Hi [[ session.user.profile.firstName ]]

Secure Agile & DevOps: How It Gets Done

Find out how Agile- and DevOps- driven development alter security integration and improve collaboration.

Moderated by Dark Reading, this videocast features Chris Wysopal, Veracode CISO & CTO, and Adrian Lane, Securosis CTO. Two leading security experts who have also managed software development teams.
Recorded Jun 3 2015 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chris Wysopal, Veracode CISO and Adrian Lane, Securosis CTO
Presentation preview: Secure Agile & DevOps: How It Gets Done

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • OWASP Top 10 2017: What You Need to Know Mar 14 2018 3:00 pm UTC 60 mins
    Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research, Veracode
    For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community.

    During this webinar, Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research at Veracode will explain more about the three new risks in the 2017 top 10, what else has changed since 2013, and provide resources to adopt best practices for preventing these risks.
  • Panel: How Your Company Can Move From Understanding DevSecOps to Implementing It Feb 28 2018 10:00 pm UTC 60 mins
    All our preceding sessions have described the key elements of a shift to DevSecOps. Now get practical tips, best practices and next steps on migrating to DevSecOps from our panel of experts. During this session, we will continue the conversation in an open discussion format and break for audience Q&A.

    Bring your questions and get ready to contribute your thoughts and ideas during this “ask the experts” session.
  • If Developers Own Security Testing in DevOps - What is Security's Role? Feb 28 2018 9:00 pm UTC 45 mins
    Chris Wysopal, CTO at CA Veracode
    Application security is “shifting left.” As the responsibility for ensuring the stability and security of software shifts to developers, what does this mean for security professionals? What does their job look like if developers are responsible for security testing?

    •What the security professional’s role and responsibilities look like in a DevSecOps shop
    •The DevSecOps cultural changes that will affect security
    •The attributes that security tools will need in this new landscape
    •Best practices for security professionals looking to not only survive, but thrive, in a DevSecOps world
  • AppSec Policies in a DevOps World Feb 28 2018 8:00 pm UTC 45 mins
    Pejman Pourmousa, VP of Program Management at CA Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • Integrating AppSec into Developer Tools and Processes Feb 28 2018 7:00 pm UTC 45 mins
    Tim Jarrett, Senior Director of Enterprise Security Strategy at CA Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • The importance of Developer Training Feb 28 2018 6:00 pm UTC 45 mins
    Maria Loughlin, Senior VP of Engineering at CA Veracode
    Most developers have little to no formal security training, in fact - less than one in four were required to take a single college course on security. But Veracode scan data shows that developer training can have a significant impact on code quality, with eLearning leading to a 19% improvement in fix rates and Remediation Coaching improving fix rates by 88%. In this session you’ll get actionable advice from our own VP of Engineering on how to boost your own developers’ secure coding skills.

    Key Takeaways:
    •Leadership plays a big role, align development goals with security to seed the change.
    •How to get Security and Development teams on the same page and make security review a foundational part of code review.
    •Tips for how to encourage your team to get continuous security education outside the office.
  • Creating Security Champions Feb 28 2018 5:00 pm UTC 45 mins
    Sonali Shah, VP, Product Strategy at CA Veracode
    There just aren’t enough security experts to go around. But how do you support all of the development teams? What if I told you that through careful selection and good training it is possible to build your own army from the very people who own the development process? Attend this session to learn dos and don'ts from someone that has done it before. Free some of your own time while reducing risk.
  • DevSecOps Beyond the Myths: Cutting Through the Hype and Doubt to Get Results Feb 28 2018 4:00 pm UTC 45 mins
    Sam King, General Manager at CA Veracode
    DevSecOps is moving beyond the buzzword stage and into the real world. But there are obstacles standing in the way of widespread adoption. Perhaps the biggest obstacle is a lack of understanding about what DevSecOps is, which can discourage IT leaders, developers, and security teams who fear that it is a bridge too far to cross from DevOps, let alone Waterfall and Agile methodologies. Despite these myths and doubts, DevSecOps is producing real results in organizations that embrace it. For example, CA Veracode’s analysis of thousands of application scans found that applications scanned for security flaws early in the development process had a 48% higher fix rate (reduction in flaws) than other applications.

    In this keynote address, CA Veracode General Manager Sam King will introduce the concepts of DevSecOps that will form the basis of this virtual summit. Sam will discuss:

    -A simple definition of what DevSecOps is, beyond the hype and the myths, and why it holds promise for bringing together the assurances of AppSec with the speed and agility of DevOps

    -Why the evidence says that DevSecOps is attainable in the real world – how CA Veracode scanning data shows that there is a genuine shift to DevOps and DevSecOps happening, one step at a time.

    -Overview of the challenges that stand in the way – cultural, process, and technological – and how best practices can break down barriers to change.

    -Welcome to speakers and setting the stage for what you should expect and come away with from the event.
  • What Do Microservices Mean for AppSec? Feb 27 2018 4:30 pm UTC 45 mins
    Brian Pitta, Senior Solutions Architect, CA Veracode
    Microservices are a mainstay in the development of most modern applications as the shift to developing several small software components versus a single large application has been popular for a while. Yet even the best teams have trouble integrating security into their implementation. While many organizations see the benefits of the microservice architecture, questions continually arise on its impact on application security programs, especially with the rapid development that goes hand-in-hand with microservices.

    Join Brian Pitta, Senior Solutions Architect at CA Veracode who will discuss:

    •The need to keep up with the speed of DevSecOps and how to automate and integrate security testing with rapid feedback loops;
    •How to run and measure an effective AppSec program at scale and maintain a holistic view of all your applications given the shift to a more “decentralized” application environment to which the microservice architecture lends;
    •The importance of staying current with technology trends to equip an agile development team and continually enhance support for additional frameworks, languages and integration points
  • Understanding Application Vulnerabilities and How To Fight Them Recorded: Feb 21 2018 19 mins
    Robert Larkin, CA Veracode Solution Architect
    According to Gartner, the application layer contains 90% of all vulnerabilities. This is why you cannot let potential system flaws or weaknesses in your application be exploited to compromise the security of your organization’s most critical assets. Learn about the methods and solutions attackers typically rely on to perform application vulnerability discovery and compromise.

    Join this 20-minute webinar to see how Veracode can help your security and development teams identify and remove the vulnerabilities and flaws that can put your organization at risk. Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode provides on-demand application vulnerability testing to detect and offer solutions for vulnerabilities and other security issues.
  • Getting Started With AppSec Best Practices Recorded: Feb 7 2018 14 mins
    Nate Micalov, CA Veracode Soluation Architect
    Web applications are the number one attack vector for data breaches.

    Despite the proliferation of software vulnerabilities, the majority of organizations fail to adopt application security best practices for protecting software, data and users. The good news is that with the right tools, implementing application security best practices- such as testing, defining code standards, and creating standard policies- does not need to be at odds with the needs of your development team.

    Join this 20-minute webinar to see how Veracode can enable you to adopt application security best practices in a simple and cost-effective way. Based on first-hand customer interactions, hear our experts provide practical guidance starting with tips and tricks to integrating testing into the software development lifecycle all the way to scaling an application security program using our cloud-based platform.
  • Application Security Metrics: How To Track Success Recorded: Jan 31 2018 37 mins
    Anne Nielsen, Sr. Product Manager, Veracode Platform
    Metrics are critical for measuring and expanding an application security program. And there are a lot of important numbers you need to track to gauge your program’s progress, from fix rate to flaw density, but sometimes you need just one number that sums it all up. Executives don’t always want to see a slew of complicated charts and graphs – they want one simple number that answers, in a nutshell, is this program working, are we getting a return on our investment?

    Join us for a webinar with Anne Nielsen, Sr. Product Manager, Reporting & Strategy at Veracode, as we discuss our metric recommendation and dive into reporting best practices and tips for success.
  • Reduce Application Risk with Veracode Greenlight and Developer Sandbox Recorded: Jan 24 2018 16 mins
    Robert Larkin, CA Veracode Solution Architect
    During this 20-minute webinar, learn how developers can stay ahead of vulnerabilities that can disrupt the software development lifecycle (SDLC). See how Veracode Greenlight finds security defects and provides contextual remediation advice to help you fix issues in seconds, right within your IDE. Coupled with the use of Veracode’s developer sandbox, teams can scan code without alerting security or affecting an application’s overall compliance with policy.

    As a result you will be able to:
    •Reduce overall costs by 3x when compared to testing during the QA phase
    •Increase the fix rate of flaws using sandbox scans
    •Get your organization on track to move towards a DevOps and continuous release cycle
  • Manage application risk with policy-based scanning Recorded: Dec 20 2017 17 mins
    Glenn Whittemore, CA Veracode Solution Architect
    Ensure that all your applications are accurately assessed with policy-based scanning.
    Join this 20 minute webinar to see how Veracode can help you protect your organization against data breaches and meeting regulations and policies addressing cybersecurity and information security controls in a timely manner.
    See how the Veracode Platform provides built-in, automated compliance workflows to reduce communication overhead and provide a secure audit trail of your compliance processes, including notifications about policy changes. Veracode’s unified platform can also help you address OWASP security issues by integrating security seamlessly into software development and eliminating vulnerabilities at the most efficient and effective points in the development/deployment chain.
  • The Veracode Platform: Behind the Scenes Tips and Tricks! Recorded: Dec 13 2017 47 mins
    Mitch Horton, CA Veracode Principal Security Program Manager
    Hear from one of our customer-facing Services experts to learn the ins and outs of the Veracode platform. See how Veracode can you started with assessing and managing security risk across your entire application portfolio. With a wide range of security testing and threat mitigation techniques, all hosted on a central, cloud-based platform – your security program will be up and running and ready to scale.

    During this webinar, you will see a demo of the Veracode platform’s ability to scan all of the applications and components you build or buy, covering all major languages, frameworks, and application types. As a central repository for your applications and components, Veracode’s platform provides you with full visibility into your risk posture and integrates into each stage of your software development lifecycle, so you are building and delivering secure software.
  • Mobile Behavioral Analysis with Veracode Recorded: Dec 6 2017 10 mins
    Lupita Carabes, CA Veracode Solution Architect
    Keep tabs on your mobile applications with CA Veracode’s cloud-based Mobile Behavioral Analysis. CA Veracode’s Mobile Behavioral Analysis provides security-related findings for mobile applications.

    Join this 20-minute webinar to see how we can help you gain visibility into the risk exposure of your mobile applications in order to protect your customers and your business. During this time our experts will discuss a common security risk with mobile applications called over-permissioning, including:

    •How does it work?
    •What is the security risk?
    •Who does it help?
  • The Path From DevOps To DevSecOps Recorded: Nov 30 2017 51 mins
    Joseph Feiman, Chief Innovation Officer, Veracode
    DevOps has not yet fully transitioned to DevSecOps - leaving the DevOps inherently insecure. What is preventing security from integrating into DevOps? This discussion will offer an answer. Specifically, it will define capabilities that application security should adopt, explain how existing technologies should change, forecast emerging technologies, and estimate the pace of application security transformation within this era of DevOps.

    Join Joseph Feiman, Chief Innovation Officer at Veracode, will discuss the technology solutions needed for security to seamlessly integrate into DevOps – technologies that application development, operation, and security specialists don’t have to learn, see, or run. He’ll share insights into these technologies, forecast the pace of their adoption, and evaluate benefits of adopting one technology versus another. Attendees of this session will learn what will come to the market within the next few years, how to plan adoption, and what will or will not work when application security eventually transforms to enable DevSecOps.
  • Veracode Integrations For .NET Environments Recorded: Nov 29 2017 26 mins
    Austin Britt, CA Veracode Solution Architect
    Developers work best when tools don’t get in their way.

    Join this 20 minute webinar to see how Veracode integrates with .NET tools including Visual Studio. Veracode offers a Visual Studio extension that can compile .NET applications so developers can scan and review security findings before checking in code. Ensure that you catch security issues before they get further downstream by integrating Veracode into your Visual Studio Team Services or Team Foundation Server build or release pipelines. In addition, learn how you can easily see which findings violate your security policy and view the data path and call stack information to understand how your code may be vulnerable to attack.
  • Bringing Security to DevOps with Veracode Integrations Recorded: Nov 28 2017 25 mins
    Austin Britt, CA Veracode Solution Architect
    Keep in pace with the speed of DevOps and reap the benefits.

    Developers and security teams are both challenged to meet security goals in complex environments. Developers already need to manage many separate tools; new AppSec tools that do not integrate well or lack flexible APIs and customizable integrations are met with low adoption, high distraction and a steep learning curve.

    Join this 20 minute webinar to see how the Veracode Application Security Platform integrates with the development, security and risk-tracking tools you already use. Get a first-hand look at how our flexible API allows you to create your own custom integrations or use community integrations. Make security developer-friendly so you can go faster, without sacrificing security.
  • Know What’s In Your Software And Stay Ahead of Vulnerabilities Recorded: Nov 14 2017 19 mins
    Jessica Lavery, CA Veracode Director of Corporate Communications and Lupita Carabes, CA Veracode Solution Architect
    Open source components have become a critical part of code development --- and a top target for cyberattackers. With one component breach, an attacker can reach hundreds of thousands of applications. As we’ve seen, these breaches can target profitable personal information – leaving us to wonder what is coming next.

    Watch this webinar to learn how you can ensure which open source components are in use in your organization in order to protect yourself from a large-scale data breach. You will also get a sneak peek at Veracode’s Software Composition Analysis solution which creates a dynamic inventory of the components you are using, along with their versions and locations. Armed with this information, you can quickly patch when a big vulnerability hits the news.
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Secure Agile & DevOps: How It Gets Done
  • Live at: Jun 3 2015 3:00 pm
  • Presented by: Chris Wysopal, Veracode CISO and Adrian Lane, Securosis CTO
  • From:
Your email has been sent.
or close