Skip to content

Latest commit

 

History

History
228 lines (127 loc) · 2.53 KB

qsc19-las-vegas-2.8-celestica-web-app-azure-devops.pdf.md

File metadata and controls

228 lines (127 loc) · 2.53 KB

Accelerating The Application Vulnerability Scanning Process with Qualys WAS and Azure DevOps 1

A Global Leader in Innovative End-to-End Product Lifecycle Solutions

· Focused on enabling the world's leading technology brands · Tailoring customer-centric solutions for the markets we serve · Operating a global network of sites with specialized Centers of Excellence

$6.6 billion in 2018 revenue 28,000 employees worldwide

38 locations in 14 countries Headquartered in North America Over 100 customers across multiple markets

2

The Markets We Serve

Advanced Technology Solutions

Aerospace & Defense

Smart Energy

Industrial

HealthTech

Capital Equipment

Connectivity & Cloud Solutions

Service Provider Solutions

Enterprise

3

Global Footprint Celestica locations across the globe

Portland, OR

Minneapolis, MN

Fremont, CA

Rochester, MN

Burlingame, CA

San Jose, CA

Santa Clara, CA

Silicon Valley, CA

Ontario, CA

Tucson, AZ

Mexicali, Mexico

Newmarket, ON Toronto, ON Mississauga, ON Boston, MA Alburtis, PA

Monterrey, Mexico

Galway, Ireland

Leixlip, Ireland

Salzburg, Austria

Oradea, Romania

Valencia, Spain

Songdo, S. Korea Asan, S. Korea Suzhou, China

Miyagi, Japan Tokyo, Japan Hino, Japan

Song Shan Lake, China

Shanghai, China Xiamen, China

Laem Chabang, Thailand

Hong Kong, China Savannakhet, Laos

Penang, Malaysia Johor Bahru, Malaysia

Kulim, Malaysia Singapore

· Central, Regional, Site and Cloud Data Centers · Globally Distributed Development Teams

· 100's of Applications

· 100's of Developers, 1000's of Engineers

4

The Challenge + 5

Before Qualys WAS

Dev Team

Dev Team

Dev Team

Prioritize Fix

Prioritize Fix

Prioritize Fix

Assess

Verify

Scan

Assess

Verify

Scan

Assess

Verify

Scan

Security Team

6

After Qualys WAS

Dev Team

Dev Team

Dev Team

Dev Team

Verify

Scan Verify

Scan Verify

Scan Verify

Scan

Fix

Assess Fix

Assess Fix

Assess Fix

Assess

Prioritize

Prioritize

Prioritize

Prioritize

Qualys WAS API

Overall Vulnerability Posture

Global Prioritization

Overall Visibility

Security Team 7

Speed up the process Triggers scan

Qualys WAS

Pulls findings

Azure DevOps Pipeline Remediated Items ready to build

Azure DevOps Boards / Work Items

Azure LogicApp Converts findings to work Items 8

Azure DevOps Pipeline 9

Azure DevOps Board 10

In Conclusion · 3x ­ 5x turn around time reduction on vulnerability fixes · Expanded coverage of application security program · Progress towards "continuous compliance" · Continuous training for software engineers · The journey continues... 11