Hi [[ session.user.profile.firstName ]]

Pipeline Scan, Meeting the Needs of Modern DevOps - NessPRO & Veracode

How are you integrating security into the development process? Are you able to test for security without slowing down the development process? We want to hear about your experiences and share our new initiatives in addressing this challenge.

Marketing leading Application Security Testing vendor Veracode recently announced their new Static Analysis product family, which combines their existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted, and the Policy Scan for reporting that satisfies security and auditor requirements.

Please join us for this interactive workshop – we want to hear your challenges, answer your questions, and show you this latest technological advancement and how it can address your application security problems. In this workshop, you’ll get:
•An in-depth look at Veracodes new Pipeline Scan
•Information on how Veracode Static Analysis can help you secure your code across the pipeline
•Discussion about the value of fast security feedback in the IDE as developers code
•Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
Recorded Aug 11 2020 57 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Fulya Sengil, Solutions Architect, Veracode & Izak Cohen, NessPro Israel
Presentation preview: Pipeline Scan, Meeting the Needs of Modern DevOps - NessPRO & Veracode

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to... Utiliser les bonnes pratiques de test AppSec dans le SDLC Sep 17 2020 9:00 am UTC 60 mins
    Nabil Bousselham | Solution Architect at Veracode
    Si vous ne disposez pas des outils appropriés intégrés aux étapes du cycle de vie du développement logiciel (SDLC), il y a de fortes chances que vous manquiez des failles et des vulnérabilités dans votre code. Cela augmente les risques, la dette de Sécurité et rend vos applications vulnérables.

    Regardez cette vidéo pour découvrir la place de chaque outils Veracode dans le SDLC et pourquoi il s’agit du type de test approprié afin que vous puissiez commencer à intégrer la sécurité à chaque phase de votre pipeline.

    Ce que vous apprendrez :
    • Comment les produits Veracode aident les équipes de développement et de sécurité à livrer des logiciels sécurisés, en toute confiance
    • Les avantages de solutions complètes comme Veracode Static Analysis et leur intégration dans votre SDLC
    • Pourquoi il est essentiel d’intégrer la sécurité à chaque phase du pipeline, de l’IDE au CD Pipeline
  • How to.. Permitir a los Desarrolladores Encontrar y Corregir Vulnerabilidades Sep 15 2020 9:00 am UTC 60 mins
    Antonio Reche, Solution Architect at Veracode
    Con el esfuerzo incesante de desarrollar un buen código de forma regular, los desarrolladores necesitan las herramientas y los procesos adecuados a mano para poder satisfacer la demanda, sin sacrificar la calidad de su código. Mire este video para obtener más información sobre cómo permitir a los desarrolladores encontrar y corregir vulnerabilidades rápidamente sin interrumpir su flujo de trabajo y ralentizar los proyectos.

    Lo que vas a aprender:

    • Cómo puede ayudar a los desarrolladores de su equipo a corregir los hallazgos de seguridad críticos para reducir el riesgo
    • Formas en las que puede trabajar con los desarrolladores para reducir la introducción de nuevas fallas de seguridad.
    • Cómo puede desarrollar un programa Security Champions para mejorar los conocimientos sobre seguridad
  • How to... Reduzieren von Sicherheitsschulden durch häufiges Scannen Sep 10 2020 9:00 am UTC 60 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Sicherheitsschulden ähneln Kreditkartenschulden dahingehend, dass sie Zinsen (Risiken) erhalten, je länger Sie auf die Rückzahlung durch Fehlerbehebung warten, sodass Ihre Anwendungen potenziellen Verstößen und Angriffen ausgesetzt sind. Aber es gibt gute Nachrichten: Aus unserem 10. “State of Software Security Report” wissen wir, dass Unternehmen, die ihre Anwendungen häufig (mehr als 300 Mal) scannen, fünfmal weniger Sicherheitsschulden haben als Unternehmen, die selten scannen. In diesem Webinar in unserer Veracode How-To-Reihe erfahren Sie mehr über Sicherheitsschulden und wie Sie diese vermeiden können.

    Was Sie lernen werden:

    • Was Sicherheitsschulden sind und wie sie unnötige Risiken für den Zustand Ihrer Anwendungen mit sich bringen
    • Wie häufige Sicherheit Scans ie Sicherheitsverschuldung und die mittlere Zeit bis zur Behebung (MedianTTR) reduzieren können.
    • Möglichkeiten, wie Sie Sicherheitsschulden durch ein effektives Anwendungssicherheitsprogramm (AppSec) vermeiden können
  • How to... Reduce Security Debt With Frequent Scanning Sep 8 2020 2:00 pm UTC 60 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Security Debt is similar to credit card debt in that it gains interest (risk) the longer you wait to pay it off through flaw remediation, leaving your applications exposed to potential breaches and attacks. But there’s good news: we know from our 10th annual ‘State of Software Security Report’ that organizations scanning their applications frequently (300+ times) have 5 times less security debt than those who scan infrequently. Check out this video in our Veracode How-To series to learn more about security debt and how you can avoid it.

    What you will learn:
    •What security debt is and how it introduces unnecessary risk to the health of your applications
    •How frequent security scans can reduce security debt and median time to remediation (MedianTTR)
    •Ways you can avoid security debt through an effective application security (AppSec) program
  • Veracode Security Labs - Formación en Seguridad de Aplicaciones Recorded: Jul 22 2020 54 mins
    Antonio Reche, EMEA Solution Architect, Veracode
    Con la Seguridad de las Aplicaciones – AppSec- cada vez siendo un factor más crítico para cualquier compañía, consideras que ¿tu equipo posee la formación y las herramientas adecuadas para desarrollar de manera más segura y sin ralentizar la puesta en producción? Si estás en riesgo por vulnerabilidades no solucionadas o si alguna vez has retrasado el lanzamiento del software por fallos cometidos en la fase de desarrollo, este taller te resultará de gran utilidad.

    Veracode Security Labs es la última solución de Veracode para la familia de soluciones e-learning. Security Labs forma a los desarrolladores en cómo corregir vulnerabilidades rápidamente y escribir un código mejor desde el inicio de un proyecto. A través de una experiencia práctica utilizando aplicaciones reales que los desarrolladores pueden explotar a través de escenarios interactivos. Lo que derivará en el futuro en una implementación más rápida, segura y con menores riesgos para su negocio.

    Únase a nosotros en este taller para que podamos mostrarle cómo funciona y las ventajas de contar con Security Labs, cómo puede ser integrado en un programa de capacitación para desarrolladores y ver la plataforma en acción. En este workshop cubriremos:

    · Introducción a Security Labs y demo de la plataforma.

    · Información sobre cómo Security Labs puede ayudarle a cumplir con los requisitos de seguridad

    · Orientación sobre cómo configurar los módulos, plazos y seguimiento del progreso en Security Labs.
  • Shifting Left with Future Proofed AppSec – Customer Conversation Recorded: Jul 21 2020 45 mins
    John Smith, Director Solution Architects, Veracode / Marco Ulgelmo, CISO, Quby
    Meeting the demands of modern software development requires fast and accurate security solutions that you can scale up or scale down, anytime, anywhere – especially in the face of a global digital transformation. As our Static Analysis scan numbers hit a new record in March and then another record high in April, our customers continue to impress with their drive for better application security in the face of current events.

    In this session we are sitting down with Quby, a Veracode customer and innovative Dutch-based energy and utilities company, to discuss how future proofing their application security with cloud-based solutions has allowed them to continue their “shift-left” strategy while keeping pace with the competition.

    Join this informative discussion between Quby’s CISO Marco Ulgelmo and Veracode’s Director of Solution Architects EMA/APAC John Smith to learn more about:
    • Quby’s journey to full automation and integration
    • How Quby leveraged the cloud to begin securing their applications right away
    • How a cloud-based solution boosted collaboration and productivity for remote teams
    • Scaling up, scaling down, and saving money with easy integration into their SDLC
  • How to Accelerate Open Source Adoption, Not Open Source Risk Recorded: Jul 15 2020 38 mins
    Brittany O'Shea, Product Marketing Manager at Veracode
    In a recent blinded survey by Red Hat to more than 950 global IT leaders, 69 percent said Open Source Software was very or extremely important to the organisation’s overall enterprise infrastructure software plans. With the advantages of speed, agility, and cost-reduction, open-source software libraries are here to stay.

    However, with the delineated ownership in open source development can introduce new and sometimes dangerous software risks to an enterprise. It’s vital to have a strategy and framework in place to manage open source libraries and components. Otherwise, the road to digital transformation will likely be paved with frustrations, problems, and even failures.

    Open source software risks revolve around three key areas: visibility, security, and governance.

    In this session we will help you understand these factors and how to formulate a stronger cybersecurity strategy that protects you from open source risk.
  • Addressing NIST 800-53 with Veracode & Optiv Recorded: Jul 9 2020 56 mins
    Chris Walton (SLED West Account Executive for Veracode) and Shawn Asmus (Director of Threat Management for Optiv)
    The security & privacy controls within NIST 800-53 are fast becoming a cybersecurity standard within government. As such agencies & departments need to prepare to address the controls and ensure compliance across their organizations. Join Veracode & Optiv to discuss the details behind NIST 800-53 and how to prepare for compliance.
  • Pipeline Scan - The Right DevSecOps Scan at the Right Time, In the Right Place Recorded: Jun 23 2020 60 mins
    Nabil Bousselham, Principal Solutions Architect, Veracode
    How are you integrating security into the development process? Are you able to test for security without slowing down the development process? We want to hear about your experiences, and share our new initiatives in addressing this challenge.

    We recently announced our new Static Analysis product family, which combines our existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted, and the Policy Scan for reporting that satisfies security and auditor requirements.

    Please join us for this interactive workshop – we want to hear your challenges, answer your questions, and show you our latest technology and how it can address your application security problems. In this workshop, you’ll get:

    •An in-depth look at our new Pipeline Scan
    •Information on how Veracode Static Analysis can help you secure your code across the pipeline
    •Discussion about the value of fast security feedback in the IDE as developers code
    •Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
  • Mittels DevSecOps Applikationen Sichern Recorded: Jun 18 2020 30 mins
    Julian Totzek - Hallhuber | Solution Architect at Veracode
    Gerade wenn Sie dachten es kann nicht schlimmer werden, passiert es. Cyber-Angriffe haben sich in den letzten 12 Monaten verdoppelt. Egal für wen Sie arbeiten, auch Ihr Unternehmen wird mehrfach jeden Minute angegriffen.

    Es ist nicht nur die Bedrohung, die Ihre Ressourcen zu überwältigen droht, sondern auch das Ausmaß und die Geschwindigkeit Ihrer Reaktion. Das stimmt, solange Sie nicht die Strategien, Richtlinien und Prozesse von DevSecOps implementieren.

    Veracode behauptet, dass Cloud-native Technologien Entwicklern helfen, die Zeit zu reduzieren, die zur Beseitigung von Sicherheitslücken erforderlich ist. Laut Gartner werden Unternehmen, die die Cloud-Infrastruktur zur Automatisierung des Sicherheitsschutzes verwenden, bis 2022 60% weniger Sicherheitsvorfälle erleiden, und DevSecOps-Teams, die auf diese Weise arbeiten, lösen ihre Sicherheitsprobleme dreimal schneller, so Veracode.

    Aber wie? Nehmen Sie an unserem Webinar teil und sehen Sie, wie Veracodes Principle Solutions Architect Julian Totzek-Hallhuber zeigt, was DevSecOps in der Praxis bedeutet und welche pragmatischen Schritte zu schnellen und effektiven Ergebnissen in Ihrem Unternehmen führen.
  • The Risky Business of Open Source Libraries and What to Do About It Recorded: Jun 17 2020 42 mins
    Brittany O’Shea, Product Marketing, Veracode and Ben Edwards, Analyst, Cyentia Research
    Did you know that 70% of applications have a security flaw in an open source library on initial scan? Learn more about this and other eye-opening findings from the latest Veracode report – the Open Source Edition to our annual State of Software Security report, which offers in-depth analysis of the open source libraries in 85,000 applications.
    Watch this webinar to find out:
    •The prevalence of open source libraries in applications
    •The types of vulnerabilities most common in open source libraries
    •The programming languages that feature the riskiest open source libraries
    •The best practices for addressing the security vulnerabilities in open source code

    Get up to speed on the security of open source libraries and how to reduce your risk; register for this webinar today!
  • DevSecOps – 5 Principles of Securing DevOps Recorded: Jun 17 2020 59 mins
    Julian Totzek-Hallhuber, Principle Solution Architect EMEA & APAC
    Like operations, security’s goals of minimizing enterprise risk sometimes seem to be at odds with development’s mandate for change. In reality, there is a middle path that can allow development to deliver more secure code at DevOps speed, but it requires security to adapt to the principles that have proven successful for DevOps.

    Join this session and you will come away with an understanding of:
    1. Automating Security into your DevOps process
    2. Integrating to "Fail Quickly"
    3. Limiting False Alarms
    4. Building Security Champions
    5. Keeping Operational Visibility
  • Application Security Testing Techniques for Modern Software Development Recorded: Jun 4 2020 46 mins
    Chris Kirsch | Director, Product Marketing at Veracode
    There is no silver bullet in application security; there is no single test that will identify all vulnerabilities in your code. You need to gather the strengths of multiple testing types and apply them at different stages across the software lifecycle. Just as in human health testing, you need different tests to identify different problems. You wouldn't have your teeth X-rayed by a dentist and consider your health testing for the year complete. Similarly, there are vulnerability types that dynamic analysis will unearth in your code that static analysis cannot. And pen testing will find flaws that no automated testing will identify.

    Join this webinar to learn:

    The different types of application security testing and the strengths and cautions of each.
    The best practices for when and how to implement each type of testing.
    Advice on where to start when first testing your applications for security vulnerabilities.
  • Pipeline Scan & Lambda Functions Packaging Recorded: Jun 4 2020 58 mins
    Fulya Sengil, Solutions Architect, Veracode
    How are you integrating security into the development process? Are you able to test for security without slowing down the development process? We want to hear about your experiences, and share our new initiatives in addressing this challenge.

    We recently announced our new Static Analysis product family, which combines our existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted, and the Policy Scan for reporting that satisfies security and auditor requirements.

    Please join us for this interactive workshop – we want to hear your challenges, answer your questions, and show you our latest technology and how it can address your application security problems. In this workshop, you’ll get:

    - An in-depth look at our new Pipeline Scan
    - Information on how Veracode Static Analysis can help you secure your code across the pipeline
    - Discussion about the value of fast security feedback in the IDE as developers code
    - Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
    - Information on how Lambda Functions and Layers can be analyzed by Veracode Static Analysis
  • DevSecOps - Sécurisez vos applications à la vitesse du DevOps Recorded: Jun 2 2020 49 mins
    Nabil Bousselham | Solution Architect at Veracode
    C’est au moment où vous pensez que les cybermenaces ne peuvent pas devenir critiques qu’elles empirent.
    Les cyberattaques ont doublé au cours des 12 derniers mois. Ce n'est pas seulement les risques cyber qui mettent en péril vos ressources, c'est aussi l’effort nécessaire pour y remédier qui les épuisera. Il est donc important aujourd’hui d’adopter les stratégies, politiques et processus du DevSecOps.

    Veracode affirme que les technologies natives du cloud aident les développeurs à réduire le temps nécessaire pour éliminer les failles de sécurité. Gartner indique que, d'ici 2022, les organisations qui utilisent une infrastructure cloud pour automatiser la protection et la sécurité subiront 60% d'incidents de sécurité en moins. Les équipes DevSecOps qui travaillent de cette manière résoudront les problèmes de sécurité trois fois plus rapidement.
    Mais comment ? Rejoignez Nabil Bousselham, Solutions Architect EMEA chez Veracode, qui vous montrera en pratique ce que signifie DevSecOps, ainsi que les étapes nécessaires pour obtenir des résultats rapides et efficaces.
    Dans ce webinaire, vous découvrirez :

    Comment lancer et établir un programme DevSecOps en interne
    Les gains rapides qui renforceront votre posture de sécurité en quelques semaines
    Comment placer l'analyse de la sécurité dans les pipelines CI / CD
    Où vous devriez concentrer les ressources pour obtenir des résultats
    Comment développer une bonne culture d’entreprise pour produire du code sécurisé
  • The Right Scan at the Right Time, In the Right Place Virtual Workshop Recorded: Jun 2 2020 32 mins
    Chun Liang Tan - Solutions Architect, APJ
    How are you integrating security into the development process? Are you able to test for security without slowing down the development process? We want to hear about your experiences, and share our new initiatives in addressing this challenge.We recently announced our new Static Analysis product family, which combines our existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted, and the Policy Scan for reporting that satisfies security and auditor requirements. Please join us for this interactive workshop – we want to hear your challenges, answer your questions, and show you our latest technology and how it can address your application security problems. In this workshop, you’ll get:

    An in-depth look at our new Pipeline Scan
    Information on how Veracode Static Analysis can help you secure your code across the pipeline
    Discussion about the value of fast security feedback in the IDE as developers code
    Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
  • Garantice la Seguridad de sus Aplicaciones Utilizando DevSecOps Recorded: May 28 2020 49 mins
    Antonio Reche | Solution Architect at Veracode
    Justo cuando pensabas que la amenaza no podía empeorar, lo hizo. Los ciberataques se han duplicado en los últimos 12 meses. Para quien sea que trabaje, su organización está siendo atacada más de una vez cada minuto.
    No es solo la amenaza la que pone en riesgo sus recursos, es la escala y eficiencia de su respuesta. A no ser que adopte las estrategias, políticas y procesos de DevSecOps.

    Veracode afirma que las tecnologías nativas en cloud están ayudando a los desarrolladores a reducir el tiempo que lleva eliminar las vulnerabilidades de seguridad. Gartner indica que, para 2022, las organizaciones que usan infraestructura cloud para automatizar la protección de seguridad, sufrirán un 60% menos de incidentes de seguridad. Según Veracode, los equipos de DevSecOps que trabajan de esta manera resuelven sus problemas de seguridad tres veces más rápido.

    ¿Pero cómo? Únase a nuestro webinar con Antonio Reche (EMEA Solutions Architect), para ver lo que DevSecOps significa en la práctica, y los pasos que producirán resultados rápidos y efectivos en su negocio.
    En este sesión podrá conocer:

    • Cómo lanzar y establecer un programa DevSecOps
    • Los beneficios inmediatos que reforzará su seguridad en semanas
    • Cómo analizar la seguridad de sus aplicaciones desde los pipelines de CI / CD
    • Dónde focalizar los recursos para producir resultados
    • Cómo desarrollar una cultura interna que garantice siempre desplegar código seguro
  • Creating a Bridge Between Development and Security Recorded: May 27 2020 43 mins
    Chris Kirsch | Director, Product Marketing at Veracode
    As security testing has "shifted left," the roles of and relationship between the security and development teams have changed. In the past, security testing was solely in the realm of the security team. Today, that responsibility has shifted to the development team, with the security team taking on more of an oversight role. With this shift, each team has to develop new skills, take on new processes, gain new understanding, and build new relationships.

    Join this session to learn:

    What security professionals today need to know about modern software development
    The best practices for building trust between security and development teams
    How to integrate security scanning into the development pipeline in a way that both decreases risk and increases productivity
  • Learning from Organizations Running Successful AppSec Programs Recorded: May 20 2020 48 mins
    Pejman Pourmousa | VP of Services at Veracode & Adrian Benvenuti, VP of IT Risk and Security Architecture at Moody's,
    Veracode has helped thousands of customers integrate security into their development cycle, and we’ve now got lessons learned best practices, and pitfalls to avoid. Join this session to hear from members of Veracode’s services team and a Veracode customer on how real-life AppSec programs are helping their security and development teams work together to secure code. You’ll learn:

    •Lessons learned from organizations who have effectively integrated security into development processes
    •Pitfalls to avoid when introducing security into development
    •Advice and tips from those who are working with development teams every day to create secure code
  • Creating the Technology Blueprint for Scanning for Security in Development Recorded: May 20 2020 47 mins
    Tim Jarrett, Sr Director of Product Management & Fletcher Heisler , Director of Developer Enablement at Veracode
    A key part of easing the friction between security and development is ensuring the right security tools and architecture are in place. Tools and processes that slow or disrupt development processes will be underused or overlooked. Conversely, tools and processes that work the way developers work will promote secure coding without slowing the pace of innovation.

    Join this session to learn:

    • The key elements security solutions need in order to be effective for DevSecOps
    • Where it makes the most sense to integrate security assessments into the development pipeline
    •Lessons learned from organizations who have successfully woven security into development
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Pipeline Scan, Meeting the Needs of Modern DevOps - NessPRO & Veracode
  • Live at: Aug 11 2020 10:00 am
  • Presented by: Fulya Sengil, Solutions Architect, Veracode & Izak Cohen, NessPro Israel
  • From:
Your email has been sent.
or close