SlideShare a Scribd company logo

Day in the Life of a Developer

Download as PPTX, PDF
WhiteHat Security
WhiteHat Security

WhiteHat Sentinel Source

Technology
1 of 24
Day in the Life of a Developer …with WhiteHat Sentinel Source
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”
“I roll out of bed and check my tickets…”  Notices a new vulnerability  Produced by ticketing integration  Viewing verified & actionable result  15+ supported systems, including…
“I fire up my IDE and triage my issues…”
“I fire up my IDE and triage my issues…”  Search application vulnerabilities
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC
“I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC  Apply Directed Remediation patch if available
“I commit the fix and update the ticket…”
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule
“I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule  Ticket auto-updated to reflect results
Security Enhanced Developer Tooling ... during notification … during triage … during verification
Integration with Developer • Atlassian JIRA •…many more using WIS •Eclipse •IntelliJ •Xcode •Visual Studio • Git • SVN • Perforce • CVS • TFS •HTTP/S •SFTP •Java •C#.Net (incl. ASP.Net) •Objective-C (incl. iOS) •PHP •Java Script •HTML5 •Android Languages Code Repo Bug Tracking IDE Plugins
WhiteHat Integration Server (WIS) Bug Tracking & ALM Systems Atlassian JIRA Microsoft Team Foundation Server Atlassian JIRA Service Desk ThoughtWorks Mingle Borland StarTeam (Dev Services Required) Rally HP ALM VersionOne HP Quality Center Bugzilla IBM Rational Team Concert (Rational Quality Manager) Serena Business Manager IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
“I review significant vulns with my security team…”
THE FRONT LINE Of Application Security

Recommended

Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job APISumo Logic
 
How to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsHow to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsNaviance
 
Migration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsMigration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsBitTitan
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
K8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateK8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateKenshoo
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 

Recommended

Sumo Logic Search Job API
Sumo Logic Search Job APISumo Logic Search Job API
Sumo Logic Search Job APISumo Logic
 
How to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsHow to Increase Student Engagement at Your School in 3 Easy Steps
How to Increase Student Engagement at Your School in 3 Easy StepsNaviance
 
Migration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsMigration to Microsoft Online Services from Exchange and Non-Microsoft Platforms
Migration to Microsoft Online Services from Exchange and Non-Microsoft PlatformsBitTitan
 
The New Economics of Cloud Security
The New Economics of Cloud SecurityThe New Economics of Cloud Security
The New Economics of Cloud SecurityAlert Logic
 
K8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateK8 2015: Kenshoo Product Update
K8 2015: Kenshoo Product UpdateKenshoo
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps JourneyVeracode
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Culture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyCulture Code: Creating A Lovable Company
Culture Code: Creating A Lovable CompanyHubSpot
 
Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillFireEye, Inc.
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Conduent Transport
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automationConduent
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachAlithya
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial ageConduent
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Cincom Systems
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar Wealthfront
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceDynatrace
 
Why LEAP?
Why LEAP?Why LEAP?
Why LEAP?LEAP Media Solutions, a division of BlueVenn
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookLulu Self-Publishing
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationConduent Transport
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceNew Relic
 
Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsMachine Learning Valencia
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsLouis Dorard
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingLorinda Brandon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015Claire Townend Gee
 

More Related Content

Viewers also liked

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillFireEye, Inc.
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Conduent Transport
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automationConduent
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachAlithya
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial ageConduent
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Splunk
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Cincom Systems
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar Wealthfront
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceDynatrace
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookLulu Self-Publishing
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationConduent Transport
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceNew Relic
 

Viewers also liked (13)

Asia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand StillAsia Pacific & The Security Gap: Don't Stand Still
Asia Pacific & The Security Gap: Don't Stand Still
 
Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?Could demand-based tolling unclog your roads?
Could demand-based tolling unclog your roads?
 
Reinventing finance and accounting through automation
Reinventing finance and accounting through automationReinventing finance and accounting through automation
Reinventing finance and accounting through automation
 
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid ApproachUnderstanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
Understanding Cloud Strategies: On premise, Cloud, and the Hybrid Approach
 
6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age6 Ways to change human resources in the millennial age
6 Ways to change human resources in the millennial age
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products Mobile CPQ for Highly Engineered Custom Products
Mobile CPQ for Highly Engineered Custom Products
 
Invest Well Seminar
Invest Well Seminar Invest Well Seminar
Invest Well Seminar
 
Webinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer ExperienceWebinar Evolving Monitoring & Customer Experience
Webinar Evolving Monitoring & Customer Experience
 
Why LEAP?
Why LEAP?Why LEAP?
Why LEAP?
 
Self-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your bookSelf-Publishing Authors: How to market your book
Self-Publishing Authors: How to market your book
 
The Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's TransportationThe Only Way to Improve Your City's Transportation
The Only Way to Improve Your City's Transportation
 
DevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with ConfidenceDevOps 101 - Moving Fast with Confidence
DevOps 101 - Moving Fast with Confidence
 

Similar to Day in the Life of a Developer

Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itSecurity BSides London
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsMachine Learning Valencia
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsLouis Dorard
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingLorinda Brandon
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecurityTao Xie
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgerymorisson
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless applicationYan Cui
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014Manuel Pais
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleJeff Williams
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Alan Richardson
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationAbhay Bhargav
 
Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...peihsin1980
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 

Similar to Day in the Life of a Developer (20)

Agnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know itAgnitio: its static analysis, but not as we know it
Agnitio: its static analysis, but not as we know it
 
L7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIsL7. A developers’ overview of the world of predictive APIs
L7. A developers’ overview of the world of predictive APIs
 
A developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIsA developer's overview of the world of predictive APIs
A developer's overview of the world of predictive APIs
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
WSO2Con EU 2015: API Readiness: Is Your API Ready for Primetime?
 
API Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and VirtualizingAPI Readiness: Visualizing and Virtualizing
API Readiness: Visualizing and Virtualizing
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Software Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and SecuritySoftware Analytics: Data Analytics for Software Engineering and Security
Software Analytics: Data Analytics for Software Engineering and Security
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015
 
Crash Course In Brain Surgery
Crash Course In Brain SurgeryCrash Course In Brain Surgery
Crash Course In Brain Surgery
 
How to build observability into a serverless application
How to build observability into a serverless applicationHow to build observability into a serverless application
How to build observability into a serverless application
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021
 
C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014C# Cookware - presented at CukeUp! 2014
C# Cookware - presented at CukeUp! 2014
 
Application Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio ScaleApplication Security at DevOps Speed and Portfolio Scale
Application Security at DevOps Speed and Portfolio Scale
 
Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021Add More Security To Your Testing and Automating - Saucecon 2021
Add More Security To Your Testing and Automating - Saucecon 2021
 
Ontrack abug-20140925-02
Ontrack abug-20140925-02Ontrack abug-20140925-02
Ontrack abug-20140925-02
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
 
Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...Secure development automatic identification and mitigation of application v...
Secure development automatic identification and mitigation of application v...
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In Security
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Day in the Life of a Developer

  • 1. Day in the Life of a Developer …with WhiteHat Sentinel Source
  • 2. “I roll out of bed and check my tickets…”
  • 3. “I roll out of bed and check my tickets…”
  • 4. “I roll out of bed and check my tickets…”  Notices a new vulnerability  Produced by ticketing integration  Viewing verified & actionable result  15+ supported systems, including…
  • 5. “I fire up my IDE and triage my issues…”
  • 6. “I fire up my IDE and triage my issues…”  Search application vulnerabilities
  • 7. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code
  • 8. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance
  • 9. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC
  • 10. “I fire up my IDE and triage my issues…”  Search application vulnerabilities  Step through vulnerability in code  Review remediation guidance  Ask for help from TRC  Apply Directed Remediation patch if available
  • 11. “I commit the fix and update the ticket…”
  • 12. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix
  • 13. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A
  • 14. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule
  • 15. “I commit the fix and update the ticket…”  Updates ticket to reflect the fix  Moves ticket to Q&A  Source scan triggered via schedule  Ticket auto-updated to reflect results
  • 16. Security Enhanced Developer Tooling ... during notification … during triage … during verification
  • 17. Integration with Developer • Atlassian JIRA •…many more using WIS •Eclipse •IntelliJ •Xcode •Visual Studio • Git • SVN • Perforce • CVS • TFS •HTTP/S •SFTP •Java •C#.Net (incl. ASP.Net) •Objective-C (incl. iOS) •PHP •Java Script •HTML5 •Android Languages Code Repo Bug Tracking IDE Plugins
  • 18. WhiteHat Integration Server (WIS) Bug Tracking & ALM Systems Atlassian JIRA Microsoft Team Foundation Server Atlassian JIRA Service Desk ThoughtWorks Mingle Borland StarTeam (Dev Services Required) Rally HP ALM VersionOne HP Quality Center Bugzilla IBM Rational Team Concert (Rational Quality Manager) Serena Business Manager IBM Rational Requirements Composer ServiceNow (Deployment Services may be required)
  • 19. “I review significant vulns with my security team…”
  • 20. “I review significant vulns with my security team…”
  • 21. “I review significant vulns with my security team…”
  • 22. “I review significant vulns with my security team…”
  • 23. “I review significant vulns with my security team…”
  • 24. THE FRONT LINE Of Application Security

Editor's Notes

  1. Languages – 80% of most popular languages supported IDE – Vulnerability details available right within the development environment Code Repository -- Scan source code from most popular repositories Bug Tracking – Automatically open or close tickets for bugs and defects found or fixed by Sentinel Source
  2. WhiteHat Integration Server (WIS) helps bi-directionally integrate Sentinel Source with best-of-breed Bug Tracking & Application Lifecycle Management (ALM) tool