Name: Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern
Start: 2018-07-25T18:00:00Z
End: 2018-07-25T18:00:48.000Z
Location: BrightTALK
Rating: 4.6

Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. 

Learn more at www.veracode.com

En nuestras constantes conversaciones con clientes y socios de negocios encontramos como factores regulares de complejidad para DAST, la dificultad en la asignación de tiempo y recursos para la ejecución periódica de tales análisis, el ruido constante generado por las configuraciones necesarias y la demora para solucionar los problemas de seguridad debido al momento tardío (dentro del SDLC) en el que normalmente se ejecuta.

Veracode DAST Essentials entrega una forma más fácil y ágil de:
- Escanear sus aplicaciones web y APIs
- Lanzar análisis rápidos bajo demanda en una etapa más temprana del ciclo de desarrollo de software
- Integrar con facilidad en su stack de desarrollo actual
- Impulsar el escaneo con más modularidad, personalización y resiliencia

Veracode DAST Essentials. Asegurando WebApps & APIs

Balancing speedy development with security is challenging. Join us for a webinar to see how you can launch dynamic scans with a few clicks to rapidly find and fix runtime vulnerabilities, helping you secure your web applications and APIs faster than before.

Veracode DAST Essentials helps developers and security teams make dynamic testing part of their software release process more quickly and easily. Teams can seamlessly integrate agile security testing into their pipelines that works and scales within their DevOps speed and release frequency.

Why Veracode DAST Essentials: In 2022, 40% of breaches were attributed to web applications.* Discover how Veracode enables you keep pace with evolving threats at the speed and scale of modern development processes.
Find & Fix Runtime Vulnerabilities Faster: Explore how DAST Essentials helps you balance speedy development with security enabling you to secure web assets within your DevOps speed and release frequency.
Getting Started with DAST Essentials in Minutes: Learn the step-by-step process, from creating scan targets to interpreting results and remediating runtime vulnerabilities – all with a few clicks.

Securing Your Web Assets at Speed with Veracode DAST Essentials

Les failles de sécurité sont créées plus rapidement qu’elles ne sont corrigées. Il y a une explication très simple à cela : de plus en plus, les applications sont créées au travers de processus automatisés alors que les corrections des failles de sécurité sont toujours faites manuellement.
Veracode change cela aujourd’hui!
Rejoignez-nous pour une présentation de Veracode Fix – la nouvelle solution de remédiation intelligente qui automatise la correction des codes non sécurisés - découvrez comment tirer parti de l’intelligence artificielle spécialisée pour gérer les risques applicatifs à grande échelle et fournir des applications plus sûres, plus rapidement, avec moins d’efforts et de coûts.

Veracode Fix: Le futur de l’Intelligent Software Security

Las vulnerabilidades de seguridad se crean más rápido de lo que se solucionan. Hay una explicación muy simple para esto: cada vez más, las aplicaciones se crean a través de procesos automatizados, mientras que las correcciones de dichas vulnerabilidades aún se realizan manualmente. ¡Veracode está cambiando esto! 
En esta sesión presentamos Veracode Fix, la nueva solución de remediación inteligente que automatiza la remediación de código inseguro. Aprenda cómo aprovechar la inteligencia artificial especializada para administrar los riesgos de las aplicaciones a escala y entregar aplicaciones más seguras, más rápidas, con menos esfuerzo y coste.

Veracode Fix: el futuro de la seguridad de Software Inteligente

In today's fast-paced digital landscape, ensuring the security of your applications is more critical than ever. That's why we've partnered with Delaware and Veracode to bring you a game-changing webinar that will show you how to harness the power of Artificial Intelligence (AI) and Leading Language Models (LLM) to supercharge your application security.

In this webinar, you will learn about:
Unlock the Power of AI in Application Security

Accelerate Threat Detection: Learn how AI can swiftly identify vulnerabilities and threats within your applications, allowing you to stay one step ahead of cybercriminals.

Collaborate Seamlessly: Discover how AI/LLM can bridge the gap between development and security teams, creating a synergy that accelerates security issue resolution without sacrificing control.

Leveraging AI to Accelerate Application Security

Software-Sicherheitslücken entstehen schneller als sie behoben werden. Dafür gibt es eine einfache Erklärung: Wir erstellen Software mit Automatisierung. Wir beheben das Problem durch manuelle Korrekturen. 
Veracode verändert das. 
Nehmen Sie Teil für einen Einblick in Veracode Fix – die neue intelligente Lösung zur Behebung von Schwachstellen, die Korrekturen für unsicheren Code automatisiert – und erfahren Sie, wie Sie spezielle KI nutzen können, um Softwarerisiken in großem Maßstab zu verwalten und sicherere Software schneller bereitzustellen, bei weniger Aufwand und geringeren Kosten.

Veracode Fix: Die Zukunft intelligenter Software Security

Las vulnerabilidades de seguridad se crean más rápido de lo que se solucionan. Hay una explicación muy simple para esto: cada vez más, las aplicaciones se crean a través de procesos automatizados, mientras que las correcciones de dichas vulnerabilidades aún se realizan manualmente. 
¡Veracode está cambiando esto! 
En este webinar presentaremos Veracode Fix, la nueva solución de remediación inteligente que automatiza la remediación de código inseguro. Descubra cómo aprovechar la inteligencia artificial especializada para administrar los riesgos de las aplicaciones a escala y entregar aplicaciones más seguras, más rápidas, con menos esfuerzo y coste.

Veracode Fix: El futuro de la Seguridad de Software Inteligente

Join us for a concise yet comprehensive webinar on Software Supply Chain Security. In an era of escalating cyber threats, safeguarding your software supply chain is paramount. This webinar will provide essential insights into identifying vulnerabilities, implementing robust security practices, and ensuring the integrity of your software ecosystem. 

In this webinar, you will learn about:


Securing the open-source components underpinning most modern software development

Ensuring that the software build process is hardened against compromise.

How you can provide assurance to your customers that your software is secure. 

How Veracode solutions and services help you create a more secure supply chain.

Securing Your Software Supply Chain for Ultimate Application Security

Veracode’s latest software security research shows that 32% of applications contain security flaws at the first scan, and this jumps to 70% by the five-year mark. We dug into 17 years of data and analyzed three-quarters of a million applications to answer a crucial question: What can be done to avoid introducing security flaws in the first place? Watch this short video to learn data-backed steps you can take to reduce flaw introduction, remediate flaws faster and lower security debt.

VeraTalk: Fast 15 on 2023's State of Software Security

Maturing DevSecOps with data-driven security education
If you want to produce secure software, you need a modern software development workflow built around security from the get-go.  

Join our DevSecOps experts for a webinar where you’ll learn how to: 

Establish a continuous feedback loop to monitor compliance and security issues   

Leverage reporting to draw insights and identify areas that require security education  

Build a training curriculum into sprint planning  

Provide developers with contextual – and intelligent – remediation tools

Maturing DevSecOps with Data-Driven Security Education

Moving your workloads to the cloud lets your development team innovate faster, but improper planning leads to a more vulnerable SDLC. How can you reap the benefits of the cloud while avoiding costly vulnerabilities that can hold you back? In this fireside chat you will gain critical insights from our experts on how to migrate your workloads to the cloud safely and securely.

The Roadmap To a More Secure and Modernized SDLC

How do you build trust in AI?

For all the speculation about what AI might do and debate over what it should do, examples of responsible AI in practice are few and far between. Check out this interview with Veracode’s Brian Roche and learn about Veracode Fix as an example of responsible AI that saves developers time AND improve security outcomes without compromising data, violating open-source licenses, or reproducing code insecurities.

Generative AI's Role in Secure Software Development

Developers spend too much time manually fixing security issues and often create new flaws faster than they can fix old ones.  Veracode Fix changes this.  Watch this video to see how Veracode Fix empowers you to save time and secure more by generating security patches developers can review and implement without manually writing a single line of code. So, you can address security flaws that would otherwise persist for months in minutes, at scale, with less effort and cost.

Accelerate Secure Software Development with Veracode Fix

APIs, containers, and clouds, oh my! Organizations use modern software development to deliver incredible user experiences and better performance. Just don’t look behind the curtain; behind that curtain, ingress points and opportunities for attackers are proliferating. That’s why securing cloud-native applications needs to mature beyond run-time protection.

In this webinar, you’ll learn the steps for integrating security into your entire SDLC to pay down your security debt and prevent future risks. Join Veracode’s Scott Simpson and Optiv’s Jim Canup to hear real-world experiences, best practices, and insights into how customers can apply these principles and deliver positive results at scale.

How To Mature Cloud-native Application Security Programs

Software security flaws are created faster than they are fixed. There is a simple explanation for this: We create software with automation. We fix it with manual remediation.  
 
Veracode is changing this.  
 
Tune in for an inside look at Veracode Fix – the new intelligent remediation solution that automates fixes for insecure code – and learn how you can leverage specialized AI to manage software risk at scale and deliver more secure software, faster, for less effort and cost. 
 
Watch Now!

Manage Software Risk at Scale with Suggested Fixes for Insecure Code

Las vulnerabilidades de seguridad se crean más rápido de lo que se solucionan. Hay una explicación muy simple para esto: cada vez más, las aplicaciones se crean a través de procesos automatizados, mientras que las correcciones de dichas vulnerabilidades aún se realizan manualmente. ¡Veracode está cambiando esto! 
En este webinar presentamos Veracode Fix, la nueva solución de remediación inteligente que automatiza la remediación de código inseguro. Aprenda cómo aprovechar la inteligencia artificial especializada para administrar los riesgos de las aplicaciones a escala y entregar aplicaciones más seguras, más rápidas, con menos esfuerzo y coste.

Veracode Fix: el futuro de la seguridad de software inteligente

It’s one thing to simply talk about the pervasiveness of open source risk. What do you do when your leadership team wants you to actually take action? Where do you start? How do you even begin to inventory the seemingly insurmountable amount of open source libraries deployed across your entire application infrastructure? It takes a systematic approach to identifying vulnerable open source libraries – a system that requires multiple stakeholders across various functional groups including security, development, and sometimes your legal and vendor management teams. 

Join Mark Curphy, VP of Strategy at CA Veracode, as he interviews a customer to discuss how they were successful in implementing a scalable security program to effectively tackle the problem of open source risk. You’ll get real insights from an industry practitioner about how to recognize harmful third party libraries, establish an open source software security policy, and communicate security requirements to the team at large.

The Front Lines: How One Company Systematically Mitigates Their Open Source Risk

How far-reaching is a vulnerability in one open source component? We recently took a closer look at one vulnerable component to find out. We followed the path of one component library -- Apache Commons Collection (or ACC) that contained a serious vulnerability. We traced all the other libraries ACC touched and, in turn, made vulnerable. In the end, we found its vulnerability had spread to an astounding 80,323 additional components. 

Attend this session to follow the path of this vulnerability and get a clear picture of exactly how and why open source libraries can pose such significant risk, and how to use and manage them in a secure way.

Illustrating the Systemic Risk Caused by Open Source Library Use

When software development moves at the speed of DevOps, creating every line of code from scratch is simply not feasible. In turn, most development shops are increasingly relying on open source libraries to supplement their code. 

The use of these open source libraries is not in itself a bad thing, on the contrary, it’s best practice, and not taking advantage of this code would put your organization at a competitive disadvantage. The risky part lies with the visibility. What happens when it’s revealed that an open source library contains a major vulnerability? Would you know if you are using that library? What about where or how you are using it? Could you find out fast enough to patch it? Attend this session to get up to speed on open source library use, including its risks and best practices.

Why Is Open Source Use Risky?

As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company. 

We find our customers pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently. By necessity, software is more often assembled than it is created from scratch, as developers are more frequently incorporating open source libraries to speed up time-to-market. But as open source libraries increase, so do the number of vulnerabilities, resulting in increased risk.   

In this session, CA Veracode CTO Chris Wysopal talks about what it means to be secure by design, and why businesses need to focus on prevention. The days of detect-and-respond tactics are a thing of the past – we’re living in an age when the attacks will happen before you have the time to find and respond to them. Attendees will also learn about why an application security program is imperative to data protection, how to mitigate open source risk and ensure secure coding practices are in place to prove that security is a top priority for your organization.

How to Ensure Your Applications are Secure by Design

Open source is here to stay. Iconic brands like Google, Facebook, and Twitter have pioneered the practice of building their platforms on a core of code that is shared with the public and free for anyone to use. Rather than build applications from scratch, today’s developers first look to third-party code to kick start their innovation in the form of open source libraries. Unfortunately, reusable code also means reusable vulnerabilities, and the bad guys are increasingly turning to attacking open-source. In a recent study by CA Veracode, a whopping 88% of Java applications had at least one flaw in an open-source library, leaving application security managers faced with the challenging question: how can we keep innovating quickly without introducing vulnerabilities into our code base? 

The solution is multi-faceted – part education, part technology, part process change. Join us for our Virtual Summit, The Open Source Conundrum: Managing your Risk, as we dig into all the pieces of this solution.

Trends in the Industry: Setting the Stage on Open Source Trends

The Open Source Library Conundrum: Managing Your Risk

It’s no secret that open source security is a hotly debated topic. However it’s important to keep in mind that commercially licensed third-party software carries much of the same risk as open source software. While helping a customer attain a Verified certification, one of CA Veracode’s application security consultants uncovered a cross-site scripting flaw in the popular Telerik Reporting project. The flaw has since been patched but it’s these types of unknown risks that organizations take when introducing third party code into their environment. 

During this talk, you’ll hear from Matt Runkle, the AppSec Consultant who uncovered the XSS flaw, to get insight into the mind of a hacker and hear how vulnerabilities like XSS are commonly exploited in third party software and how you can take action to prevent attacks like this in your own environment.

Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern

Open Source

IT Security

Security

Security Analysis

Application Security

Risk Management

Risk Mitigation

Application Development

DevOps

Vulnerabilities

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Dissecting XSS Flaw In Commercial Code: Why Open Source Isn't Your Only Concern

Presented by

About this talk

Veracode