Hi [[ session.user.profile.firstName ]]

Lo Stato Della Sicurezza Informatica: Guardando all’Europa

Il software ha cambiato il modo in cui comunichiamo, forniamo assistenza sanitaria, gestiamo affari, gestiamo i nostri governi, eleggiamo i nostri leader, diamo inizio a rivoluzioni e persino stimoliamo il cambiamento sociale. Nel mondo digitale, la creazione di software contribuirà a stimolare la crescita economica e migliorare la qualità della vita. Ma il nostro più grande catalizzatore per il cambiamento è rappresentato anche dalla fonte della vulnerabilità.

Quando si tratta di assicurare il software che sviluppano, le aziende europee sono molto indietro rispetto alle loro controparti americane. IIn questo webinar dal vivo, presentato da Giuseppe Trovato, Principal Security Researcher per Veracode, verranno presentati i dati del rapporto annuale sullo stato della sicurezza del software, con particolare attenzione al modo in cui le società europee si confrontano con le società aventi sede negli Stati Uniti. Il software viene creato avendo il mente la sua utilizzabilita’ e le sue prestazioni, ma anni di dati, insieme a violazioni su violazioni, dimostrano che il software non è stato creato pensando alla sicurezza.
Recorded Mar 5 2019 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Giuseppe Trovato, Principal Security Researcher at Veracode
Presentation preview: Lo Stato Della Sicurezza Informatica: Guardando all’Europa

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Sécurisation des applications et des conteneurs Docker avec Veracode Jun 27 2019 9:00 am UTC 45 mins
    Nabil Bousselham, Solution Architect at Veracode
    La conteneurisation des logiciels aide les entreprises à modifier complètement la manière dont les applications sont déployées pour répondre aux exigences des clients. La technologie a le potentiel de réduire radicalement le coût de possession des capacités et confère un pouvoir énorme aux ingénieurs de DevOps.

    Ces avantages changent également la nature de la manière dont le risque doit être traité dans le cycle de développement. L’application logicielle doit non seulement respecter les normes de sécurité de l’organisation dans le conteneur Docker, mais également l’image de base doit être exempte de vulnérabilités exploitables.

    Dans ce webinaire, je voudrais bien vous montrer les challenges de sécurité liées á l’utilisation des librairies tierces open source dans les applications et les conteneurs Docker. Je vais aussi vous présenter comment Veracode peut vous aider á les sécuriser.
  • Secure By Design: Internet of Things Jun 25 2019 10:00 am UTC 45 mins
    Fulya Sengil, Solution Architect at Veracode
    Many commentators observe that the IoT devices just aren’t up to scratch, when it comes to security. GDPR requires vendors to and service providers to design things with security as standard. In February 2019, the European Standards body ETSI published security guidelines for the consumer Internet of Things aligning with IOT Security Compliance Framework.

    IoT requires the best in all aspects of security — physical, operational technology, and cybersecurity. Thus, it makes sense to envisage IoT security as an ecosystem in itself. Unexpected challenges are likely to erupt because of the existence of several layers in the IoT ecosystem. This calls upon leaders to initiate regular automated risk assessments and simulations such that IoT specific breaches can be monitored closely. This helps businesses build reliable playbooks that enable organizations to respond to IoT security challenges.

    Software installed on these devices could be potentially vulnerable, if it has not an automated security assessment before deployment. We take a look at how it’s possible to make the software that drives these devices and the backend serverless technologies secure based on requirements in IOT Security Compliance Framework.
  • Integrating AppSec into Developer Tools and Processes Jun 19 2019 12:00 pm UTC 60 mins
    Tim Jarrett, Product Management at Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • Securing the Sugar out of Azure DevOps Pipeline Jun 19 2019 11:00 am UTC 43 mins
    Colin Domoney DevSecOps Consultant at Veracode
    This webinar will provide a comprehensive look at the security features of the Azure DevOps CD/CD platform. The topics include built-in security features such as user access controls and branch policies; and an overview of best practice for the incorporation of various 3rd party security tooling such as Veracode Greenlight within your pipeline.

    Other topics include best practices for pipeline telemetry, reporting, pipeline protection and templates for security best practices. Whether you are a software developer using Azure DevOps, a security manager or a DevOps expert this webinar should further enhance your expertise in secure software delivery with Azure DevOps.

    Register for this live webinar where Colin Domoney - DevSecOps Consultant at Veracode - will leave you with a clear understanding of how to Secure your DevOps Pipeline.
  • If Developers Own Security Testing in DevOps - What is Security's Role? Jun 19 2019 10:00 am UTC 45 mins
    Chris Wysopal, CTO at Veracode
    Application security is “shifting left.” As the responsibility for ensuring the stability and security of software shifts to developers, what does this mean for security professionals? What does their job look like if developers are responsible for security testing?

    Learn:
    •What the security professional’s role and responsibilities look like in a DevSecOps shop
    •The DevSecOps cultural changes that will affect security
    •The attributes that security tools will need in this new landscape
    •Best practices for security professionals looking to not only survive, but thrive, in a DevSecOps world
  • The State of DevSecOps - Featuring Amy DeMartine of Forrester Research Jun 19 2019 9:00 am UTC 56 mins
    Chris Eng, Veracode Vice President of Research and guest, Forrester Research Principal Analyst Amy DeMartine
    In our recent State of Software Security Volume 9 report, Veracode examined fix rates across 2 trillion lines of code shows that the number of vulnerable applications remains staggeringly high. More than 85 percent of all applications contain at least one vulnerability following the first scan, and more than 13 percent of applications contain at least one very high severity flaw.

    One thing is certain: the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    There are just too many vulnerabilities for organizations to tackle all at once, which means it requires smart prioritization to close the riskiest vulnerabilities first. For the first time, our report shows a very strong correlation between high rates of security scanning and lower long-term application risks, which we believe presents a significant piece of evidence for the efficacy of DevSecOps. In fact, the most active DevSecOps programs fix flaws more than 11.5 times faster than the typical organization, due to ongoing security checks during continuous delivery of software builds, largely the result of increased code scanning.

    Join guest presenter Amy DeMartine, Principal Analyst, Forrester Research Inc., and Veracode’s Chris Eng as they deliver valuable takeaways for business leaders, security practitioners and development teams seeking to secure their applications. Listeners will learn potential prioritizations and software development methods that could help their organizations reduce risk more quickly.
  • Panel: How Your Company Can Move From Understanding DevSecOps to Implementing It Jun 18 2019 12:00 pm UTC 60 mins
    Chris Wysopal, Veracode | Paul Keim, Cox Communications | Pejman Pourmousa, Veracode
    All our preceding sessions have described the key elements of a shift to DevSecOps. Now get practical tips, best practices and next steps on migrating to DevSecOps from our panel of experts. During this session, we will continue the conversation in an open discussion format and break for audience Q&A.

    Bring your questions and get ready to contribute your thoughts and ideas during this “ask the experts” session.

    Chris Wysopal - Chief Technology Officer - Veracode
    Paul Keim - Senior Security Architect - Cox Communications
    Pejman Pourmousa - Vice President, Services - Veracode
  • AppSec Policies in a DevOps World Jun 18 2019 11:00 am UTC 45 mins
    Pejman Pourmousa, VP, Services at Veracode
    Securing code during development increases speed to market and reduces cost – but developers can resist security testing if it’s disruptive to their workflow. That’s why planning your application security program with developer tools and processes in mind often means the difference between success and failure. This session will help you understand how, where, and when application security fits into a modern development organization.

    Key Takeaways:
    •Learn how to make security invisible, automate security checkpoints and integrate with popular tools like IDEs, ticketing, bug tracking, and build systems.
    •Scan as early as possible in the Software Lifecycle, as early as when code is written in an IDE.
    •How to proactively approach open source code your developers are using.
  • DevSecOps Beyond the Myths: Cutting Through the Hype and Doubt to Get Results Jun 18 2019 10:00 am UTC 45 mins
    Sam King, CEO at Veracode
    DevSecOps is moving beyond the buzzword stage and into the real world. But there are obstacles standing in the way of widespread adoption. Perhaps the biggest obstacle is a lack of understanding about what DevSecOps is, which can discourage IT leaders, developers, and security teams who fear that it is a bridge too far to cross from DevOps, let alone Waterfall and Agile methodologies. Despite these myths and doubts, DevSecOps is producing real results in organizations that embrace it. For example, Veracode’s analysis of thousands of application scans found that applications scanned for security flaws early in the development process had a 48% higher fix rate (reduction in flaws) than other applications.


    In this keynote address, Veracode General Manager Sam King will introduce the concepts of DevSecOps that will form the basis of this virtual summit. Sam will discuss:

    -A simple definition of what DevSecOps is, beyond the hype and the myths, and why it holds promise for bringing together the assurances of AppSec with the speed and agility of DevOps

    -Why the evidence says that DevSecOps is attainable in the real world – how Veracode scanning data shows that there is a genuine shift to DevOps and DevSecOps happening, one step at a time.

    -Overview of the challenges that stand in the way – cultural, process, and technological – and how best practices can break down barriers to change.

    -Welcome to speakers and setting the stage for what you should expect and come away with from the event.
  • Asegurar Aplicaciones y Contenedores Docker con Veracode Jun 13 2019 9:00 am UTC 45 mins
    Antonio Reche, Solution Architect at Veracode
    La contenedores de software están ayudando a las empresas a cambiar completamente la forma en que se implementan las aplicaciones para satisfacer las demandas del negocio. La tecnología tiene el potencial de reducir radicalmente costes, dando una enorme responsabilidad a los equipos e ingenieros DevOps.

    Estos beneficios también cambian la naturaleza de los riesgos y cómo deben abordarse en el ciclo de vida del desarrollo. Las aplicaciones no solo deben cumplir con los estándares de seguridad en el contenedor Docker, sino que además deben garantizar estar libres de vulnerabilidades explotables.

    Únase a Antonio Reche - Solution Architect en Veracode – en este seminario web en vivo en el que se tratarán diferentes enfoques en el uso seguro de contenedores.
  • Advancing and Maturing your Application Security Program with Veracode Jun 12 2019 3:00 pm UTC 45 mins
    Brad Smith, Veracode Principal Security Program Manager
    A mature application security program might seem intimidating to some organizations. The good news is that you only need to start small, keep things simple, and prove value before you mature your program over time. Hear from one of our customer-facing Services experts who will outline a series of steps you can take when developing an application security program. Specifically you will learn how to:

    1.Define your program and communicate the mission internally
    2.Assess applications and start remediation efforts before moving on to advanced testing methods and metrics analysis
    3.Implement fully automated scanning earlier in the SDLC and implement metrics to measure program success

    Based on first-hand customer interactions, you will come away with tips on how to build security assessments into the development process – making the path to maturity less daunting.
  • Mit Veracode Anwendungen und Docker-Container Sicher Machen Jun 11 2019 9:00 am UTC 45 mins
    Julian Totzek Hallhuber, Solution Architect at Veracode
    Durch die Containerisierung von Software können Unternehmen die Art und Weise ändern, wie Anwendungen eingesetzt werden, um die Anforderungen des Unternehmens zu erfüllen. Die Technologie hat das Potenzial, die Betriebskosten radikal zu senken, und gibt dem DevOps-Ingenieur enorme Möglichkeiten.

    Diese Vorteile ändern auch die Art und Weise, wie Risiken im Entwicklungslebenszyklus angegangen werden müssen. Die Softwareanwendung muss nicht nur den Sicherheitsstandards der Organisation innerhalb des Docker-Containers erfüllen, sondern auch das Basis-Image muss frei von ausnutzbaren Schwachstellen sein.

    Nehmen Sie an diesem Live-Webinar mit Julian Totzek - Hallhuber - Solution Architect bei Veracode - teil, in welchem Sie Ansätze erklären, die die sichere Verwendung von Containern in Pipelines umfassen.
  • Ask the AppSec Expert: How to Secure the Applications you Build, Buy & Manage Jun 6 2019 2:30 pm UTC 30 mins
    Paul Farrington, Veracode | Yotam Gutman, Cybersecurity Marketing Community
    Tomorrow's businesses need a simpler and more scalable way to increase the resiliency of global application infrastructure, without slowing innovation, today.

    Join this interactive 1-2-1 discussion where EMEA Chief Technology Officer, Paul Farrington (CISSP, MBCS) will share how leading businesses are;

    - Improving the level of security awareness and addressing the skills deficit
    - Enabling developers to fix flaws and prevent new ones
    - Prioritising and triaging the most exploitable flaws
    - Automating application security
    - Providing software development leaders with really useful security metrics
    - Incentivising secure development as part of their culture

    This session will show you how architects and developers are making smarter choices in designing secure software. You will also learn how to report success, and investment justification, to the board whilst setting realistic expectations throughout the software development lifecycle and not just at the destination.
  • Livestream Video - Application Security in a DevOps World Jun 6 2019 10:30 am UTC 45 mins
    Moshe Lerner, Checkmarx | Paul Farrington, Veracode | Yotam Gutman
    With today's enterprises leveraging around 1000 applications and multiple clouds, application security is becoming a key area of focus. Application security testing is being integrated into the DevOps process early on, while automation, speed and coverage and becoming critical to the success of DevSecOps programs.

    Join this interactive panel of industry experts to learn more about:
    - Why application security is critical
    - Key principles for building application security into DevOps
    - Best practices for leveraging automation
    - Speed vs Security: Where do you draw the line?
    - Recommendations for improving security in 2019

    Panellists
    Paul Farrington, EMEA CTO, Veracode
    Moshe Lerner, SVP Product Strategy & Corporate Development, Checkmarx

    Moderated by Yotam Gutman, Founder & Community Manager, Cybersecurity Marketing Community
  • How to Create a Business Case for Expanding Your AppSec Program May 22 2019 3:00 pm UTC 45 mins
    Colin Domoney, DevOps Consultant
    Hear from a leading DevSecOps expert with first-hand knowledge and experience in building and expanding enterprise-wide application security programs. This webinar will feature Colin Domoney, formerly of Veracode and now a consultant to companies transforming to the DevOps model of software delivery. Colin will discuss how to engage with your company’s decision makers in order to expand your application security program. Specifically he will share best practices on getting buy-in from internal stakeholders, tips for identifying demonstrable KPI’s, and examples of how other companies have made the successful transition of application security footprint to a mature program.
  • 10 Full Stack Developer Commandments - Software Engineering Done Securely Recorded: May 16 2019 39 mins
    Chris Campbell, Solution Architect at Veracode
    The full stack developer is likely to play an increasingly important part in the future of web development, especially as the field continues to increase in scope and complexity. A developer who can communicate about and work on a website’s look and feel as well as manipulating data and managing its backend will offer a great deal of value to development teams and organisations.

    As applications continue to be the #1 vector for attackers seeking to breach enterprise security, the full stack developer must have a working knowledge of application security best practices. When writing code for web applications, developers must be able to avoid threats such as a cross site scripting vulnerability or Java SQL injection. Superior developers will also know how to integrate app security testing into the development process.

    Join Chris Campbell - Solution Architect at Veracode - for this live webinar, where he will delve into how a full stack engineer creates secure software from the start.
  • How to Scale Your Dynamic Analysis Program Recorded: May 15 2019 48 mins
    Bipin Mistry, Director of Product Management, Veracode
    Web applications continue to be the primary attack vector for hackers looking to breach organizations, and applying dynamic application security testing (DAST) gives you security assurance for how your application will perform in the real world. The key is applying it to your organization's entire application portfolio without slowing down delivery.

    What will you learn?

    Dynamic analysis is an important solution in a mature application security program because this form of testing more easily unearths different kinds of vulnerabilities, including information leakage, cryptographic issues, and cross-site scripting. You know that it’s important to secure all of your organization’s web applications - including the ones you didn't know you owned - while ensuring speed to market to meet customer demands and expectations. This is where Veracode comes in. Watch this webinar to learn how to implement a dynamic analysis program that meets these four key criteria:

    •Scalability: The ability to scan multiple applications at once - whether they're authenticated or unauthenticated - to keep security from being a bottleneck.
    •Discovery: Uncover every web application associated with your organization, even if you didn’t create it in-house, to create an exhaustive inventory.
    •Speed: Deliver high-quality results quickly, and in a smart way that saves time.
    •Automation & Integration: Scans that run automatically and integrate with existing processes and tools keep your security and development teams moving quickly.
  • Securing the Sugar out of Azure DevOps Pipeline Recorded: May 9 2019 44 mins
    Colin Domoney DevSecOps Consultant at Veracode
    This webinar will provide a comprehensive look at the security features of the Azure DevOps CD/CD platform. The topics include built-in security features such as user access controls and branch policies; and an overview of best practice for the incorporation of various 3rd party security tooling such as Veracode Greenlight within your pipeline.

    Other topics include best practices for pipeline telemetry, reporting, pipeline protection and templates for security best practices. Whether you are a software developer using Azure DevOps, a security manager or a DevOps expert this webinar should further enhance your expertise in secure software delivery with Azure DevOps.

    Register for this live webinar where Colin Domoney - DevSecOps Consultant at Veracode - will leave you with a clear understanding of how to Secure your DevOps Pipeline.
  • Making Applications and Docker Containers Secure with Veracode Recorded: Apr 30 2019 45 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Containerisation of software is helping firms to completely change how applications are deployed to meet the demands of the business. The technology has the potential to radically reduce the cost of ownership of capability, and puts enormous power in the hands of the DevOps engineer.

    These benefits also change the nature of how risk may need to be addressed in the development lifecycle. Not only does the software application need to meet the security standards of the organisation within the Docker Container, but also the base image needs to be free from exploitable vulnerabilities.

    Join Julian Totzek-Hallhuber - Solution Architect at Veracode - for this live webinar where he will explore approaches that embrace the secure use of containers in pipelines.
  • Integrating Application Security Into Your Development Environment Recorded: Mar 27 2019 41 mins
    Pej Pourmousa, Vice President Security Program Management, Veracode and Johnny Wong, Director Presales, Veracode
    Once you define, adopt and standardize application security best practices for protecting your software, the next step is to determine how your program integrates into your existing environment. The Veracode Platform integrates with the development, security and risk-tracking tools you already use. Coupled with our broad range of APIs, your teams can create your own custom integrations or leverage those from open source community.

    Join Pej Pourmousa, Vice President Security Program Management at Veracode and Johnny Wong, Director Presales, Veracode for a webinar that will outline the ways your organization can integrate application security into your development environment. Specifically he will discuss how Veracode integrates into your development and DevOps processes using:
    •Integrated Development Environments (IDEs)
    •Build Servers
    •Defect Tracking Systems
    •APIs
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Lo Stato Della Sicurezza Informatica: Guardando all’Europa
  • Live at: Mar 5 2019 10:00 am
  • Presented by: Giuseppe Trovato, Principal Security Researcher at Veracode
  • From:
Your email has been sent.
or close