Name: Understanding Modern Software Development
Start: 2020-05-20T15:00:00Z
End: 2020-05-20T15:49:39.000Z
Location: BrightTALK
Rating: 5

Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

There are steps you can take to safeguard your software development lifecycle (SDLC) and improve the security of your applications – without compromising speed. Join us as we review modern threats to look out for and tips for managing a secure SDLC.

Top 10 Tips for Managing a Secure Software Development Lifecycle

We’re not pointing any fingers here, but 46% of organizations knowingly push vulnerable code to meet a deadline. This isn’t only Security’s problem or only Development’s fault, and it doesn’t have to be this way!

Bridging this gap is about seeing how aligned the interests of these teams are – which is what the Veracode platform is designed to do.

Join this webinar to learn how to use the (Development experience inspired) keys of successful application security strategies:

- Less rework
- More integration
- Succinct training on how to code securely

This is a must-see webinar! What are you waiting for?

How Developers Influence Application Security Strategies

Legislation is working to ensure that all software vendors secure their software supply chain:

• The White House implemented an Executive Order on Cybersecurity which outlines security requirements for vendors supplying software to the federal government.
• The EU just passed a directive that places accountability on top management for non-compliance with security regulations.

How does your organization’s software security program stack up against current and future legislation?

VeraTalk: Get a Strategy for AppSec Before One is Legislated For You

L'année dernière, d'importantes violations de données et des vulnérabilités zero-day ont mis la sécurité logicielle sous les feux des projecteurs. Les organisations du monde entier et leurs équipes de sécurité continuent d'être mises à l’épreuve par un paysage de menaces complexe et en évolution, qu'il s'agisse d'une poussée inattendue vers la transformation numérique provoquée par une pandémie mondiale, ou des vulnérabilités très exploitables, comme Log4J, avec des répercussions de grande envergure qui se produisent plus fréquemment.

Investir du temps et des ressources dans la sécurité de votre logiciel n'a jamais été aussi critique. Accenture aide les organisations à renforcer leur sécurité logicielle en mettant en œuvre les meilleures pratiques pour les programmes AppSec et en fournissant des recommandations sur le développement de la sécurité dans leurs écosystèmes, en utilisant la sécurité des applications Veracode.

Dans cette session Accenture et Veracode collaborent pour partager ce qui est bien, mieux et ce qui se fait de meilleur pour sécuriser des logiciels.

Rejoignez cette discussion où nous couvrons: 

- Des cas d’usages d'organisations ayant recours à AppSec correctement et incorrectement 
- Défis communs liés à l'intégration de la sécurité dans le cycle de développement 
- Comment créer un programme complet de sécurité des applications 
- Processus d'évaluation et autres types d'outils envisagés 
- Les toutes dernières données sur les habitudes de numérisation et comment vous pouvez exploiter ces données

Préparer l'avenir - Sécurité logicielle à long terme avec Accenture

Join a conversation about the current state of AppSec and industry trends with Chris Wysopal, Veracode CTO and co-founder, and special guest Sandy Carielli, Forrester principal analyst.

We’ll discuss findings from Veracode’s newly released State of Software Security report and how they intersect with Forrester Technographics data for a comprehensive look at software security trends across the last 12 years.

You’ll learn how to leverage these trends to improve your software security program and safeguard your applications from vulnerabilities like Log4j.

Topics will include:
- Hypercompetitiveness in the software market driving new development trends
- Open source library usage and the importance of open source scanning tools
- Developer secure code training and improved time to remediation
- And more!

Which Industry Trends Impact Your Software Security Program?

Con la rápida aceleración de la transformación digital en las compañías como consecuencia del COVID-19, las APIs son actualmente críticas en la creación y desarrollo de aplicaciones. Permiten una fácil transmisión de datos de un producto o servicio a otro, haciendo que la información esté disponible en múltiples sistemas. Desafortunadamente, al mismo tiempo también crean un vector de ataque atractivo para los ciberdelincuentes. 

Según Gartner®, para 2022 los abusos de APIs pasarán de ser un vector de ataque infrecuente a uno más recurrente, dando como resultado filtraciones de datos en cualquier aplicación web existente. 

En nuestro seminario web, trataremos los siguiente temas: 
• Importancia de APIs en nuevas arquitecturas 
• Riesgos de APIs inseguras 
• Enfoques de Veracode para analizar y proteger APIs 
• Demo

Testing y Seguridad de Aplicaciones en el desarrollo de APIs

Have you ever wondered what a mature application security (AppSec) program looks like? Or what steps you should be taking to further protect your applications? Veracode customer, Step Stone, has the answers. Join us for a fireside chat to learn about Step Stone’s journey to AppSec “nirvana.”   
You will learn:
•The importance of an AppSec program
•The stages of AppSec maturity  
•Steps to reach AppSec maturity
•Lessons from Step Stone's AppSec journey

One Step at a Time: The Key to Building a Mature AppSec Program

With the rapid acceleration of digital transformation for businesses as a result of COVID-19, APIs are more critical than ever to build modern applications. They allow easy data transmission from one product or service to another, making information available on many systems. At the same time, they also create a desirable attack vector for cyber criminals. 

According to Gartner® “by 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.”  

In this webinar, we'll be covering the following: 
- Importance of APIs in new architectures 
- Risks of insecure APIs 
- Veracode approaches for securing APIs 
- Demo

360-degree approach to testing and securing of API application code

Die 12. Ausgabe des State of Software Security (SOSS)-Berichts ist jetzt online. Wie in den Vorjahren nutzt der SOSS-Bericht Kundenscandaten, um Ihnen zu zeigen, wie sich die Softwaresicherheitslandschaft entwickelt und welche Schritte Sie unternehmen sollten, um Ihre Anwendungen zukunftssicher zu machen. 

Um Ihnen dabei zu helfen, die Daten zu analysieren und die einflussreichsten Trends zu verstehen, veranstalten wir ein Webinar mit Julian Totzek-Hallhuber, Senior Principal Solution Architect bei Veracode. Julian wird nicht nur die wichtigsten Ergebnisse des Berichts skizzieren, sondern sich auch mit Daten befassen, die für die europäische Region spezifisch sind. 
Zu den Themen gehören: 
• Aktuelle Trends, um Fehler zu beheben 
• Die häufigsten Fehler nach Scantyp 
• Die am stärksten gefährdeten Bibliotheken 
• Und mehr!

Regionaler Snapshot zum Stand der Softwaresicherheit: Europa

35% of organizations say less than half of their development teams participate in formal security training. But if developers are the backbones of creating secure software, why aren’t they getting the secure coding education they need in school and throughout their careers?
That’s precisely the reason why OneLogin, a cloud-based identity, and access management (IAM) provider, implemented a comprehensive developer security training program to proactively reduce code defects in development.
Join us on September 16th at 12 PM EST as we sit down with Veracode customer Jim Hebert, Application Security Engineer, OneLogin to discuss how to craft a well-rounded security training program that ensures developers have the skills needed to write secure code and remediate vulnerabilities. OneLogin uses Veracode Security Labs, which offers hands-on training that enables developers to exploit and patch real apps in contained environments so that critical secure coding skills can be practically applied in the software development lifecycle.
During this session, we’ll cover:
• Common challenges with integrating security into the development cycle
• How to build a comprehensive developer security program
• Why effective security training is a keystone element of all application security
• Bridging the gap between a theoretical understanding of secure software development to the actual practice with Veracode Security Labs
• Evaluation process and other types of tools considered

How OneLogin is Empowering Developers with Secure Code Training

Conducting manual AppSec scans is both time-consuming and costly. But by automating your scans and reporting, you can reduce costs and scale your AppSec program.
Tune in as Tim Jarrett discusses:
•        The benefits of automating and integrating AppSec scans into the developer’s existing tools and processes
•        How to easily integrate Veracode with the development pipeline, security, and risk-tracking systems you already use.
•        Best practices for integrating scan tools into your pipeline.

Automating Security Flaw Discovery

How can you demonstrate the value of adopting or expanding your organisation’s AppSec program when there’s a growing need for all types of cybersecurity, as well as intense competition for your critical tech budget? Simply put, you must convince decision-makers that your program — and their money — will lead to better business outcomes, a higher level of efficiency, lower costs, and improved return on investment (ROI).

Key takeaways:
- Learn how to make the case for AppSec in a way that resonates with executives
- Understand which AppSec metrics executives will care about
- Find out how to tie AppSec to corporate goals and priorities

Attend this session to get tips and best practices on making the case for AppSec to the board

The Value of Application Security - Getting AppSec Executive Buy In

Software security is about more than avoiding costly breaches. It’s about giving your organization the confidence to create, innovate, and bring solutions to market … before the competition. And the key to software security today? Education.  

When it comes to software, developers are really the only ones in an organisation who can fix the vulnerabilities in their code. Yet most developers don’t have the training they need to identify or remediate vulnerabilities, and security teams don't have the bandwidth to train them. This leaves the development team with ineffective training content that is too long, irrelevant to an organization's tech stack, or not engaging.  

Join us on May 27th for a panel discussion hosted by Director of Solution Architects at Veracode John Smith, joined by DevSecOps practitioner Michael Mann, Srimant Achayra, Global Head Enterprise Vulnerability Management CoE, TCS Cyber Security and Adam Casey, ex-CISO, now Director Cyber Security and Data Protection at consultancy i3Secure. 
We will be discussing: 

- Why developers need training on secure coding  
- Why the best approach in an AppSec strategy in addition to scanning includes avoiding creating flaws in the first place  
- How shifting left in the development process is a route to competitive advantage  
- Best practice in designing customized AppSec education based on organization’s unique tech stack and business objectives

Secure Coding's Impact on an Organisation – Panel Discussion

La 12e édition du rapport State of Software Security (SOSS) est maintenant en ligne. Comme les années précédentes, le rapport SOSS tire parti des données d'analyse des clients pour vous montrer comment le paysage de la sécurité logicielle évolue et quelles mesures vous devez prendre pour pérenniser vos applications. 

Pour vous aider à distinguer les données et les tendances les plus impactantes, nous organiserons un webinaire avec Nabil Bousselham, architecte principal de solutions chez Veracode. Nabil décrira non seulement les principales conclusions du rapport, mais il approfondira également les données spécifiques à la région européenne. 

Les sujets abordés: 
- Tendances dans le temps pour corriger les défauts 
- Les failles les plus courantes par type de scan 
- Les bibliothèques les plus vulnérables 
- Et bien plus!

The State of Software Security Aperçu Régional: Europe

If you're planning to build a car engine, you'd probably start by researching instructions, collecting the necessary parts, and establishing a process to ensure that the build goes smoothly. The same goes for building an application security (AppSec) program. You'd need to figure out what AppSec tests you want to include, how you're going to incorporate them into the software development lifecycle (SDLC), and what process you're going to use – waterfall, agile, or DevOps.  

But you don't have to figure out how to build a car engine, or AppSec program, by yourself. Join us for part one of our three-part webinar series for tips on building, maturing, and maintaining an AppSec program. We will examine the various AppSec testing types – static analysis, software composition analysis, dynamic analysis, interactive application security testing, and penetration testing – determine which tests you should start with, and where they should go in the SDLC. We will then explore the various methodology types and modern application architecture.

Components of the AppSec Engine, Part 1

In a DevSecOps world, the security team needs a much more thorough understanding of the development process than they did in the past; they simply won’t be able to do their jobs effectively and integrate security into the development process without a deep understanding of how this team works. This session details what exactly the security teams now needs to understand, including:

•Development processes, tools, and technologies: How developers are producing code, checking code into source control, spinning up environments, and deploying code to the pipeline
•Development priorities and challenges: It’s no longer practical to make extensive security demands of development teams without any awareness of their workload and priorities.
•Open source library use: Understanding how code comes into your organization will be increasingly critical.
•DevOps: You definitely need a clear understanding of this development model. Even if your organization hasn’t fully embraced DevOps, this is the future of software development.

Understanding Modern Software Development

Software Asset Management

Development

Application Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Understanding Modern Software Development

Presented by

About this talk

More from this channel