Home
Schedule
Conference Info
Sponsorship Information
IBM Watson AI Day
Registration
Press Registration
Speakers
Sessions
Sponsors
Exhibitors
JETRO × Six Prefectures of Japan Pavilion Exhibitors
Media Sponsors
  Topics
  Call For Papers
  Hotel Info
  Past Events
Untitled Document
2017 West
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

Bronze










Untitled Document
2017 West
Keynote Sponsor


Untitled Document
2017 West Exhibitors
























@ThingsExpo











Untitled Document
2017 West JETRO ×
Six Prefectures
of Japan
Pavilion Exhibitors



















Untitled Document
2017 West Media Sponsors














Untitled Document
2017 East
Premium Sponsors
Diamond



Platinum
@DevOpsSummit

@DevOpsSummit

Silver
@DevOpsSummit


Bronze










Untitled Document
2017 East Exhibitors
@DevOpsSummit




































Untitled Document
2017 East Media Sponsors
















Untitled Document
2016 West
Premium Sponsors
Platinum Plus



Silver
@ThingsExpo

Bronze







Untitled Document
2016 Welcome Reception Sponsor

Untitled Document
2016 West Exhibitors










@DevOps Summit






@DevOps Summit

@WebRTC Summit












@WebRTC Summit









@DevOps Summit

Untitled Document
2016 West Media Sponsors











Untitled Document
2016 East Gold Sponsors

@ThingsExpo

Untitled Document
2016 East Silver Sponsors


@DevOps Summit

Untitled Document
2016 East Bronze Sponsors

Cloud Expo







Cloud Expo

Untitled Document
2016 East Vendor Presentation Sponsors

@DevOps Summit

Untitled Document
2016 East Exhibitors

@DevOps Summit





@ThingsExpo



@DevOps Summit

@ThingsExpo


@DevOps Summit









@DevOps Summit







@DevOps Summit










Untitled Document
2016 East Media Sponsors










Untitled Document
2015 West Gold Sponsor

Untitled Document
2015 West Silver Sponsor


Untitled Document
2015 West Bronze Sponsors

Cloud Expo |@ThingsExpo

Cloud Expo | DevOps Summit


@ThingsExpo





@DevOps Summit

@ThingsExpo


@ThingsExpo

Untitled Document
2015 West Exhibitors












@DevOps Summit





@DevOps Summit












@DevOps Summit

@DevOps Summit




@ThingsExpo


@DevOps Summit


Untitled Document
2015 West Session Sponsor

Untitled Document
2015 West E-Bulletin Sponsor

DevOps Summit

Untitled Document
2015 West
Association Sponsors

Untitled Document
2015 West
Media Sponsor

Untitled Document
2015 East Gold Sponsor


WebRTC Summit

DevOps Summit

Untitled Document
2015 East Silver Sponsor

DevOps Summit

WebRTC Summit


Untitled Document
2015 East Bronze Sponsor

DevOps Summit

Cloud Expo | DevOps Summit
@ThingsExpo

DevOps Summit

DevOps Summit

Untitled Document
2015 East Delegate Bag Sponsor


Untitled Document
2015 East Exhibitors


DevOps Summit


@ThingsExpo



DevOps Summit







Cloud Expo | @ThingsExpo

@ThingsExpo
@ThingsExpo
DevOps Summit

DevOps Summit
@ThingsExpo
DevOps Summit
DevOps Summit
DevOps Summit
DevOps Summit
DevOps Summit



@ThingsExpo

Untitled Document
2015 East
Media Sponsor

Strengthening Application Security | @CloudExpo #API #Cloud #Security
As software continues to pervade our lives, the security of that software continues to grow in importance

Strengthening Application Security in the Software Development Lifecycle

As software continues to pervade our lives, the security of that software continues to grow in importance. We need to keep private data private. We need to protect financial transactions and records. We need to protect online services from infiltration and attack.

We can obtain this protection through ‘Application Security,' which is all about building and delivering software that is safe and secure. Developing software within an integrated toolchain can greatly enhance security.

What's Application Security?
Application Security encompasses activities such as:

  • Analyzing and testing software for security vulnerabilities
  • Managing and fixing vulnerabilities
  • Ensuring compliance with security standards
  • Reporting security statistics and metrics

There are several different categories of these tools, however, the following are the most interesting in terms of software integration:

  • Static Application Security Testing (SAST) - used to analyze an application for security vulnerabilities without running it. This is accomplished by analyzing the application's source code, byte code, and/or binaries for common patterns and indications of vulnerabilities.
  • Dynamic Application Security Testing (DAST) - analyze a running application for security vulnerabilities. They do this by automatically testing the running application against common exploits. This is similar to penetration testing (pen testing), but it is fully automated
  • Security Requirements tools - used for defining, prioritizing, and managing security requirements. These tools take the approach of introducing security directly into the software development lifecycle as specific requirements. Some of these tools can automatically generate security requirements based on rules and common security issues in a specified domain.

Other categories of Application Security tools, such as Web Application Firewalls (WAFs) and Runtime Application Self-Protection (RASP) tools, are more focused on managing and defending against known security vulnerabilities in deployed software, and are somewhat less interesting for integration.

There are many vendors of Application Security tools. Some of the most popular are Whitehat, which makes SAST and DAST tools; IBM, whose AppScan suite includes several SAST and DAST tools; SD Elements, who makes Security Requirements tools; HPE, whose Fortify suite includes SAST, DAST, and RASP tools; Veracode, which produces SAST and DAST tools; and Checkmarx, offering a source code analysis SAST tool.

How is software integration relevant to application security?
When looking to integrate new tools into your software delivery process, it is important to first identify the stakeholders of those tools, and the assets consumed by and artifacts produced by those tools.

The most common stakeholders of Application Security tools are:

  • Security Professionals: write security requirements, prioritize vulnerabilities, configure rules for SAST and DAST tools, and consume security statistics, metrics, and compliance reports
  • Developers: implement security requirements in the software they are building, and fix vulnerabilities reported by SAST and DAST tools
  • Testers: create and execute manual security test plans based on security requirements
  • Managers: consume high level security reports, with a focus on the business and financial benefits of security efforts.

Common assets consumed by Application Security tools include:

  • Source code
  • Byte code
  • Binaries
  • Security rules

Common artifacts produced by Application Security include:

  • Vulnerabilities
  • Suggested fixes
  • Security requirements
  • Security statistics and metrics

With so many people and assets involved in the workflow, we need all stakeholders to be able to trace artifacts, spot vulnerabilities and have automated reporting to be able to address any issues as they arise. An integrated workflow does this, as illustrated in the below workflow.

Common integration scenarios
The three Software Lifecycle Integration (SLI) patterns we'll be looking at are Requirements Traceability, Security Vulnerabilities to Development, and the Consolidated Reporting Unification Pattern.

  • Requirements Traceability: The goal is to be able to trace each code change all the way back up to the original requirement. When it comes to Application Security, we want security requirements to be included in this traceability graph. To accomplish this we need to link requirements generated and managed by Security Requirements tools into the Project and Portfolio Management (PPM), Requirements Management, and/or Agile tools where we manage other requirements and user stories.
  • Security Vulnerabilities to Development: This is about automatically reporting security vulnerabilities to our development teams to quickly fix them. To accomplish this we need to link vulnerabilities reported by SAST and DAST tools into our Defects Management or Agile tools, where developers will see them and work on a fix.
  • Consolidated Reporting Unification Pattern: Aims to consolidate development data from the various tools used by teams across an organization so that unified reports can be generated. When it comes to Application Security, we want data about security requirements and vulnerabilities included so that it can be reported on too. We need to collect these artifacts produced by our Application Security tools into our data warehouse.
About David King
David King is a Customer Success Engineer at Tasktop. He worked as a Software Engineer building Tasktop's connectors for 3 years before transitioning into his current role in Customer Success. David helps customers realize their integration needs through deployments, technical services, and technical support.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Presentation Slides
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build thei...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously...
CloudEXPO Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.

Register and Save!
Save $405
on your “Golden Pass”!
before October 30, 2017!
Call 201.802.3020


Santa Clara Call For Papers Open
Submit
submit your speaking proposal
for the upcoming Big Data at Cloud Expo in
Santa Clara!
[Oct 31 - Nov 2, 2017]


Big Data 2017 West
Sponsorship Opportunities
Please Call
201.802.3021
events (at) sys-con.com
Sponsorship opportunities are now open for Big Data at Cloud Expo 2017 Santa Clara, Oct 31-Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, and Big Data at Cloud Expo 2018 New York, June 5-7, 2018, at the Javits Center in New York, NY. For sponsorship, exhibit opportunities and show prospectus, please contact Carmen Gonzalez, carmen (at) sys-con.com.



Big Data Expo Silicon Valley All-Star Speakers Include

MATTHIEU
Octoblu

MAHADEV
Cisco

MCCARTHY
Bsquare

FELICIANO
AMDG

PAUL
VenueNext

SMITH
Eviot

BEAMER
goTraverse

GETTENS
goTraverse

CHAMBLISS
ReadyTalk

HERBERTS
Cityzen Data

REITBAUER
Dynatrace

WILLIAM-
SON

Cloud
Computing

SCHMARZO
EMC

WOOD
VeloCloud

WALLGREN
Electric Cloud

VARAN-
NATH

GE

SRIDHARA-
BALAN

Pulzze

METRIC
Linux

MONTES
Iced

ARIOLA
Parasoft

HOLT
Daitan

CUNNING-
HAM

ReadyTalk

BEDRO-
SIAN

Cypress

NAMIE
Cisco

NAKA-
GAWA

Transparent
Cloud

SHIBATA
Transparent
Cloud

BOYD
Neo4j

WARD
DWE

MILLER
Covisint

EVAVOLD
Covisint

MEINER
Oracle

MEEHAN
Esri

WITECK
Citrix

LIANG
Rancher Labs

BUTLER
Tego

ROWE
IBM Cloud

SKILLERN
Intel

SMITH
Numerex
Big Data Expo New York All-Star Speakers Include

CLELAND
HGST

VASILIOU
Catchpoint

WALLGREN
Electric Cloud

HINCH-
CLIFFE

7Summits

DE SOUZA
Cisco

RANDALL
Gartner

ARMSTRONG
AppNeta

SMALLTREE
Cazena

MCCARTHY
Bsquare

DELOACH
Infobright

QUINT
Ontegrity

MALAUCHLAN
Buddy Platform

PALIOTTA
Vector

MITRA
Cognizant

KOCHER
Grey Heron

PAPDO
POULOS

Cloud9

HARLAN
Two Bulls

GOLO
SHUBIN

Bit6

PROIETTI
Location
Smart

MARTIN
nfrastructure

MOULINE
Everbridge

MARSH
Blue Pillar

PARKS
SecureRF

PEROTTI
Plantronics

HOFFMAN
EastBanc

WATSON
Trendalyze

BENSONOFF
Unigma

SHAN
CTS

MATTELA
Redpine

GILLEN
Spark
Coginition

SOLT
Netvibes

BERNARDO
GE Digital

ROMANSKY
TrustPoint

BEAMER
GoTransverse

LESTER
LogMeIn

PONO
-MAREVA

Google

SINGH
Sencha

CALKINS
Amadeus

KLEIN
Rachio

HOASIN
Aeris

SARKARIA
PHEMI

SPROULE
Metavine

SNELL
Intel

LEVINE
CytexOne

ALLEN
Freewave

MCCALLUM
Falconstor

HYEDT
Seamless

Big Data Expo Silicon Valley All-Star Speakers Include

SCHULZ
Luxoft

TAMBURINI
Autodesk

MCCARTHY
Bsquare

THURAI
SaneIoT

TURNER
Cloudian

ENDO
Intrepid

NAKAGAWA
Transparent

SHIBATA
Transparent

LEVANT-LEVI
testRTC

VARAN NATH
GE

COOPER
M2Mi

SENAY
Teletax

SKEEN
Vitria

KOCHER
Grey Heron

GREENE
PubNub

MAGUIRE
HP

MATTHIEU
Octoblu

STEINER-JOVIC
AweSense

LYNN
AgilData

HEDGES
Cloudata

DUFOUR
Webroot

ROBERTS
Platform

JONES
Deep

PFEIFFER
NICTA

NIELSEN
Redis

PAOLALANTORIO
DataArchon

KAHN
Solgenia

LOPEZ
Kurento

KIM
MapR

BROMHEAD
Instaclustr

LEVINE
CytexOne

BONIFAZI
Solgenia

GORBACHEV
Intelligent
Systems

THYKATTIL
Navisite

TRELOAR
Bebaio

SIVARAMA-
KRISHNAN

Red Hat
Cloud Expo New York All-Star Speakers Included

DE SOUZA
Cisco

POTTER
SafeLogic

ROBINSON
CompTIA

WARUSA
-WITHANA

WSO2 Inc

MEINER
Oracle

CHOU
Microsoft

HARRISON
Tufin

BRUNOZZI
VMware

KIM
MapR

KANE
Dyn

SICULAR
Basho

TURNER
Cloudian

KUMAR
Liaison

ADAMIAK
Liaison

KHAN
Solgenia

BONIFAZI
Solgenia

SUSSMAN
Coalfire

ISAACSON
RMS

LYNN
CodeFutures

HEABERLIN
Windstream

RAMA
MURTHY

Virtusa

BOSTOCK
IndependenceIT

DE MENO
CommVault

GRILLI
Adobe

WILLIAMS
Rancher Labs

CRISWELL
Alert Logic

COTY
Alert Logic

JACOBS
SingleHop

MARAVEI
Cisco

JACKSON
Softlayer

SINGH
IBM

HAZARD
Softlayer

GALLO
Softlayer

TAMASKAR
GENBAND

SUBRA
-MANIAN

Emcien

LEVESQUE
Windstream

IVANOV
StorPool

BLOOMBERG
Intellyx

BUDHANI
Soha

HATHAWAY
IBM Watson

TOLL
ProfitBricks

LANDRY
Microsoft

BEARFIELD
Blue Box

HERITAGE
Akana

PILUSO
SIASMSP

HOLT
IBM Cloudant

SHAN
CTS

PICCININNI
EMC

BRON-
GERSMA

Modulus

PAIGE
CenturyLink

SABHIKHI
Cognitive Scale

MILLS
Green House Data

KATZEN
CenturyLink

SLOPER
CenturyLink

SRINIVAS
EMC

TALREJA
Cisco

GORBACHEV
Systems Services Inc.

COLLISON
Apcera

PRABHU
OpenCrowd

LYNN
CodeFutures

SWARTZ
Ericsson

MOSHENKO
CoreOS

BERMINGHAM
SIOS

WILLIS
Stateless Networks

MURPHY
Gridstore

KHABE
Vicom

NIKOLOV
GetClouder

DIETZE
Windstream

DALRYMPLE
EnterpriseDB

MAZZUCCO
TierPoint

RIVERA
WHOA.com

HERITAGE
Akana

SEYMOUR
6fusion

GIANNETTO
Author

CARTER
IBM

ROGERS
Virtustream
Cloud Expo Silicon Valley All-Star Speakers

TESAR
Microsoft

MICKOS
HP

BHARGAVA
Intel

RILEY
Riverbed

DEVINE
IBM

ISAACSON
CodeFutures

LYNN
HP

HINKLE
Citrix

KHAN
Solgenia

SINGH
Bigdata

BEACH
SendGrid

BOSTOCK
IndependenceIT

DE SOUZA
Cisco

PATTATHIL
Harbinger

O'BRIEN
Aria Systems

BONIFAZI
Solgenia

BIANCO
Solgenia

PROCTOR
NuoDB

DUGGAL
EnterpriseWeb

TEGETHOFF
Appcore

BRUNOZZI
VMware

HICKENS
Parasoft

KLEBANOV
Cisco

PETERS
Esri

GOLDBERG
Vormetric

CUMBER-
LAND

Dimension

ROSENDAHL
Quantum

LOOMIS
Cloudant

BRUNO
StackIQ

HANNON
SoftLayer

JACKSON
SoftLayer

HOCH
Virtustream

KAPADIA
Seagate

PAQUIN
OnLive

TSAI
Innodisk

BARRALL
Connected Data

SHIAH
AgilePoint

SEGIL
Verizon

PODURI
Citrix

COWIE
Dyn

RITTEN-
HOUSE

Cisco

FALLOWS
Kaazing

THYKATTIL
TimeWarner

LEIDUCK
SAP

LYNN
HP

WAGSTAFF
BSQUARE

POLLACK
AOL

KAMARAJU
Vormetric

BARRY
Catbird

MENDEN-
HALL

SUPERNAP

SHAN
KEANE

PLESE
Verizon

BARNUM
Voxox

TURNER
Cloudian

CALDERON
Advanced Systems

AGARWAL
SOA Software

LEE
Quantum

OBEROI
Concurrent, Inc.

HATEM
Verizon

GALEY
Autodesk

CAUTHRON
NIMBOXX

BARSOUM
IBM

GORDON
1Plug

LEWIS
Verizon

YEO
OrionVM

NAKAGAWA
Transparent Cloud Computing

SHIBATA
Transparent Cloud Computing

NATH
GE

GOKCEN
GE

STOICA
Databricks

TANKEL
Pivotal Software


Testimonials
This week I had the pleasure of delivering the opening keynote at Cloud Expo New York. It was amazing to be back in the great city of New York with thousands of cloud enthusiasts eager to learn about the next step on their journey to embracing a cloud-first worldl."
@SteveMar_Msft
General Manager of Window Azure
 
How does Cloud Expo do it every year? Another INCREDIBLE show - our heads are spinning - so fun and informative."
@SOASoftwareInc
 
Thank you @ThingsExpo for such a great event. All of the people we met over the past three days makes us confident IoT has a bright future."
Yasser Khan
CEO of @Cnnct2me
 
One of the best conferences we have attended in a while. Great job, Cloud Expo team! Keep it going."

@Peak_Ten


Who Should Attend?
Senior Technologists including CIOs, CTOs & Vps of Technology, Chief Systems Engineers, IT Directors and Managers, Network and Storage Managers, Enterprise Architects, Communications and Networking Specialists, Directors of Infrastructure.

Business Executives including CEOs, CMOs, & CIOs , Presidents & SVPs, Directors of Business Development , Directors of IT Operations, Product and Purchasing Managers, IT Managers.

Download Cloud Expo Show Guide
Cloud Expo Show Guide
Download PDF

Join Us as a Media Partner - Together We Can Rock the IT World!
SYS-CON Media has a flourishing Media Partner program in which mutually beneficial promotion and benefits are arranged between our own leading Enterprise IT portals and events and those of our partners.

If you would like to participate, please provide us with details of your website/s and event/s or your organization and please include basic audience demographics as well as relevant metrics such as ave. page views per month.

To get involved, email Patricia Henderson at patricia@sys-con.com.

Digital Transformation Blogs
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Authorization of web applications developed in the cloud is a fundamental problem for security, yet companies often build solutions from scratch, which is error prone and impedes time to market. This talk shows developers how they can (instead) build on-top of community-owned projects and frameworks for better security.Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your ...