Hi [[ session.user.profile.firstName ]]

Revealing the Truth Behind Software Security Myths and Realities

While web and mobile applications account for more than a third of data breaches (source: 2014 Verizon Data Breach Investigations Report), most organizations are not spending time or money on application security. So why the disconnect? One reason is that fallacies abound when it comes to application security. Many of these fallacies stem from the traditional, on-premises tools-based approach to application security, which has fostered the misconception that application security programs are expensive and difficult to manage. But as breaches continue to make headlines, organizations are realizing the serious risk posed by applications.
Recorded Jun 23 2016 37 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chris Campbell, Solutions Architect
Presentation preview: Revealing the Truth Behind Software Security Myths and Realities

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Prove your company’s secure software practices with Veracode Verified Mar 14 2019 11:00 am UTC 44 mins
    Asha May, Customer Engagement, Veracode and Scott Mitchell, Security Architect, Blue Prism
    According to IDG, 84% of surveyed IT Leaders agree that their companies are concerned about the potential data security risk posed by third-party applications. How can companies assure customers that they will protect their critical data while maintaining a competitive advantage in the market?

    Join Asha May, Director Customer Engagement at Veracode as she provides an overview and latest highlights of how the Verified program has been helping our customers provide third party software assurance. Learn how Veracode works with software providers to:

    •Meet the demands of customers looking for proof that your software is secure
    •Provide a path to maturing their AppSec program
    •Help defend their AppSec budget by showing the value and adoption it brings
    •Verify the secure development process around an application by focusing on continuous AppSec integrated into development
    •Make their secure software a competitive advantage in a tightening market
  • Lo Stato Della Sicurezza Informatica: Guardando all’Europa Mar 5 2019 10:00 am UTC 45 mins
    Giuseppe Trovato, Principal Security Researcher at Veracode
    Il software ha cambiato il modo in cui comunichiamo, forniamo assistenza sanitaria, gestiamo affari, gestiamo i nostri governi, eleggiamo i nostri leader, diamo inizio a rivoluzioni e persino stimoliamo il cambiamento sociale. Nel mondo digitale, la creazione di software contribuirà a stimolare la crescita economica e migliorare la qualità della vita. Ma il nostro più grande catalizzatore per il cambiamento è rappresentato anche dalla fonte della vulnerabilità.

    Quando si tratta di assicurare il software che sviluppano, le aziende europee sono molto indietro rispetto alle loro controparti americane. In questo webinar dal vivo, Giuseppe Trovato, Principal Security Researcher per Veracode, verranno presentati i dati del rapporto annuale sullo stato della sicurezza del software, con particolare attenzione al modo in cui le società europee si confrontano con le società aventi sede negli Stati Uniti. Il software viene creato avendo il mente la sua utilizzabilita’ e le sue prestazioni, ma anni di dati, insieme a violazioni su violazioni, dimostrano che il software non è stato creato pensando alla sicurezza.
  • The State of Software Security: Looking at Europe Feb 28 2019 11:00 am UTC 45 mins
    Paul Farrington, Director of Solutions Architects at Veracode
    Software has changed the way we communicate, provide healthcare, conduct business, run our governments, elect our leaders, mount revolutions and even spur social change. In the digital world, the creation of software will help spur economic growth, and improve our quality of life. But our greatest catalyst for change is also the source of vulnerability.

    When it comes to securing the software they develop, European companies are far behind their American counterparts. In this live webinar, Paul Farrington, Director of Solutions Architects at Veracode, will present data from the annual State of Software Security Report, with a focus on how European companies compare to U.S.-based companies. Software is created with usability and performance in mind, but years of data, along with breach after breach demonstrates that software is not created with security in mind.
  • Der Zustand der Softwaresicherheit: ein Blick auf Europa Feb 21 2019 10:00 am UTC 45 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Software hat die Art und Weise verändert, wie wir kommunizieren, Gesundheitsfürsorge anbieten, Geschäfte abwickeln, Regierungen regieren, Führungspersönlichkeiten wählen, Revolutionen aufbauen und sogar soziale Veränderungen anstoßen. In der digitalen Welt wird die Erstellung von Software das Wirtschaftswachstum ankurbeln und unsere Lebensqualität verbessern. Unser größter Katalysator für Veränderungen ist jedoch auch die Ursache für Verwundbarkeit.

    Wenn es um die Sicherung der von ihnen entwickelten Software geht, liegen europäische Unternehmen weit hinter ihren amerikanischen Kollegen. In diesem Live-Webinar Julian Totzek-Hallhuber, Solutions Architect für Veracode werden Daten aus dem jährlichen Bericht zum Zustand der Software-Sicherheit präsentiert, in dem der Vergleich europäischer Unternehmen mit US-amerikanischen Unternehmen im Mittelpunkt steht. Software wird unter Berücksichtigung der Benutzerfreundlichkeit und der Leistung erstellt, aber langjährige Daten sowie ein Angriff nach dem anderen zeigen jedoch, dass Software mit nicht ausreichenden Sicherheitskonzpeten im Hintergrund erstellt wird.
  • L'état de la Sécurité des Logiciels en Europe Feb 19 2019 10:00 am UTC 45 mins
    Nabil Bousselham, Solutions Architect at Veracode
    Les logiciels ont changé notre façon de communiquer, de fournir des soins de santé, de mener des affaires, de gérer nos gouvernements, d’élire nos dirigeants et même de suivre les changements sociaux. Dans le monde numérique, la création de logiciels veut aider à augmenter la croissance économique et à améliorer notre qualité de vie. Mais notre plus grand catalyseur de changement est aussi une grande source de vulnérabilité.

    Sur le niveau de la sécurité applicative, les entreprises européennes sont loin derrière leurs contreparties américaines. Dans ce webinaire, Nabil Bousselham, Principal Solutions Architecte chez Veracode, souhaite vous présenter quelques résultats de note rapport annuel sur l'état de la sécurité logicielle, en faisant référence aux sociétés basées aux États-Unis. Les logiciels sont créés plutôt avec un focus sur la fonctionnalité et la performance, mais plusieurs années de données, ainsi que les Data Breach successives démontrent clairement qu’il y’a encore un grand travail á faire au niveau de la sécurité logicielle.
  • El estado de la Seguridad del Software: mirando a Europa Feb 14 2019 10:00 am UTC 45 mins
    Antonio Reche, Solutions Architect at Veracode
    El software ha cambiado la forma en que nos comunicamos, brindamos atención médica, hacemos negocios, dirigimos nuestros gobiernos, elegimos a nuestros líderes, montamos revoluciones e incluso fomentamos el cambio social. En el mundo digital, la creación de software ayudará a estimular el crecimiento económico y mejorar nuestra calidad de vida. Pero nuestro mayor acelerador para el cambio es también una fuente de vulnerabilidad.

    Cuando se trata de asegurar el software desarrollado, las empresas europeas están muy por detrás de sus homólogas estadounidenses. En este seminario web en vivo, Antonio Reche, EMEA Solution Architect de Veracode, presentará los datos del Informe anual sobre el estado del software, con un enfoque en cómo las empresas europeas se comparan con las empresas de U.S. El software se crea teniendo en cuenta la facilidad de uso y el rendimiento, pero años de datos junto con múltiples y continuas brechas de seguridad, demuestran que el software no se crea teniendo en cuenta la seguridad.
  • The State of DevSecOps - Featuring Amy DeMartine of Forrester Research Feb 7 2019 11:00 am UTC 56 mins
    Chris Eng, Veracode Vice President of Research and Amy DeMartine, Forrester Research Principal Analyst
    In our recent State of Software Security Volume 9 report, Veracode examined fix rates across 2 trillion lines of code shows that the number of vulnerable applications remains staggeringly high. More than 85 percent of all applications contain at least one vulnerability following the first scan, and more than 13 percent of applications contain at least one very high severity flaw.

    One thing is certain: the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    There are just too many vulnerabilities for organizations to tackle all at once, which means it requires smart prioritization to close the riskiest vulnerabilities first. For the first time, our report shows a very strong correlation between high rates of security scanning and lower long-term application risks, which we believe presents a significant piece of evidence for the efficacy of DevSecOps. In fact, the most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds, largely the result of increased code scanning.

    Join guest presenter Amy DeMartine, Principal Analyst, Forrester Research Inc., and Veracode’s Chris Eng as they deliver valuable takeaways for business leaders, security practitioners and development teams seeking to secure their applications. Listeners will learn potential prioritizations and software development methods that could help their organizations reduce risk more quickly.
  • The Veracode Community: Powering Your AppSec Program Jan 23 2019 4:00 pm UTC 45 mins
    Asha May, Customer Engagement at Veracode
    Veracode continues to build and expand a strong community to support the people and teams that make your organization’s software secure. The Veracode Community provides a resource and forum for customers as well as developers or security professionals seeking best practices about securing applications throughout the development lifecycle.

    Join this webinar to see how the Veracode Community can help you tackle tough application security issues while paving the way for an optimized program. We will provide:
    •An overview of the community – a space for developers and security practitioners to find answers and collaborate on application security best practices
    •Tips for community members to access resources, customer support, and forums for collaboration
    •Updates on latest community enhancements including newly-available access to all Veracode Integrations-related content and support
  • Optimizing Your AppSec Program with Veracode Recorded: Dec 19 2018 47 mins
    Brad Smith, Principal Security Program Manager, Veracode
    Hear from one of our customer-facing Services experts to learn how you can leverage the Veracode platform to optimize your application security program. You will start with assessing and managing security risk across your entire application portfolio and gain additional insights into how Veracode can help you adopt application security best practices in a simple and cost-effective way. Based on first-hand customer interactions, you will come away practical guidance to integrating testing into the software development lifecycle- all the way to scaling an application security program using the Veracode cloud-based platform.
  • Wie rechtfertigen Sie die Kosten eines AppSec-Programms? Recorded: Dec 18 2018 42 mins
    Julian Totzek-Hallhuber, Principal Solutions Architect at Veracode
    Traditionell haben die meisten Führungskräfte die IT Sicherheit als notwendiges Übel betrachtet - eine Investition, die nur erforderlich war, um ein schlechtes Ergebnis zu vermeiden, aber nicht als etwas, das neue Kunden einbringen oder den Umsatz steigern würde. Aber das scheint sich zu ändern. Wir stellen zunehmend fest, dass die Erstellung sicherer Software zu einem Wettbewerbsvorteil führt und das Endergebnis steigert.

    Dieses Webinar, das von Julian Totzek-Hallhuber - Principal Solutions Architect bei Veracode gehalten wird, hilft Ihnen dabei, AppSec zu unterstützen. Durch die Darstellung des möglichen ROI einer Cloud-basierten Anwendungssicherheitslösung, die in den Softwareentwicklungslebenszyklus integriert ist, stellen wir Ihnen die Tools zur Verfügung, die Sie zur Erstellung Ihres C-Level-Pitch benötigen.
  • The State of DevSecOps - Featuring Amy DeMartine of Forrester Research Recorded: Dec 13 2018 57 mins
    Chris Eng, Veracode Vice President of Research and guest, Forrester Research Principal Analyst Amy DeMartine
    In our recent State of Software Security Volume 9 report, Veracode examined fix rates across 2 trillion lines of code shows that the number of vulnerable applications remains staggeringly high. More than 85 percent of all applications contain at least one vulnerability following the first scan, and more than 13 percent of applications contain at least one very high severity flaw.

    One thing is certain: the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    There are just too many vulnerabilities for organizations to tackle all at once, which means it requires smart prioritization to close the riskiest vulnerabilities first. For the first time, our report shows a very strong correlation between high rates of security scanning and lower long-term application risks, which we believe presents a significant piece of evidence for the efficacy of DevSecOps. In fact, the most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds, largely the result of increased code scanning.

    Join guest presenter Amy DeMartine, Principal Analyst, Forrester Research Inc., and Veracode’s Chris Eng as they deliver valuable takeaways for business leaders, security practitioners and development teams seeking to secure their applications. Listeners will learn potential prioritizations and software development methods that could help their organizations reduce risk more quickly.
  • The Front Lines: How One Company Systematically Mitigates Their Open Source Risk Recorded: Dec 12 2018 47 mins
    Mark Curphey, VP of Strategy, Veracode
    It’s one thing to simply talk about the pervasiveness of open source risk. What do you do when your leadership team wants you to actually take action? Where do you start? How do you even begin to inventory the seemingly insurmountable amount of open source libraries deployed across your entire application infrastructure? It takes a systematic approach to identifying vulnerable open source libraries – a system that requires multiple stakeholders across various functional groups including security, development, and sometimes your legal and vendor management teams.

    Join Mark Curphy, VP of Strategy at Veracode, as he interviews a customer to discuss how they were successful in implementing a scalable security program to effectively tackle the problem of open source risk. You’ll get real insights from an industry practitioner about how to recognise harmful third party libraries, establish an open source software security policy, and communicate security requirements to the team at large.
  • Illustrating the Systemic Risk Caused by Open Source Library Use Recorded: Dec 12 2018 48 mins
    Tim Jarrett, Senior Director of Enterprise Security Strategy, Veracode
    How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components.

    Attend this session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.
  • Why Is Open Source Use Risky? Recorded: Dec 12 2018 43 mins
    Adrian Lane, Analysis, Securosis
    When software development moves at the speed of DevOps, creating every line of code from scratch is simply not feasible. In turn, most development shops are increasingly relying on open source libraries to supplement their code.

    The use of these open source libraries is not in itself a bad thing, on the contrary, it’s best practice, and not taking advantage of this code would put your organization at a competitive disadvantage. The risky part lies with the visibility. What happens when it’s revealed that an open source library contains a major vulnerability? Would you know if you are using that library? What about where or how you are using it? Could you find out fast enough to patch it? Attend this session to get up to speed on open source library use, including its risks and best practices.
  • Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern Recorded: Dec 11 2018 49 mins
    Matt Runkle, Application Security Consultant, Veracode
    It’s no secret that open source security is a hotly debated topic. However it’s important to keep in mind that commercially licensed third-party software carries much of the same risk as open source software. While helping a customer attain a Verified certification, one of Veracode’s application security consultants uncovered a cross-site scripting flaw in the popular Telerik Reporting project. The flaw has since been patched but it’s these types of unknown risks that organizations take when introducing third party code into their environment.

    During this talk, you’ll hear from Matt Runkle, the AppSec Consultant who uncovered the XSS flaw, to get insight into the mind of a hacker and hear how vulnerabilities like XSS are commonly exploited in third party software and how you can take action to prevent attacks like this in your own environment.
  • How to Ensure Your Applications are Secure by Design Recorded: Dec 11 2018 46 mins
    Chris Wysopal, Co-Founder and CTO, Veracode
    As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company.

    We find our customers pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, software is more often assembled than it is created from scratch, as developers are more frequently incorporating open source libraries to speed up time-to-market. But as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk.

    In this session, Veracode CTO Chris Wysopal talks about what it means to be secure by design, and why businesses need to focus on prevention. The days of detect-and-respond tactics are a thing of the past – we’re living in an age when the attacks will happen before you have the time to find and respond to them. Attendees will also learn about why an application security program is imperative to data protection, how to mitigate open source risk and ensure secure coding practices are in place to prove that security is a top priority for your organisation.
  • Trends in the Industry: Setting the Stage on Open Source Trends Recorded: Dec 11 2018 42 mins
    Mark Curphey, VP of Strategy, Veracode
    Open source is here to stay. Iconic brands like Google, Facebook, and Twitter have pioneered the practice of building their platforms on a core of code that is shared with the public and free for anyone to use. Rather than build applications from scratch, today’s developers first look to third-party code to kick start their innovation in the form of open source libraries. Unfortunately, reusable code also means reusable vulnerabilities, and the bad guys are increasingly turning to attacking open-source. In a recent study by Veracode, a whopping 88% of Java applications had at least one flaw in an open-source library, leaving application security managers faced with the challenging question: how can we keep innovating quickly without introducing vulnerabilities into our code base?

    The solution is multi-faceted – part education, part technology, part process change. Join us for our Virtual Summit, The Open Source Conundrum: Managing your Risk, as we dig into all the pieces of this solution.
  • Secure By Design: Ensuring That Security Is Built In Recorded: Dec 10 2018 45 mins
    Chris Wysopal, Chief Technology Officer and Co-Founder at CA Veracode
    As software becomes a bigger component of the value delivered by companies in every industry, it is no exaggeration to say that every company is becoming a software company that is competing with software.

    Companies are pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, developers more often assemble software than create it from scratch, as they are more frequently incorporating open source libraries to speed up time-to-market. However, as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk.

    In this session, Chris Wysopal, Chief Technology Officer and Co-Founder at CA Veracode discusses what it means to build software secure by design. He will describe how to build a software development process that has continuous security, is measurable, and is transparent.
  • Prove your company’s secure software practices with Veracode Verified Recorded: Nov 28 2018 45 mins
    Asha May, Customer Engagement, Veracode and Scott Mitchell, Security Architect, Blue Prism
    According to IDG, 84% of surveyed IT Leaders agree that their companies are concerned about the potential data security risk posed by third-party applications. How can companies assure customers that they will protect their critical data while maintaining a competitive advantage in the market?

    Join Asha May, Director Customer Engagement at Veracode as she provides an overview and latest highlights of how the Verified program has been helping our customers provide third party software assurance. Learn how Veracode works with software providers to:

    •Meet the demands of customers looking for proof that your software is secure
    •Provide a path to maturing their AppSec program
    •Help defend their AppSec budget by showing the value and adoption it brings
    •Verify the secure development process around an application by focusing on continuous AppSec integrated into development
    •Make their secure software a competitive advantage in a tightening market
  • ¿Estás cometiendo algunos de los 6 errores más comunes en AppSec? Recorded: Nov 22 2018 41 mins
    Antonio Reche, Senior Solutions Architect at CA Veracode
    Más del 70% del profesionales senior de TI reconocen que el software y los problemas de seguridad relacionados con el código son una preocupación creciente.

    Hay errores comunes que las empresas cometen con sus programas AppSec. ¿Has cometido alguno de ellos? ¿Sabes como poder solucionarlos?

    Durante este seminario web, Antonio Reche, Senior Solutions Architect @ CA Veracode compartirá ejemplos y casos de uso que permitirá conocer:

    -Acciones y mejores practicas para tener éxito en la implementación de Programas AppSec
    -Puntos clave en la gestión de la seguridad de aplicaciones, incluyendo componentes Open Source
    -La correcta aplicación de las políticas de seguridad
    -Integración de la seguridad en el ciclo de vida de las aplicaciones
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Revealing the Truth Behind Software Security Myths and Realities
  • Live at: Jun 23 2016 10:00 am
  • Presented by: Chris Campbell, Solutions Architect
  • From:
Your email has been sent.
or close