Hi [[ session.user.profile.firstName ]]

Sécurisation des applications et des conteneurs Docker avec Veracode

La conteneurisation des logiciels aide les entreprises à modifier complètement la manière dont les applications sont déployées pour répondre aux exigences des clients. La technologie a le potentiel de réduire radicalement le coût de possession des capacités et confère un pouvoir énorme aux ingénieurs de DevOps.

Ces avantages changent également la nature de la manière dont le risque doit être traité dans le cycle de développement. L’application logicielle doit non seulement respecter les normes de sécurité de l’organisation dans le conteneur Docker, mais également l’image de base doit être exempte de vulnérabilités exploitables.

Dans ce webinaire, je voudrais bien vous montrer les challenges de sécurité liées á l’utilisation des librairies tierces open source dans les applications et les conteneurs Docker. Je vais aussi vous présenter comment Veracode peut vous aider á les sécuriser.
Recorded Jun 27 2019 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Nabil Bousselham, Solution Architect at Veracode
Presentation preview: Sécurisation des applications et des conteneurs Docker avec Veracode

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • A Winning Smile - Securing Sparkling Code With AWS Developer Tools Sep 16 2019 10:00 am UTC 45 mins
    Chris Campbell, Solution Architect at Veracode & Jay Yeras, Partner Solution Architect at AWS
    If you’re leveraging AWS, there’s a very good chance that you are considering how to embrace AWS’s breadth of services designed to enable developers and IT operations professionals practicing DevOps to rapidly and safely deliver software. We provide examples of how to accelerate your development in AWS, whilst offering insights into how you can make your code secure with Veracode. Automation all the way.
  • How I Deep-Scanned 1000 Websites Before Tuesday Lunchtime Sep 12 2019 2:00 pm UTC 45 mins
    Bipin Mistry, Director Product Management at Veracode & Adam Reyland, Regional Marketing Specialist at Veracode
    Picture the scene - your CEO observes the latest headlines about a competitor being breached. A single text message comes into the inbox of the person most likely to be able to answer the question. ‘Tell me Joe this couldn’t happen to us, are all out sites secure?’ - Learn how any team could look an Exec in the eye, knowing that they’ve scanned multiple websites in parallel, without breaking their stride.

    Join this live webinar to learn...

    -How to discover your external facing inventory
    -How to take that information and determine a risk assessment
    -Why scale, speed and automation are key
  • Speed Matters in AppSec: How to Start Improving Your Fix Rate Sep 3 2019 2:00 pm UTC 40 mins
    Pejman Pourmousa, Vice President, Services, Veracode and Amy DeMartine, Research Director, Forrester Research
    The most important function of an application security program is effectively fixing flaws once they’re discovered. But the speed of that fix rate matters — the time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, and sometimes hours. Yet our most recent State of Software Security report found that one in four high and very high severity flaws aren’t addressed within 290 days of discovery.

    Improving your fix rate is critical, but the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    This might seem like an insurmountable problem, but our data also presents hopeful glimpses at potential prioritization and software development methods that could help organizations reduce risk more quickly. In this session, we’ll share some steps and best practices that will start lowering your fix rate.

    About the speakers:
    Pejman Pourmousa is Vice President of Services at Veracode, where he is responsible for the successful adoption of Veracode’s solutions by its customers. He has spent the last seven years building cohesive teams that help customers develop, deploy and mature their App Sec programs. Using his depth of experience, he guides top leaders of organizations on how to realize the potential of their application security programs. Pejman has spent the entirety of his career in the area of services management and delivery specifically around Compliance, Risk and Security.

    Amy DeMartine is the Research Director at Forrester Research and helps security, risk professionals transform their current software, and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Shifting Security Right: Know What Web Apps You Own Sep 3 2019 1:00 pm UTC 34 mins
    Bipin Mistry, Director of Product Management, Veracode
    It’s more common than you think that organizations and brands have more web apps than they realize. In fact, Veracode customers often find roughly 30 per cent more applications than they knew about. With one project Veracode worked on for a high street bank in the UK, they discovered 1,800 websites that had yet to be logged.

    There are a number of reasons unknown or unlogged web applications continue to live in your portfolio. For example, through M&A activity, more than just a company or brand is acquired – you also acquire their web assets. Further, the digital landscape is decorated with marketing promotional sites meant to attract attention. And the very thing meant to draw attention to your brand and boost your bottom line is the same target attackers go after to infiltrate your organization.

    Join this session to learn how to uncover unknown web applications in your portfolio to ensure their security from cyberattackers.

    About the speaker:
    Bipin Mistry is Director of Product Management for WAS product line. Prior to joining CA/Veracode he was VP Product Management for NEC/Netcracker in their SDN/NFV and Security business unit. At NEC/Netcracker Bipin’s primary focus is to develop solutions and architectures specifically mapped to NFV/SDN and Orchestration. He has over 28 years expertise in Security, Software Architectures, Mobile and Core Networking Technologies, Product Management, Marketing, Engineering and Sales. Prior to joining NEC/Netcracker Bipin was VP President of Product Management for a security startup in the field of DDoS analysis and mitigation. Bipin has also held architectural and management roles at both Juniper Networks (Chief Mobile Architect) and Cisco Systems (Sr. Director of SP Architecture).

    Bipin lives Shrewsbury MA with his wife and 2 children. In his spare time, Bipin is a keen runner and is currently attempting to learn Spanish.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Practical Steps to Start Using Open Source Code More Securely Sep 3 2019 12:00 pm UTC 42 mins
    Javier Perez, Director of Product Management, Veracode
    Open source frameworks have changed the business world in profound ways. They’ve ushered in a level of speed, innovation, and convenience that significantly alters the IT equation. With large numbers of developers and others contributing to a project, it’s possible to advance and evolve software in ways that wouldn’t have been imaginable in the past. What’s more, this form of open collaboration benefits everyone by making software available at a lower cost point — and sometimes even at no cost.

    Make no mistake, open source software libraries are here to stay – and they can introduce new and sometimes dangerous risks to an enterprise. The use of open source code increases the number of users affected as well as the number of exposure points. It’s vital to have a strategy and framework in place to manage open source libraries and components. Otherwise, the road to digital transformation will likely be paved with frustrations, problems, and even failures.

    Open source software risks revolve around three key areas: visibility, security, and governance.

    In this session we will help you understand these factors and how to formulate a stronger cybersecurity strategy that protects you from open source risk.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Steps to Creating Security Champions on your Application Development Team Sep 3 2019 11:00 am UTC 44 mins
    Ryan O'Boyle, Manager, Product Security, Veracode
    One of the most powerful things an organization can do to improve its security posture is to cultivate security-mindedness in its developers. Security and development teams often feel at odds with one another and yet they share a common goal: to put quality code into production. Bringing these teams into closer contact gives them a deeper understanding of each other’s pressures, priorities, and processes.

    Developers are well-positioned to address application security. By designing applications with security in mind, and finding and fixing flaws early in the software development lifecycle, developers shift security left. In doing so they both lighten the burden on the security team and reduce unplanned work for themselves down the road.

    An interested developer—given the right direction, encouragement, and tools—can become an effective security champion.

    Join this session to learn how to identify the right developers for this role and how to best train and support them over time. Your security champions will advocate for security as a non-negotiable component of code quality and in turn foster security-mindedness in their peers, amplifying security knowledge across the organization.

    About the speaker: Ryan O’Boyle is a Principal Security Researcher at Veracode, and a certified ScrumMaster. Prior to joining Veracode, he helped create the internal penetration testing team at Fidelity Investments, where he was focused not only on finding vulnerabilities but helping engineers fix them and avoid them altogether.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Which AppSec Testing Type is Right for You? Sep 3 2019 10:00 am UTC 42 mins
    Chris Kirsch, Director Product Marketing, Veracode
    Although there are a variety of application security technologies, there is no silver bullet. You need to gather the strengths of multiple analysis techniques along the entire application lifetime — from development to testing to production — to drive down application risk. Each testing type, from static to dynamic to software composition analysis and manual pen testing, has different strengths and weaknesses and are better in different scenarios, but you won’t be effective without taking advantage of them all.

    Join this session to understand the strengths and weaknesses of the different AppSec testing types, how they work together, and how to get started.

    About the speaker:
    Chris Kirsch works on the products team at Veracode and has 22 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Shifting Application Security Left: Where to Start Sep 3 2019 9:00 am UTC 34 mins
    Chris Wysopal, CTO, Veracode
    The demands of modern software development and the rise of DevOps are shifting security left into the early phases of the development lifecycle. Companies that navigate this significant cultural, organizational, and technological change well are outpacing their competitors. But where to begin?

    In this session, we will describe five essential steps for shifting security left:

    1) Make security autonomous from day one.
    2) Integrate as you code.
    3) Avoid false alarms.
    4) Create security champions.
    5) Maintain operational visibility.

    Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code from the start, and deliver stronger, better applications than your competitors.

    About the speaker:
    Chris Wysopal is Chief Technology Officer at Veracode. He oversees technology strategy and information security. Prior to co-founding Veracode in 2006 Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec.

    In the 1990’s, Chris was an original vulnerability researcher at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.

    Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

    Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking conservation trails near his home outside Boston.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • How to Create a Business Case for Expanding Your AppSec Program Aug 29 2019 10:00 am UTC 41 mins
    Colin Domoney, DevOps Consultant
    Hear from a leading DevSecOps expert with first-hand knowledge and experience in building and expanding enterprise-wide application security programs. This webinar will feature Colin Domoney, formerly of Veracode and now a consultant to companies transforming to the DevOps model of software delivery. Colin will discuss how to engage with your company’s decision makers in order to expand your application security program. Specifically he will share best practices on getting buy-in from internal stakeholders, tips for identifying demonstrable KPI’s, and examples of how other companies have made the successful transition of application security footprint to a mature program.
  • Make Security Your Competitive Advantage Aug 28 2019 4:00 pm UTC 60 mins
    Asha May, Director, Customer Engagement, Veracode
    Application security is more than breach avoidance - it can be your competitive differentiator. The sobering threat of data breaches has raised concern within organizations around the software running in their environments and touching their businesses. Software vendors who can prove that their applications will not leave their customers open to attack can claim a competitive advantage.

    Attend this upcoming webinar, and hear Veracode experts share insights into how enterprises are using security to drive business growth from within. Specifically you will learn how security can drive revenue growth through:

    •Increased speed to market
    •Proven competitive differentiation
    •Greater supply chain assurance
  • The Silence of the Lambdas - Making Serverless Code Secure Aug 27 2019 10:00 am UTC 45 mins
    Fulya Sengil, Solution Architect & Adam Reyland, Regional Marketing Specialist at Veracode
    Serverless code is dramatically changing how teams think about deploying software. The economics of Serverless has transformed how functionality can be leveraged to serve the customer. Of course, whilst code survives at run time, it needs to be secure - especially when dealing with user input from the outside world. We discuss how you can keep your Lambdas absolutely mint, free from vulnerabilities with Veracode.

    Join this webinar to...

    -Understand the security challenges in building and deploying of serverless architecture in production.
    -Learn how to use and secure a python/nodejs based project
    -See the impact of uncovering new previously unreported security issues in 1st and 3rd party components.
  • Cloud Native – Everything a Security Professional Needs to Know Aug 22 2019 10:00 am UTC 45 mins
    Colin Domoney DevSecOps Consultant & Adam Reyland, Regional Marketing Specialist at Veracode
    The Cloud Native Computing Foundation is home to literally hundreds of projects enabling developers to embrace every benefit of cloud native development from container deployment and orchestration to monitoring and messaging.

    This webinar gives an overview of the work of the Cloud Native Computing Foundation; highlights a few flagship projects such as Kubernetes and Istio; and explains how these projects are transforming the way developers work. Security practitioners will benefit from insights into how these new technologies and projects can be applied to ensure that cloud native applications are also natively secure by design.
  • The Day that Machine Learning Learnt To Identify Open Source Flaws Recorded: Aug 6 2019 39 mins
    Paul Farrington - EMEA CTO, Veracode & Asankhaya Sharma - Director Software Engineering, Veracode
    In this live webinar we’ll talk about the wonderful opportunity afforded by Open Source software to accelerate development productivity. With up to 90% of modern software being comprised from third party components, it’s important to understand how secure building blocks really are. Public vulnerability databases only reveal part of the story.

    Veracode shines a light on how we use Machine Learning to identify everything else. For modern languages, the results are astounding. By mining open source software repositories we are able to automatically identify vulnerabilities and security issues before they are widely known.

    Join this live webinar to...

    -Learn how to use machine learning (ML) to automate the task of identifying vulnerabilities in open-source software.
    -Understand the engineering challenges in building and deploying ML models at scale in production.
    -See the impact of uncovering new previously unreported security issues in 3rd party components.
  • Speed Matters in AppSec: How to Start Improving Your Fix Rate Recorded: Jul 17 2019 41 mins
    Pejman Pourmousa, Vice President, Services, Veracode and Amy DeMartine, Research Director, Forrester Research
    The most important function of an application security program is effectively fixing flaws once they’re discovered. But the speed of that fix rate matters — the time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, and sometimes hours. Yet our most recent State of Software Security report found that one in four high and very high severity flaws aren’t addressed within 290 days of discovery.

    Improving your fix rate is critical, but the sheer volume of vulnerabilities present in most organizations’ application portfolios makes it necessary for them to make daily tradeoffs between security, practicality, and speed.

    This might seem like an insurmountable problem, but our data also presents hopeful glimpses at potential prioritization and software development methods that could help organizations reduce risk more quickly. In this session, we’ll share some steps and best practices that will start lowering your fix rate.

    About the speakers:
    Pejman Pourmousa is Vice President of Services at Veracode, where he is responsible for the successful adoption of Veracode’s solutions by its customers. He has spent the last seven years building cohesive teams that help customers develop, deploy and mature their App Sec programs. Using his depth of experience, he guides top leaders of organizations on how to realize the potential of their application security programs. Pejman has spent the entirety of his career in the area of services management and delivery specifically around Compliance, Risk and Security.

    Amy DeMartine is the Research Director at Forrester Research and helps security, risk professionals transform their current software, and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Shifting Security Right: Know What You Own Recorded: Jul 17 2019 35 mins
    Bipin Mistry, Director of Product Management, Veracode
    It’s more common that you would imagine that organizations and brands have more web apps than they realize. In fact, our customers often find roughly 30 percent more applications than they knew about. With one project we worked on for a high street bank in the UK, we discovered 1,800 website that had yet to be logged.

    There are a number of reasons unknown or unlogged web applications continue to live in your portfolio. For example, through M&A activity, more than just a company or brand is acquired – you also acquire their web assets. Further, the digital landscape is decorated with marketing promotional sites meant to attract attention. And the very thing meant to draw attention to your brand and boost your bottom line is the same target attackers go after to infiltrate your organization.

    Join this session to learn how to uncover unknown web applications in your portfolio to ensure their security from cyberattackers.

    About the speaker:
    Bipin Mistry is Director of Product Management for WAS product line. Prior to joining CA/Veracode he was VP Product Management for NEC/Netcracker in their SDN/NFV and Security business unit. At NEC/Netcracker Bipin’s primary focus is to develop solutions and architectures specifically mapped to NFV/SDN and Orchestration. He has over 28 years expertise in Security, Software Architectures, Mobile and Core Networking Technologies, Product Management, Marketing, Engineering and Sales. Prior to joining NEC/Netcracker Bipin was VP President of Product Management for a security startup in the field of DDoS analysis and mitigation. Bipin has also held architectural and management roles at both Juniper Networks (Chief Mobile Architect) and Cisco Systems (Sr. Director of SP Architecture).

    Bipin lives Shrewsbury MA with his wife and 2 children. In his spare time, Bipin is a keen runner and is currently attempting to learn Spanish.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Practical Steps to Start Using Open Source Code More Securely Recorded: Jul 17 2019 43 mins
    Javier Perez, Director of Product Management, Veracode
    Open source frameworks have changed the business world in profound ways. They’ve ushered in a level of speed, innovation, and convenience that significantly alters the IT equation. With large numbers of developers and others contributing to a project, it’s possible to advance and evolve software in ways that wouldn’t have been imaginable in the past. What’s more, this form of open collaboration benefits everyone by making software available at a lower cost point — and sometimes even at no cost.

    Make no mistake, open source software libraries are here to stay – and they can introduce new and sometimes dangerous risks to an enterprise. The use of open source code increases the number of users affected as well as the number of exposure points. It’s vital to have a strategy and framework in place to manage open source libraries and components. Otherwise, the road to digital transformation will likely be paved with frustrations, problems, and even failures.

    Open source software risks revolve around three key areas: visibility, security, and governance.

    In this session we will help you understand these factors and how to formulate a stronger cybersecurity strategy that protects you from open source risk.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Steps to Creating Security Champions on your Development Team Recorded: Jul 17 2019 45 mins
    Ryan O'Boyle, Manager, Product Security, Veracode
    One of the most powerful things an organization can do to improve its security posture is to cultivate security-mindedness in its developers. Security and development teams often feel at odds with one another and yet they share a common goal: to put quality code into production. Bringing these teams into closer contact gives them a deeper understanding of each other’s pressures, priorities, and processes.
    Developers are well-positioned to address application security. By designing applications with security in mind, and finding and fixing flaws early in the software development lifecycle, developers shift security left. In doing so they both lighten the burden on the security team and reduce unplanned work for themselves down the road.

    An interested developer—given the right direction, encouragement, and tools—can become an effective security champion.

    Join this session to learn how to identify the right developers for this role and how to best train and support them over time. Your security champions will advocate for security as a non-negotiable component of code quality and in turn foster security-mindedness in their peers, amplifying security knowledge across the organization.

    About the speaker: Ryan O’Boyle is a Principal Security Researcher at Veracode, and a certified ScrumMaster. Prior to joining Veracode, he helped create the internal penetration testing team at Fidelity Investments, where he was focused not only on finding vulnerabilities but helping engineers fix them and avoid them altogether.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Which AppSec Testing Type is Right for You? Recorded: Jul 17 2019 43 mins
    Chris Kirsch, Director Product Marketing, Veracode
    Although there are a variety of application security technologies, there is no silver bullet. You need to gather the strengths of multiple analysis techniques along the entire application lifetime — from development to testing to production — to drive down application risk. Each testing type, from static to dynamic to software composition analysis and manual pen testing, has different strengths and weaknesses and are better in different scenarios, but you won’t be effective without taking advantage of them all.

    Join this session to understand the strengths and weaknesses of the different AppSec testing types, how they work together, and how to get started.

    About the speaker:
    Chris Kirsch works on the products team at Veracode and has 22 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Shifting Security Left: Where to Start Recorded: Jul 17 2019 35 mins
    Chris Wysopal, CTO, Veracode
    The demands of modern software development and the rise of DevOps are shifting security left into the early phases of the development lifecycle. Companies that navigate this significant cultural, organizational, and technological change well are outpacing their competitors. But where to begin?

    In this session, we will describe five essential steps for shifting security left:

    1) Make security autonomous from day one.
    2) Integrate as you code.
    3) Avoid false alarms.
    4) Create security champions.
    5) Maintain operational visibility.

    Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code from the start, and deliver stronger, better applications than your competitors.

    About the speaker:
    Chris Wysopal is Chief Technology Officer at Veracode. He oversees technology strategy and information security. Prior to co-founding Veracode in 2006 Veracode, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec.

    In the 1990’s, Chris was an original vulnerability researcher at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.

    Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

    Chris is often called upon to download the latest Minecraft mods for his 6-year-old son. An avid photographer and nature-lover, Chris spends his free time hiking conservation trails near his home outside Boston.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • From Zero to Hero: Veracode's Analytics Revolution Recorded: Jul 10 2019 49 mins
    Anne Nielsen, Veracode Product Management and Colleen Tartow, Veracode Engineering
    The ability to determine the success of your application security program depends on visibility into your data. Whether you are trying to capture your current risk posture, assess the secure coding skill level of your development teams, or gain assurance that you are meeting compliance – having the right data in a consumable format is critical.

    During this webinar, you will hear from members of Veracode’s product management and engineering teams. They will discuss how they approach these types of goals and challenges for customers and provide examples of key value metrics and best practices in using application security analytics for reporting. You will walk away with a better understanding how Veracode’s Analytics supports the ability to capture informative data so that users can assess their current state and take action to improve their risk posture. Specifically you will see how Veracode Analytics helps your organization:

    •Measure the current state of the security of their development, based on adherence to security policy and their Veracode usage
    •Gain insight on program improvements by measuring their responsiveness to resolving security findings as well as comparing the different types of security findings in their portfolio
    •Create custom data visualizations from scratch to target what is needed for managing their program
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Sécurisation des applications et des conteneurs Docker avec Veracode
  • Live at: Jun 27 2019 9:00 am
  • Presented by: Nabil Bousselham, Solution Architect at Veracode
  • From:
Your email has been sent.
or close