Lightbend, profile picture
Uploaded byLightbend
PDF, PPTX11,178 views

Developing Secure Scala Applications With Fortify For Scala

The document outlines a webinar discussing Fortify SCA, a static analysis tool for Scala development that helps identify issues before production. It highlights its compatibility with existing Scala compilers, supports multiple programming languages, and provides a detailed explanation of its operation, including translating, scanning, and viewing results. The tool requires a Fortify SCA license and a Lightbend subscription, with a preview version already available for select customers.

Software
Related topics:
Application Development

Embed presentation

Download as PDF, PPTX
WEBINAR
▪ ▪ ▪ ▪
● Catch problems during development… ● ...before they hit production Why static analysis?
● Established industry leader ● Strong support for Java / JVM ● Flexible cross-language technology Why Fortify SCA?
● Leverage the Scala team’s expertise Scala compiler development lives at Lightbend ● Leverage the existing Scala compiler Fortify SCA uses the real, actual Scala compiler ...to understand the real, actual Scala language Why Lightbend?
Can I use it? When can I use it?
● required: Fortify SCA license https://software.microfocus.com/en-us/software/sca/details ● required: Lightbend subscription https://www.lightbend.com/subscription includes support includes the entire Lightbend Enterprise Suite Who can use it?
● Scala 2.12 and 2.11 all language features ● Java 8 soon: 9 too ● Any build tool sbt, Maven, Gradle, plain scalac... ● Windows, MacOS, Linux Who can use it?
● Preview version already in use by select customers ● Available to all customers in a few weeks When can I use it? as of November 16, 2017
How it works
● Step 1: Translate ● Step 2: Scan ● Step 3: View results How it works details in demo
● Scala compiler plugin ● Runs very late in compilation just before bytecode is emitted similar to Scala.js, Scala Native How it works: Translation source code ... Fortify JVM bytecode
● Add the compiler plugin to your build ● Integrating translation with your existing build ensures fidelity same code, compiled with same compiler version, with same flags... How it works: Translation
credentials += ... resolvers += ... addCompilerPlugin(...) scalacOptions += ... How it works: Translation details in demo
● Same as any other language supported by Fortify SCA ● Scan locally or on CI server How it works: Scanning
● at command line or in GUI How it works: View results details in demo
● Java rulebase applies to Scala code as well ● Scala-specific knowledge includes Play, sys.process, tracking data flow through collections API Vulnerabilities
● Demo repo shows: ○ Command Injection ○ Cross-Site Scripting ○ Open Redirect ○ Server-Side Request Forgery Sample vulnerabilities
● sbt plugin ● coverage for more libraries and frameworks ● support Fortify on Demand ● …? Planned features
● let’s see it in action on a sample project https://github.com/lightbend/play-webgoat It’s demo time!
● required: Fortify SCA license https://software.microfocus.com/en-us/software/sca/details ● required: Lightbend subscription https://www.lightbend.com/subscription includes support includes the entire Lightbend Enterprise Suite To reiterate...
lightbend.com/fortify Next Steps Interested in the Fortify Scala Plugin?
Q&A
Developing Secure Scala Applications With Fortify For Scala

More Related Content

PPTX
Putting Kafka In Jail – Best Practices To Run Kafka On Kubernetes & DC/OS
byLightbend
 
PDF
Build Real-Time Streaming ETL Pipelines With Akka Streams, Alpakka And Apache...
byLightbend
 
PDF
Understanding Akka Streams, Back Pressure, and Asynchronous Architectures
byLightbend
 
PDF
Operationalizing Machine Learning: Serving ML Models
byLightbend
 
PPTX
Capture the Streams of Database Changes
byconfluent
 
PDF
Streaming Microservices With Akka Streams And Kafka Streams
byLightbend
 
PDF
Revitalizing Enterprise Integration with Reactive Streams
byLightbend
 
PDF
Akka Streams - From Zero to Kafka
byMark Harrison
 
Putting Kafka In Jail – Best Practices To Run Kafka On Kubernetes & DC/OS
byLightbend
 
Build Real-Time Streaming ETL Pipelines With Akka Streams, Alpakka And Apache...
byLightbend
 
Understanding Akka Streams, Back Pressure, and Asynchronous Architectures
byLightbend
 
Operationalizing Machine Learning: Serving ML Models
byLightbend
 
Capture the Streams of Database Changes
byconfluent
 
Streaming Microservices With Akka Streams And Kafka Streams
byLightbend
 
Revitalizing Enterprise Integration with Reactive Streams
byLightbend
 
Akka Streams - From Zero to Kafka
byMark Harrison
 

What's hot

PPTX
Apache Kafka 0.8 basic training - Verisign
byMichael Noll
 
PPTX
Lessons Learned From PayPal: Implementing Back-Pressure With Akka Streams And...
byLightbend
 
PPTX
Exactly-once Stream Processing with Kafka Streams
byGuozhang Wang
 
PDF
Error Resilient Design: Building Scalable & Fault-Tolerant Microservices with...
byHostedbyConfluent
 
PDF
Getting Started with Confluent Schema Registry
byconfluent
 
PDF
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
byconfluent
 
PDF
Building scalable rest service using Akka HTTP
bydatamantra
 
PPT
Introduction to Spark Streaming
byKnoldus Inc.
 
PDF
Exploring Reactive Integrations With Akka Streams, Alpakka And Apache Kafka
byLightbend
 
PDF
Building Stateful Microservices With Akka
byYaroslav Tkachenko
 
PDF
ksqlDB: A Stream-Relational Database System
byconfluent
 
PDF
Deep Dive Into Kafka Streams (and the Distributed Stream Processing Engine) (...
byconfluent
 
PDF
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
byHostedbyConfluent
 
PDF
A Journey through the JDKs (Java 9 to Java 11)
byMarkus Günther
 
PPTX
Akka 2.4 plus new commercial features in Typesafe Reactive Platform
byLegacy Typesafe (now Lightbend)
 
PDF
KSQL Intro
byconfluent
 
PPTX
Data Pipelines with Kafka Connect
byKaufman Ng
 
PDF
What's new in Confluent 3.2 and Apache Kafka 0.10.2
byconfluent
 
PDF
London Apache Kafka Meetup (Jan 2017)
byLandoop Ltd
 
PDF
A Tale of Two APIs: Using Spark Streaming In Production
byLightbend
 
Apache Kafka 0.8 basic training - Verisign
byMichael Noll
 
Lessons Learned From PayPal: Implementing Back-Pressure With Akka Streams And...
byLightbend
 
Exactly-once Stream Processing with Kafka Streams
byGuozhang Wang
 
Error Resilient Design: Building Scalable & Fault-Tolerant Microservices with...
byHostedbyConfluent
 
Getting Started with Confluent Schema Registry
byconfluent
 
Steps to Building a Streaming ETL Pipeline with Apache Kafka® and KSQL
byconfluent
 
Building scalable rest service using Akka HTTP
bydatamantra
 
Introduction to Spark Streaming
byKnoldus Inc.
 
Exploring Reactive Integrations With Akka Streams, Alpakka And Apache Kafka
byLightbend
 
Building Stateful Microservices With Akka
byYaroslav Tkachenko
 
ksqlDB: A Stream-Relational Database System
byconfluent
 
Deep Dive Into Kafka Streams (and the Distributed Stream Processing Engine) (...
byconfluent
 
What is the State of my Kafka Streams Application? Unleashing Metrics. | Neil...
byHostedbyConfluent
 
A Journey through the JDKs (Java 9 to Java 11)
byMarkus Günther
 
Akka 2.4 plus new commercial features in Typesafe Reactive Platform
byLegacy Typesafe (now Lightbend)
 
KSQL Intro
byconfluent
 
Data Pipelines with Kafka Connect
byKaufman Ng
 
What's new in Confluent 3.2 and Apache Kafka 0.10.2
byconfluent
 
London Apache Kafka Meetup (Jan 2017)
byLandoop Ltd
 
A Tale of Two APIs: Using Spark Streaming In Production
byLightbend
 

Similar to Developing Secure Scala Applications With Fortify For Scala

PDF
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
byLightbend
 
PPTX
Gradle
byReturn on Intelligence
 
PDF
GraalVM
byManfredi Giordano
 
PDF
Scala: a Cross-Platform Language
byGianluca Aguzzi
 
PPTX
How to integrate python into a scala stack
byFliptop
 
PDF
Polyglot Plugin Programming
byAtlassian
 
PPTX
Scala Introduction - Meetup Scaladores RJ
byRodrigo Lima
 
ODP
How to start using Scala
byNgoc Dao
 
PPTX
Scala and its Ecosystem
byPetr Hošek
 
PDF
Absorbing Scala Into Java Ecosystem
byEishay Smith
 
PDF
Top 10 programming languages for blockchain professionals
byBlockchain Council
 
Scala Security: Eliminate 200+ Code-Level Threats With Fortify SCA For Scala
byLightbend
 
Gradle
byReturn on Intelligence
 
GraalVM
byManfredi Giordano
 
Scala: a Cross-Platform Language
byGianluca Aguzzi
 
How to integrate python into a scala stack
byFliptop
 
Polyglot Plugin Programming
byAtlassian
 
Scala Introduction - Meetup Scaladores RJ
byRodrigo Lima
 
How to start using Scala
byNgoc Dao
 
Scala and its Ecosystem
byPetr Hošek
 
Absorbing Scala Into Java Ecosystem
byEishay Smith
 
Top 10 programming languages for blockchain professionals
byBlockchain Council
 

More from Lightbend

PDF
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
byLightbend
 
PDF
Microservices, Kubernetes, and Application Modernization Done Right
byLightbend
 
PDF
Running Kafka On Kubernetes With Strimzi For Real-Time Streaming Applications
byLightbend
 
PDF
IoT 'Megaservices' - High Throughput Microservices with Akka
byLightbend
 
PDF
Akka Anti-Patterns, Goodbye: Six Features of Akka 2.6
byLightbend
 
PDF
Akka at Enterprise Scale: Performance Tuning Distributed Applications
byLightbend
 
PDF
Putting the 'I' in IoT - Building Digital Twins with Akka Microservices
byLightbend
 
PDF
Akka and Kubernetes: A Symbiotic Love Story
byLightbend
 
PDF
How To Build, Integrate, and Deploy Real-Time Streaming Pipelines On Kubernetes
byLightbend
 
PDF
Detecting Real-Time Financial Fraud with Cloudflow on Kubernetes
byLightbend
 
PDF
Digital Transformation with Kubernetes, Containers, and Microservices
byLightbend
 
PDF
Full Stack Reactive In Practice
byLightbend
 
PDF
Cloudstate - Towards Stateful Serverless
byLightbend
 
PPTX
Lessons From HPE: From Batch To Streaming For 20 Billion Sensors With Lightbe...
byLightbend
 
PDF
Migrating From Java EE To Cloud-Native Reactive Systems
byLightbend
 
PDF
The Reactive Principles: Eight Tenets For Building Cloud Native Applications
byLightbend
 
PPTX
Scala 3 Is Coming: Martin Odersky Shares What To Know
byLightbend
 
PDF
Designing Events-First Microservices For A Cloud Native World
byLightbend
 
PDF
Digital Transformation from Monoliths to Microservices to Serverless and Beyond
byLightbend
 
PDF
How Akka Cluster Works: Actors Living in a Cluster
byLightbend
 
How to build streaming data pipelines with Akka Streams, Flink, and Spark usi...
byLightbend
 
Microservices, Kubernetes, and Application Modernization Done Right
byLightbend
 
Running Kafka On Kubernetes With Strimzi For Real-Time Streaming Applications
byLightbend
 
IoT 'Megaservices' - High Throughput Microservices with Akka
byLightbend
 
Akka Anti-Patterns, Goodbye: Six Features of Akka 2.6
byLightbend
 
Akka at Enterprise Scale: Performance Tuning Distributed Applications
byLightbend
 
Putting the 'I' in IoT - Building Digital Twins with Akka Microservices
byLightbend
 
Akka and Kubernetes: A Symbiotic Love Story
byLightbend
 
How To Build, Integrate, and Deploy Real-Time Streaming Pipelines On Kubernetes
byLightbend
 
Detecting Real-Time Financial Fraud with Cloudflow on Kubernetes
byLightbend
 
Digital Transformation with Kubernetes, Containers, and Microservices
byLightbend
 
Full Stack Reactive In Practice
byLightbend
 
Cloudstate - Towards Stateful Serverless
byLightbend
 
Lessons From HPE: From Batch To Streaming For 20 Billion Sensors With Lightbe...
byLightbend
 
Migrating From Java EE To Cloud-Native Reactive Systems
byLightbend
 
The Reactive Principles: Eight Tenets For Building Cloud Native Applications
byLightbend
 
Scala 3 Is Coming: Martin Odersky Shares What To Know
byLightbend
 
Designing Events-First Microservices For A Cloud Native World
byLightbend
 
Digital Transformation from Monoliths to Microservices to Serverless and Beyond
byLightbend
 
How Akka Cluster Works: Actors Living in a Cluster
byLightbend
 

Recently uploaded

PDF
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
PPTX
Integration: Why Is It So Difficult? Lessons from Vipps’ API Journey
byChristian Løverås
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
PDF
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
PPTX
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
PDF
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
PDF
DSD-INT 2025 Delft3D-GeoTool - an interface for long-term numerical modelling...
byDeltares
 
PDF
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
PDF
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
PDF
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
PDF
DSD-INT 2025 How mangroves and past land-use change are affecting compound fl...
byDeltares
 
PDF
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
PDF
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
PDF
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PDF
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
PDF
DSD-INT 2025 Understanding the Paraguay River Response to Hard Bottom Dredgin...
byDeltares
 
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
Integration: Why Is It So Difficult? Lessons from Vipps’ API Journey
byChristian Løverås
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
Zotero Software Demonstration. Biomedical Perspective
byDr Snehashis Singha
 
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
DSD-INT 2025 Delft3D-GeoTool - an interface for long-term numerical modelling...
byDeltares
 
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
DSD-INT 2025 How mangroves and past land-use change are affecting compound fl...
byDeltares
 
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
DSD-INT 2025 Understanding the Paraguay River Response to Hard Bottom Dredgin...
byDeltares
 

Developing Secure Scala Applications With Fortify For Scala

  • 1.
  • 6.
  • 7.
    ● Catch problemsduring development… ● ...before they hit production Why static analysis?
  • 8.
    ● Established industryleader ● Strong support for Java / JVM ● Flexible cross-language technology Why Fortify SCA?
  • 9.
    ● Leverage theScala team’s expertise Scala compiler development lives at Lightbend ● Leverage the existing Scala compiler Fortify SCA uses the real, actual Scala compiler ...to understand the real, actual Scala language Why Lightbend?
  • 10.
    Can I useit? When can I use it?
  • 11.
    ● required: FortifySCA license https://software.microfocus.com/en-us/software/sca/details ● required: Lightbend subscription https://www.lightbend.com/subscription includes support includes the entire Lightbend Enterprise Suite Who can use it?
  • 12.
    ● Scala 2.12and 2.11 all language features ● Java 8 soon: 9 too ● Any build tool sbt, Maven, Gradle, plain scalac... ● Windows, MacOS, Linux Who can use it?
  • 13.
    ● Preview versionalready in use by select customers ● Available to all customers in a few weeks When can I use it? as of November 16, 2017
  • 14.
  • 15.
    ● Step 1:Translate ● Step 2: Scan ● Step 3: View results How it works details in demo
  • 16.
    ● Scala compilerplugin ● Runs very late in compilation just before bytecode is emitted similar to Scala.js, Scala Native How it works: Translation source code ... Fortify JVM bytecode
  • 17.
    ● Add thecompiler plugin to your build ● Integrating translation with your existing build ensures fidelity same code, compiled with same compiler version, with same flags... How it works: Translation
  • 18.
    credentials += ... resolvers+= ... addCompilerPlugin(...) scalacOptions += ... How it works: Translation details in demo
  • 19.
    ● Same asany other language supported by Fortify SCA ● Scan locally or on CI server How it works: Scanning
  • 20.
    ● at commandline or in GUI How it works: View results details in demo
  • 21.
    ● Java rulebaseapplies to Scala code as well ● Scala-specific knowledge includes Play, sys.process, tracking data flow through collections API Vulnerabilities
  • 22.
    ● Demo reposhows: ○ Command Injection ○ Cross-Site Scripting ○ Open Redirect ○ Server-Side Request Forgery Sample vulnerabilities
  • 23.
    ● sbt plugin ●coverage for more libraries and frameworks ● support Fortify on Demand ● …? Planned features
  • 24.
    ● let’s seeit in action on a sample project https://github.com/lightbend/play-webgoat It’s demo time!
  • 25.
    ● required: FortifySCA license https://software.microfocus.com/en-us/software/sca/details ● required: Lightbend subscription https://www.lightbend.com/subscription includes support includes the entire Lightbend Enterprise Suite To reiterate...
  • 26.
  • 27.