they are—in the languages and tools that they use every day 9
- 10. © 2019 Denim Group – All Rights Reserved 10
- 11. © 2019 Denim Group – All Rights Reserved Snyk 11
- 12. © 2019 Denim Group – All Rights Reserved Snyk 12
- 13. © 2019 Denim Group – All Rights Reserved Snyk 13
- 14. © 2019 Denim Group – All Rights Reserved 14
- 15. © 2019 Denim Group – All Rights Reserved Snyk Demo 15
- 16. © 2019 Denim Group – All Rights Reserved Vulnerable App 16
- 17. © 2019 Denim Group – All Rights Reserved Snyk UI 17
- 18. © 2019 Denim Group – All Rights Reserved Snyk UI 18
- 19. © 2019 Denim Group – All Rights Reserved Snyk UI 19
- 20. © 2019 Denim Group – All Rights Reserved Snyk UI 20
- 21. © 2019 Denim Group – All Rights Reserved Snyk UI 21
- 22. © 2019 Denim Group – All Rights Reserved Snyk UI 22
- 23. © 2019 Denim Group – All Rights Reserved Snyk UI 23
- 24. © 2019 Denim Group – All Rights Reserved GitHub 24
- 25. © 2019 Denim Group – All Rights Reserved ThreadFix Background 25
- 26. © 2019 Denim Group – All Rights Reserved ThreadFix Overview • Create a consolidated view of your applications and vulnerabilities • Prioritize application risk decisions based on data • Translate vulnerabilities to developers in the tools they are already using • Provide access to powerful analytics 26
- 27. © 2019 Denim Group – All Rights Reserved ThreadFix Overview 27
- 28. © 2019 Denim Group – All Rights Reserved Create a consolidated view of your applications and vulnerabilities 28
- 29. © 2019 Denim Group – All Rights Reserved Application Portfolio Tracking 29
- 30. © 2019 Denim Group – All Rights Reserved Vulnerability Consolidation 30
- 31. © 2019 Denim Group – All Rights Reserved Prioritize application risk decisions based on data 31
- 32. © 2019 Denim Group – All Rights Reserved Vulnerability Prioritization 32
- 33. © 2019 Denim Group – All Rights Reserved Reporting and Metrics 33
- 34. © 2019 Denim Group – All Rights Reserved Translate vulnerabilities to developers in the tools they are already using 34
- 35. © 2019 Denim Group – All Rights Reserved Defect Tracker Integration 35
- 36. © 2019 Denim Group – All Rights Reserved Secure DevOps with ThreadFix • What does your pipeline look like? http://www.slideshare.net/mtesauro/mtesauro-keynote-appseceu http://www.slideshare.net/denimgroup/rsa2015-blending- theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally https://blog.samsungsami.io/development/security/2015/06/16/getting-security-up-to-speed.html 36
- 37. © 2019 Denim Group – All Rights Reserved AppSec Testing for DevOps • Configuring Testing Policies • AppSec Testing for DevOps in Action 37
- 38. © 2019 Denim Group – All Rights Reserved Policy Configuration • Testing • Synchronous • Asynchronous • Decision • Reporting Blog Post: Effective Application Security Testing in DevOps Pipelines http://www.denimgroup.com/blog/2016/12/effective-application-security-testing-in-devops-pipelines/ https://www.denimgroup.com/resources/effective-application-security-for-devops/ 38
- 39. © 2019 Denim Group – All Rights Reserved Testing Configuration 39
- 40. © 2019 Denim Group – All Rights Reserved Testing in Action 40
- 41. © 2019 Denim Group – All Rights Reserved Testing in Action 41
- 42. © 2019 Denim Group – All Rights Reserved Testing in Action 42
- 43. © 2019 Denim Group – All Rights Reserved Snyk and ThreadFix Together 43
- 44. © 2019 Denim Group – All Rights Reserved Snyk and ThreadFix Integration • Documentation: https://pypi.org/project/snyk-threadfix/ 44
- 45. © 2019 Denim Group – All Rights Reserved @denimgroup www.threadfix.it www.denimgroup.com @snyksec www.snyk.io 45