Veracode’s director of solutions enablement, Brian LaFlamme and Frank Kim, CISO for SANS, discuss new details regarding the Stagefright vulnerability and why vulnerabilities in graphic libraries keep cropping up.
RecordedAug 27 201559 mins
Your place is confirmed, we'll send you email reminders
With the mainstream adoption of DevOps, what does this mean for heavily regulated industries, such as financial services? How can an organisation that requires a clear segregation of duties between Dev and Ops, as well as strict regulations adopt the DevOps way?
Join this webinar for an optimistic view of how Dev(Sec)Ops can be applied in such challenging environments as well as examples of industry best practices.
Colin Domoney, Sr Product Innovations Manager at Veracode
With application security rapidly moving towards a DevSecOps approach, it's important to understand from each team's perspective how to be the successful in the new agile process.
Join this webinar to understand from a Developer's perspective both the challenges and benefits of a DevSecOps approach, and how to integrate with the rest of the security and operations teams.
With yet more cyber-attacks targeting the financial sector, it has never been more important to implement a robust application security programme within your cyber security strategy.
Join our Live Interactive Case Study to learn how Veracode Customer Success Managers have Defined, Executed & Optimised successful AppSec programmes for our financial sector clients, and how you could use this within your organisation to help reduce the risk of a breach.”
Dr. Joseph Feiman, Chief Innovation Officer at Veracode, and Joe Pelletier, Product Manager at Veracode
To better protect against cyberattacks, it’s not enough to find and fix application vulnerabilities during development and testing. You also have to block malicious activity against applications already in production. Runtime Application Self-Protection, or RASP, is an emerging technology that helps detect and stop these common attacks in real time.
Join this webcast to learn:
• Emerging trends in web application security from our leading experts
• Why detecting attacks from inside the application matters
• How to integrate runtime protection in your development and DevOps processes
• How Veracode Runtime Application Self-Protection can work for you
With our increased reliance on software, faulty and insecure applications put your data and the data of your business partners at risk. This can have repercussions well beyond any one incident and application security is the only way to protect against the risk.
Join Colin Domoney, previously Head of Appsec at Deutche Bank, as he discusses why applications are so risky, why you need to include application security in your security programme, as well as how he got started with Application Security.
While web and mobile applications account for more than a third of data breaches (source: 2014 Verizon Data Breach Investigations Report), most organizations are not spending time or money on application security. So why the disconnect? One reason is that fallacies abound when it comes to application security. Many of these fallacies stem from the traditional, on-premises tools-based approach to application security, which has fostered the misconception that application security programs are expensive and difficult to manage. But as breaches continue to make headlines, organizations are realizing the serious risk posed by applications.
Reducing software risk is not just about finding vulnerabilities, it's about fixing them too. Join us to discover the different security testing technologies, and how each of them affect the areas of a business.
Dr. Joseph Feiman, Chief Innovation Officer at Veracode, and Sam King, Chief Strategy Office at Veracode
Applications are a top attack vector for cyber criminals. That’s why application security is evolving to become an integral part of the software development and DevOps processes. But that’s not enough. To protect the enterprise, you also need to ensure the safety of applications that are already in production. As classic security defenses have failed to keep pace with the evolving threat landscape, your applications now need to protect themselves against real-time attacks. Join Dr. Joseph Feiman, Chief Innovation Officer at Veracode, and Sam King, Chief Strategy Office at Veracode as they explain how these trends will play out, and how you can build powerful and transformative self-protection into your applications as part of a more intrinsically secure DevOps and Security Operations process.
So you think you've assessed your applications, scanned them, patched them and reduced your vulnerabilities, but how do you know if these actions have actually improved your organizational risk profile?
In the 2015 SANS survey on application security, only 31% of respondents felt their IT security spending was adequate, while 47% of those able to assess their environments felt their programs needed improvement.
Do you measure improvement by number of breaches? Can you prove reduction in attack surface? Did you improve compliance posture and if so by how much? What benchmarks does management actually care about?
In this webcast, SANS instructor and application expert Jim Bird will introduce his metrics pyramid covering technical, operational and executive level benchmark requirements and resources.
Attend this webcast and be among the first to receive the associated whitepaper written by SANS Instructor Jim Bird.
Application-layer attacks are growing much more rapidly than infrastructure attacks, yet many organisations remain hesitant to create an application security programme as they believe it will require excessive time and resources.
Join our webinar to discover how any organisation, regardless of size or resources, can create an effective application security programme.
Gregory Leonard, co-author and instructor for the SANS DEV541 course; Joseph Feiman, CIO, Veracode
Chances are, at any given moment, your organization's web applications are under attack (if not already exploited). Attackers see web applications as the front door: just one vulnerability allows them entry - perhaps to the database supporting the web application or maybe to your business partners, such as the payment processing vendor supporting your application.
In this webcast, learn why Cross Site Scripting, SQL Injection, Input Validation and other common vulnerabilities continue to plague web applications. Speakers will discuss what types of web apps are most targeted (such as Java and .NET, according to the 2015 SANS Application Security Survey), why these types of applications are targeted, and what the common outcomes of these types of breaches are.
Presenters will also provide educational and technical resources to help security operations teams proactively manage their web applications by finding and reducing vulnerabilities - before attackers can take advantage of them.
Attend this webcast and be among the first to receive the associated whitepaper written by SANS Instructor, Gregory Leonard.
Johannes B. Ullrich, Ph.D., dean of research at SANS and Joseph Feiman, CIO, Veracode
Inherent risks in web, mobile and cloud applications are keeping security practitioners up at night, according to the 2015 SANS survey on application security.
In this webcast, learn about the growing threats against applications, why applications are so risky, why you need to include application security in your enterprise security program, and how to get started.
Attend this webcast and be among the first to receive the associated whitepaper written by SANS Dean of Research, Johannes B. Ullrich, Ph.D.
Tim Jarrett, Director Product Marketing, Veracode and Adrian Lane, Analyst & CTO, Securois
Tim Jarrett of Veracode and Adrian Lane of Securois discuss the software development landscape across different industry verticals. They offer best practices for measuring application portfolio risk, remediating software vulnerabilities, and motivating development teams to embed these concepts into the software development lifecycle.
Tim Mathias of Thomson Reuters, Mike Gleiter of Thomson Reuters and Tim Jarrett of Veracode
You’re starting to get the hang of application security as an organization. But you have these nagging thoughts:
Are my applications more or less secure than my peers’ apps? How can I convince my software suppliers to move faster? How can I demonstrate that our appsec program is making a difference?
Andy Ellis, CSO of Akamai and Chris Wysopal, CTO & CISO of Veracode
Following the onslaught of high-profile cyberattacks reported in the past twelve to eighteen months, cyber security has become a more frequent topic in board-level conversations. How should the CISO respond to these new challenges and pressures?
Using data from an NYSE survey of nearly 200 corporate directors, two of the industry’s best-known voices – Andy Ellis, CSO of Akamai and Chris Wysopal, CTO & CISO of Veracode –discuss how CISOs can elevate the security conversation to a board-level discussion.
Wysopal and Ellis also discuss key questions such as:
•What are board members’ biggest fears regarding cyberattacks?
•Who do board members hold accountable when a major breach does occur at your company?
•How do board members prefer information be presented about risk posture and strategies?
•What metrics are most effective for gaining buy-in for your risk reduction strategy?
Chris Wysopal, CTO & CISO of Veracode and Jim Nelms, CISO of The Mayo Clinic
In this special videocast sponsored by Veracode and moderated by Dark Reading, two of the IT security industry’s best-known voices – Chris Wysopal, CTO & CISO of Veracode and Jim Nelms, CISO of The Mayo Clinic – will discuss the changing role of the CISO and how the importance of that role is growing within the organization.
Chris Eng, VP of Research at Veracode; Josh Corman, CTO of Sonatyp
As enterprises increasingly rely on connected devices, CISOs and CIOs should understand the critical implications of cybersecurity for the Internet of Things (IoT). Join Chris Eng, VP of Research at Veracode; Josh Corman, CTO of Sonatype; and DarkReading moderator Eric Ogren for a live-streaming videocast discussing how IoT changes how we develop applications and assess them for risk.
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.