Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empowering Development Teams
246 views
30 slides
Nov 17, 2017
Slide 1 of 30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
About This Presentation
Learn how fast-growing authentication and mobile security solutions provider Entersekt leverages Black Duck Hub for competitive advantage by empowering teams and automating open source security risk management throughout the Software Development Lifecycle (SDLC).
Slide Content
Leveraging Black Duck Hub to maximize focus Entersekt’s approach to empowering development teams By Philip Botha
Introduce myself ( 3 min ) Introduce Entersekt market, solutions & architectural overview ( 10 min ) Why and how we selected Black Duck ( 7 min ) Lessons Learned ( 7 min) Empowering teams (10 min) A winning team ( 3 min ) Q&A (10 min) **50min Outline
Making the online world safer
From the Windy City …
… to the Cape Winelands
Phishing attacks cost global organizations billions every year One out of 5 fraudulent transactions originate in the mobile channel More than 90% of mobile apps contain basic vulnerabilities Our problem: A global authentication pandemic LinkedIn suffers data breach NEWS Zeus Botnet Eurograbber Steals $47 Million Don’t bank on your phone – it could be hacked by Zeus ‘ trojan horse’ New vulnerabilities reported on a weekly basis Successful attacks not even making headlines anymore
Founded in 2008 by 5 engineering students One of the founders’ mother defrauded They wanted to do something that matters Not daunted by current failings of security solutions A novel approach with existing tech A solution: Entersekt’s story
Going live in 2012: Nedbank as a case study Entersekt go-live Nedbank does not even appear on SARS e-filing phishing site!!
A growing global footprint Johannesburg Mauritius Atlanta Beirut Dubai Lagos Minneapolis Sydney Amsterdam Cape Town Zurich Palo Alto
How we solved the problem
The 4 pillars of the Entersekt approach
How phishing defeats the one time password
Out of band authentication beats phishing
Product: The Transakt model
Gartner prediction about Entersekt tech
How Black Duck Hub makes us better
Risk management Approved open source? How secure? Can we be diligent and agile? Ability to identify open source licenses Scaling Manual vulnerability assessment process Getting behind with updates Our open source challenges
“Black Duck met Entersekt’s checklist of what we needed in an open source vulnerability management solution better than any other vendor .” The obvious choice was ...
Seamless integration and ease of use Relevant feedback Earlier in the SDLC Real-time and continuous monitoring Automated notifications Black Duck Hub checks the boxes
Easy-to-digest reports with minimal false positives Jenkins support and secure scanning Code doesn’t leave intranet Identify open source licenses Black Duck Hub checks the boxes (cont.)
Getting the best out of the Hub
Urgent vs important Build pipeline challenges Jenkins jobs differ in each team/project Black Duck sometimes executed manually No best practice/standard Maintenance owner Lessons learned
Empowering the development teams
Empowering the development teams (cont.) Architect Evangelist Security Evangelist Toolsmith
Phased roll-out in teams Phase 1: Education Phase 2: Implement a standard pipeline framework Phase 3: Hardening cycle Phase 4: Policy Management and Jira integration Team agreements Empowering the development teams (cont.)
CI/CD BUILD Tool: Docker/Maven DEPLOY DEV QA INT LT Tool: Docker TEST J Unit Automated Tool: Docker Release? RELEASE PROD Release repos COMMIT Tool: Git OS SECURITY Tool: Black Duck Hub STATIC CODE ANALYSIS Tool: Sonar Q ube Pull Request Merge Master
Pipeline framework template BUILD Tool: Docker/Maven DEPLOY DEV QA INT LT Tool: Docker TEST J Unit Automated Tool: Docker Release? RELEASE PROD Release repos COMMIT Tool: Git OS SECURITY Tool: Black Duck Hub STATIC CODE ANALYSIS Tool: Sonar Q ube Pull Request Merge Master
Pipeline framework template (cont.)
A winning team
Trust Support Ownership Clarity A tool is only as good as the team
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 246
- Slides 30
- Favorites 1
- Age 2935 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views