Hi [[ session.user.profile.firstName ]]

Manage application risk with policy-based scanning

Ensure that all your applications are accurately assessed with policy-based scanning.
Join this 20 minute webinar to see how Veracode can help you protect your organization against data breaches and meeting regulations and policies addressing cybersecurity and information security controls in a timely manner.
See how the Veracode Platform provides built-in, automated compliance workflows to reduce communication overhead and provide a secure audit trail of your compliance processes, including notifications about policy changes. Veracode’s unified platform can also help you address OWASP security issues by integrating security seamlessly into software development and eliminating vulnerabilities at the most efficient and effective points in the development/deployment chain.
Recorded Dec 20 2017 17 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Glenn Whittemore, CA Veracode Solution Architect
Presentation preview: Manage application risk with policy-based scanning

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How the OWASP Top 10 can Secure your DevSecOps Initiative Aug 9 2018 10:00 am UTC 45 mins
    Katy Anton, Principal Application Security Consultant @ Veracode & OWASP Bristol Chapter Leader
    This session will be led by Katy Anton - Senior Application Security Consultant @ Veracode, OWASP Bristol Chapter Leader & Project Co-Leader for OWASP Proactive Controls Project. Katy will take the audience through the ins and outs of the OWASP Top 10.

    As software becomes increasingly complex, the difficulty of achieving application security increases. With the rapid pace of modern software development processes, securing the software from the beginning can be challenging.

    -How can developers write more secure applications?
    -What are the security techniques they could use while writing their software?

    These are hard questions, as evidenced by the increased cyber breaches. This session will explore the OWASP Top 10 (2017) and will identify the security controls that can prevent these vulnerabilities in which developers can use in the software development lifecycle. By the end of the webinar, you will have an arsenal of security controls that you can start using and apply them while writing your software applications.

    Register to this session to find out how the OWASP Top 10 can secure your DevSecOps Initiative!
  • Shifting Left…AND Right to ensure full application security coverage Jul 31 2018 3:00 pm UTC 60 mins
    Bhavna Sarathy, Bipin Mistry
    Web Applications continue to be one of the primary attack vectors that lead to breaches at organizations all over the world. As more and more organizations adopt DevOps and CI/CD workflows, there has been an added push to shift security testing to earlier stages in the software development lifecycle. Finding flaws earlier can save precious time as release cycles become faster, however, what happens once an application is running? With the ever-changing threat landscape that organizations function in today, even an application that was developed as securely as possible can become vulnerable over time as attackers uncover new ways to exploit weaknesses. Organizations who do not continue to test their running web applications risk missing exploitable vulnerabilities that could lead to a breach. In this webinar, we will discuss the importance of performing Dynamic Application Security Testing (DAST) on web applications during your testing and QA phases to catch exploitable vulnerabilities before you release that static testing alone cannot find. We will also discuss how establishing a recurring schedule of DAST scans on your running web applications can help your organization discover new vulnerabilities and help you reduce your risk of a breach.
  • The Front Lines: How One Company Systematically Mitigates Their Open Source Risk Jul 26 2018 6:00 pm UTC 45 mins
    Mark Curphey, VP of Strategy, CA Veracode
    It’s one thing to simply talk about the pervasiveness of open source risk. What do you do when your leadership team wants you to actually take action? Where do you start? How do you even begin to inventory the seemingly insurmountable amount of open source libraries deployed across your entire application infrastructure? It takes a systematic approach to identifying vulnerable open source libraries – a system that requires multiple stakeholders across various functional groups including security, development, and sometimes your legal and vendor management teams.

    Join Mark Curphy, VP of Strategy at CA Veracode, as he interviews a customer to discuss how they were successful in implementing a scalable security program to effectively tackle the problem of open source risk. You’ll get real insights from an industry practitioner about how to recognize harmful third party libraries, establish an open source software security policy, and communicate security requirements to the team at large.
  • Illustrating the Systemic Risk Caused by Open Source Library Use Jul 26 2018 5:00 pm UTC 45 mins
    Tim Jarrett, Senior Director of Enterprise Security Strategy, CA Veracode
    How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components.

    Attend this session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.
  • Why Is Open Source Use Risky? Jul 26 2018 4:00 pm UTC 45 mins
    Adrian Lane, Analysis, Securosis
    When software development moves at the speed of DevOps, creating every line of code from scratch is simply not feasible. In turn, most development shops are increasingly relying on open source libraries to supplement their code.

    The use of these open source libraries is not in itself a bad thing, on the contrary, it’s best practice, and not taking advantage of this code would put your organization at a competitive disadvantage. The risky part lies with the visibility. What happens when it’s revealed that an open source library contains a major vulnerability? Would you know if you are using that library? What about where or how you are using it? Could you find out fast enough to patch it? Attend this session to get up to speed on open source library use, including its risks and best practices.
  • Anticipa la seguridad de las aplicaciones con el análisis estático CA Veracode Jul 26 2018 9:00 am UTC 45 mins
    Antonio Reche - Snr. Principal Consultant Solutions Architect @ Veracode
    Le invitamos a que nos acompañe a conocer cómo CA Veracode puede ayudarle de manera efectiva en el ciclo de vida del desarrollo de software. En esta sesión Antonio Reche - arquitecto consultor en soluciones en Veracode- le mostrará como formar de manera rápida a los desarrolladores para que identifiquen y corrijan defectos de código relacionados con la seguridad sin necesidad de gestionar alguna herramienta.

    La tecnología de análisis estático patentada por Veracode examina los principales frameworks y lenguajes sin necesidad del código fuente; por lo que puede evaluar el código que escribe, compra o descarga así como medir el progreso desde una única plataforma SaaS.

    Después de esta sesión usted conocerá las mejore prácticas para:

    • Integración del análisis estático en su proceso de desarrollo
    • Cumplir con las políticas de seguridad internas y externas
    • Crear políticas para su programa de seguridad de aplicaciones
    • Evaluar código contra política antes del check-in
    • Análisis de resultados y generación de informes (visor de fallos de seguridad)
    • Definición de roles de usuario y vistas de equipo dentro de la plataforma
  • Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern Jul 25 2018 6:00 pm UTC 45 mins
    Matt Runkle, Application Security Consultant, CA Veracode
    It’s no secret that open source security is a hotly debated topic. However it’s important to keep in mind that commercially licensed third-party software carries much of the same risk as open source software. While helping a customer attain a Verified certification, one of CA Veracode’s application security consultants uncovered a cross-site scripting flaw in the popular Telerik Reporting project. The flaw has since been patched but it’s these types of unknown risks that organizations take when introducing third party code into their environment.

    During this talk, you’ll hear from Matt Runkle, the AppSec Consultant who uncovered the XSS flaw, to get insight into the mind of a hacker and hear how vulnerabilities like XSS are commonly exploited in third party software and how you can take action to prevent attacks like this in your own environment.
  • How to Ensure Your Applications are Secure by Design Jul 25 2018 5:00 pm UTC 45 mins
    Chris Wysopal, Co-Founder and CTO, CA Vercode
    As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company.

    We find our customers pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, software is more often assembled than it is created from scratch, as developers are more frequently incorporating open source libraries to speed up time-to-market. But as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk.

    In this session, CA Veracode CTO Chris Wysopal talks about what it means to be secure by design, and why businesses need to focus on prevention. The days of detect-and-respond tactics are a thing of the past – we’re living in an age when the attacks will happen before you have the time to find and respond to them. Attendees will also learn about why an application security program is imperative to data protection, how to mitigate open source risk and ensure secure coding practices are in place to prove that security is a top priority for your organization.
  • Trends in the Industry: Setting the Stage on Open Source Trends Jul 25 2018 4:00 pm UTC 45 mins
    Mark Curphey, VP of Strategy, CA Veracode
    Open source is here to stay. Iconic brands like Google, Facebook, and Twitter have pioneered the practice of building their platforms on a core of code that is shared with the public and free for anyone to use. Rather than build applications from scratch, today’s developers first look to third-party code to kick start their innovation in the form of open source libraries. Unfortunately, reusable code also means reusable vulnerabilities, and the bad guys are increasingly turning to attacking open-source. In a recent study by CA Veracode, a whopping 88% of Java applications had at least one flaw in an open-source library, leaving application security managers faced with the challenging question: how can we keep innovating quickly without introducing vulnerabilities into our code base?

    The solution is multi-faceted – part education, part technology, part process change. Join us for our Virtual Summit, The Open Source Conundrum: Managing your Risk, as we dig into all the pieces of this solution.
  • Open Source Code - a Blessing or a Curse? Jul 25 2018 9:30 am UTC 45 mins
    Andrew Kanikuru - Senior Digital Sales @ Veracode & Nabil Bousselham - Principal Consultant Solutions Architect @ Veracode
    Join Andrew Kanikuru - Senior Digital Sales @ Veracode & Nabil Bousselham - Principal Consultant Solutions Architect @ Veracode - to discuss how fine the line is between a blessing and a curse in terms of Open Source Code Security.
    In the technologically advanced era that we live in, organisations rely on fast software delivery to gain the competitive advantage. Using open source and 3rd party components in the SDLC can help companies be first to market with new services and solutions. When you consider that almost 93% of organisations use external snippets of code during development, not only is this now the norm but it is fast becoming best practice.
    But what about the risks?
    Although using Open Source code allows fast deployment, faster doesn’t always mean better. As the origin of the code is unknown it means it is unsecure. The largest data breach in history occurred due to an exploitation in Open Source Code, leading to huge financial payouts.
    Fast & Secure -  how does an organisation juggle these positive outcomes to best enable themselves to get to market quickly and safely?
    Join our live webinar on the 25th of July to find out how.
  • How to Get the Most Bang for your Buck out of your AppSec Programme Jul 24 2018 10:00 am UTC 45 mins
    John Smith, Snr. Principal Consultant Solutions Architect @ CA Veracode
    To invest, or not to invest? That is the question. An effective Application Security programme takes a lot of initial investment, particularly of time and effort, not to forget the money.

    In this session, John Smith - Principal Solutions Architect @ CA Veracode - will help you understand how to get the most out of your time, effort and financial investment that has gone into your Application Security Programme.

    You will leave this webinar understanding…

    - Why invest in AppSec?
    - How can you generate the largest ROI on your investment?
    - What positive business outcomes, come from an AppSec Investment?

    Join us on the 24th of July to find out how to get the most bang for your buck with Application Security!
  • Application Security: Cloud vs. On-Premise Solution Recorded: Jun 28 2018 45 mins
    Julian Totzek-Hallhuber, Principal Consultant Solutions Architect @ Veracode
    Um Sicherheitsschwachstellen zu identifizieren und zu beheben, können Sie On-Premise-Tools oder SaaS-Lösungen benutzen. Doch was ist bei Web-Anwendungen in welcher Situation besser? In dieser Webcast-Aufzeichnung stellen wir die Vor- und Nachteile beider Konzepte vor und beleuchten die jeweiligen Herausforderungen im Unternehmenseinsatz.

    Die beiden verschiedenen Ansätze, On-Premise-Tools auf der einen Seite und SaaS-Lösungen auf der anderen Seite, haben aber jeweils Vor- und Nachteile, die stark von der Komplexität des AppSec-Programms abhängen.

    In diesem Webinar wird Julian Totzek-Hallhuber, Principal, Consultant Solutions Architect @ Veracode, den Teilnehmer das folgende Thema näher bringen:

    Wie Sie am besten Ihre Web-Anwendungen schützen können,
    Welche Vorteile dabei Cloud-Lösungen gegenüber On-Premise-Tools haben,
    Welche Vorteile dabei On-Premise-Tools gegenüber Cloud-Lösungen haben,
    Welcher Ansatz in welcher Situation sinnvoller ist,
    Wie Sie mit Lösungen von Veracode Ihre Daten und Programme sichern können.
  • Chart Your Path to Application Security Best Practices Recorded: Jun 20 2018 28 mins
    Christian Dalomba, CA Veracode Solution Architect
    According to Gartner, the application layer contains 90% of all vulnerabilities.

    Despite this alarming trend, many organizations are struggling to adopt application security best practices for protecting software, data and users. However, with the right tools, implementing application security best practices- such as testing, defining code standards, and creating standard policies- a clear path toward adoption of application security best practices is within reach!

    Join this 20-minute webinar to see how Veracode can enable you to adopt application security best practices in a simple and cost-effective way. Based on first-hand customer interactions, hear our experts provide practical guidance starting with tips and tricks to integrating testing into the software development lifecycle all the way to scaling an application security program using our cloud-based platform.
  • The Role of Security Champions in Scaling Application Security Recorded: Jun 19 2018 61 mins
    Ryan O'Boyle, Manager of Product Security at CA Veracode and Ronda Kiser Oakes, Director DevOps Consulting at Perficient
    Securing a portfolio of applications can be a practice in extremes. On one hand, you have a small team of security experts trying to help a multitude of developers, testers, and other engineers meet security requirements. At the same time, you have to support all the microservices that the Agile and DevOps teams are building and pushing to production anywhere from once a month to several times a day. Even if you have a fully staffed security team, there still are not enough experts in this area to go around, which means creating a guild of Security Champions is more important than ever.

    Join Ryan O’Boyle, Manager of Product Security at CA Veracode and Ronda Kiser Oakes, Director DevOps Consulting at Perficient, who will examine the value of the Security Champion role within the development team. They will discuss which groups need to commit for the program to succeed, how to find good champions, and the benefits for all stakeholders. Based on lessons learned from building a successful Security Champion program over the past five years, you will come away with detail actionable steps to bootstrap, monitor, and maintain a customized program that fosters these champions in your organization and scales your security program.
  • Take a Deeper Dive: A Flaw, a Vulnerability, and an Exploit Recorded: Jun 13 2018 18 mins
    Nathan Michalov, CA Veracode Solutions Architect
    Your organization cannot afford to let potential system flaws or weaknesses in your software applications be exploited. That is why knowing the distinct differences between these weaknesses is critical in successfully addressing them. During this webinar, one of CA Veracode’s security implementation experts will discuss how to identify these risk factors within your application landscape, and to:

    •Learn a practical approach to helping security and development teams address these factors
    •Learn about the methods and solutions attackers typically rely on to perform application vulnerability discovery and compromise
    •Learn from examples of how organizations rely on application security technology and services to gain visibility into their overall landscape – and act upon it in the right way
  • How to Get Started with DevSecOps Recorded: May 31 2018 46 mins
    Nabil Bousselham, Principal Solutions Architect @ Veracode
    As organizations adopt more and more on CICD practices to build, test and deploy their software applications, it becomes imperative that the software supply chain should be secured to prevent the deployment of code containing serious flaws and vulnerabilities that might put the business at risk. In this presentation, we will take a look at application security in general and why it’s important to have a professional Application security program.

    We will also put a spotlight on the importance of understanding from each team's perspective the new process and how different teams esp. development can shift left and validate the security of the code in highly automated environments like CICD. We will outline the challenges and benefits of the DevSecOps approach, and show some best practices on how organizations can easily integrate and automate AppSec testing & compliance into the SDLC.
  • Open Source Risk in the Financial Industry Recorded: May 30 2018 48 mins
    RJ Gazarek, CA Veracode Product Marketing and Chris Widstrom, CA Veracode Product Management
    Companies that operate within the financial services industry must optimize delivery of product and service applications to customers. As a result, many IT organizations are turning to open source components to leverage existing resources- introducing vulnerabilities that can compromise the security of your applications and your overall business. In light of recent rollouts of GDPR and the NYSDFS cyber regulations- requirements around application security are more likely to emerge.

    Watch this webinar to keep pace with these regulations and ensure that the open source components you use do not hinder your ability to achieve compliance. Join CA Veracode’s product experts as they help those affected by these requirements get up to speed on:

    •What these regulations entail
    •How best to approach these requirements
    •How Veracode can help with compliance
  • Remediation & Mitigation: How To Find The Best Fix Location Recorded: May 23 2018 16 mins
    Glenn Whittemore, CA Veracode Solutions Architect
    Learn how you can fix more than 2.5x the average number of application flaws.

    As you embark on the mission to tackle the flaws and vulnerabilities found after scanning, you need to prioritize and optimize your approach. You know you cannot let potential system flaws or weaknesses in your application be exploited to compromise the security of your organization’s most critical assets.

    Join this 20-minute webinar to see how Veracode can help you prioritize and find the best location in which to fix and remove the vulnerabilities and flaws that can put your organization at risk. Recognized as a Gartner Magic Quadrant Leader since 2010, Veracode provides on-demand application vulnerability testing to detect and offer solutions for vulnerabilities and other security issues.
  • Adopting a More Secure Approach to Containers Recorded: May 16 2018 16 mins
    Robert Larkin, CA Veracode Solutions Architect
    As the era of cloud computing continues to grow more significant, services like containerization and microservice architecture are increasing in popularity, allowing enterprises to adopt a more agile and transformative framework for future growth. Within this trend, software containers are helping developers incorporate new microservice application designs, build and release code faster, and push fixes through testing more frequently. However, with the use of containers comes an unforeseen layer of risk that many cyber security professionals are struggling to mitigate.

    Join this 20-minute webinar to learn how you can safeguard your containerization strategy against security risk. Hear one of CA Veracode’s platform implementation experts discuss the best approach to securing your container usage including how to:

    •Inject Security Into The Container During Development
    •Secure The Container During Testing And modification
    •Monitor And Guard Containers In Production
  • Software Composition Analysis with CA Veracode Recorded: May 10 2018 34 mins
    RJ Gazarek, CA Veracode Product Marketing and Chris Widstrom, CA Veracode Product Management
    In a DevOps world, companies must deliver product applications faster and cheaper. This has resulted in the increased use of open source components as building blocks- introducing additional levels of both security and business risk. Open source components can introduce vulnerabilities that can compromise the security of your applications – thereby impacting your ability to keep up with rapid delivery cycles and high quality standards.

    Watch this webinar to learn how you can ensure which open source components are in use in your organization in order to protect yourself from a large-scale data breach and to ensure uninterrupted business operations. Get a sneak peek at the latest Veracode has to offer with its Software Composition Analysis solution. Learn how your organization can get started creating a dynamic inventory of the components you are using, along with their versions and locations. Armed with this information, you will be on your way to securing your application portfolio and reducing overall business risk.
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Manage application risk with policy-based scanning
  • Live at: Dec 20 2017 5:00 pm
  • Presented by: Glenn Whittemore, CA Veracode Solution Architect
  • From:
Your email has been sent.
or close