Hi [[ session.user.profile.firstName ]]


  • Date
  • Rating
  • Views
  • How to Easily Integrate Security into your Development Process
    How to Easily Integrate Security into your Development Process Marina Kvitnitsky (Senior Product Manager, CA Veracode) & Val Zolyak (Director, Product Management, CA Agile Central) Recorded: Sep 20 2018 29 mins
    Software development deadlines are getting shorter, business requirements are getting more complex, and cybersecurity threats are becoming more real. CA Veracode is responding to this need for rapid development of secure applications by integrating security solutions directly into application development workflows. Specifically, we make our security scanning solutions available from within customer-selected, industry-leading software development tools, such as CA Agile Central. In this webinar, we will discuss why integrating security into your development pipeline is a necessity in todays ever-changing threat landscape and how different stakeholders can benefit from automating security checks. Finally, we will demonstrate the functionality of the integration between CA Agile Central and CA Veracode and outline how easy it is to implement this integration.
  • Container Security for the Impatient
    Container Security for the Impatient Colin Domoney, Senior Principal Transformation Consultant @ CA Technologies Recorded: Sep 11 2018 44 mins
    We are truly in the 'age of containers' as developers continue the rapid adoption of containers and their associated orchestration tooling to improve delivery times of working software. This change in development methodology presents challenges to the AppSec team who have to understand this new paradigm.

    Join Colin Domoney, Senior Principal Transformation Consultant @ CA Technologies, for this live webinar where he will provide an introduction into generic container toolchains, guidance on how to leverage and embed your existing security tooling investment into a container centric environment. As well as how to select and evaluate container specific tooling.

    Practical advice will be given on how to employ the CIS Benchmark and how to ensure general best practices are applied in securing and hardening the container environments. The participant should come away with a working knowledge of how containers are used, built and deployed; and practical ideas on how to improve their container security posture.
  • Picking the Right Assessment Types for your Application Security Program
    Picking the Right Assessment Types for your Application Security Program Chris Kirsch, Director, Product Marketing at CA Veracode Recorded: Aug 22 2018 36 mins
    Most companies start their application security program with a manual penetration test of their most business-critical applications. While this type of assessment covers a lot of ground, it’s not as scalable and repeatable as automated scanning technologies. As your program matures, you’ll have to branch out into more automated technologies.

    This talk will review the merits of static analysis, dynamic analysis, software composition analysis, and penetration testing, indicating which technologies make sense in your specific situation as you mature your application security program.
  • The Deathly Hallows of Application Security - Flaws, Vulnerabilities & Exploits
    The Deathly Hallows of Application Security - Flaws, Vulnerabilities & Exploits Paul Farrington - Director of Solutions Architects @ CA Veracode Recorded: Aug 21 2018 39 mins
    To understand the severity of a flaw you need to understand the extent to which it can be exploited. With software becoming more and more complex so does the difficulty of securing it.

    Join Paul Farrington, Director of Solutions Architect @ CA Veracode for this live webinar, where he will explore the distinctions between various security flaws and how you can combat them.

    You will leave the session understanding how to identify and address risk factors, how attackers exploit vulnerabilities & the extent to which organisations rely on AppSec technology to secure the SDLC.
  • How the OWASP Top 10 can Secure your DevSecOps Initiative
    How the OWASP Top 10 can Secure your DevSecOps Initiative Katy Anton, Principal Application Security Consultant @ Veracode & OWASP Bristol Chapter Leader Recorded: Aug 9 2018 43 mins
    This session will be led by Katy Anton - Senior Application Security Consultant @ Veracode, OWASP Bristol Chapter Leader & Project Co-Leader for OWASP Proactive Controls Project. Katy will take the audience through the ins and outs of the OWASP Top 10.

    As software becomes increasingly complex, the difficulty of achieving application security increases. With the rapid pace of modern software development processes, securing the software from the beginning can be challenging.

    -How can developers write more secure applications?
    -What are the security techniques they could use while writing their software?

    These are hard questions, as evidenced by the increased cyber breaches. This session will explore the OWASP Top 10 (2017) and will identify the security controls that can prevent these vulnerabilities in which developers can use in the software development lifecycle. By the end of the webinar, you will have an arsenal of security controls that you can start using and apply them while writing your software applications.

    Register to this session to find out how the OWASP Top 10 can secure your DevSecOps Initiative!
  • The Front Lines: How One Company Systematically Mitigates Their Open Source Risk
    The Front Lines: How One Company Systematically Mitigates Their Open Source Risk Mark Curphey, VP of Strategy, CA Veracode Recorded: Aug 1 2018 47 mins
    It’s one thing to simply talk about the pervasiveness of open source risk. What do you do when your leadership team wants you to actually take action? Where do you start? How do you even begin to inventory the seemingly insurmountable amount of open source libraries deployed across your entire application infrastructure? It takes a systematic approach to identifying vulnerable open source libraries – a system that requires multiple stakeholders across various functional groups including security, development, and sometimes your legal and vendor management teams.

    Join Mark Curphy, VP of Strategy at CA Veracode, as he interviews a customer to discuss how they were successful in implementing a scalable security program to effectively tackle the problem of open source risk. You’ll get real insights from an industry practitioner about how to recognize harmful third party libraries, establish an open source software security policy, and communicate security requirements to the team at large.
  • Illustrating the Systemic Risk Caused by Open Source Library Use
    Illustrating the Systemic Risk Caused by Open Source Library Use Tim Jarrett, Senior Director of Enterprise Security Strategy, CA Veracode Recorded: Aug 1 2018 48 mins
    How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components.

    Attend this session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.
  • Why Is Open Source Use Risky?
    Why Is Open Source Use Risky? Adrian Lane, Analysis, Securosis Recorded: Aug 1 2018 43 mins
    When software development moves at the speed of DevOps, creating every line of code from scratch is simply not feasible. In turn, most development shops are increasingly relying on open source libraries to supplement their code.

    The use of these open source libraries is not in itself a bad thing, on the contrary, it’s best practice, and not taking advantage of this code would put your organization at a competitive disadvantage. The risky part lies with the visibility. What happens when it’s revealed that an open source library contains a major vulnerability? Would you know if you are using that library? What about where or how you are using it? Could you find out fast enough to patch it? Attend this session to get up to speed on open source library use, including its risks and best practices.
  • Shifting Left…AND Right to ensure full application security coverage
    Shifting Left…AND Right to ensure full application security coverage Bhavna Sarathy, Principal Product Manager & Bipin Mistry Recorded: Jul 31 2018 33 mins
    Web Applications continue to be one of the primary attack vectors that lead to breaches at organizations all over the world. As more and more organizations adopt DevOps and CI/CD workflows, there has been an added push to shift security testing to earlier stages in the software development lifecycle. Finding flaws earlier can save precious time as release cycles become faster, however, what happens once an application is running? With the ever-changing threat landscape that organizations function in today, even an application that was developed as securely as possible can become vulnerable over time as attackers uncover new ways to exploit weaknesses. Organizations who do not continue to test their running web applications risk missing exploitable vulnerabilities that could lead to a breach. In this webinar, we will discuss the importance of performing Dynamic Application Security Testing (DAST) on web applications during your testing and QA phases to catch exploitable vulnerabilities before you release that static testing alone cannot find. We will also discuss how establishing a recurring schedule of DAST scans on your running web applications can help your organization discover new vulnerabilities and help you reduce your risk of a breach.
  • Anticipa la seguridad de las aplicaciones con el análisis estático CA Veracode
    Anticipa la seguridad de las aplicaciones con el análisis estático CA Veracode Antonio Reche - Snr. Principal Consultant Solutions Architect @ Veracode Recorded: Jul 26 2018 46 mins
    Le invitamos a que nos acompañe a conocer cómo CA Veracode puede ayudarle de manera efectiva en el ciclo de vida del desarrollo de software. En esta sesión Antonio Reche - arquitecto consultor en soluciones en Veracode- le mostrará como formar de manera rápida a los desarrolladores para que identifiquen y corrijan defectos de código relacionados con la seguridad sin necesidad de gestionar alguna herramienta.

    La tecnología de análisis estático patentada por Veracode examina los principales frameworks y lenguajes sin necesidad del código fuente; por lo que puede evaluar el código que escribe, compra o descarga así como medir el progreso desde una única plataforma SaaS.

    Después de esta sesión usted conocerá las mejore prácticas para:

    • Integración del análisis estático en su proceso de desarrollo
    • Cumplir con las políticas de seguridad internas y externas
    • Crear políticas para su programa de seguridad de aplicaciones
    • Evaluar código contra política antes del check-in
    • Análisis de resultados y generación de informes (visor de fallos de seguridad)
    • Definición de roles de usuario y vistas de equipo dentro de la plataforma

Embed in website or blog