Hi [[ session.user.profile.firstName ]]

Application Security Training: Beyond Compliance to Minimize Enterprise Risk

For many organizations, adherence to regulatory guidelines is the ruler by which to measure their security posture. While compliance is an important part of overall risk management, studies have shown that security education in areas like secure application development and security awareness can help in preventing attacks and deterring cybercriminal activity.

In this interactive, online session, you will learn how course-based eLearning empowers employees to recognize potential security risks throughout their daily workflow. Hear examples of how organizations can implement effective, scalable training - enabling the business to protect its assets and software developers, testers and security leads to build secure applications from inception to deployment.
Recorded Jun 5 2015 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Paul Roberts, The Security Ledger; Chris Wysopal, CTO and Maria Loughlin, VP Engineering, Veracode
Presentation preview: Application Security Training: Beyond Compliance to Minimize Enterprise Risk

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Get Laser-Focused Visibility into the Risk Posture of your Web Applications Oct 25 2017 4:00 pm UTC 30 mins
    Patrick Hayes, CA Veracode Solution Architect
    Expand your static analysis capabilities and begin scanning earlier in the software testing phase.

    Join this 20 minute webinar to see how Veracode can help you unlock the capabilities of DynamicDS and Virtual Scan Appliance (VSA). With these deeper scanning abilities, your organization can identify and remediate application vulnerabilities before cyber criminals can find and exploit them.

    These technologies can help you ensure ongoing security assessments as an automated cloud-based service — backed by Veracode’s world-class application security experts. Enable your teams to discover and address vulnerabilities during the production and pre-production phases of the software development lifecycle (SDLC). Specifically you’ll see how you can:

    •Start Scanning Immediately: Easy to deploy: cloud-based and no hardware to purchase
    •Integrate with Central Cloud Platform: Uploads all test results to our cloud platform that can be aggregated and evaluated using a single set of centralized policies and reports
    •Generate Verified and Actionable Results: Our security experts examine results to distinguish real problems from false positives and helps you deliver complete threat information to help development and QA teams remediate flaws
  • Lacking AppSec Resources? Veracode Has Your Path Forward! Oct 11 2017 4:00 pm UTC 30 mins
    Austin Britt, CA Veracode Solution Architect
    A successful application security program takes more than powerful technology.

    Join this 20 minute webinar to get your application security program off the ground with Veracode’s Services offerings. Learn how Veracode can lend its expertise to help your security teams and developers work together to rapidly identify, understand and remediate critical vulnerabilities — and help transform decentralized, ad hoc application security processes into ongoing, policy-based governance. Hear one of Veracode’s experts provide an overview of Services offerings such as:

    •Program Management: implement enterprise-wide governance models and day-to-day tactics to systematically reduce risk from application-layer attacks, based on best practices
    •Developer Coaching: work with developers to understand assessment results, prioritize remediation efforts and integrate with existing SDLC tools and processes
    •Developer Training: empower developers, testers and security leads to develop secure applications, providing the critical skills they need to identify and address potential vulnerabilities
  • The Veracode Community: Manage Your AppSec and DevSecOps Initiatives Sep 28 2017 4:00 pm UTC 45 mins
    Asha May, CA Veracode Community Lead
    Veracode is building a strong community to support the people who build and secure today’s software. The Veracode Community is open to all -- for Veracode customers, and for any developer or security professional seeking resources about securing applications throughout the development process.

    Join this webinar to see how the Veracode Community can help you solve your tough application security problems. We’ll discuss:

    •The purpose of the community – a space for developers and security practitioners to find answers and collaborate on application security best practices
    •How Community members can access resources, customer support, and forums for collaboration
    •Plus, see a demo of the community’s user-friendly platform
  • Protect Your Organization and Build Secure Code with Developer Training Sep 27 2017 4:00 pm UTC 30 mins
    Nathan Michalov, CA Veracode Solution Architect
    Learn how Veracode Developer Training can help your development team code more securely!
    Join this 20 minute webinar to get your application security program and secure DevOps initiatives off the ground with Veracode Developer Training. Learn how your developers can address important security concerns, such as:
    •OWASP Top 10 and PCI requirements
    •Secure coding for multiple languages (e.g., Java, .Net, CC++) and architectures (e.g., Mobile, Web and ClientServer)
    •Proactive techniques, such as Threat Modeling and Secure Architecture that can be used in the early stages of the Software Development Life Cycle (SDLC), minimizing the number of security defects in the code
  • Securing Your Software Supply Chain Recorded: Sep 19 2017 32 mins
    Colin Domoney, Consultant Solutions Architect - Veracode
    As organisations use CI/CD pipelines to build, test and deploy software at ever increasing speed it becomes imperative that the software supply chain should be secured to prevent the deployment of code of unknown provenance or with known vulnerabilities. In this webinar we will examine this topic from the following perspectives:
    1. Ensuring that a ‘chain of custody’ is maintained from source control through to deployed production code.
    2. Understanding how software components and artefacts are introduced into the supply chain.
    3. Best practices for controlling and assessing third party components in the supply chain.
  • Build secure software and manage application risk with the Veracode platform Recorded: Sep 13 2017 30 mins
    Jacob Martel, Solution Architect, Veracode
    See why Gartner has named Veracode a Leader in the Magic Quadrant for Application Security for the fourth time!

    Join this 20 minute webinar to see how Veracode can help you manage security risk across your entire application portfolio through a wide range of security testing and threat mitigation techniques, all hosted on a central, cloud-based platform.

    During this webinar, you will see a demo of the Veracode platform’s ability to scan all of the applications and components you build or buy, covering all major languages, frameworks, and application types. As a central repository for your applications and components, Veracode’s platform provides you with full visibility into your risk posture and integrates into each stage of your software development lifecycle, so you are building secure software.
  • Beyond Static Analysis: Securing Your Application Portfolio with DevOps Recorded: Aug 29 2017 44 mins
    Anne Nielsen, CA Veracode Product Management
    It is challenging enough for organizations to stay ahead of the DevOps movement. As part of this trend, application security testing is becoming an integral part of a developer’s job. No longer can Static analysis alone ensure the overall security of an organization’s application portfolio.

    In this webinar, learn how CA Veracode is taking the lead on securing DevOps with specific emphasis on:

    •Validation of the impact of DevOps in the market through Veracode data and API usage analysis
    •Vercode’s product portfolio strategy including Greenlight and IDE integrations enabling customers to stay ahead of DevOps
    •Use case scenarios for customers to consider – each from the Security, Development and Operations perspectives
  • Veracode Web Application Scanning: Discover, test, & monitor web applications Recorded: Aug 23 2017 22 mins
    Glenn Whittemore, Solution Architect, CA Veracode
    Looking for a consolidated solution to find, secure, and monitor all of your web applications?

    Join this 20 minute webinar to see how Veracode can help you easily track and inventory all of your external web applications with the ability to scan and scale on thousands of sites in parallel to find critical vulnerabilities and prioritize your biggest risks.

    Learn how to leverage technologies such as Veracode Web Application Scanning which enable teams to discover and address vulnerabilities during the production and pre-production phases of the software development lifecycle (SDLC). As one of the multiple scanning technologies Veracode offers on a single platform, your organization can systematically reduce risk while continuously monitoring your security posture.
  • Securing the Enterprise in a DevOps World: Keynote & Panel Recorded: Aug 22 2017 59 mins
    David Wayland, Head of Enterprise Application Security, Fortune 500 Financial Firm & Chris Wysopal, CTO & Co-Founder Veracode
    Securing a global enterprise requires security, development, vulnerability management, compliance and risk professionals to understand the engagement and inflection points in the software development lifecycle—and their roles to accelerate it. 

    Join Veracode for a two part session featuring "Securing the Enterprise in a DevOps World" with David Wayland, and an interactive panel discussion to continue the conversation on securing the enterprise in a DevOps World. This open round table discussion will be led by Veracode Co-Founder and CTO, Chris Wysopal. We will have time for Q&A so bring your questions!

    The discussion will touch upon:
    · Are you crawling, walking or running with your DevOps initiative?
    · Pitfalls? Success?
    · How are you connecting the dots for the business and the board on how your application security initiative is mitigating risk?

    Panelists: David Wayland, Head of Enterprise Application Security—Fortune 500 Financial Firm, Pete Chestna, Director of Developer Engagement—Veracode, Joseph Feiman Chief Innovation Officer—Veracode.
  • Getting the Best out of DevSecOps Recorded: Aug 22 2017 47 mins
    Colin Domoney, Consultant Solutions Architect—Veracode
    With application security rapidly moving towards a DevSecOps approach, it's important to understand from each team's perspective how to be successful in the new agile process. 

    Join this webinar to understand the perspectives--both the challenges and benefits of a DevSecOps approach, and how to integrate your security, operation and Developer teams.
  • You Can Get There From Here: The Road to Secure DevOps Recorded: Aug 22 2017 47 mins
    Pete Chestna, Director of Developer Engagement—Veracode
    If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and from waterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. In this session learn:

    · A basic Understanding of Waterfall, Agile and DevOps from a people, process and technology point of view
    · Considerations when transitioning between these methodologies
    · An approach to leading the change in your own company
    · How Security can best be integrated into DevOps
  • Your Path to a Mature AppSec Program Recorded: Aug 22 2017 46 mins
    Colin Domoney, Consultant Solutions Architect—Veracode
    According to Akamai, attacks at the application layer are growing by more than 25% annually. But many organizations still struggle to understand how to get started with application security, or what good looks like.

    To shed light on the application security process, this session will outline the steps most of Veracode's customers take to develop a mature application security program. Attend and hear about Colin’s experience developing and managing an application security program from the ground up and learn:

    • The different AppSec phases most organizations are currently in
    • The next steps to take when moving toward a more comprehensive AppSec program
    • Lessons learned, best practices and pitfalls to avoid -- from someone who’s been there
    • What a comprehensive, mature AppSec program entails
  • Top 4 Ways Vulnerability Gets Into Software Recorded: Aug 22 2017 35 mins
    Maria Loughlin, Senior VP of Engineering| Veracode
    Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects? Are developers to blame? Is it just the nature of software?

    We’ll discuss the four primary ways that vulnerabilities end up in your software. Attendees at this session will understand the main sources of vulnerabilities and how to prevent them -- a good first step in making apps less like a red carpet for cyberattackers, and more like a moat. We’ll get attendees up to speed on the following:

    • Insecure coding
    • A threat landscape that never quits
    • Indiscriminate use of components
    • Programming language choice
  • Stop Living in the Past: A New Approach to Application Security Recorded: Aug 22 2017 43 mins
    Joseph Feiman, Chief Innovation Officer, Veracode
    Information security has not kept pace with the new reality of a software-driven world. Traditional defenses are proving inadequate in this environment. We’ll discuss how organizations should evolve their security strategies as users and applications become the risk focal point. Attend this session and learn about new approaches such as:

    • Work with the way developers work.
    • Cover not only the apps an organization develops internally, but also those it purchases or assembles from components.
    • Move beyond the software development lifecycle to the full software lifecycle, covering apps from inception through production.
  • How to Tackle Security in the CI/CD Pipeline Recorded: Aug 15 2017 34 mins
    Colin Domoney, Consultant Solutions Architect - Veracode
    Introducing security testing technology into the CI/CD pipeline can often affect the throughput of the pipeline due to the time in which it takes to complete.

    Join this webinar to understand:
    •Where in the pipeline is best to introduce security testing
    •How to handle security exceptions
    •How to adjust security testing tools based on critical applications
  • Developer-Friendly Security with Veracode Greenlight Recorded: Aug 9 2017 15 mins
    Lupita Carabes, Solutions Architect at Veracode
    With the shift to DevOps, application security testing is becoming an integral part of the developer’s job. Successfully securing code in the development stage increases speed to market and reduces cost – but developers can resist security testing that’s disruptive to their workflow.

    Join this 20 minute webinar to see how Veracode Greenlight finds security defects in your code and provides contextual remediation advice to help developers fix issues in seconds, right in the IDE. So you can release secure code at the speed of DevOps.
  • Gain Visibility into Your Open Source Risk with Veracode Software Composition An Recorded: Jul 31 2017 15 mins
    Jacob Martel, Solution Architect, Veracode
    Most development organizations don’t have the time or the resources to create every application from scratch, so they rely on third-party software and integrate open source components into their internally developed software. However, securing open source components is challenging for many security professionals because they lack visibility into what components are in use where in their organizations.

    At Veracode we know it can be difficult to pinpoint applications using vulnerable open source components. In this 30 minute webinar find out how Veracode Software Composition Analysis can help you:

    •Assess proprietary and open source code in a single scan
    •Build an inventory of your third-party components
    •Gain visibility into which applications have a vulnerable version of a component
    •Identify and remediate vulnerabilities to help comply with industry regulations
  • The Top 4 Ways Vulnerabilities Get Into Your Software Recorded: Jul 25 2017 32 mins
    Colin Domoney, Consultant Solutions Architect - Veracode
    Why is software so riddled with security defects? Are developers to blame? Is it just the nature of software? We’ve found that there are four primary ways that vulnerabilities end up in your software. Understanding these sources and how to prevent them is a good first step in making your apps less like a red carpet for cyberattackers, and more like a moat.

    Benefits of attending:
    1.Learn how vulnerabilities are getting in your code and how to keep them out from a VP of Engineering
    2.Gain actionable tips and advice on application security– from a development manager who lives it day to day
    3.Move beyond the buzz about the insecurity of open source components – what is the solution?
    4.Identify the best ways to help developers learn to code more securely
    5.Gain insight from the latest research into which languages are introducing what vulnerabilities
  • How to Ensure Your Code Meets Policy Compliance Recorded: Jul 18 2017 28 mins
    Jonathan Harper, Solutions Architect, Veracode
    Enable your developers to quickly identify and remediate security-related code defects throughout your SDLC without having to manage a tool. Veracode’s patented static analysis technology analyzes major frameworks and languages without requiring source code, so you can assess the code you write, buy or download, and measure progress in a single platform. Sign up for this 20 minute Static Analysis webinar to learn best practices for:
    •Integrating static analysis into your development process
    •Complying with internal and external security policies
    •Creating policies for your application security program
    •Evaluating code against policy before check-in
    •Analyzing results and reporting capabilities (flaw viewer)
    •Defining user roles and team views within the platform
  • Security at Speed: Integrating AppSec into the Tools you Already Use Recorded: Jun 21 2017 56 mins
    Tim Jarrett, Sr. Director, Product Marketing
    Did you know the Veracode Application Security Platform integrates with the development, security and risk-tracking tools you already use? And our flexible APIs allow you to create your own custom integrations or use community integrations, built by the open source community.

    Join us for a webinar as we explore ways in which you can use integrations to help you go faster, without sacrificing security. Below are a few ways Veracode can integrate into your Agile and DevOps processes:

    • Integrated Development Environments (IDEs)
    • Build Servers
    • Defect Tracking Systems
    • Governance, Risk and Compliance Solutions
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Application Security Training: Beyond Compliance to Minimize Enterprise Risk
  • Live at: Jun 5 2015 3:00 pm
  • Presented by: Paul Roberts, The Security Ledger; Chris Wysopal, CTO and Maria Loughlin, VP Engineering, Veracode
  • From:
Your email has been sent.
or close