Hi [[ session.user.profile.firstName ]]

How do vulnerabilities get into software?

Research reveals that 63% of internally developed applications are initially out of compliance with OWASP Top 10 standards. Join this webinar to learn how vulnerabilities end up in your software.
Recorded May 17 2016 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Laurie Mercer, Solutions Architect, Veracode
Presentation preview: How do vulnerabilities get into software?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Know What’s In Your Software And Stay Ahead of Vulnerabilities Nov 14 2017 4:00 pm UTC 30 mins
    Jessica Lavery, CA Veracode Director of Corporate Communications and Lupita Carabes, CA Veracode Solution Architect
    Open source components have become a critical part of code development --- and a top target for cyberattackers. With one component breach, an attacker can reach hundreds of thousands of applications. As we’ve seen, these breaches can target profitable personal information – leaving us to wonder what is coming next.

    Watch this webinar to learn how you can ensure which open source components are in use in your organization in order to protect yourself from a large-scale data breach. You will also get a sneak peek at Veracode’s Software Composition Analysis solution which creates a dynamic inventory of the components you are using, along with their versions and locations. Armed with this information, you can quickly patch when a big vulnerability hits the news.
  • The Impact Of Enterprise Web Application Trends Going Mainstream Oct 26 2017 4:00 pm UTC 45 mins
    Saikrishna “Sai” Chavali, CA Veracode Product Manager
    Software is increasingly the lifeblood of every organization. We are faced with managing the rapid proliferation of web applications and services on which they rely to run their business. The mainstream nature of APIs, standalone and behind web apps, and DevSecOps practices are dramatically changing the potential attack surface for hackers and other threats.

    Watch this webinar to hear more about these trends and assess how you need to work within your organization to ensure the security of your application. Specific topics to be discussed include:
    •Standalone APIs are as common as web apps for your company to do business
    •Writing new or rewriting legacy applications, you’ll likely rely on RESTful APIs behind JavaScript heavy web apps. That doesn’t save you from introducing new software vulnerabilities
    •Rise of DevSecOps and how its practices demand even faster performance and security testing cycles
    •How security solutions, specifically DAST, are “shifting left” to meet automation/test engineers & security teams’ needs?
  • Get Laser-Focused Visibility into the Risk Posture of your Web Applications Oct 25 2017 4:00 pm UTC 30 mins
    Nathan Michalov, CA Veracode Solution Architect
    Expand your static analysis capabilities and begin scanning earlier in the software testing phase.

    Join this 20 minute webinar to see how Veracode can help you unlock the capabilities of DynamicDS and Virtual Scan Appliance (VSA). With these deeper scanning abilities, your organization can identify and remediate application vulnerabilities before cyber criminals can find and exploit them.

    These technologies can help you ensure ongoing security assessments as an automated cloud-based service — backed by Veracode’s world-class application security experts. Enable your teams to discover and address vulnerabilities during the production and pre-production phases of the software development lifecycle (SDLC). Specifically you’ll see how you can:

    •Start Scanning Immediately: Easy to deploy: cloud-based and no hardware to purchase
    •Integrate with Central Cloud Platform: Uploads all test results to our cloud platform that can be aggregated and evaluated using a single set of centralized policies and reports
    •Generate Verified and Actionable Results: Our security experts examine results to distinguish real problems from false positives and helps you deliver complete threat information to help development and QA teams remediate flaws
  • Lacking AppSec Resources? Veracode Has Your Path Forward! Recorded: Oct 11 2017 24 mins
    Austin Britt, CA Veracode Solution Architect
    A successful application security program takes more than powerful technology.

    Join this 20 minute webinar to get your application security program off the ground with Veracode’s Services offerings. Learn how Veracode can lend its expertise to help your security teams and developers work together to rapidly identify, understand and remediate critical vulnerabilities — and help transform decentralized, ad hoc application security processes into ongoing, policy-based governance. Hear one of Veracode’s experts provide an overview of Services offerings such as:

    •Program Management: implement enterprise-wide governance models and day-to-day tactics to systematically reduce risk from application-layer attacks, based on best practices
    •Developer Coaching: work with developers to understand assessment results, prioritize remediation efforts and integrate with existing SDLC tools and processes
    •Developer Training: empower developers, testers and security leads to develop secure applications, providing the critical skills they need to identify and address potential vulnerabilities
  • The Veracode Community: Manage Your AppSec and DevSecOps Initiatives Recorded: Sep 28 2017 21 mins
    Asha May, CA Veracode Community Lead
    Veracode is building a strong community to support the people who build and secure today’s software. The Veracode Community is open to all -- for Veracode customers, and for any developer or security professional seeking resources about securing applications throughout the development process.

    Join this webinar to see how the Veracode Community can help you solve your tough application security problems. We’ll discuss:

    •The purpose of the community – a space for developers and security practitioners to find answers and collaborate on application security best practices
    •How Community members can access resources, customer support, and forums for collaboration
    •Plus, see a demo of the community’s user-friendly platform
  • Protect Your Organization and Build Secure Code with Developer Training Recorded: Sep 27 2017 9 mins
    Patrick Hayes, CA Veracode Solution Architect
    Learn how Veracode Developer Training can help your development team code more securely!
    Join this 20 minute webinar to get your application security program and secure DevOps initiatives off the ground with Veracode Developer Training. Learn how your developers can address important security concerns, such as:
    •OWASP Top 10 and PCI requirements
    •Secure coding for multiple languages (e.g., Java, .Net, CC++) and architectures (e.g., Mobile, Web and ClientServer)
    •Proactive techniques, such as Threat Modeling and Secure Architecture that can be used in the early stages of the Software Development Life Cycle (SDLC), minimizing the number of security defects in the code
  • Securing Your Software Supply Chain Recorded: Sep 19 2017 32 mins
    Colin Domoney, Consultant Solutions Architect - Veracode
    As organisations use CI/CD pipelines to build, test and deploy software at ever increasing speed it becomes imperative that the software supply chain should be secured to prevent the deployment of code of unknown provenance or with known vulnerabilities. In this webinar we will examine this topic from the following perspectives:
    1. Ensuring that a ‘chain of custody’ is maintained from source control through to deployed production code.
    2. Understanding how software components and artefacts are introduced into the supply chain.
    3. Best practices for controlling and assessing third party components in the supply chain.
  • Build secure software and manage application risk with the Veracode platform Recorded: Sep 13 2017 30 mins
    Jacob Martel, Solution Architect, Veracode
    See why Gartner has named Veracode a Leader in the Magic Quadrant for Application Security for the fourth time!

    Join this 20 minute webinar to see how Veracode can help you manage security risk across your entire application portfolio through a wide range of security testing and threat mitigation techniques, all hosted on a central, cloud-based platform.

    During this webinar, you will see a demo of the Veracode platform’s ability to scan all of the applications and components you build or buy, covering all major languages, frameworks, and application types. As a central repository for your applications and components, Veracode’s platform provides you with full visibility into your risk posture and integrates into each stage of your software development lifecycle, so you are building secure software.
  • Survey Says! You Too Can Boast a DevOps Model from Development to Production Recorded: Sep 6 2017 20 mins
    Pete Chestna, Director of Developer Engagement, CA Veracode and Alan Shimel, Editor-in-Chief, DevOps.com
    Join Alan Shimel Editor-in-chief of DevOps.com and Pete Chestna, Director of Development Engagement of CA Veracode as they engage in an interactive discussion on the current state of DevSecOps global skills based on findings from a recent survey conducted with DevOps professionals. Specifically they will discuss:

    -Factors causing the scarcity of DevOps-related skills
    -Benefits and drawbacks of various education models for IT and development teams
    -Establishing effective security training for developers and operations to securely deliver software at DevOps speeds and fully embrace DevSecOps principles
  • It's Not All Gloom and Doom: Security and Development Are More Aligned Than Ever Recorded: Sep 6 2017 63 mins
    Pete Chestna, Director of Developer Engagement, CA Veracode and Doug Cahill, Senior Analyst, ESG
    Despite the popular belief that security and development teams have conflicting priorities, the creation of DevOps has now aligned the two teams toward a common goal, creating secure software. Since software continues to be a major driver of innovation and economic growth, eliminating the perception of friction between security and development is a top priority for IT professionals. In a recent study conducted between Enterprise Strategy Group (ESG) and Veracode, 58 percent of respondents stated their organization is taking a collaborative approach to securing applications.

    Join Doug Cahill, Senior Analyst at ESG and Pete Chestna, Director of Developer Engagement at Veracode as they take a deeper dive into the results of this survey and what it means for your organization.
  • Full Spectrum Engineering – The new full stack Recorded: Sep 5 2017 61 mins
    Pete Chestna, Director of Developer Engagement, CA Veracode
    In this webinar, Pete Chestna, Veracode Director of Developer Engagement, will share his insights on what a full-spectrum developer is and how they are crucial for organizations transitioning to DevSecOps.
  • Getting Started With Secure DevOps Recorded: Sep 5 2017 56 mins
    Vineeta Puranik and Janet Worthington, Veracode
    To keep up with the need for fast deployment, organizations are combining the work of development and operations teams into one process known as DevOps. Organizations often focus on the speed DevOps offers, but forget about the security implications. Watch this webinar to learn how Veracode Greenlight can help secure your DevOps process.
  • Struts-Shock: Current Attacks Against Struts 2 and How to Defend Against Them Recorded: Sep 5 2017 44 mins
    Johannes Ullrich Dean of Research, SANS Technology Institute
    The critical vulnerability recently discovered in Apache Struts 2 demonstrated the risks associated with open source components. Watch this on-demand webinar to learn about preventing open source vulnerabilities and defending against potential attacks.
  • The Human Side of DevSecOps Recorded: Sep 5 2017 61 mins
    Tim Jarrett, Sr. Director of Enterprise Security Strategy, Veracode
    This webinar is focused on organizational and cultural aspects of DevOps with an emphasis on the role of “security champions”—developers cross-trained in information security basics—in executing a successful DevSecOps transformation.
  • Beyond Static Analysis: Securing Your Application Portfolio with DevOps Recorded: Aug 29 2017 44 mins
    Anne Nielsen, CA Veracode Product Management
    It is challenging enough for organizations to stay ahead of the DevOps movement. As part of this trend, application security testing is becoming an integral part of a developer’s job. No longer can Static analysis alone ensure the overall security of an organization’s application portfolio.

    In this webinar, learn how CA Veracode is taking the lead on securing DevOps with specific emphasis on:

    •Validation of the impact of DevOps in the market through Veracode data and API usage analysis
    •Vercode’s product portfolio strategy including Greenlight and IDE integrations enabling customers to stay ahead of DevOps
    •Use case scenarios for customers to consider – each from the Security, Development and Operations perspectives
  • Veracode Web Application Scanning: Discover, test, & monitor web applications Recorded: Aug 23 2017 22 mins
    Glenn Whittemore, Solution Architect, CA Veracode
    Looking for a consolidated solution to find, secure, and monitor all of your web applications?

    Join this 20 minute webinar to see how Veracode can help you easily track and inventory all of your external web applications with the ability to scan and scale on thousands of sites in parallel to find critical vulnerabilities and prioritize your biggest risks.

    Learn how to leverage technologies such as Veracode Web Application Scanning which enable teams to discover and address vulnerabilities during the production and pre-production phases of the software development lifecycle (SDLC). As one of the multiple scanning technologies Veracode offers on a single platform, your organization can systematically reduce risk while continuously monitoring your security posture.
  • Securing the Enterprise in a DevOps World: Keynote & Panel Recorded: Aug 22 2017 59 mins
    David Wayland, Head of Enterprise Application Security, Fortune 500 Financial Firm & Chris Wysopal, CTO & Co-Founder Veracode
    Securing a global enterprise requires security, development, vulnerability management, compliance and risk professionals to understand the engagement and inflection points in the software development lifecycle—and their roles to accelerate it. 

    Join Veracode for a two part session featuring "Securing the Enterprise in a DevOps World" with David Wayland, and an interactive panel discussion to continue the conversation on securing the enterprise in a DevOps World. This open round table discussion will be led by Veracode Co-Founder and CTO, Chris Wysopal. We will have time for Q&A so bring your questions!

    The discussion will touch upon:
    · Are you crawling, walking or running with your DevOps initiative?
    · Pitfalls? Success?
    · How are you connecting the dots for the business and the board on how your application security initiative is mitigating risk?


    Panelists: David Wayland, Head of Enterprise Application Security—Fortune 500 Financial Firm, Pete Chestna, Director of Developer Engagement—Veracode, Joseph Feiman Chief Innovation Officer—Veracode.
  • Getting the Best out of DevSecOps Recorded: Aug 22 2017 47 mins
    Colin Domoney, Consultant Solutions Architect—Veracode
    With application security rapidly moving towards a DevSecOps approach, it's important to understand from each team's perspective how to be successful in the new agile process. 

    Join this webinar to understand the perspectives--both the challenges and benefits of a DevSecOps approach, and how to integrate your security, operation and Developer teams.
  • You Can Get There From Here: The Road to Secure DevOps Recorded: Aug 22 2017 47 mins
    Pete Chestna, Director of Developer Engagement—Veracode
    If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and from waterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. In this session learn:

    · A basic Understanding of Waterfall, Agile and DevOps from a people, process and technology point of view
    · Considerations when transitioning between these methodologies
    · An approach to leading the change in your own company
    · How Security can best be integrated into DevOps
  • Your Path to a Mature AppSec Program Recorded: Aug 22 2017 46 mins
    Colin Domoney, Consultant Solutions Architect—Veracode
    According to Akamai, attacks at the application layer are growing by more than 25% annually. But many organizations still struggle to understand how to get started with application security, or what good looks like.

    To shed light on the application security process, this session will outline the steps most of Veracode's customers take to develop a mature application security program. Attend and hear about Colin’s experience developing and managing an application security program from the ground up and learn:

    • The different AppSec phases most organizations are currently in
    • The next steps to take when moving toward a more comprehensive AppSec program
    • Lessons learned, best practices and pitfalls to avoid -- from someone who’s been there
    • What a comprehensive, mature AppSec program entails
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How do vulnerabilities get into software?
  • Live at: May 17 2016 10:00 am
  • Presented by: Laurie Mercer, Solutions Architect, Veracode
  • From:
Your email has been sent.
or close