Hi [[ session.user.profile.firstName ]]

Synopsys - Software Integrity Group Webcasts

  • Date
  • Rating
  • Views
  • Using Security Champions to Build a DevSecOps Culture Within Your Organization
    Using Security Champions to Build a DevSecOps Culture Within Your Organization Brendan Sheairs, Managing Consultant, Synopsys Software Integrity Group (SIG) Recorded: Sep 13 2018 42 mins
    The security industry has made great strides developing tools and technology to integrate software security into the application development life cycle. However, it’s important not to ignore the people and process aspects of DevSecOps. Building security into application teams’ culture is necessary for DevSecOps to be successful.

    Outside the software security group, Security Champions are the leaders of this cultural change. Embedding knowledgeable champions within development teams to assist with security activities and vulnerability remediation will help your organization see this cultural shift. As a result, you’ll build new features not only faster but also more securely. In this webinar, you’ll learn the foundations of a successful Security Champions program and the challenges you’ll face implementing such a program.
  • Open Source Supply Chains and Consumption Risk - Governance, Containers & Trust
    Open Source Supply Chains and Consumption Risk - Governance, Containers & Trust Tim Mackey, Technology Evangelist Recorded: Sep 4 2018 58 mins
    Organisations increasingly rely on open source software from their supply chain partners and outsourcers to power the products and technology they deliver to the marketplace.
    Whether you’re an automotive company or a medical device manufacturer, use of open source software accelerates development schedules, and reduces costs, but how do you minimise security risks?

    One way some DevOps organisations are facing this challenge is by deploying their applications in containers.

    In this webinar, Tim Mackey explores this new era of large scale container deployments and how to manage and secure them.

    Our webinar will arm you with the information to:
    •Explain the importance of open source security to your organisation
    •Why container environments present new application security challenges
    •Best practices and methodologies for deploying secure containers with trust
  • Enterprise Security at Scale With IAST
    Enterprise Security at Scale With IAST Asma Zubair, Sr. Product Manager, Synopsys and Tamir Shavro, Sr. Engineering Manager, Synopsys Recorded: Aug 28 2018 50 mins
    With all the different application security testing tools available, you may be wondering whether interactive application security testing (IAST) makes sense for you. If you want to equip your developers with everything they need to fix vulnerabilities quickly and accurately in CI/CD workflows, then the answer is yes.

    In this webinar, Asma Zubair, Sr. Product Manager for Seeker, our IAST solution and Tamir Shavro, Sr. Engineering Manager at Synopsys, will show you how to gain unparalleled visibility into the security posture of your web applications and how to identify vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). You’ll also learn how IAST can:

    - Be deployed in existing environments with ease
    - Give you real-time, accurate results
    - Integrate with software composition analysis
  • Security Champions: Only YOU Can Prevent File Forgery
    Security Champions: Only YOU Can Prevent File Forgery Marisa Fagan, Product Security Lead, Synopsys Recorded: Aug 22 2018 57 mins
    If you’re a developer, there will come a time when you realize that you have the power not only to ship awesome features but also to protect them so that no one else can tamper with all your hard work. Every developer is responsible for coding securely, but a brave few among us will take this duty one step further by wearing the mantle of a Security Champion.

    This webinar is your guide to becoming the Security Champion you always wanted to be, in just five easy steps. We’ll also talk about what benefits you’ll get out of it, besides saving the world, and what to do if your company doesn’t have a Security Champions program or even a product security program.
  • AppSec in Financial Services through the BSIMM Lens
    AppSec in Financial Services through the BSIMM Lens Nabil Hannan, Managing Principal, Synopsys Software Integrity Group (SIG) Recorded: Aug 14 2018 39 mins
    Do you ever wonder whether your software security program is the correct one for your organization? You spend time and money on processes, technology, and people. But how do you know whether the security efforts you’ve put in place even make sense? The Building Security In Maturity Model, or BSIMM, is a metrics-driven study of existing security initiatives at other organizations. BSIMM results help you assess the current state of your software security initiative and determine which areas need improvement.

    During the webinar, we’ll use a BSIMM broken down by the financial services industry to see what other companies are doing. We’ll also:

    · Use real data to help drive your software security initiative
    · Learn how organizations use the BSIMM to measure the maturity of their software security initiatives
    · Look at the aggregate data of the FSI vertical in the BSIMM
    · Discuss some of the most common activities that we observe with FSI companies and the drivers of those activities
  • DevSecOps: Security at the Speed of DevOps with Comcast
    DevSecOps: Security at the Speed of DevOps with Comcast Larry Maccherone, Sr. Director DevSecOps Transformation, Comcast Recorded: Aug 3 2018 50 mins
    Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.

    What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and advisors and stop thinking of themselves as gatekeepers.

    This webinar includes guidance on the characteristics of security tools compatible with DevOps, but it focuses primarily on the harder part: the people. This talk introduces the DevSecOps manifesto and provides you with a process model, based on agile transformation techniques, to accomplish the necessary mindset shift and achieve an effective DevSecOps culture transformation. It has been successfully used in a large DevSecOps transformation at Comcast and has gained recognition in DevSecOps circles as a leading framework.
  • Reviewing Spectre 6 Months Later
    Reviewing Spectre 6 Months Later Taylor Armerding, Senior Security Strategist for Synopsys Recorded: Jul 25 2018 30 mins
    It’s been more than six months since the major design flaw in computer chips labeled Spectre became public. And, as predicted, it is still haunting the world of information technology. The CPU (central processing unit) is, after all, the “brain” of any computer, phone, tablet, modern TV, or other “smart” device.
    Since then, we’ve all learned a bit about terms some of us had never heard before—“speculative execution,” anyone? We’ve also been told that you can’t just patch a chip the way you can patch bugs in software. But you can create work-arounds with software patches.
    In this webinar, Taylor Armerding, senior security strategist for Synopsys Software Integrity Group, will address some of the questions that “regular”—i.e., nontechnical—users may have about Spectre:
    - What is it?
    - How does it work?
    - Why does it work?
    - Why didn’t chip makers catch a flaw of this magnitude during the design phase?
    - Why is a tool called static analysis the best way to work around Spectre without causing intolerable performance slowdowns?
  • Trends in Security: How to Create a Scalable Threat-modeling Practice
    Trends in Security: How to Create a Scalable Threat-modeling Practice Chandu Ketkar, Principal Consultant, Synopsys Recorded: Jul 17 2018 45 mins
    For most organizations, performing threat-modeling is a difficult and an expensive undertaking. There are good reasons why this is the case. Threat modeling traditionally requires an experienced security architect with knowhow in architecture patterns, design patterns, a breadth of technologies, and above all deep security knowledge.

    Join this webinar and learn:

    - Consistency/Reliability: Use of patterns allows us to identify recurring problems/patterns and provide consistently the same solution. In security this means that identifying patterns during threat modeling will allow us to create consistent design, development, testing, and risk guidance.

    - Efficiency: Use of patterns allows us to automate some part of a problem while leaving the more complex concerns to be tackled by experts. This creates efficiencies.

    - Commonly understood taxonomy: Patterns create a common taxonomy for organizing knowledge, training users/practitioners, communicating with stakeholders (developers, testers, architects, security analysts, etc.)
  • How can static analysis help DevOps teams maintain velocity securely?
    How can static analysis help DevOps teams maintain velocity securely? Meera Rao, senior principal consultant and director of the secure development practice - Synopsys Software Recorded: Jul 17 2018 46 mins
    Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevOps process. Integrating SAST tools into DevOps processes is critical to building a sustainable program. And automating these tools is also an important part of adoption, as it drives efficiency, consistency, and early detection.

    If you have questions like these, and you’re concerned about integrating SAST tooling into your DevOps process, this session will offer actionable advice to automate security testing that supports DevOps velocity.

    But DevOps practitioners looking to integrate SAST tools into the DevOps pipeline often have questions:

    How do I manage false positives?
    How do I triage the results?
    What happens to new issues identified?
    How can I use a tool in my DevOps pipeline?
  • *AST in CI/CD - How to Make it Work
    *AST in CI/CD - How to Make it Work Ofer Maor, Director, Solutions Management at Synopsys Recorded: Jul 17 2018 58 mins
    SAST, IAST, DAST, MAST, *AST – There are plenty of technologies and ways to test your software, but how do we do that without slowing us down in a rapid development environment. In this session we will give practical advice on how to integrate software security testing into your CI/CD and your development process so it works. The session will review the pros and cons of each of the testing technologies, how to adapt it to rapid development, and how to make testing work as organizations are moving to A/B testing. Finally, this session will guide on how to manage the balance between risk and speed to build the right process, so that real threats will become blockers, but other issues will be handled in a parallel, slower cycle, without slowing down the main delivery.

Embed in website or blog