Name: Creating Security Champions to Improve Your DevOps Security Posture
Start: 2019-12-10T11:00:00Z
End: 2019-12-10T11:42:56.000Z
Location: BrightTALK
Rating: 2.5

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

APIs, containers, and clouds, oh my! Organizations use modern software development to deliver incredible user experiences and better performance. Just don’t look behind the curtain; behind that curtain, ingress points and opportunities for attackers are proliferating. That’s why securing cloud-native applications needs to mature beyond run-time protection.

In this webinar, you’ll learn the steps for integrating security into your entire SDLC to pay down your security debt and prevent future risks. Join Veracode’s Scott Simpson and Optiv’s Jim Canup to hear real-world experiences, best practices, and insights into how customers can apply these principles and deliver positive results at scale.

How To Mature Cloud-native Application Security Programs

It’s not hard to set application security goals. What is hard is defining an appropriate level of risk and measuring your AppSec program’s efficacy against your investments and industry peers. In 15 focused minutes, learn how to apply data and analytics to make security a competitive advantage by:

- Leveraging peer benchmarking to quantify strengths/weaknesses, define goals, and communicate to leadership
- Tracking KPIs and performance over time
- Measurably improving AppSec outcomes and preventing future risk

VeraTalk: Improve AppSec Outcomes With Contextual Data

Leveraging open-source libraries can speed development times, but how do you determine what’s safe to use? Learn the latest research behind the answer to this question from Forrester and the State of Software Security 2023 in our webinar: The Fragility of Open Source.

The Fragility of Open Source

To truly reduce software security risk, businesses require a single platform that brings security and development teams together and provides a complete and managed view of security risk across the software development lifecycle (SDLC). 

Join this session hosted by Brandvakt and Software Security leader Veracode were we’ll discuss:

• The benefit of investing in a platform that incorporates the entire testing suite enabling monitoring and coordination of security testing of all software artifacts 
• The value of a frictionless developer experience that meets developers where they work
• How the Veracode platform delivers on-demand insights interconnecting policy and governance with a single view into the entire software development lifecycle
• A demonstration of the platform and insights on API scanning, Container scanning and exciting new innovations such as intelligent remediation
• Value added vulnerability remediation support provided by Brandvakt team

Secure your spot today, we hope you can join us.

Effective Software Security for a Cloud-Native World

As developers embrace cloud-native computing practices, containers have become essential for simplifying software deployment and runtime environment configuration management. Yet despite their many benefits, software containers may also include significant risks. Lack of visibility into containers means security and development teams are often unable to discern whether there are any issues within the code. Moreover, not scanning containers for vulnerabilities before or after being deployed to production, may lead to major security gaps.

Join this live panel discussion to learn tips for creating a winning container security strategy for 2023. You’ll explore:


The evolving container landscape: Early days, ongoing container wars, and industry-specific standards
How rapidly rising container security requirements are re-shaping container development, AppSec workflows, and software supply chain protection strategies

The three key stages of container security scanning

Developer-friendly best practices for integrating container security into the software development lifecycle without slowing down

2023 Ways To Secure Your Container

Securing your software can sometimes feel daunting – with so many languages and frameworks, where to even begin? Watch 15 jam-packed minutes to learn how the right research approach can help teams focus efforts, continuously drive down false positive rates, and make smarter, more informed decisions. 

You will learn:
- What goes into researching security flaws within a specific language or framework
- The importance of scaling applied research findings as frameworks evolve and new ones emerge
- A day in the life of a security researcher, essential skill requirements, and common gaps
- What’s next in application security (AppSec) research

VeraTalk: Show Me The Research

Ryan O'Boyle and Kenneth G. Hartman discuss the role of DevSecOps metrics in determining effective objectives and key results (OKRs) and making data-driven decisions. They will discuss example metrics related to SAST and DAST scanning and code provenance and demonstrate how to calculate these metrics as a natural part of the DevSecOps workflow. You will learn how to:

- Devise metrics that focus the DevSecOps team’s efforts on the biggest impacts
- Maximize team member buy-in
- Minimize unintended consequences

DevSecOps Success: What's Team Metrics Got to Do With It?

How do you assess the security of your own supply chain and provide assurances downstream? Knowing how to generate and leverage a software bill of materials (SBOM) is essential. In this webinar, you will learn how to satisfy regulatory and buyer requirements and build confidence and security into your software supply chain.

More specifically, you’ll learn:

- Why an SBOM matters
- Best practices for generating an SBOM
- The data behind improving the security of your software supply chain

The Critical Role of SBOM in Securing Your Software Supply Chain

¿Sabes cómo aplicar los principios DevSecOps en tu ciclo de desarrollo? 
En este webinar explicaremos todo lo que necesitas saber sobre el uso de Análisis Dinámico en un entorno DevSecOps. Aprenderás sobre velocidad, automatización y escalabilidad del análisis dinámico en una plataforma en la nube y cómo te puede ayudar a mantener seguras tus aplicaciones. 

Compartiremos ejemplos sobre el funcionamiento de nuestra solución de Análisis Dinámico y cómo puede ayudar a tu empresa a mantener su ventaja competitiva.

Análisis dinámico en un entorno DevSecOps

Webinar mit Julian Totzek-Hallhuber, Manager Solution Architects EMEA South and APAC bei Veracode, in dem Sie Folgendes lernen werden: 

die Geschwindigkeit, Automatisierung und Skalierbarkeit der dynamischen Analyse auf einer Cloud-Plattform und wie sie dazu beitragen kann, Ihre Anwendungen sicher zu halten. 

Wie Sie Ihre Apps schützen können 

Beispiele dafür, wie unsere Dynamic Analysis-Lösung funktioniert und wie sie Ihrem Unternehmen helfen kann, seinen Wettbewerbsvorteil zu erhalten

Dynamic Analysis in einer DevSecOps Umgebung

Developers want to write secure code. They may not know how. What are the most effective ways to train them? What are best practices to keep them engaged with the training? It starts with experiencing vulnerabilities firsthand. A developer who exploits, for example, server-side request forgery (SSRF) in a real application has had a memorable and impactful experience. Even better is when the training has them fix the vulnerability by editing the source code and seeing the result moments later. Developers also enjoy competing against one another and seeing a live leaderboard. Another consideration is being recognized for their effort with badges and certifications that can be displayed on their social media profiles. All of these elements go into a training program that developers will love. 

 

In this webinar, you'll learn about the unique approach to developer training in Veracode Security Labs. Hundreds of hands-on, interactive courses covering common vulnerabilities in web applications, APIs, and mobile apps are available. Your developers will learn vital secure coding techniques they didn't hear about in their university Computer Science curriculum. Security Labs is the developer education platform to help secure your business.

Secure Code Training That Developers Will Love

Is your organization leveraging the benefits of Software Bill of Materials (SBOMs)? If not, now is the time. SBOMs not only help you manage software supply chain security, but also help you identify and avoid vulnerabilities, verify license compliance, and improve your overall software security. 

Join this webinar to learn: 
·       The basics of an SBOM 
·       Why your organisation needs an SBOM (or several!) 
·       Steps you can take immediately to start securing your software supply chain

Manage Software Supply Chain Risk and Avoid Vulnerabilities

You know it and we know it: DevOps is increasingly moving to the cloud. If you want a clear view of your security posture, you need a state of the art software security platform that’s cloud-native to support where DevOps lives. Join our panel of experts, and we’ll show you the secret to better, more-relevant analytics and reporting across the entire software development lifecycle. Learn how easy it is to apply holistic security practices using a cloud-native platform!

The Secret to a Clear View of Your Security Posture

What if I told you that you could improve the rate at which you fix your security issues up to 88% faster, without spending money on expensive consultants or blinky lights. 'Security Champions' could be the answer.
 
Gartner predicts 3.4 million unfilled security roles by 2022 - simply because there are not enough expertise. DevOps teams in particular are leading the way in identifying Security Champions to help promote secure coding and reduce friction within teams. Rather than relying exclusively on a centralised security team, that can’t scale - we can go faster by nurturing security advocates in each development team. We talk about how to harness the existing talent in your teams and provide insights into how you can force-multiply the effect of security across your organisation, in a way that is likely to be received positively by your development teams.

Creating Security Champions to Improve Your DevOps Security Posture

Cyber Security

Cloud

Cyber Attacks

IT Security

Cloud Security

Security

Digital Transformation

Developers

DevOps

Information Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Creating Security Champions to Improve Your DevOps Security Posture

Presented by

About this talk

More from this channel