Application Security Management with ThreadFix
1 like867 views
The document discusses the importance of measuring application security effectiveness and presents a unified platform solution for managing vulnerabilities in SAP and other business applications. It highlights the integration of Checkmarx and Virtual Forge tools with Threadfix for efficient scanning, monitoring, and remediation of code vulnerabilities. Additionally, it offers resources for further assessment and tools available for free use.
Application Security Management with ThreadFix
- 2. How to efficiently identify and remediate critical vulnerabilities in SAP and other Business Applications
- 3. Agenda Why measure the effectiveness of your Application Security Unified Platform Demo: Virtual Forge - Code Profiler Checkmarx - CxSAST ThreadFix Q&A 3
- 4. Why measure the effectiveness of your Application Security The state of Application Security Why traditional tactics of Application Security Management fail The need to orchestrate tons of security tools for different purposes 4
- 5. A unified platform to manage risks in your business applications Checkmarx and Virtual Forge provide customers with a feasible solution based on ThreadFix: Developed by experienced security practitioners Combines reports from different code scanners Provides a landscape wide overview Easy control and monitoring of effort, timelines and achievements Common Weakness Enumeration (CWE) Free Community Version available 5
- 6. Integration of CodeProfiler and CxSAST into ThreadFix Manage your findings from one common platform CWE Standard Ratings and Certified Integration Source: ThreadFix by Denim Group 6
- 7. DEMO Next Slide FF >> 4:00 Min.
- 8. Key Takeaways You have seen, how you can: Scan your SAP and other business applications for code vulnerabilities using CodeProfiler and Checkmarx Control and monitor the projects overall application security state Evaluate and prioritize the vulnerabilities found Track the remediation of vulnerabilities with ThreadFix 8
- 9. Next Steps? Download the free ThreadFix Community Edition at www.threadfix.org Sign up for the free SAP Risk Assessment at www.virtualforge.com Sign up for a free secure code analysis by Checkmarx‘s CxSAST at www.checkmarx.com 9
- 10. Disclaimer © 2015 Virtual Forge GmbH. All rights reserved. Information contained in this publication is subject to change without prior notice. These materials are provided by Virtual Forge and serve only as information. SAP, ABAP and other named SAP products and services as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries worldwide. All other names of products and services are trademarks of their respective companies. The information in the text are approximate and is only for information. Virtual Forge accepts no liability or responsibility for errors or omissions in this publication. From the information contained in this publication, no further liability is assumed. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of Virtual Forge GmbH, Germany or Virtual Forge Inc., Philadelphia. The General Terms and Conditions of Virtual Forge apply. © 2015 Virtual Forge | www.virtualforge.com | All rights reserved. 10