Hi [[ session.user.profile.firstName ]]

Chart Your Path to Application Security Best Practices

According to Gartner, the application layer contains 90% of all vulnerabilities.

Despite this alarming trend, many organizations are struggling to adopt application security best practices for protecting software, data and users. However, with the right tools, implementing application security best practices- such as testing, defining code standards, and creating standard policies- a clear path toward adoption of application security best practices is within reach!

Join this 20-minute webinar to see how Veracode can enable you to adopt application security best practices in a simple and cost-effective way. Based on first-hand customer interactions, hear our experts provide practical guidance starting with tips and tricks to integrating testing into the software development lifecycle all the way to scaling an application security program using our cloud-based platform.
Recorded Jun 20 2018 28 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Christian Dalomba, CA Veracode Solution Architect
Presentation preview: Chart Your Path to Application Security Best Practices

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Secure By Design: Ensuring That Security Is Built In Dec 10 2018 8:00 pm UTC 45 mins
    Chris Wysopal, Chief Technology Officer and Co-Founder at CA Veracode
    As software becomes a bigger component of the value delivered by companies in every industry, it is no exaggeration to say that every company is becoming a software company that is competing with software.

    Companies are pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, developers more often assemble software than create it from scratch, as they are more frequently incorporating open source libraries to speed up time-to-market. However, as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk.

    In this session, Chris Wysopal, Chief Technology Officer and Co-Founder at CA Veracode discusses what it means to build software secure by design. He will describe how to build a software development process that has continuous security, is measurable, and is transparent.
  • Prove your company’s secure software practices with Veracode Verified Nov 28 2018 4:30 pm UTC 45 mins
    Asha May, Customer Engagement, Veracode and Scott Mitchell, Security Architect, Blue Prism
    According to IDG, 84% of surveyed IT Leaders agree that their companies are concerned about the potential data security risk posed by third-party applications. How can companies assure customers that they will protect their critical data while maintaining a competitive advantage in the market?

    Join Asha May, Director Customer Engagement at Veracode as she provides an overview and latest highlights of how the Verified program has been helping our customers provide third party software assurance. Learn how Veracode works with software providers to:

    •Meet the demands of customers looking for proof that your software is secure
    •Provide a path to maturing their AppSec program
    •Help defend their AppSec budget by showing the value and adoption it brings
    •Verify the secure development process around an application by focusing on continuous AppSec integrated into development
    •Make their secure software a competitive advantage in a tightening market
  • ¿Estás cometiendo algunos de los 6 errores más comunes en AppSec? Nov 22 2018 10:00 am UTC 45 mins
    Antonio Reche, Senior Solutions Architect at CA Veracode
    Más del 70% del profesionales senior de TI reconocen que el software y los problemas de seguridad relacionados con el código son una preocupación creciente.

    Hay errores comunes que las empresas cometen con sus programas AppSec. ¿Has cometido alguno de ellos? ¿Sabes como poder solucionarlos?

    Durante este seminario web, Antonio Reche, Senior Solutions Architect @ CA Veracode compartirá ejemplos y casos de uso que permitirá conocer:

    -Acciones y mejores practicas para tener éxito en la implementación de Programas AppSec
    -Puntos clave en la gestión de la seguridad de aplicaciones, incluyendo componentes Open Source
    -La correcta aplicación de las políticas de seguridad
    -Integración de la seguridad en el ciclo de vida de las aplicaciones
  • How to Ensure Your Applications are Secure by Design Recorded: Nov 15 2018 46 mins
    Chris Wysopal, Co-Founder and CTO, CA Vercode
    As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company.

    We find our customers pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, software is more often assembled than it is created from scratch, as developers are more frequently incorporating open source libraries to speed up time-to-market. But as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk.

    In this REPLAY session, you'll have the opportunity to view CA Veracode CTO Chris Wysopal talk about what it means to be secure by design, and why businesses need to focus on prevention. The days of detect-and-respond tactics are a thing of the past – we’re living in an age when the attacks will happen before you have the time to find and respond to them.

    *This webinar session was previously recorded.*
  • Illustrating the Systemic Risk Caused by Open Source Library Use Recorded: Nov 8 2018 48 mins
    Tim Jarrett, Senior Director of Enterprise Security Strategy, CA Veracode
    How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components.

    Watch this REPLAY session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.

    *This webinar session was previously recorded.*
  • Trends in the Industry: Setting the Stage on Open Source Trends Recorded: Nov 1 2018 42 mins
    Mark Curphey, VP of Strategy, CA Veracode
    Open source is here to stay. Iconic brands like Google, Facebook, and Twitter have pioneered the practice of building their platforms on a core of code that is shared with the public and free for anyone to use. Rather than build applications from scratch, today’s developers first look to third-party code to kick start their innovation in the form of open source libraries. Unfortunately, reusable code also means reusable vulnerabilities, and the bad guys are increasingly turning to attacking open-source.

    Join us as we REPLAY the Keynote from our Virtual Summit, The Open Source Conundrum: Managing your Risk and learn the latest on trends in Opens source Library Use and Security.
  • Sympathy for the Developer Recorded: Oct 24 2018 35 mins
    Sarah Gibson, Senior Application Security Consultant
    When security flaws appear in software, security teams and developers often scramble to find someone to blame. Perhaps they have not considered the possibility that security flaws might be a naturally occurring aspect of the software development life cycle. During this webinar, hear one of CA Veracode’s security consultants present this aspect of software development with an analysis of scan data over the past six years, looking primarily at how often SQL injection shows up on the first scan of an application. We will examine how this pattern occurs across organizations and what it means for flaw introduction rates in general. Viewers will come away with clear steps on how security and development teams can work together to manage security flaws going forward.
  • AppSec: Les Erreurs à éviter – Les Cinq Principales Mauvaises Pratiqu Recorded: Oct 23 2018 45 mins
    Nabil Bousselham, Architecte Solutions chez CA Veracode
    Malgré une augmentation de 25% des attaques au niveau de la couche applicative (Akamai), les entreprises continuent à sous investir dans ce domaine. La raison de cette négligence est due aux manques de compétence en sécurité applicative et à la complexité des taches liées à la création d’un programme App Sec. Au cours de ce webinaire les experts du programme de sécurité de CA Veracode partageront des exemples, des cas d’usages et des retours d’expériences.

    Nous présenterons notamment le parcours AppSec allant d’un environnement peu sécurisé jusqu’à la mise en place d’un programme aboutit. Nous exposerons les meilleures façons de collaborer entre équipes sécurité et développement afin d’harmoniser les programmes de sécurisation applicatives.

    Rejoignez-nous pour ce webinaire (en direct) au travers duquel Nabil Bousselham, Architecte solutions chez CA Veracode, couvrira notamment les sujets:

    • Comment pour prioriser les applications selon leur niveau de criticité

    • Comment pour suivre la politique de sécurité efficacement

    • Comment pour Établir des rapports significatifs et exploitables

    • Comment pour travailler avec les équipes de développement pour intégrer la sécurité dans les premières phases du SDLC

    • Comment pour harmoniser et construire un écosystème sécurisé
  • Application Security - On Premise vs. Cloud Solution Recorded: Oct 16 2018 40 mins
    Julian Totzek-Hallhuber, Principal Consultant Solutions Architect at CA Veracode
    To identify and fix security vulnerabilities, you can use on-premise tools or SaaS solutions. But which is best to use for web applications in which situation? In this webcast recording, we will illustrate the advantages and disadvantages of both concepts and shed light on the respective challenges in business use.

    The two different approaches, on-premise tools on the one hand and SaaS solutions on the other hand each have advantages and disadvantages that depend heavily on the complexity of the AppSec program.

    In this webinar, Julian Totzek-Hallhuber, Principal, Consultant Solutions Architect @ CA Veracode, will leave you understanding -

    -How best to protect your web applications
    -What advantages cloud solutions have over on-premise tools?
    -What are the advantages of on-premise tools compared to cloud solutions?
    -Appropriate scenarios for both solutions
    -How to secure your data and programs with Veracode solutions.

    Join us on the 16th of October at 11AM BST to find out more.
  • Secure Development and Scalable Application Security with CA Veracode Recorded: Sep 26 2018 49 mins
    RJ Gazarek, CA Veracode Product Marketing
    Deliver applications faster by writing secure code while integrating with your own toolset. Join this webinar to see how CA Veracode Greenlight can help you do this by bringing security scanning right into your IDE as you are coding, returning most scans in seconds. During this presentation, Product Marketing expert RJ Gazarek will provide:

    •An overview of Greenlight and its integrations with developer tools;
    •A summary of recent Greenlight use cases and successes;
    •A sneak peek of upcoming capabilities for your development teams to leverage

    Whether you are coding in Java, Javascript, C#, or VB.NET, CA Veracode Greenlight has you covered. Developers receive positive feedback when correctly using secure coding practices, as well as instant insight into any security flaws discovered –saving both security and development time and resources.
  • How to Easily Integrate Security into your Development Process Recorded: Sep 20 2018 29 mins
    Marina Kvitnitsky (Senior Product Manager, CA Veracode) & Val Zolyak (Director, Product Management, CA Agile Central)
    Software development deadlines are getting shorter, business requirements are getting more complex, and cybersecurity threats are becoming more real. CA Veracode is responding to this need for rapid development of secure applications by integrating security solutions directly into application development workflows. Specifically, we make our security scanning solutions available from within customer-selected, industry-leading software development tools, such as CA Agile Central. In this webinar, we will discuss why integrating security into your development pipeline is a necessity in todays ever-changing threat landscape and how different stakeholders can benefit from automating security checks. Finally, we will demonstrate the functionality of the integration between CA Agile Central and CA Veracode and outline how easy it is to implement this integration.
  • Container Security for the Impatient Recorded: Sep 11 2018 44 mins
    Colin Domoney, Senior Principal Transformation Consultant @ CA Technologies
    We are truly in the 'age of containers' as developers continue the rapid adoption of containers and their associated orchestration tooling to improve delivery times of working software. This change in development methodology presents challenges to the AppSec team who have to understand this new paradigm.

    Join Colin Domoney, Senior Principal Transformation Consultant @ CA Technologies, for this live webinar where he will provide an introduction into generic container toolchains, guidance on how to leverage and embed your existing security tooling investment into a container centric environment. As well as how to select and evaluate container specific tooling.

    Practical advice will be given on how to employ the CIS Benchmark and how to ensure general best practices are applied in securing and hardening the container environments. The participant should come away with a working knowledge of how containers are used, built and deployed; and practical ideas on how to improve their container security posture.
  • Picking the Right Assessment Types for your Application Security Program Recorded: Aug 22 2018 36 mins
    Chris Kirsch, Director, Product Marketing at CA Veracode
    Most companies start their application security program with a manual penetration test of their most business-critical applications. While this type of assessment covers a lot of ground, it’s not as scalable and repeatable as automated scanning technologies. As your program matures, you’ll have to branch out into more automated technologies.

    This talk will review the merits of static analysis, dynamic analysis, software composition analysis, and penetration testing, indicating which technologies make sense in your specific situation as you mature your application security program.
  • The Deathly Hallows of Application Security - Flaws, Vulnerabilities & Exploits Recorded: Aug 21 2018 39 mins
    Paul Farrington - Director of Solutions Architects @ CA Veracode
    To understand the severity of a flaw you need to understand the extent to which it can be exploited. With software becoming more and more complex so does the difficulty of securing it.

    Join Paul Farrington, Director of Solutions Architect @ CA Veracode for this live webinar, where he will explore the distinctions between various security flaws and how you can combat them.

    You will leave the session understanding how to identify and address risk factors, how attackers exploit vulnerabilities & the extent to which organisations rely on AppSec technology to secure the SDLC.
  • How the OWASP Top 10 can Secure your DevSecOps Initiative Recorded: Aug 9 2018 43 mins
    Katy Anton, Principal Application Security Consultant @ Veracode & OWASP Bristol Chapter Leader
    This session will be led by Katy Anton - Senior Application Security Consultant @ Veracode, OWASP Bristol Chapter Leader & Project Co-Leader for OWASP Proactive Controls Project. Katy will take the audience through the ins and outs of the OWASP Top 10.

    As software becomes increasingly complex, the difficulty of achieving application security increases. With the rapid pace of modern software development processes, securing the software from the beginning can be challenging.

    -How can developers write more secure applications?
    -What are the security techniques they could use while writing their software?

    These are hard questions, as evidenced by the increased cyber breaches. This session will explore the OWASP Top 10 (2017) and will identify the security controls that can prevent these vulnerabilities in which developers can use in the software development lifecycle. By the end of the webinar, you will have an arsenal of security controls that you can start using and apply them while writing your software applications.

    Register to this session to find out how the OWASP Top 10 can secure your DevSecOps Initiative!
  • The Front Lines: How One Company Systematically Mitigates Their Open Source Risk Recorded: Aug 1 2018 47 mins
    Mark Curphey, VP of Strategy, CA Veracode
    It’s one thing to simply talk about the pervasiveness of open source risk. What do you do when your leadership team wants you to actually take action? Where do you start? How do you even begin to inventory the seemingly insurmountable amount of open source libraries deployed across your entire application infrastructure? It takes a systematic approach to identifying vulnerable open source libraries – a system that requires multiple stakeholders across various functional groups including security, development, and sometimes your legal and vendor management teams.

    Join Mark Curphy, VP of Strategy at CA Veracode, as he interviews a customer to discuss how they were successful in implementing a scalable security program to effectively tackle the problem of open source risk. You’ll get real insights from an industry practitioner about how to recognize harmful third party libraries, establish an open source software security policy, and communicate security requirements to the team at large.
  • Illustrating the Systemic Risk Caused by Open Source Library Use Recorded: Aug 1 2018 48 mins
    Tim Jarrett, Senior Director of Enterprise Security Strategy, CA Veracode
    How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components.

    Attend this session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.
  • Why Is Open Source Use Risky? Recorded: Aug 1 2018 43 mins
    Adrian Lane, Analysis, Securosis
    When software development moves at the speed of DevOps, creating every line of code from scratch is simply not feasible. In turn, most development shops are increasingly relying on open source libraries to supplement their code.

    The use of these open source libraries is not in itself a bad thing, on the contrary, it’s best practice, and not taking advantage of this code would put your organization at a competitive disadvantage. The risky part lies with the visibility. What happens when it’s revealed that an open source library contains a major vulnerability? Would you know if you are using that library? What about where or how you are using it? Could you find out fast enough to patch it? Attend this session to get up to speed on open source library use, including its risks and best practices.
  • Shifting Left…AND Right to ensure full application security coverage Recorded: Jul 31 2018 33 mins
    Bhavna Sarathy, Principal Product Manager & Bipin Mistry
    Web Applications continue to be one of the primary attack vectors that lead to breaches at organizations all over the world. As more and more organizations adopt DevOps and CI/CD workflows, there has been an added push to shift security testing to earlier stages in the software development lifecycle. Finding flaws earlier can save precious time as release cycles become faster, however, what happens once an application is running? With the ever-changing threat landscape that organizations function in today, even an application that was developed as securely as possible can become vulnerable over time as attackers uncover new ways to exploit weaknesses. Organizations who do not continue to test their running web applications risk missing exploitable vulnerabilities that could lead to a breach. In this webinar, we will discuss the importance of performing Dynamic Application Security Testing (DAST) on web applications during your testing and QA phases to catch exploitable vulnerabilities before you release that static testing alone cannot find. We will also discuss how establishing a recurring schedule of DAST scans on your running web applications can help your organization discover new vulnerabilities and help you reduce your risk of a breach.
  • Anticipa la seguridad de las aplicaciones con el análisis estático CA Veracode Recorded: Jul 26 2018 46 mins
    Antonio Reche - Snr. Principal Consultant Solutions Architect @ Veracode
    Le invitamos a que nos acompañe a conocer cómo CA Veracode puede ayudarle de manera efectiva en el ciclo de vida del desarrollo de software. En esta sesión Antonio Reche - arquitecto consultor en soluciones en Veracode- le mostrará como formar de manera rápida a los desarrolladores para que identifiquen y corrijan defectos de código relacionados con la seguridad sin necesidad de gestionar alguna herramienta.

    La tecnología de análisis estático patentada por Veracode examina los principales frameworks y lenguajes sin necesidad del código fuente; por lo que puede evaluar el código que escribe, compra o descarga así como medir el progreso desde una única plataforma SaaS.

    Después de esta sesión usted conocerá las mejore prácticas para:

    • Integración del análisis estático en su proceso de desarrollo
    • Cumplir con las políticas de seguridad internas y externas
    • Crear políticas para su programa de seguridad de aplicaciones
    • Evaluar código contra política antes del check-in
    • Análisis de resultados y generación de informes (visor de fallos de seguridad)
    • Definición de roles de usuario y vistas de equipo dentro de la plataforma
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Chart Your Path to Application Security Best Practices
  • Live at: Jun 20 2018 3:30 pm
  • Presented by: Christian Dalomba, CA Veracode Solution Architect
  • From:
Your email has been sent.
or close