Hi [[ session.user.profile.firstName ]]

Don't Just Find Software Flaws, Fix Them

Reducing software risk is not just about finding vulnerabilities, it's about fixing them too. Join us to discover the different security testing technologies, and how each of them affect the areas of a business.
Recorded Apr 19 2016 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Smith, Senior Security Architect, Veracode
Presentation preview: Don't Just Find Software Flaws, Fix Them

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Application Security: Cloud vs. On-Premise Solution Jun 28 2018 9:00 am UTC 45 mins
    Julian Totzek-Hallhuber, Principal Consultant Solutions Architect @ Veracode
    Um Sicherheitsschwachstellen zu identifizieren und zu beheben, können Sie On-Premise-Tools oder SaaS-Lösungen benutzen. Doch was ist bei Web-Anwendungen in welcher Situation besser? In dieser Webcast-Aufzeichnung stellen wir die Vor- und Nachteile beider Konzepte vor und beleuchten die jeweiligen Herausforderungen im Unternehmenseinsatz.

    Die beiden verschiedenen Ansätze, On-Premise-Tools auf der einen Seite und SaaS-Lösungen auf der anderen Seite, haben aber jeweils Vor- und Nachteile, die stark von der Komplexität des AppSec-Programms abhängen.

    In diesem Webinar wird Julian Totzek-Hallhuber, Principal, Consultant Solutions Architect @ Veracode, den Teilnehmer das folgende Thema näher bringen:

    Wie Sie am besten Ihre Web-Anwendungen schützen können,
    Welche Vorteile dabei Cloud-Lösungen gegenüber On-Premise-Tools haben,
    Welche Vorteile dabei On-Premise-Tools gegenüber Cloud-Lösungen haben,
    Welcher Ansatz in welcher Situation sinnvoller ist,
    Wie Sie mit Lösungen von Veracode Ihre Daten und Programme sichern können.
  • Chart Your Path to Application Security Best Practices Jun 20 2018 3:30 pm UTC 30 mins
    Christian Dalomba, CA Veracode Solution Architect
    According to Gartner, the application layer contains 90% of all vulnerabilities.

    Despite this alarming trend, many organizations are struggling to adopt application security best practices for protecting software, data and users. However, with the right tools, implementing application security best practices- such as testing, defining code standards, and creating standard policies- a clear path toward adoption of application security best practices is within reach!

    Join this 20-minute webinar to see how Veracode can enable you to adopt application security best practices in a simple and cost-effective way. Based on first-hand customer interactions, hear our experts provide practical guidance starting with tips and tricks to integrating testing into the software development lifecycle all the way to scaling an application security program using our cloud-based platform.
  • The Role of Security Champions in Scaling Application Security Jun 19 2018 3:00 pm UTC 60 mins
    Ryan O'Boyle, Manager of Product Security at CA Veracode and Ronda Kiser Oakes, Director DevOps Consulting at Perficient
    Securing a portfolio of applications can be a practice in extremes. On one hand, you have a small team of security experts trying to help a multitude of developers, testers, and other engineers meet security requirements. At the same time, you have to support all the microservices that the Agile and DevOps teams are building and pushing to production anywhere from once a month to several times a day. Even if you have a fully staffed security team, there still are not enough experts in this area to go around, which means creating a guild of Security Champions is more important than ever.

    Join Ryan O’Boyle, Manager of Product Security at CA Veracode and Ronda Kiser Oakes, Director DevOps Consulting at Perficient, who will examine the value of the Security Champion role within the development team. They will discuss which groups need to commit for the program to succeed, how to find good champions, and the benefits for all stakeholders. Based on lessons learned from building a successful Security Champion program over the past five years, you will come away with detail actionable steps to bootstrap, monitor, and maintain a customized program that fosters these champions in your organization and scales your security program.
  • Take a Deeper Dive: A Flaw, a Vulnerability, and an Exploit Recorded: Jun 13 2018 18 mins
    Nathan Michalov, CA Veracode Solutions Architect
    Your organization cannot afford to let potential system flaws or weaknesses in your software applications be exploited. That is why knowing the distinct differences between these weaknesses is critical in successfully addressing them. During this webinar, one of CA Veracode’s security implementation experts will discuss how to identify these risk factors within your application landscape, and to:

    •Learn a practical approach to helping security and development teams address these factors
    •Learn about the methods and solutions attackers typically rely on to perform application vulnerability discovery and compromise
    •Learn from examples of how organizations rely on application security technology and services to gain visibility into their overall landscape – and act upon it in the right way
  • How to Get Started with DevSecOps Recorded: May 31 2018 46 mins
    Nabil Bousselham, Principal Solutions Architect @ Veracode
    As organizations adopt more and more on CICD practices to build, test and deploy their software applications, it becomes imperative that the software supply chain should be secured to prevent the deployment of code containing serious flaws and vulnerabilities that might put the business at risk. In this presentation, we will take a look at application security in general and why it’s important to have a professional Application security program.

    We will also put a spotlight on the importance of understanding from each team's perspective the new process and how different teams esp. development can shift left and validate the security of the code in highly automated environments like CICD. We will outline the challenges and benefits of the DevSecOps approach, and show some best practices on how organizations can easily integrate and automate AppSec testing & compliance into the SDLC.
  • Open Source Risk in the Financial Industry Recorded: May 30 2018 48 mins
    RJ Gazarek, CA Veracode Product Marketing and Chris Widstrom, CA Veracode Product Management
    Companies that operate within the financial services industry must optimize delivery of product and service applications to customers. As a result, many IT organizations are turning to open source components to leverage existing resources- introducing vulnerabilities that can compromise the security of your applications and your overall business. In light of recent rollouts of GDPR and the NYSDFS cyber regulations- requirements around application security are more likely to emerge.

    Watch this webinar to keep pace with these regulations and ensure that the open source components you use do not hinder your ability to achieve compliance. Join CA Veracode’s product experts as they help those affected by these requirements get up to speed on:

    •What these regulations entail
    •How best to approach these requirements
    •How Veracode can help with compliance
  • Remediation & Mitigation: How To Find The Best Fix Location Recorded: May 23 2018 16 mins
    Glenn Whittemore, CA Veracode Solutions Architect
    Learn how you can fix more than 2.5x the average number of application flaws.

    As you embark on the mission to tackle the flaws and vulnerabilities found after scanning, you need to prioritize and optimize your approach. You know you cannot let potential system flaws or weaknesses in your application be exploited to compromise the security of your organization’s most critical assets.

    Join this 20-minute webinar to see how Veracode can help you prioritize and find the best location in which to fix and remove the vulnerabilities and flaws that can put your organization at risk. Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode provides on-demand application vulnerability testing to detect and offer solutions for vulnerabilities and other security issues.
  • Adopting a More Secure Approach to Containers Recorded: May 16 2018 16 mins
    Robert Larkin, CA Veracode Solutions Architect
    As the era of cloud computing continues to grow more significant, services like containerization and microservice architecture are increasing in popularity, allowing enterprises to adopt a more agile and transformative framework for future growth. Within this trend, software containers are helping developers incorporate new microservice application designs, build and release code faster, and push fixes through testing more frequently. However, with the use of containers comes an unforeseen layer of risk that many cyber security professionals are struggling to mitigate.

    Join this 20-minute webinar to learn how you can safeguard your containerization strategy against security risk. Hear one of CA Veracode’s platform implementation experts discuss the best approach to securing your container usage including how to:

    •Inject Security Into The Container During Development
    •Secure The Container During Testing And modification
    •Monitor And Guard Containers In Production
  • Software Composition Analysis with CA Veracode Recorded: May 10 2018 34 mins
    RJ Gazarek, CA Veracode Product Marketing and Chris Widstrom, CA Veracode Product Management
    In a DevOps world, companies must deliver product applications faster and cheaper. This has resulted in the increased use of open source components as building blocks- introducing additional levels of both security and business risk. Open source components can introduce vulnerabilities that can compromise the security of your applications – thereby impacting your ability to keep up with rapid delivery cycles and high quality standards.

    Watch this webinar to learn how you can ensure which open source components are in use in your organization in order to protect yourself from a large-scale data breach and to ensure uninterrupted business operations. Get a sneak peek at the latest Veracode has to offer with its Software Composition Analysis solution. Learn how your organization can get started creating a dynamic inventory of the components you are using, along with their versions and locations. Armed with this information, you will be on your way to securing your application portfolio and reducing overall business risk.
  • Pragmatic Security Patterns for Effective CI/CD Pipelines Recorded: Apr 30 2018 49 mins
    Paul Farrington - Director, EMEA & APAC Pre-Sales Consultants
    There's lots of discussion about shifting-left in relation to software development. DevSecOps is a term coined by analysts and security practitioners to encourage development teams to consider security as they embark on their journey. Shifting-left, can mean different things to different people. It's not even a new concept. Many, if not all developers today will write unit tests so that code can be flagged as incorrectly designed or defective, the moment it has been written. Iterative development means that we see potentially many mini 'V-models' repeated across the time window of development. Ideally as testing models improve, tests will be made, before software has been written.

    In this webinar we discuss potential options around how DevSecOps can live as part of a culture of wanting to shift-left, whilst at the same time being pragmatic about the bigger picture, high-velocity does not necessarily mean that every security test must take place at the speed of light. Some will agonise on whether a test should be allowed to break the build during CI, thus preventing automated delivery or deployment. If we can flag potentially vulnerable code, before the commit, we reduce the criticality of whether a build should proceed or fail - because the frequency of a security failure may be diminished by more hygienic coding practices. This is especially true of code that only survives in Production for short periods of time, again reducing the risk-window from a security escape.
    Join this webinar to learn
    The differences between using cloud vs on-premises software security
    How to increase speed of security without increasing false positive rates
  • Binary vs Source Code Scanning Recorded: Apr 24 2018 15 mins
    Lupita Carabes, CA Veracode Solutions Architect
    The debate between binary versus source code scanning has been an active controversy within the static analysis space since its inception. While source code scanning analyzes un-compiled code, binary scanning analyzes compiled code. However, in the end, the result is the same. Despite this conclusion, this is still an area organizations are compelled to consider during their process of selecting application security solutions.

    Join this 20-minute webinar to find out how Veracode approaches this debate on static analysis! See how Veracode focuses not just finding errors, but also on ensuring organizations can fix vulnerabilities in the most efficient way possible. Learn how you can reduce total time to remediate vulnerabilities and how you can make bringing secure software to market fast a competitive advantage.
  • Reduce False Positives Through Data Flow Analysis Recorded: Apr 11 2018 12 mins
    Jacob Martel, CA Veracode Solutions Architect
    Why are false positives a costly headache for enterprises when testing for security flaws? The short answer is that they cause development teams to spend time - expensive time that they cannot afford to waste- trying to sort out which flaws they need to fix. False positives may create the image of a security flaw within an automated testing solution, but in actuality, it may not be. Therefore, the time spent trying to sort out the real flaws affects overall developer productivity – and more importantly your time to market.

    Watch this 20-minute webinar to learn how you can reduce false positives within your application security testing environment. Learn how the following considerations must be analyzed and assessed in order to save your development team’s time and productivity:
    •Flaws that have already been mitigated by the application design or the operating environment
    •Applications that already utilize custom validation routines, intrusion detection processes or restricted file access that mitigate the risk of a flaw
    •Initial findings through automated tests that incorrectly default to flaw status
  • How to Make Application Security a Competitive Advantage Recorded: Mar 28 2018 36 mins
    RJ Gazarek, CA Veracode Product Marketing and Asha May, CA Veracode Customer Engagement
    Awareness among IT organizations of application security continues to increase, as decision makers want assurance that the software they procure is secure. Very few IT leaders want their third-party applications to be the source of a cyberattack. In a recently published IDG study, 84% of surveyed IT Leaders agree that their companies are concerned about the potential data security risk posed by third-party applications. How can companies provide customers the assurance that they will protect their critical data and not risk exposure to a potential cyberattack?

    Join product and services experts from CA Veracode as they share insights from the IDG Survey and discuss the security concerns companies face when procuring software. They will also discuss Veracode’s latest approach in providing third party software assurance so that enterprises get peace of mind that their software supply chain remains secure.

    Learn how Veracode works with software providers to:
    •Meet the demands of customers looking for proof that your software is secure
    •Provide a path to maturing their AppSec program
    •Help defend their AppSec budget by showing the value and adoption it brings
    •Make their secure software a competitive advantage in a tightening market
  • Dynamic Scanning with CA Veracode Recorded: Mar 21 2018 19 mins
    Patrick Hayes, CA Veracode Solution Architect
    Test any web application with as little as a URL!

    Join this 20-minute webinar to see how Veracode can help you unlock the capabilities of DynamicDS and DynamicMP. With these deeper scanning abilities, your organization can identify and remediate application vulnerabilities and comply with several compliance standards, such as PCI and other financial industry regulations. See firsthand how Veracode’s dynamic scanning capabilities enable teams to:

    •Secure individual web apps during SDLC or while in production
    •Automate the overall dynamic scanning process to become an easy-to-use self-service offering
    •Improve quality through vulnerability verification and login configuration assistance
  • OWASP Top 10 2017: What You Need to Know Recorded: Mar 14 2018 62 mins
    Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research, Veracode
    For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community.

    During this webinar, Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research at Veracode will explain more about the three new risks in the 2017 top 10, what else has changed since 2013, and provide resources to adopt best practices for preventing these risks.
  • Better Together: Static Analysis and Software Composition Analysis with Veracode Recorded: Mar 7 2018 16 mins
    Christian Dalomba, CA Veracode Solution Architect
    Open source components are a blessing and a curse. They help accelerate your application development at no cost- but put your organization at risk of getting breached and failing compliance audits. On average, 44% of applications contain critical vulnerabilities in open source components, so knowing which ones you are using is necessary to defend your organization against major vulnerabilities.

    Join this 20-minute webinar to see how Veracode Software Composition Analysis (SCA) works within the Veracode Platform to help you build an inventory of your open source components to identify vulnerabilities, covering open source and commercial code. Both solutions together can analyze both proprietary and open source code in a single scan, providing you visibility across your entire application landscape.
  • Panel: How Your Company Can Move From Understanding DevSecOps to Implementing It Recorded: Feb 28 2018 49 mins
    TBD
    All our preceding sessions have described the key elements of a shift to DevSecOps. Now get practical tips, best practices and next steps on migrating to DevSecOps from our panel of experts. During this session, we will continue the conversation in an open discussion format and break for audience Q&A.

    Bring your questions and get ready to contribute your thoughts and ideas during this “ask the experts” session.
  • If Developers Own Security Testing in DevOps - What is Security's Role? Recorded: Feb 28 2018 42 mins
    Chris Wysopal, CTO at CA Veracode
    Application security is “shifting left.” As the responsibility for ensuring the stability and security of software shifts to developers, what does this mean for security professionals? What does their job look like if developers are responsible for security testing?

    Learn:
    •What the security professional’s role and responsibilities look like in a DevSecOps shop
    •The DevSecOps cultural changes that will affect security
    •The attributes that security tools will need in this new landscape
    •Best practices for security professionals looking to not only survive, but thrive, in a DevSecOps world
  • AppSec Policies in a DevOps World Recorded: Feb 28 2018 38 mins
    Pejman Pourmousa, VP of Program Management at CA Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • Integrating AppSec into Developer Tools and Processes Recorded: Feb 28 2018 47 mins
    Tim Jarrett, Senior Director of Enterprise Security Strategy at CA Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Don't Just Find Software Flaws, Fix Them
  • Live at: Apr 19 2016 11:00 am
  • Presented by: John Smith, Senior Security Architect, Veracode
  • From:
Your email has been sent.
or close