Download as PDF, PPTX
Uploaded byDenim Group
A New View of Your Application Security Program with Snyk and ThreadFix
The document presents an overview of a collaboration between Snyk and Threadfix, focusing on enhancing application security. Snyk aids in identifying and fixing vulnerabilities in open-source dependencies throughout the software development lifecycle. Threadfix provides a consolidated application and vulnerability view, enabling prioritization of risks and integration with developers' existing tools.
More Related Content
Similar to A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFix
- 1. © 2019 DenimGroup – All Rights Reserved A New View of Your Application Security Program with Snyk and ThreadFix November 12, 2019 Dan Cornell, CTO, Denim Group Hayley Denbraver, Developer Advocate, Snyk
- 2. © 2019 DenimGroup – All Rights Reserved Agenda 2
- 3. © 2019 DenimGroup – All Rights Reserved Agenda • Snyk Background and Demo • ThreadFix Background • Snyk and ThreadFix 3
- 4. © 2019 DenimGroup – All Rights Reserved Snyk 4
- 5. © 2019 DenimGroup – All Rights Reserved Production Code 5
- 6. © 2019 DenimGroup – All Rights Reserved Production Code 6 Original Code
- 7. © 2019 DenimGroup – All Rights Reserved Production Code 7
- 8. © 2019 DenimGroup – All Rights Reserved Production Code 8
- 9. © 2019 DenimGroup – All Rights Reserved Snyk: Use Open Source, Stay Secure • Snyk helps you find and fix vulnerabilities in your open source dependencies • Snyk allows developers to address open source security throughout the software development lifecycle • Snyk meets developers where they are—in the languages and tools that they use every day 9
- 10. © 2019 DenimGroup – All Rights Reserved 10
- 11. © 2019 DenimGroup – All Rights Reserved Snyk 11
- 12. © 2019 DenimGroup – All Rights Reserved Snyk 12
- 13. © 2019 DenimGroup – All Rights Reserved Snyk 13
- 14. © 2019 DenimGroup – All Rights Reserved 14
- 15. © 2019 DenimGroup – All Rights Reserved Snyk Demo 15
- 16. © 2019 DenimGroup – All Rights Reserved Vulnerable App 16
- 17. © 2019 DenimGroup – All Rights Reserved Snyk UI 17
- 18. © 2019 DenimGroup – All Rights Reserved Snyk UI 18
- 19. © 2019 DenimGroup – All Rights Reserved Snyk UI 19
- 20. © 2019 DenimGroup – All Rights Reserved Snyk UI 20
- 21. © 2019 DenimGroup – All Rights Reserved Snyk UI 21
- 22. © 2019 DenimGroup – All Rights Reserved Snyk UI 22
- 23. © 2019 DenimGroup – All Rights Reserved Snyk UI 23
- 24. © 2019 DenimGroup – All Rights Reserved GitHub 24
- 25. © 2019 DenimGroup – All Rights Reserved ThreadFix Background 25
- 26. © 2019 DenimGroup – All Rights Reserved ThreadFix Overview • Create a consolidated view of your applications and vulnerabilities • Prioritize application risk decisions based on data • Translate vulnerabilities to developers in the tools they are already using • Provide access to powerful analytics 26
- 27. © 2019 DenimGroup – All Rights Reserved ThreadFix Overview 27
- 28. © 2019 DenimGroup – All Rights Reserved Create a consolidated view of your applications and vulnerabilities 28
- 29. © 2019 DenimGroup – All Rights Reserved Application Portfolio Tracking 29
- 30. © 2019 DenimGroup – All Rights Reserved Vulnerability Consolidation 30
- 31. © 2019 DenimGroup – All Rights Reserved Prioritize application risk decisions based on data 31
- 32. © 2019 DenimGroup – All Rights Reserved Vulnerability Prioritization 32
- 33. © 2019 DenimGroup – All Rights Reserved Reporting and Metrics 33
- 34. © 2019 DenimGroup – All Rights Reserved Translate vulnerabilities to developers in the tools they are already using 34
- 35. © 2019 DenimGroup – All Rights Reserved Defect Tracker Integration 35
- 36. © 2019 DenimGroup – All Rights Reserved Secure DevOps with ThreadFix • What does your pipeline look like? http://www.slideshare.net/mtesauro/mtesauro-keynote-appseceu http://www.slideshare.net/denimgroup/rsa2015-blending- theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally https://blog.samsungsami.io/development/security/2015/06/16/getting-security-up-to-speed.html 36
- 37. © 2019 DenimGroup – All Rights Reserved AppSec Testing for DevOps • Configuring Testing Policies • AppSec Testing for DevOps in Action 37
- 38. © 2019 DenimGroup – All Rights Reserved Policy Configuration • Testing • Synchronous • Asynchronous • Decision • Reporting Blog Post: Effective Application Security Testing in DevOps Pipelines http://www.denimgroup.com/blog/2016/12/effective-application-security-testing-in-devops-pipelines/ https://www.denimgroup.com/resources/effective-application-security-for-devops/ 38
- 39. © 2019 DenimGroup – All Rights Reserved Testing Configuration 39
- 40. © 2019 DenimGroup – All Rights Reserved Testing in Action 40
- 41. © 2019 DenimGroup – All Rights Reserved Testing in Action 41
- 42. © 2019 DenimGroup – All Rights Reserved Testing in Action 42
- 43. © 2019 DenimGroup – All Rights Reserved Snyk and ThreadFix Together 43
- 44. © 2019 DenimGroup – All Rights Reserved Snyk and ThreadFix Integration • Documentation: https://pypi.org/project/snyk-threadfix/ 44
- 45. © 2019 DenimGroup – All Rights Reserved @denimgroup www.threadfix.it www.denimgroup.com @snyksec www.snyk.io 45