Hi [[ session.user.profile.firstName ]]

Synopsys - Software Integrity Group Webcasts

  • Date
  • Rating
  • Views
  • BSIMM9: Here’s What’s New!
    BSIMM9: Here’s What’s New!
    Mike Ware, Managing Principal, Synopsys Recorded: Oct 25 2018 47 mins
    In early October, we released the latest version of the BSIMM report, BSIMM9. While many things about the report haven’t changed much, it’s the new things that make it really exciting. Mike Ware will give a quick recap of the BSIMM and how organizations can use it before diving into the changes observed in BSIMM9, including these:
    - The incorporation of three new cloud-related activities and what that says about AppSec
    - The addition of retail as a stand-alone vertical
    - The growth in the number of security and developer resources
  • Securing Enterprise-Level Cloud Deployments
    Securing Enterprise-Level Cloud Deployments
    Kinnaird McQuade, Senior Consultant, Synopsys Software Integrity Group Recorded: Oct 23 2018 54 mins
    When you’re operating in a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases—significantly affecting all aspects of IT security. Security must keep up with these demands without compromising on auditability, least privilege, and secure development practices while receiving the benefits of automation. In cloud environments, security must be built in with configuration management and infrastructure as code. This talk aims to piece all of it together while providing practical guidance (and examples) that will help your organization operate safely in this age of cloud computing.

    Topics will include:
    - Building security in with infrastructure as code
    - Pipeline-friendly OS hardening
    - Vulnerability scanning considerations for building cloud applications
    - Migrating to the cloud with rapid deployments in mind
  • Static Analysis Helps DevOps Teams Maintain Velocity Securely
    Static Analysis Helps DevOps Teams Maintain Velocity Securely
    Meera Rao, Senior Principal Consultant, Synopsys Recorded: Oct 11 2018 61 mins
    Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevOps process. Integrating SAST tools into DevOps processes is critical to building a sustainable program. And automating these tools is also an important part of adoption, as it drives efficiency, consistency, and early detection.

    But DevOps practitioners looking to integrate SAST tools into the DevOps pipeline often have questions:

    - How do I manage false positives?
    - How do I triage the results?
    - What happens to new issues identified?
    - How can I use a tool in my DevOps pipeline?

    If you have questions like these, and you’re concerned about integrating SAST tooling into your DevOps process, this session will offer actionable advice to automate security testing that supports DevOps velocity.
  • The Future of Application Security: Enable DevSecOps with IAST
    The Future of Application Security: Enable DevSecOps with IAST
    Amy DeMartine, Forrester Principal Analyst and Ofer Maor, Director, Solutions Management at Synopsys Recorded: Oct 4 2018 57 mins
    IAST, or Interactive Application Security Testing, is an emerging technology that is transforming the way organizations secure their web apps at the speed of DevOps. IAST automatically and continuously scans apps during QA testing to detect security vulnerabilities earlier in the SDLC than traditional DAST or pen testing solutions—when it’s easier, faster, and cheaper to fix them. Using a combination of static and dynamic testing techniques, IAST produces highly accurate and actionable results that can be interpreted directly by the developers responsible for fixing the code.

    Join guest speaker and Forrester Principal Analyst, Amy DeMartine and Ofer Maor, Director of Solutions Management at Synopsys, as they unpack the promise of IAST from the perspective of an analyst and a technology provider. Learn about the unique benefits and use cases for IAST, as well as the technology’s limitations and which types of organizations stand to gain the most from it.
  • Container Security – What you need to know!
    Container Security – What you need to know!
    Olli Jarva, Managing Consultant, Synopsys Recorded: Oct 4 2018 45 mins
    Containers are revolutionizing application packaging and distribution. They’re lightweight and easy to build, deploy, and manage. But what about security? Your containers include more than the applications your team builds. They also bundle all the third-party software and open source components those apps depend on. In our webinar “Container Security – What you need to know!”, Olli Jarva, Managing Consultant & Security Architect, outline how you can prevent vulnerable code hiding in your containers from compromising your applications and sensitive data and how you can take control in the event when a new vulnerability breaks out for open source component present in your containers.
  • Using Security Champions to Build a DevSecOps Culture Within Your Organization
    Using Security Champions to Build a DevSecOps Culture Within Your Organization
    Brendan Sheairs, Managing Consultant, Synopsys Software Integrity Group (SIG) Recorded: Sep 13 2018 42 mins
    The security industry has made great strides developing tools and technology to integrate software security into the application development life cycle. However, it’s important not to ignore the people and process aspects of DevSecOps. Building security into application teams’ culture is necessary for DevSecOps to be successful.

    Outside the software security group, Security Champions are the leaders of this cultural change. Embedding knowledgeable champions within development teams to assist with security activities and vulnerability remediation will help your organization see this cultural shift. As a result, you’ll build new features not only faster but also more securely. In this webinar, you’ll learn the foundations of a successful Security Champions program and the challenges you’ll face implementing such a program.
  • Open Source Supply Chains and Consumption Risk - Governance, Containers & Trust
    Open Source Supply Chains and Consumption Risk - Governance, Containers & Trust
    Tim Mackey, Technology Evangelist Recorded: Sep 4 2018 58 mins
    Organisations increasingly rely on open source software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace.
    Whether you’re an automotive company or a medical device manufacturer, use of open source software accelerates development schedules, and reduces costs, but how do you minimise security risks?

    One way some DevOps organisations are facing this challenge is by deploying their applications in containers.

    In this webinar, Tim Mackey explores this new era of large scale container deployments and how to manage and secure them.

    Our webinar will arm you with the information to:
    •Explain the importance of open source security to your organisation
    •Why container environments present new application security challenges
    •Best practices and methodologies for deploying secure containers with trust
  • Enterprise Security at Scale With IAST
    Enterprise Security at Scale With IAST
    Asma Zubair, Sr. Product Manager, Synopsys and Tamir Shavro, Sr. Engineering Manager, Synopsys Recorded: Aug 28 2018 50 mins
    With all the different application security testing tools available, you may be wondering whether interactive application security testing (IAST) makes sense for you. If you want to equip your developers with everything they need to fix vulnerabilities quickly and accurately in CI/CD workflows, then the answer is yes.

    In this webinar, Asma Zubair, Sr. Product Manager for Seeker, our IAST solution and Tamir Shavro, Sr. Engineering Manager at Synopsys, will show you how to gain unparalleled visibility into the security posture of your web applications and how to identify vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). You’ll also learn how IAST can:

    - Be deployed in existing environments with ease
    - Give you real-time, accurate results
    - Integrate with software composition analysis
  • Security Champions: Only YOU Can Prevent File Forgery
    Security Champions: Only YOU Can Prevent File Forgery
    Marisa Fagan, Product Security Lead, Synopsys Recorded: Aug 22 2018 57 mins
    If you’re a developer, there will come a time when you realize that you have the power not only to ship awesome features but also to protect them so that no one else can tamper with all your hard work. Every developer is responsible for coding securely, but a brave few among us will take this duty one step further by wearing the mantle of a Security Champion.

    This webinar is your guide to becoming the Security Champion you always wanted to be, in just five easy steps. We’ll also talk about what benefits you’ll get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a product security program.
  • AppSec in Financial Services through the BSIMM Lens
    AppSec in Financial Services through the BSIMM Lens
    Nabil Hannan, Managing Principal, Synopsys Software Integrity Group (SIG) Recorded: Aug 14 2018 39 mins
    Do you ever wonder whether your software security program is the correct one for your organization? You spend time and money on processes, technology, and people. But how do you know whether the security efforts you’ve put in place even make sense? The Building Security In Maturity Model, or BSIMM, is a metrics-driven study of existing security initiatives at other organizations. BSIMM results help you assess the current state of your software security initiative and determine which areas need improvement.

    During the webinar, we’ll use a BSIMM broken down by the financial services industry to see what other companies are doing. We’ll also:

    · Use real data to help drive your software security initiative
    · Learn how organizations use the BSIMM to measure the maturity of their software security initiatives
    · Look at the aggregate data of the FSI vertical in the BSIMM
    · Discuss some of the most common activities that we observe with FSI companies and the drivers of those activities

Embed in website or blog