Hi [[ session.user.profile.firstName ]]

AppSec in 2020: What’s on the Horizon

We saw some positive changes in AppSec in 2019. Organisations are increasingly focused on not just finding security vulnerabilities, but fixing them, and prioritising the flaws that put them most as risk. But we’ve got a long way to go; we still find that the vast majority of software (83% in fact) contains at least one vulnerability on initial scan.

How will things evolve in 2020? Join this webinar where we’ll discuss AppSec themes we expect to emerge in 2020, including:

•Using security champions on development teams to act as a force multiplier for the security team
•Optimising AppSec with the right metrics
•DevSecOps going mainstream
•Shifting focus from finding security-related defects to fixing them
•Regulations affecting AppSec practices
Recorded Jan 14 2020 45 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Paul Farrington CTO, Veracode & Adam Reyland, Regional Marketing Specialist, Veracode
Presentation preview: AppSec in 2020: What’s on the Horizon

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Soluciones SaaS Para Mejorar la Seguridad de las Aplicaciones Jan 28 2021 10:00 am UTC 60 mins
    Antonio Reche, Solution Architect at Veracode
    Las empresas se han visto obligadas a transformar digitalmente sus procesos comerciales. Para muchos, es la única forma de interactuar con sus empleados y clientes. A medida que aceleran su transformación, muchos están trasladando aplicaciones a la nube y redefiniendo el conjunto de herramientas de desarrollo. Como sabemos, esta rápida transformación crea una gran oportunidad para que los ciberdelincuentes ataquen.

    Entonces, ¿cuál es la mejor manera de proteger sus fuentes de ingresos online sin comprometer la seguridad?

    Las soluciones AppSec SaaS se crearon específicamente para esta rápida transformación: ayudar a reducir costes, proporcionar un TCO (coste total de propiedad) más bajo que la infraestructura on-premise y ayudar a los desarrolladores a corregir vulnerabilidades.

    Atienda a esta sesión para conocer más detalles acerca:

    • Aprovechar la nube para que pueda empezar a proteger sus aplicaciones de inmediato
    • Cómo las soluciones basadas en la nube pueden impulsar la colaboración y la productividad para equipos remotos
    • Hacer que su programa AppSec sea eficaz con los desafíos del trabajo desde casa
    • Ampliación, reducción y ahorro de dinero con una fácil integración en su SDLC
    • Los beneficios de los productos SaaS de Veracode, incluyendo instalación mínima o nula
  • Comment Identifier Votre Surface D’attaque sur Internet et le Risque Associé Dec 10 2020 11:00 am UTC 60 mins
    Nabil Bousselham, Solution Architect at Veracode
    Les applications web continuent d’être le principal vecteur d’attaque pour les cyber-attaquants qui cherchent à s’introduire dans les systèmes IT des organisations. L’utilisation d’une technique de découverte et de tests dynamiques de sécurité des sites web (DAST) donne aux équipes du SOC l’assurance que les applications fonctionneront en toute sécurité dans le monde réel.

    L’analyse dynamique est une solution importante dans un programme de sécurité applicative mature, car cette forme de test permet de découvrir plus facilement différents types de vulnérabilités, notamment les fuites d’informations, les problèmes cryptographiques et les scripts intersites. Vous savez qu’il est important de sécuriser toutes les applications web de votre organisation - y compris celles dont vous ne savez même pas que vous êtes propriétaire - tout en garantissant une mise sur le marché rapide pour répondre aux demandes et aux attentes des clients. C’est là qu’intervient Veracode. Regardez ce webinaire pour savoir comment mettre en œuvre un programme d’analyse dynamique qui répond à ces quatre critères clés :

    - Découverte : Découvrez chaque application web associée à votre organisation, même si vous ne l’avez pas créée en interne, afin de dresser un inventaire exhaustif.
    - Évolutivité : La possibilité d’analyser plusieurs applications à la fois - qu’elles soient authentifiées ou non - pour éviter que la sécurité ne soit un goulot d’étranglement.
    - Rapidité : Fournir des résultats de haute qualité rapidement et de manière intelligente, ce qui permet de gagner du temps.
    - Automatisation et intégration : Les scans qui s’exécutent automatiquement et s’intègrent aux processus et outils existants permettent à vos équipes de sécurité et de développement d’avancer rapidement.
  • VeraTalks: Raising Good Software: Is It Nature or Nurture? Dec 8 2020 4:30 pm UTC 30 mins
    Anne Nielsen, Veracode Product Management
    We know most software is insecure. We also know that organizations are struggling to remediate these flaws in a timely fashion.

    How did we get to this state of software security, and what’s the best way to address it? Are some apps by their very nature simply less secure? Or are we just not nurturing the security of apps correctly? We investigated this question when analyzing our scanning data from 130,000 apps for our annual State of Software Security report.

    During this month’s VeraTalk, we will highlight the findings and examine:
    •What’s more important in application security – nature or nurture?
    •Is software security related to the attributes of the app that the developer inherits – its security debt, its size?
    •Or is software security dependent on the actions of developers – how frequently they are scanning for security or how security is integrated into their processes?
    •And if it is indeed the “nature” of apps that affects security more, is there anything developers or security pros can do to improve security outcomes?

    Join us for an insightful talk on software security today, and practical steps you can take to reduce your risk of breach.
  • How to Keep Business Continuity and Control AppSec Costs in Turbulent Times Dec 3 2020 11:00 am UTC 55 mins
    Chris Kirsch, Director, Product Strategy, Veracode
    Companies have been forced into moving their business processes online. For many it’s the only way to interact with their employees and customers. As they are accelerating their digital transformation, many are moving applications to the cloud and redesigning the development toolchain – but keeping an eye on spend. As we know, this fast-moving transformation creates a ripe opportunity for cybercriminals to pounce.

    So, what’s the best way to protect your online revenue streams without compromising security?

    SaaS AppSec solutions were purpose-built for this rapid transformation: helping to reduce costs, providing a lower TCO than on-premise infrastructure and helping developers remediate vulnerabilities.

    Watch this webinar to learn how to:

    •Protect your online revenue streams by reducing application security risks
    •Make your AppSec program resilient to work-from-home challenges
    •Drastically reduce the cost of your AppSec program
  • Understanding Modern Software Development Recorded: Nov 19 2020 49 mins
    Ryan Lloyd, VP of Products, Veracode & Scott Ward, Principal Solutions Architect - Emerging Partners at AWS
    In a DevSecOps world, the security team needs a much more thorough understanding of the development process than they did in the past; they simply won’t be able to do their jobs effectively and integrate security into the development process without a deep understanding of how this team works. This session details what exactly the security teams now needs to understand, including:

    •Development processes, tools, and technologies: How developers are producing code, checking code into source control, spinning up environments, and deploying code to the pipeline
    •Development priorities and challenges: It’s no longer practical to make extensive security demands of development teams without any awareness of their workload and priorities.
    •Open source library use: Understanding how code comes into your organization will be increasingly critical.
    •DevOps: You definitely need a clear understanding of this development model. Even if your organization hasn’t fully embraced DevOps, this is the future of software development.
  • The Human Side of DevSecOps: Building Trust with Software Development Recorded: Nov 5 2020 44 mins
    Chris Kirsch | Director of Product Marketing, Veracode
    With DevSecOps, it’s become even more important for security to build a strong relationship with engineering. However, “relationships and trust” is not a topic that is typically taught when you are taking a cybersecurity degree. In this session, we’ll look at the people side of the equation, taught by a DEF CON Black Badge winner of the Social Engineering CTF.

    While the techniques in this session are used by social engineers, con artists and the FBI, they can equally be applied to honest relationship building. It’s the genuine intent that matters, and you’ll need to invest into the relationship over time. The difference is that you’ll build trust faster and with a higher success rate because you understand the mechanics. You can also apply the same principles in other professional and personal relationships.

    Join this session to learn about:

    •Lowering barriers when reaching out
    •Understanding and initiating trust
    •Using positive body language
    •Making your ask in the right way
    •Suspending your ego, and why it’s important
    •Validating others with empathy
    •Figuring out common ground to build on
    •Framing the situation from their perspective
  • How Financial Services Is Getting Cyber Security Right and Wrong Recorded: Oct 29 2020 65 mins
    John Smith, Director Solution Architect at Veracode & Adrian Benvenuti, VP Cyber Security & Risk at Moody's
    While the financial services industry is ahead of other industries in terms of preparedness for cyberattacks, research from Veracode has revealed that while they are making great strides in remediating software vulnerabilities, many are still to slow in actually making these fixes.

    What Will You Learn?

    With a median time to remediate security flaws in code of 67 days, financial services organizations are leaving software vulnerable to attack. At the same time, the coronavirus crisis is accelerating the need to interact more effectively through digital platforms.

    This webinar brings John Smith, director of solution architects at Veracode, and Adrian Benvenuti, vice president of cyber security risk and architecture at Moody’s, together to discuss the state of software security and how the financial services industry could do better.
  • How to Reduzieren von Sicherheitsschulden durch häufiges Scannen Recorded: Oct 27 2020 37 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Sicherheitsschulden ähneln Kreditkartenschulden dahingehend, dass sie Zinsen (Risiken) erhalten, je länger Sie auf die Rückzahlung durch Fehlerbehebung warten, sodass Ihre Anwendungen potenziellen Verstößen und Angriffen ausgesetzt sind. Aber es gibt gute Nachrichten: Aus unserem 10. “State of Software Security Report” wissen wir, dass Unternehmen, die ihre Anwendungen häufig (mehr als 300 Mal) scannen, fünfmal weniger Sicherheitsschulden haben als Unternehmen, die selten scannen. In diesem Webinar in unserer Veracode How-To-Reihe erfahren Sie mehr über Sicherheitsschulden und wie Sie diese vermeiden können.

    Was Sie lernen werden:

    • Was Sicherheitsschulden sind und wie sie unnötige Risiken für den Zustand Ihrer Anwendungen mit sich bringen
    • Wie häufige Sicherheit Scans ie Sicherheitsverschuldung und die mittlere Zeit bis zur Behebung (MedianTTR) reduzieren können.
    • Möglichkeiten, wie Sie Sicherheitsschulden durch ein effektives Anwendungssicherheitsprogramm (AppSec) vermeiden können
  • An Introduction to Hands-On Training for More Secure Code Recorded: Oct 27 2020 28 mins
    Fletcher Heisler, Director of Developer Enablement
    Developers are under intense pressure to produce good code every day, whether they’re working on new features, making continuous improvements, or chipping away at security debt. In the race to meet deadlines, taking extra time to pause and work on improving their skills often means application security is an afterthought for developers. The good news? Initiating programs that train developers on secure coding practices and integrating those programs into everyday tasks means less disruption to everyday work, and more secure code

    But it isn’t enough to simply offer bland multiple-choice quizzes or recycled tutorial-style videos; hands-on training programs in the languages developers use most make a lasting impact. Veracode Security Labs offers just this. It’s different from other educational tools on the market, leveraging real-world applications in contained environments. Once logged in, developers can practice exploiting and fixing the flaws that they face every day. This level of hands-on interaction is invaluable to helping developers understand – and retain – the steps they need to take to write more secure code, saving your organization time and money down the road.

    Join this webinar to gain an understanding of:
    •How our offering is different than other developer security training programs in the market
    •The unique gamification aspects of the solution through live, real-world examples
    •How you can satisfy compliance requirements through ongoing AppSec training
  • The State of AppSec in Government – Featuring Sandy Carielli, Forrester Research Recorded: Oct 22 2020 55 mins
    Eric Wassenaar, Veracode State, Local, and Education team, and Sandy Carielli, Forrester Research Principal Analyst
    In the use of modern security technology, the government sector seems to always be playing catch up. Governments also hold an enormous amount of sensitive information on individuals and businesses, and are frequent targets of cyberattacks using phishing, malware and ransomware. Understandably, confidence that government can adequately protect applications and data is low. Based on data from both Forrester Research and Veracode’s State of Software Security report Volume 10, government falls behind other sectors in the implementation of best practices within AppSec. In this era, everyone is responsible for security, and government is no exception.

    On October 22 at 11 am ET, join Eric Wassenaar of Veracode’s State, Local, and Education team, and Forrester Research Principal Analyst Sandy Carielli, in a live webinar as they discuss the State of Application Security in Government, provide data and insights to help those within all levels of government understand application security risk, and offer guidance and success stories that can help government entities better secure the software that enables their operations.
  • DevSecOps Done Right Recorded: Oct 22 2020 46 mins
    Paul Farrington | CTO at Veracode
    Application security is not a one-and-done project, and there is no AppSec silver bullet. Application security is an ongoing program that assesses software at different stages of the development lifecycle in different ways. In this way, DevOps becomes DevSecOps. However, there are a few common obstacles that often hinder AppSec progress. Tune into this session to learn how to overcome the following:

    •Developers not empowered to fix what they find
    •AppSec solutions that are hard to manage and scale
    •Security teams with limited bandwidth to manage an AppSec program
  • VeraTalks - Mitigating Open Source Risk in your Organization Recorded: Oct 21 2020 19 mins
    Chris Eng, Chief Research Officer at Veracode
    The data speaks for itself. In our analysis of over 85,000 applications, more than 500,000 open source libraries were in use. This trend is clearly here to stay and only growing, but what does it mean for your organization? In this discussion, Chris tells us what Open source is, the risks involved with some real-life examples and how you can keep your organization secure while also empowering your development teams.
  • Shift Application Security Knowledge Left to Deliver Secure Code On Time Recorded: Oct 5 2020 44 mins
    Fletcher Heisler | Director, Developer Enablement at Veracode
    When it comes to software, developers are really the only ones in an organization who can fix the vulnerabilities in their code. Yet in many cases they don’t have the training needed to identify and remediate vulnerabilities, or to code securely enough to reduce the number of vulnerabilities found in production. In addition, security teams often don't have the bandwidth or expertise to teach them. The result is an ever-growing mountain of security debt.

    Join product experts from Veracode who will share strategies on how to bridge the gap between development and security including:

    Creating opportunities for real-world remediation skills for modern threats,
    Designing developer training programs specifically to meet compliance requirements,
    Deploying relevant and customized developer training at the speed of DevSecOps.
  • Panel - Debunking the AppSec Silver Bullet Myth with Veracode & HackerOne Recorded: Oct 1 2020 59 mins
    Paul Farrington, Laurie Mercer, Chris Kirsch, James Kettle
    There is no AppSec silver bullet. All application security scans – static analysis, dynamic analysis, penetration tests, bug bounties, etc. – have a role to play, and they all work together to fully secure your application layer.

    Join Veracode, HackerOne, for a virtual meetup to learn about the strengths and weaknesses of different scan types as well as best practices and practical advice for building or maturing an application security program.

    Key takeaways
    The strengths and weaknesses of the different AppSec analysis types
    Knowing about your risks means you can mitigate against them
    Security is better achieved together

    We will be giving away digital vouchers to the first 50 registrants who register to this virtual panel.

    Help shape the conversation by completing this survey - https://ayandachiwuta.typeform.com/to/Uz45IT

    Panel Speakers
    Chris Kirsch, Director Product Marketing, Veracode - Moderator
    Paul Farrington, EMEA CTO, Veracode – Panelist
    Laurie Mercer, Security Engineer, HackerOne - Panelist
    James Kettle, Director of Research, Hacker, PortSwigger Web Security - Panelist
  • Shifting Left with Future Proofed AppSec – Customer Conversation Recorded: Oct 1 2020 44 mins
    John Smith, Director Solution Architects, Veracode / Marco Ulgelmo, CISO, Quby
    Meeting the demands of modern software development requires fast and accurate security solutions that you can scale up or scale down, anytime, anywhere – especially in the face of a global digital transformation. As our Static Analysis scan numbers hit a new record in March and then another record high in April, our customers continue to impress with their drive for better application security in the face of current events.

    In this session we are sitting down with Quby, a Veracode customer and innovative Dutch-based energy and utilities company, to discuss how future proofing their application security with cloud-based solutions has allowed them to continue their “shift-left” strategy while keeping pace with the competition.

    Join this informative discussion between Quby’s CISO Marco Ulgelmo and Veracode’s Director of Solution Architects EMA/APAC John Smith to learn more about:
    • Quby’s journey to full automation and integration
    • How Quby leveraged the cloud to begin securing their applications right away
    • How a cloud-based solution boosted collaboration and productivity for remote teams
    • Scaling up, scaling down, and saving money with easy integration into their SDLC
  • Detect, Prioritize and Remediate: Discover an AppSec Solution With Coverage Recorded: Sep 30 2020 42 mins
    Glenn Whittemore, Senior Solution Architect, Veracode
    Do you trust your application security (AppSec) solution? Good AppSec tools prevent breaches and – ultimately – lost revenue, lawsuits, and bad press. Cyberattacks and data leaks have a lasting impact on your organization, both financially and socially, which is difficult to bounce back from in today’s digital world. In order to keep your applications secure, you need a solution that is backed by proven success and comes equipped with features that help you find and fix flaws fast before they become headaches. A robust and efficient AppSec solution is one that brings critical benefits to the table, such as low false positives so that you know which findings you need to fix, and low false negatives so that you know your application is secure. AppSec vendors worth their weight should also offer a breadth of coverage with a portfolio of solutions that go beyond Static Analysis (SAST) to help you prioritize findings, track progress through comprehensive analytics, and cut through the weeds of finicky flaws with dedicated support.

    Join this webinar to learn why it’s important that you go beyond QA tools and SAST for a robust AppSec solution that will keep your company – and your customers – safe.
  • Learning from Organizations Running Successful AppSec Programs Recorded: Sep 29 2020 48 mins
    Pejman Pourmousa | VP of Services at Veracode & Adrian Benvenuti, VP of IT Risk and Security Architecture at Moody's,
    Veracode has helped thousands of customers integrate security into their development cycle, and we’ve now got lessons learned best practices, and pitfalls to avoid. Join this session to hear from members of Veracode’s services team and a Veracode customer on how real-life AppSec programs are helping their security and development teams work together to secure code. You’ll learn:

    •Lessons learned from organizations who have effectively integrated security into development processes
    •Pitfalls to avoid when introducing security into development
    •Advice and tips from those who are working with development teams every day to create secure code
  • Getting AppSec Developer Buy In Recorded: Sep 24 2020 47 mins
    Tim Jarrett, Sr. Director of Product Management, Veracode | Gene Kim, Author, Researcher
    Development teams’ biggest fear when they hear their organization will enact an application security assessment program is that their development efforts will be slowed down. This team can be the biggest barrier to the success of the program because if they don’t follow the protocol set forth by the program plan, the security team will be unable to demonstrate the value of the plan.

    Join this session to get our tips on getting developer buy-in for your AppSec program, including implementing the right tools, establishing training on secure coding, and developing a security champions program.

    Key takeaways:
    - Find out what you need to know about your development teams’ processes and priorities in order to get AppSec buy-in
    - Understand why the right AppSec tools and training are key to developer buy-in
    - Get tips on developing a security champions program
  • Real-World Retrospective: AppSec First Steps Recorded: Sep 24 2020 39 mins
    Anne Correia, Veracode | Joe Leonard, CISO Advisory Services | Jason Curtis, Financial Industry Expert
    With AppSec, as with most initiatives, the first step is often the most difficult. Learn from someone who’s been there. Join our conversation with Joe Leonard a Cyber Security leader and more as they explain their recounts on how organizations have kick off their AppSec program. You’ll get best practices and lessons learned on the initial AppSec steps to take to set your organization up for success.

    Key takeaways:
    - Hear how real companies kicked off and expanded their AppSec programs
    - Get AppSec best practices you can take back to your own company
    - Get practical advice on AppSec pitfalls to avoid
  • Which AppSec Testing Type is Right for You? Recorded: Sep 22 2020 43 mins
    Chris Kirsch, Director Product Marketing, Veracode
    Although there are a variety of application security technologies, there is no silver bullet. You need to gather the strengths of multiple analysis techniques along the entire application lifetime — from development to testing to production — to drive down application risk. Each testing type, from static to dynamic to software composition analysis and manual pen testing, has different strengths and weaknesses and are better in different scenarios, but you won’t be effective without taking advantage of them all.

    Join this session to understand the strengths and weaknesses of the different AppSec testing types, how they work together, and how to get started.

    About the speaker:
    Chris Kirsch works on the products team at Veracode and has 22 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: AppSec in 2020: What’s on the Horizon
  • Live at: Jan 14 2020 11:00 am
  • Presented by: Paul Farrington CTO, Veracode & Adam Reyland, Regional Marketing Specialist, Veracode
  • From:
Your email has been sent.
or close