Hi [[ session.user.profile.firstName ]]

Secure By Design: Spotlight on Security of Open Source Components

As organisations demand better, faster, and more efficient software, developers are scrambling to keep up and are often turning towards vulnerable open source code components – a practical solution, but one that can put your company at risk to cyber-attacks.

Open source software risks revolve around three key areas: visibility, security, and governance. In this session we will help you understand these factors and how to formulate a stronger cybersecurity strategy that protects you from open source risk.

Join us for this live webinar where we will be joined by Swiss Technology Partner, PSYND, to learn how Veracode can help you gain visibility of open source risk and formulate a stronger cybersecurity strategy that protects you from related cyber attacks.PSYND will present us with real life examples and use cases which illustrate just how important it is for organisations to secure their code.
Recorded Sep 11 2019 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Nabil Bousselham, Solution Architect at Veracode and Mauro Verderosa, Founder & CEO of PSYND
Presentation preview: Secure By Design: Spotlight on Security of Open Source Components

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • 10 Years Up – The State of Software Security Jan 30 2020 11:00 am UTC 45 mins
    Paul Farrington, CTO at Veracode
    For ten years, Veracode has been tracking the State of Software Security. In our 10th anniversary study, we confirm that teams are making a huge difference in reducing security debt. This webinar looks at some of the familiar challenges facing developers, but offers real reasons for optimism. We started Veracode with a mission to secure the world’s software. Today, that mission remains, with the added focus of enabling you to create, innovate, and “change the world” with software, without being held back by security concerns.

    In this webinar:

    - Learn about the security reality facing application owners - most applications fall short of industry standards
    - See which languages are the worst security offenders
    - Observe which flaws are the most prevalent, how frequently they are fixed, how they are exploited and which categories lead to the most incidents
    - Understand how teams are able to reach a 5x reduction in security debt
    - Gain insights into how developers are able to reduce the 'mean time to remediation' (MTTR) rate by over 70%
  • 10 ans et plus - L'état de la Sécurité des Logiciels Jan 28 2020 11:00 am UTC 45 mins
    Nabil Bousselham, Solution Architect at Veracode
    Depuis dix ans, Veracode suit l'état de la sécurité des logiciels. Dans notre étude du 10ème anniversaire, nous confirmons que les équipes font une énorme différence dans la réduction de la dette de sécurité. Ce webinaire examine certains des défis auxquels les développeurs sont confrontés, mais offre aussi de vraies raisons d'être optimiste. Nous avons lancé Veracode avec la mission de sécuriser les logiciels du monde. Aujourd'hui, cette mission demeure, avec pour objectif supplémentaire de vous permettre de créer, d'innover et de «changer le monde» avec des logiciels, sans être freiné par des problèmes de sécurité.

    Dans ce webinaire:

    Découvrez la réalité de la sécurité des applications - la plupart des applications ne répondent pas aux normes de l'industrie
    Voir quels langages de programmation sont les pires contrevenants à la sécurité
    Observez quelles sont les failles les plus répandues, à quelle fréquence elles sont corrigées, comment elles sont exploitées et quelles catégories entraînent le plus d'incidents
    Comprendre comment les équipes parviennent à réduire de 5 fois la dette de sécurité
    Comprendre comment les développeurs peuvent réduire le taux de « temps moyen de correction » (MTTR) de plus de 70%.
  • 10 Jahre State of Software Security Jan 23 2020 10:00 am UTC 45 mins
    Julian Totzek - Hallhuber, Solution Architect at Veracode
    Für 10 Jahre verfolgt Veracode bereits den Status zur Softwaresicherheit. In unserer 10. Jubiläumsausgabe bestätigen wir das Teams einen großen Unterschied bei der Reduzierung von Sicherheitsfehlern machen können. Dieses Webinar befasst sich mit den bekannten Herausforderungen, denen Entwickler gegenüberstehen, bietet jedoch auch echte Gründe für Optimismus. Wir haben Veracode mit der Mission gegründet, die Software der Welt sichern zu machen. Diese Mission ist auch heute noch gültig, mit dem zusätzlichen Fokus, es Ihnen zu ermöglichen, mit Software, Innovationen zu entwickeln und die Welt zu verändern, ohne von Sicherheitsbedenken zurückgehalten zu werden.

    In diesem Webinar
    Informieren Sie sich über die Sicherheitsrealität von Anwendungsanbietern - die meisten Anwendungen entsprechen nicht den Industriestandards
    Sehen Sie, welche Sprachen die schlimmsten Sicherheitsverstöße aufweist
    Erfahren Sie, welche Fehler am häufigsten auftreten, wie häufig sie behoben werden, wie sie ausgenutzt werden und welche Kategorien zu den meisten Vorfällen führen
    Verstehen Sie, wie Teams in der Lage sind, die Sicherheitsfehler um das Fünffache zu senken
    Gewinnen Sie Einblicke darüber, wie Entwickler die durchschnittliche Zeit bis zur Fehlerbehebung (MTTR) um über 70% reduzieren können.
  • 10 Años - El Estado de la Seguridad del Software Jan 21 2020 10:00 am UTC 45 mins
    Antonio Reche, Solution Architect at Veracode
    Durante diez años, Veracode ha estado siguiendo el estado de la seguridad del software. En nuestro estudio en el décimo aniversario, confirmamos que los equipos están haciendo especial énfasis en la reducción de la deuda de seguridad. Este seminario web analiza algunos de los desafíos más comunes que afrontan los desarrolladores, y ofrece razones reales para el optimismo. Comenzamos Veracode con la misión de asegurar el software del mundo. Hoy, esa misión permanece, con el enfoque adicional de permitirle crear, innovar y "cambiar el mundo" con software, sin ser frenado por preocupaciones de seguridad.

    En este seminario web:
    - Conozca la realidad de seguridad que enfrentan los responsables de aplicaciones: la mayoría de las aplicaciones no cumplen con los estándares de la industria
    - Vea qué lenguajes son los peores infractores de seguridad
    - Observe qué fallos son las más frecuentes, con qué frecuencia se corrigen, cómo se explotan y qué categorías conducen a la mayor cantidad de incidentes.
    - Comprenda cómo los equipos pueden alcanzar una reducción de 5 veces en la deuda de seguridad
    - Obtenga información sobre cómo los desarrolladores pueden reducir el "tiempo medio de remediación" (MTTR) en más del 70%
  • AppSec in 2020: What’s on the Horizon Jan 14 2020 11:00 am UTC 45 mins
    Paul Farrington CTO, Veracode & Adam Reyland, Regional Marketing Specialist, Veracode
    We saw some positive changes in AppSec in 2019. Organisations are increasingly focused on not just finding security vulnerabilities, but fixing them, and prioritising the flaws that put them most as risk. But we’ve got a long way to go; we still find that the vast majority of software (83% in fact) contains at least one vulnerability on initial scan.

    How will things evolve in 2020? Join this webinar where we’ll discuss AppSec themes we expect to emerge in 2020, including:

    •Using security champions on development teams to act as a force multiplier for the security team
    •Optimising AppSec with the right metrics
    •DevSecOps going mainstream
    •Shifting focus from finding security-related defects to fixing them
    •Regulations affecting AppSec practices
  • AppSec: Beyond Scanning Recorded: Dec 12 2019 37 mins
    Chris Eng, Chief Research Officer, Veracode
    We consistently come across organizations that think they can check the AppSec box if they’re scanning their code, or who are quantifying success by how many scans they can run a day, rather than by how many flaws they were able to fix. Unfortunately, you can’t scan your way to secure code.

    At this session will walk you through three critical steps an organization must take beyond scanning to develop more secure code: educating your developers so they learn secure coding skills, fixing the vulnerable code that’s found, and scaling the AppSec program to cover your entire application landscape.

    Key takeaways:
    - Learn how to move your AppSec program from a find focus to a fix focus
    - Find out why training plays a critical role in AppSec
    - Understand what it takes to scale your AppSec program
  • Creating Security Champions to Improve Your DevOps Security Posture Recorded: Dec 10 2019 43 mins
    Paul Farrington, EMEA CTO at Veracode | Calvin Mills, Software Engineer | Jamie Keegan, QA Test Lead
    What if I told you that you could improve the rate at which you fix your security issues up to 88% faster, without spending money on expensive consultants or blinky lights. 'Security Champions' could be the answer.
    Gartner predicts 3.4 million unfilled security roles by 2022 - simply because there are not enough expertise. DevOps teams in particular are leading the way in identifying Security Champions to help promote secure coding and reduce friction within teams. Rather than relying exclusively on a centralised security team, that can’t scale - we can go faster by nurturing security advocates in each development team. We talk about how to harness the existing talent in your teams and provide insights into how you can force-multiply the effect of security across your organisation, in a way that is likely to be received positively by your development teams.
  • State of Software Security: Peer Benchmarking to Evolve Your AppSec Program Recorded: Dec 4 2019 26 mins
    Annie Znamierowski, Sr Security Program Mgr, Veracode
    Metrics are essential to understanding any AppSec Program. In addition to measuring performance against internal objectives, benchmarking across peers can be a powerful way to inform program strategy. Veracode customers across different industries are applying data from Veracode’s State of Software Security (SoSS) report to drive maturity, engage developers, build executive support, and procure additional resources as they evolve their programs. Join this webinar to gain insight into how some Veracode customers are leveraging SoSS data, and next steps you can take to get your organization’s own SoSS comparison from Veracode.
  • Real-World Retrospective: AppSec First Steps Recorded: Nov 20 2019 39 mins
    Anne Correia, Veracode | Joe Leonard, CISO Advisory Services | Jason Curtis, Financial Industry Expert
    With AppSec, as with most initiatives, the first step is often the most difficult. Learn from someone who’s been there. Join our conversation with Joe Leonard a Cyber Security leader and more as they explain their recounts on how organizations have kick off their AppSec program. You’ll get best practices and lessons learned on the initial AppSec steps to take to set your organization up for success.

    Key takeaways:
    - Hear how real companies kicked off and expanded their AppSec programs
    - Get AppSec best practices you can take back to your own company
    - Get practical advice on AppSec pitfalls to avoid
  • Analytics Best Practices Recorded: Nov 20 2019 46 mins
    Anne Nielsen, Principal Product Manager, Veracode
    Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate where your organization is at but also show what progress it’s making in achieving its objectives.

    Join this session to get our advice on what to measure in your AppSec program, and how to measure it. We’ll cover measuring your compliance against your own internal AppSec policy, your scan activity, flaw prevalence, and time to resolve.

    Key takeaways:
    - Understand the role metrics play in your AppSec success
    - Learn which metrics to report to executives
    - Find out which metrics give you the best picture of the health of your AppSec program
  • Keynote: Beyond Scanning Recorded: Nov 20 2019 38 mins
    Chris Eng, Chief Research Officer, Veracode
    We consistently come across organizations that think they can check the AppSec box if they’re scanning their code, or who are quantifying success by how many scans they can run a day, rather than by how many flaws they were able to fix. Unfortunately, you can’t scan your way to secure code.

    At this session will walk you through three critical steps an organization must take beyond scanning to develop more secure code: educating your developers so they learn secure coding skills, fixing the vulnerable code that’s found, and scaling the AppSec program to cover your entire application landscape.

    Key takeaways:
    - Learn how to move your AppSec program from a find focus to a fix focus
    - Find out why training plays a critical role in AppSec
    - Understand what it takes to scale your AppSec program
  • Getting AppSec Developer Buy In Recorded: Nov 19 2019 47 mins
    Tim Jarrett, Sr. Director of Product Management, Veracode | Gene Kim, Author, Researcher
    Development teams’ biggest fear when they hear their organization will enact an application security assessment program is that their development efforts will be slowed down. This team can be the biggest barrier to the success of the program because if they don’t follow the protocol set forth by the program plan, the security team will be unable to demonstrate the value of the plan.

    Join this session to get our tips on getting developer buy-in for your AppSec program, including implementing the right tools, establishing training on secure coding, and developing a security champions program.

    Key takeaways:
    - Find out what you need to know about your development teams’ processes and priorities in order to get AppSec buy-in
    - Understand why the right AppSec tools and training are key to developer buy-in
    - Get tips on developing a security champions program
  • From Zero to Maturity: Setting AppSec Goals & First Steps Recorded: Nov 19 2019 43 mins
    Brad Smith, Senior Principal Security Program Manager, Veracode
    A mature application security program might seem intimidating to some organizations. But it’s important to remember that there are an established series of steps most organizations take when developing an application security program. The keys are to start small, have clear goals, keep things simple, prove the value, and then mature the program over time.

    We’ve worked with numerous companies on their path from zero AppSec to a mature, comprehensive program. To shed light on how to get started with application security, and on what good looks like, this session will outline the first steps most of our customers take to develop a mature application security program.

    Key takeaways:
    - Get best practices on setting goals for your AppSec program
    - Find out the best place to start when kicking off your AppSec program
    - What does good look like in AppSec? Learn what to strive for
  • Webcam Keynote: Getting AppSec Executive Buy In Recorded: Nov 19 2019 35 mins
    Chris Wysopal, CTO, Veracode
    How can you demonstrate the value of adopting or expanding your organization’s AppSec program when there’s a growing need for all types of cybersecurity, as well as intense competition for your critical tech budget? Simply put, you must convince decision-makers that your program — and their money — will lead to better business outcomes, a higher level of efficiency, lower costs, and improved return on investment (ROI).

    Attend this session to get tips and best practices on making the case for AppSec to your senior leadership team.

    Key takeaways:
    - Learn how to make the case for AppSec in a way that resonates with executives
    - Understand which AppSec metrics executives will care about
    - Find out how to tie AppSec to corporate goals and priorities
  • A Winning Smile - Securing Sparkling Code With AWS Developer Tools Recorded: Nov 14 2019 41 mins
    Julian Totzek-Hallhuber, Solution Architect at Veracode & Andy Powell, Partner Solution Architect at AWS
    If you’re leveraging AWS, there’s a very good chance that you are considering how to embrace AWS’s breadth of services designed to enable developers and IT operations professionals practicing DevOps to rapidly and safely deliver software. We provide examples of how to accelerate your development in AWS, whilst offering insights into how you can make your code secure with Veracode. Automation all the way.
  • Analyse Dynamique de Veracode : Réduisez le Risque de Brèche de Sécurité Recorded: Nov 12 2019 47 mins
    Nabil Bousselham, Solution Architect at Veracode
    Les applications Web restent le principal vecteur d’attaque des hackers. C’est pourquoi de nombreuses entreprises adoptent des solutions de tests de sécurité dynamiques (DAST) pour valider la sécurité de leurs applications qui sont en cours de développement ou déjà en production.

    L’analyse dynamique est une solution importante dans un programme de sécurité d’application maturé, car cette technique permet de détecter plus facilement différents types de vulnérabilités, notamment les fuites d’informations, les problèmes de cryptographie et les vulnérabilités cross-site-Scripting.

    Dans ce webinaire, nous allons vous présenter comment Veracode WAS (Web Application Security) va vous aider á répondre á quatre challenges majeurs dans ce domaine et vous sécuriser votre périmètres web á l’échelle :

    Découverte : Découvrez toutes les applications Web associées à votre organisation, même si vous ne les avez pas créées en interne, pour créer un inventaire complet de votre périmètre web.

    Scalabilité : Analysez plusieurs dizaines, centaines ou milliers sites web de votre organisation à la fois, qu'elles soient authentifiées ou non authentifiées.

    Rapidité : Obtenez des résultats de haute qualité rapidement et de manière intelligente.

    Automatisation et intégration : Les analyses qui s’effectuent automatiquement et s'intègrent aux processus et outils existants permettent à vos équipes de sécurité et de développement d’intégrer les tests DAST dans leurs SDLC.
  • Welche AppSec Testing Methode ist die Richtige für Sie? Recorded: Nov 7 2019 36 mins
    Julian Totzek-Hallhuber, Solution Architect at Veracode
    Auch wenn es viele unterschiedliche AppSec Testing Methoden gibt, gibt es nicht die „Eine“ richtige. Vielmehr geht es darum die Stärken der verschiedenen Analysetechniken über den gesamten Applikationslebenzyklus zu kombinieren, von der Entwicklung bis hin zur Produktion, um das Risiko zu minimieren. Jede Methode ob Statisch Analyse, Dynamische Analyse, Software Composition Analyse oder Manuelle Penetrationstest habe alle ihre Stärken und Schwächen, finden sich in verschiedenen Szenarien wieder und sind am effektiefsten in einer Kombination aus allen Methoden.

    Nehmen Sie an diesem Webinar teil um die Stärken und Schwächen der verschiedenen AppSec Testing Methoden kennenzulernen, wie sie am besten zusammenarbeiten und wie sie mit AppSec testing starten können.
  • Make Your Dynamic Analysis more DevOps friendly Recorded: Oct 30 2019 45 mins
    Bhavna Sarathy, Principal Product Manager – Veracode Dynamic Analysis, Veracode
    With today’s ever evolving threat landscape, integrating security checks into your application development processes is no longer a nice-to-have but instead is a must-do. However, a shift towards DevOps means that security must become an automated component of your development team’s release pipeline instead of an extra step. During this webinar, one of Veracode’s product experts will elaborate on ways to integrate DAST scanning into your organizations CICD pipeline. Specifically, you will learn how to:
    •Introduce automation to your DAST scanning
    •Automate critical functionality of DAST through Jenkins integrations
    •Enable developers to fully automate DAST scanning for their web application portfolios by integrating into their existing dev tools with REST APIs
  • Make Security Your Competitive Advantage Recorded: Oct 24 2019 26 mins
    Asha May, Director, Customer Engagement, Veracode
    Application security is more than breach avoidance - it can be your competitive differentiator. The sobering threat of data breaches has raised concern within organizations around the software running in their environments and touching their businesses. Software vendors who can prove that their applications will not leave their customers open to attack can claim a competitive advantage.

    Attend this upcoming webinar, and hear Veracode experts share insights into how enterprises are using security to drive business growth from within. Specifically you will learn how security can drive revenue growth through:

    •Increased speed to market
    •Proven competitive differentiation
    •Greater supply chain assurance
  • Introducing Veracode DevOps Penetration Testing Recorded: Oct 22 2019 34 mins
    Tom Eston, Manager, Penetration Testing at Veracode & Jamie Rougvie, Principal Penetration Tester, Veracode
    DevOps can be challenging for many organizations when thinking about all the different areas of the DevOps process that require security testing. Organizations that begin to “shift left” often find significant gaps in the security of infrastructure and operational components that are now integrated into the development process. Many of the technologies being used in DevOps are also very new to most organizations and are more recently starting to become “mainstream”. Containers like Docker, orchestration technology like Kubernetes, cloud storage like Amazon S3 and MongoDB instances, not to mention existing cloud infrastructure which can all be misconfigured or have vulnerabilities that have led to countless data leaks and breaches in the news. But we also can’t forget about the developers either. What can be found being discussed on GitHub, Stack Overflow or other online sources about your applications through Open Source Intelligence (OSINT)? While there is no question that automating security testing in your DevOps process is a requirement, there still is a need for penetration testing, which provides more than just finding and exploiting vulnerabilities, but also a look into the attacker perspective.

    In this webinar you’ll learn about:

    •The challenges organizations face when “shifting left” from a security testing perspective
    •How vulnerabilities in DevOps infrastructure, operations, and the developers themselves are leveraged by attackers to compromise applications
    •How Veracode’s DevOps Penetration Testing offering can be part of your DevOps process for security testing and compliance
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Secure By Design: Spotlight on Security of Open Source Components
  • Live at: Sep 11 2019 10:30 am
  • Presented by: Nabil Bousselham, Solution Architect at Veracode and Mauro Verderosa, Founder & CEO of PSYND
  • From:
Your email has been sent.
or close