Hi [[ session.user.profile.firstName ]]

Veracode

  • Date
  • Rating
  • Views
  • Reduce False Positives Through Data Flow Analysis
    Reduce False Positives Through Data Flow Analysis Jacob Martel, CA Veracode Solutions Architect Recorded: Apr 11 2018 12 mins
    Why are false positives a costly headache for enterprises when testing for security flaws? The short answer is that they cause development teams to spend time - expensive time that they cannot afford to waste- trying to sort out which flaws they need to fix. False positives may create the image of a security flaw within an automated testing solution, but in actuality, it may not be. Therefore, the time spent trying to sort out the real flaws affects overall developer productivity – and more importantly your time to market.

    Watch this 20-minute webinar to learn how you can reduce false positives within your application security testing environment. Learn how the following considerations must be analyzed and assessed in order to save your development team’s time and productivity:
    •Flaws that have already been mitigated by the application design or the operating environment
    •Applications that already utilize custom validation routines, intrusion detection processes or restricted file access that mitigate the risk of a flaw
    •Initial findings through automated tests that incorrectly default to flaw status
  • How to Make Application Security a Competitive Advantage
    How to Make Application Security a Competitive Advantage RJ Gazarek, CA Veracode Product Marketing and Asha May, CA Veracode Customer Engagement Recorded: Mar 28 2018 36 mins
    Awareness among IT organizations of application security continues to increase, as decision makers want assurance that the software they procure is secure. Very few IT leaders want their third-party applications to be the source of a cyberattack. In a recently published IDG study, 84% of surveyed IT Leaders agree that their companies are concerned about the potential data security risk posed by third-party applications. How can companies provide customers the assurance that they will protect their critical data and not risk exposure to a potential cyberattack?

    Join product and services experts from CA Veracode as they share insights from the IDG Survey and discuss the security concerns companies face when procuring software. They will also discuss Veracode’s latest approach in providing third party software assurance so that enterprises get peace of mind that their software supply chain remains secure.

    Learn how Veracode works with software providers to:
    •Meet the demands of customers looking for proof that your software is secure
    •Provide a path to maturing their AppSec program
    •Help defend their AppSec budget by showing the value and adoption it brings
    •Make their secure software a competitive advantage in a tightening market
  • Dynamic Scanning with CA Veracode
    Dynamic Scanning with CA Veracode Patrick Hayes, CA Veracode Solution Architect Recorded: Mar 21 2018 19 mins
    Test any web application with as little as a URL!

    Join this 20-minute webinar to see how Veracode can help you unlock the capabilities of DynamicDS and DynamicMP. With these deeper scanning abilities, your organization can identify and remediate application vulnerabilities and comply with several compliance standards, such as PCI and other financial industry regulations. See firsthand how Veracode’s dynamic scanning capabilities enable teams to:

    •Secure individual web apps during SDLC or while in production
    •Automate the overall dynamic scanning process to become an easy-to-use self-service offering
    •Improve quality through vulnerability verification and login configuration assistance
  • OWASP Top 10 2017: What You Need to Know
    OWASP Top 10 2017: What You Need to Know Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research, Veracode Recorded: Mar 14 2018 62 mins
    For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community.

    During this webinar, Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research at Veracode will explain more about the three new risks in the 2017 top 10, what else has changed since 2013, and provide resources to adopt best practices for preventing these risks.
  • Better Together: Static Analysis and Software Composition Analysis with Veracode
    Better Together: Static Analysis and Software Composition Analysis with Veracode Christian Dalomba, CA Veracode Solution Architect Recorded: Mar 7 2018 16 mins
    Open source components are a blessing and a curse. They help accelerate your application development at no cost- but put your organization at risk of getting breached and failing compliance audits. On average, 44% of applications contain critical vulnerabilities in open source components, so knowing which ones you are using is necessary to defend your organization against major vulnerabilities.

    Join this 20-minute webinar to see how Veracode Software Composition Analysis (SCA) works within the Veracode Platform to help you build an inventory of your open source components to identify vulnerabilities, covering open source and commercial code. Both solutions together can analyze both proprietary and open source code in a single scan, providing you visibility across your entire application landscape.
  • Panel: How Your Company Can Move From Understanding DevSecOps to Implementing It
    Panel: How Your Company Can Move From Understanding DevSecOps to Implementing It TBD Recorded: Feb 28 2018 49 mins
    All our preceding sessions have described the key elements of a shift to DevSecOps. Now get practical tips, best practices and next steps on migrating to DevSecOps from our panel of experts. During this session, we will continue the conversation in an open discussion format and break for audience Q&A.

    Bring your questions and get ready to contribute your thoughts and ideas during this “ask the experts” session.
  • If Developers Own Security Testing in DevOps - What is Security's Role?
    If Developers Own Security Testing in DevOps - What is Security's Role? Chris Wysopal, CTO at CA Veracode Recorded: Feb 28 2018 42 mins
    Application security is “shifting left.” As the responsibility for ensuring the stability and security of software shifts to developers, what does this mean for security professionals? What does their job look like if developers are responsible for security testing?

    Learn:
    •What the security professional’s role and responsibilities look like in a DevSecOps shop
    •The DevSecOps cultural changes that will affect security
    •The attributes that security tools will need in this new landscape
    •Best practices for security professionals looking to not only survive, but thrive, in a DevSecOps world
  • AppSec Policies in a DevOps World
    AppSec Policies in a DevOps World Pejman Pourmousa, VP of Program Management at CA Veracode Recorded: Feb 28 2018 38 mins
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • Integrating AppSec into Developer Tools and Processes
    Integrating AppSec into Developer Tools and Processes Tim Jarrett, Senior Director of Enterprise Security Strategy at CA Veracode Recorded: Feb 28 2018 47 mins
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • The importance of Developer Training
    The importance of Developer Training Maria Loughlin, Senior VP of Engineering at CA Veracode Recorded: Feb 28 2018 46 mins
    Most developers have little to no formal security training, in fact - less than one in four were required to take a single college course on security. But Veracode scan data shows that developer training can have a significant impact on code quality, with eLearning leading to a 19% improvement in fix rates and Remediation Coaching improving fix rates by 88%. In this session you’ll get actionable advice from our own VP of Engineering on how to boost your own developers’ secure coding skills.

    Key Takeaways:
    •Leadership plays a big role, align development goals with security to seed the change.
    •How to get Security and Development teams on the same page and make security review a foundational part of code review.
    •Tips for how to encourage your team to get continuous security education outside the office.

Embed in website or blog