Hi [[ session.user.profile.firstName ]]
Sort by:
    • Application Security Testing for an Agile & DevOps World
      Application Security Testing for an Agile & DevOps World Omer Winker, Principal, Products at Contrast Security Recorded: Jun 7 2018 4:00 pm UTC 44 mins
    • Security teams have a hard time keeping pace with software development in Agile / DevOps environments, and the result of rapidly rolling out software is increased risk. With the majority of cybersecurity attacks focused on applications, automatically detecting vulnerabilities and protecting your applications from attack is critical to your business.

      It’s easy to get tangled into the numerous approaches and technologies in application security testing, let alone selecting one that’s right for Agile and DevOps. As a result, it becomes challenging to even start developing an application security testing strategy for your business.

      In this presentation, you will learn:

      - SAST, DAST And IAST approaches used in Application Security Testing
      - Strengths and weaknesses of each approach
      - Best practices in securing your software code
      - How to start developing a winning application security testing strategy

      Remember, applications are the primary target for cyber criminals, so don’t let your most prized customer and corporate assets be exposed to potential attacks!

      Read more >
    • Application Security at the Speed of DevOps
      Application Security at the Speed of DevOps James Rabon - Product Manager, Fortify Software Security Center and Tools Recorded: Oct 24 2017 6:00 pm UTC 60 mins
    • Faster time-to-market and business value driven application functionality are the biggest drivers for DevOps. With DevOps, more frequent releases require shorter development and test cycles creating a higher risk of breaches exploiting the application layer. The last couple of years have shown business value can take a significant hit with security breaches. Building security features at the speed of DevOps, and reducing risk with the right security architecture, processes, and collaboration is key to staying in business. This is the genesis of DevSecOps.

      In this Webinar, Derek Brink from Aberdeen Research describes how the shift towards rapid application delivery methods creates new opportunities for improving application security and reducing risk. MicroFocus’ James Rabon (Product Manager, Fortify Software Security Center and Tools) and Paladion's Vinod Vasudevan (Co-founder and CTO) discuss how MicroFocus and Paladion are helping customers integrate security and compliance into DevOps processes.

      Key Takeaways from the Webinar:

      - Trends in application delivery: from waterfall, to Agile and DevOps
      - How characteristics of Agile, DevOps provide a high-level blueprint for what application security in that environment should look like
      - Capabilities you should be looking for to improve application security at the speed of DevOps
      - How to adopt non-disruptive and continuous application security processes
      - Bringing in around-the-clock security monitoring for cloud assets

      Read more >
    • Targeted Defense: The Future of Defending Applications in Production
      Targeted Defense: The Future of Defending Applications in Production Mahesh Babu, General manager, Runtime Protection, at Contrast Security Recorded: Jul 25 2018 5:00 pm UTC 70 mins
    • Raise your hand if this is you:

      - Our development teams have a massive security backlog and can’t fix everything in code
      - We need to protect legacy applications with no build pipeline or no dev team support them
      - Struts 2 made us realize we need better production controls and faster zero-day response
      - Our SOC has alert fatigue and has no visibility or context regarding production applications
      - RASP is interesting technology – we are curious to see how we would use it

      At Contrast Security, we have been hearing this from our customers and have been hard at work to solve these problems. We are proud to announce the release of the Contrast Targeted Defense Platform, the next generation of runtime protection.

      Join Mahesh Babu (General Manager, Runtime Protection) to learn more about Contrast’s new Targeted Defense Platform and its new capabilities that include, but are not limited to:

      - Intelligent, multi-technique detection
      - Advanced attack response that goes beyond monitoring and blocking
      - Language agnostic protection
      - Simple deployment

      Read more >
    • Making Continuous Security in Applications a Reality
      Making Continuous Security in Applications a Reality Aaron Weaver - Application Security Architect, OWASP and DefectDojo Recorded: Sep 25 2018 3:00 pm UTC 44 mins
    • You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real-world companies to do real security work. Beyond a stand-alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started.

      The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of Aaron Weaver - If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.

      Read more >
    • Application Security: What to Know for 2018
      Application Security: What to Know for 2018 Mike Pittenger, Security Strategist Recorded: Mar 27 2018 3:00 pm UTC 55 mins
    • Application security is quickly becoming a "must have" for security teams. High profile breaches, including Equifax and a multitude of ransomware attacks, have the attention of senior management of company Boards. Knowing where to start can be difficult.

      Not every company has the same needs or organizational maturity to manage a full-blown application security program. This webinar will cover some of the tools and exercises deployed by application security teams to build security into their processes, including:

      - Tools and security tips for each phase of the development lifecycle
      - Which tools to use for different types of code
      - In-house and 3rd party options for starting an application security program

      Read more >
    • Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern
      Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern Matt Runkle, Application Security Consultant, CA Veracode Recorded: Jul 25 2018 6:00 pm UTC 49 mins
    • It’s no secret that open source security is a hotly debated topic. However it’s important to keep in mind that commercially licensed third-party software carries much of the same risk as open source software. While helping a customer attain a Verified certification, one of CA Veracode’s application security consultants uncovered a cross-site scripting flaw in the popular Telerik Reporting project. The flaw has since been patched but it’s these types of unknown risks that organizations take when introducing third party code into their environment.

      During this talk, you’ll hear from Matt Runkle, the AppSec Consultant who uncovered the XSS flaw, to get insight into the mind of a hacker and hear how vulnerabilities like XSS are commonly exploited in third party software and how you can take action to prevent attacks like this in your own environment.

      Read more >
    • The Future of Application Security: Enable DevSecOps with IAST
      The Future of Application Security: Enable DevSecOps with IAST Amy DeMartine, Forrester Principal Analyst and Ofer Maor, Director, Solutions Management at Synopsys Recorded: Oct 4 2018 5:00 pm UTC 57 mins
    • IAST, or Interactive Application Security Testing, is an emerging technology that is transforming the way organizations secure their web apps at the speed of DevOps. IAST automatically and continuously scans apps during QA testing to detect security vulnerabilities earlier in the SDLC than traditional DAST or pen testing solutions—when it’s easier, faster, and cheaper to fix them. Using a combination of static and dynamic testing techniques, IAST produces highly accurate and actionable results that can be interpreted directly by the developers responsible for fixing the code.

      Join guest speaker and Forrester Principal Analyst, Amy DeMartine and Ofer Maor, Director of Solutions Management at Synopsys, as they unpack the promise of IAST from the perspective of an analyst and a technology provider. Learn about the unique benefits and use cases for IAST, as well as the technology’s limitations and which types of organizations stand to gain the most from it.

      Read more >
    • AppSec in Financial Services through the BSIMM Lens
      AppSec in Financial Services through the BSIMM Lens Nabil Hannan, Managing Principal, Synopsys Software Integrity Group (SIG) Recorded: Aug 14 2018 8:00 pm UTC 39 mins
    • Do you ever wonder whether your software security program is the correct one for your organization? You spend time and money on processes, technology, and people. But how do you know whether the security efforts you’ve put in place even make sense? The Building Security In Maturity Model, or BSIMM, is a metrics-driven study of existing security initiatives at other organizations. BSIMM results help you assess the current state of your software security initiative and determine which areas need improvement.

      During the webinar, we’ll use a BSIMM broken down by the financial services industry to see what other companies are doing. We’ll also:

      · Use real data to help drive your software security initiative
      · Learn how organizations use the BSIMM to measure the maturity of their software security initiatives
      · Look at the aggregate data of the FSI vertical in the BSIMM
      · Discuss some of the most common activities that we observe with FSI companies and the drivers of those activities

      Read more >
    • Scared of data security in SaaS applications? Don’t worry, we have your back
      Scared of data security in SaaS applications? Don’t worry, we have your back Akhilesh Dhawan, Dir. Product Marketing, Networking/Security; Praveen Raghuraman, Dir. Product Management, Networking, Citrix Upcoming: Oct 23 2018 5:00 pm UTC 39 mins
    • Most organizations have some data stored in SaaS applications or are thinking of moving to SaaS. Some of this migration to SaaS is controlled by IT (sanctioned SaaS apps), while most of this migration is undertaken by individual business units (unsanctioned SaaS apps) in order to achieve better productivity or to get some tasks done. While IT has deployed methods like single sign-on to sanctioned applications, they cannot control access to any unsanctioned SaaS applications using the same SSO solution. And traditional single sign-on solutions don’t provide any control on what actions a user can take after they login to SaaS applications, nor do they provide security policies for IT to control user access to the Internet.

      In this session, you will learn about a single solution that helps:

      • Improve user experience with single sign-on to SaaS, web and virtual apps
      • Implement enhanced security policies for SaaS apps to control user actions after login
      • Enable Web filtering to control what users cannot access on the Internet
      • Securely browse the internet
      • Provide end to end visibility and user behavior analytics with Citrix Analytics

      Read more >
    • Scared of data security in SaaS applications? Don’t worry, we have your back
      Scared of data security in SaaS applications? Don’t worry, we have your back Akhilesh Dhawan, Dir. Product Marketing, Networking/Security; Praveen Raghuraman, Dir. Product Management, Networking, Citrix Recorded: Aug 23 2018 1:00 pm UTC 39 mins
    • Most organizations have some data stored in SaaS applications or are thinking of moving to SaaS. Some of this migration to SaaS is controlled by IT (sanctioned SaaS apps), while most of this migration is undertaken by individual business units (unsanctioned SaaS apps) in order to achieve better productivity or to get some tasks done. While IT has deployed methods like single sign-on to sanctioned applications, they cannot control access to any unsanctioned SaaS applications using the same SSO solution. And traditional single sign-on solutions don’t provide any control on what actions a user can take after they login to SaaS applications, nor do they provide security policies for IT to control user access to the Internet.

      In this session, you will learn about a single solution that helps:

      • Improve user experience with single sign-on to SaaS, web and virtual apps
      • Implement enhanced security policies for SaaS apps to control user actions after login
      • Enable Web filtering to control what users cannot access on the Internet
      • Securely browse the internet
      • Provide end to end visibility and user behavior analytics with Citrix Analytics

      Read more >
    • Scared of data security in SaaS applications? Don’t worry, we have your back
      Scared of data security in SaaS applications? Don’t worry, we have your back Akhilesh Dhawan, Dir. Product Marketing, Networking/Security; Praveen Raghuraman, Dir. Product Management, Networking, Citrix Recorded: Aug 23 2018 6:00 pm UTC 39 mins
    • Most organizations have some data stored in SaaS applications or are thinking of moving to SaaS. Some of this migration to SaaS is controlled by IT (sanctioned SaaS apps), while most of this migration is undertaken by individual business units (unsanctioned SaaS apps) in order to achieve better productivity or to get some tasks done. While IT has deployed methods like single sign-on to sanctioned applications, they cannot control access to any unsanctioned SaaS applications using the same SSO solution. And traditional single sign-on solutions don’t provide any control on what actions a user can take after they login to SaaS applications, nor do they provide security policies for IT to control user access to the Internet.

      In this session, you will learn about a single solution that helps:

      • Improve user experience with single sign-on to SaaS, web and virtual apps
      • Implement enhanced security policies for SaaS apps to control user actions after login
      • Enable Web filtering to control what users cannot access on the Internet
      • Securely browse the internet
      • Provide end to end visibility and user behavior analytics with Citrix Analytics

      Read more >