Hi [[ session.user.profile.firstName ]]

The Right Scan at the Right Time, In the Right Place

How are you integrating security into the development process? Are you able to test for security without slowing down the development process? We want to hear about your experiences and share our new initiatives in addressing this challenge.
Market leading Application Security Testing vendor Veracode recently announced their new Static Analysis product family, which combines their existing static scan types with a new Pipeline scan. Veracode Static Analysis now incorporates the IDE Scan, which helps developers learn as they code and prevent new flaws, the Pipeline Scan, which provides feedback quickly so that production isn’t halted, and the Policy Scan for reporting that satisfies security and auditor requirements.
Please join us for this interactive workshop – we want to hear your challenges, answer your questions, and show you this latest technological advancement and how it can address your application security problems. In this workshop, you’ll get:
•An in-depth look at Veracode’s new Pipeline Scan
•Information on how Veracode Static Analysis can help you secure your code across the pipeline
•Discussion about the value of fast security feedback in the IDE as developers code
•Details on how Veracode Static Analysis can help you satisfy policy and reporting requirements
Recorded Sep 16 2020 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tom Smith, Solution Architect Veracode , Paul Kaye, CEO IntelliQa
Presentation preview: The Right Scan at the Right Time, In the Right Place

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Reduzieren von Sicherheitsschulden durch häufiges Scannen Oct 27 2020 10:00 am UTC 60 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Sicherheitsschulden ähneln Kreditkartenschulden dahingehend, dass sie Zinsen (Risiken) erhalten, je länger Sie auf die Rückzahlung durch Fehlerbehebung warten, sodass Ihre Anwendungen potenziellen Verstößen und Angriffen ausgesetzt sind. Aber es gibt gute Nachrichten: Aus unserem 10. “State of Software Security Report” wissen wir, dass Unternehmen, die ihre Anwendungen häufig (mehr als 300 Mal) scannen, fünfmal weniger Sicherheitsschulden haben als Unternehmen, die selten scannen. In diesem Webinar in unserer Veracode How-To-Reihe erfahren Sie mehr über Sicherheitsschulden und wie Sie diese vermeiden können.

    Was Sie lernen werden:

    • Was Sicherheitsschulden sind und wie sie unnötige Risiken für den Zustand Ihrer Anwendungen mit sich bringen
    • Wie häufige Sicherheit Scans ie Sicherheitsverschuldung und die mittlere Zeit bis zur Behebung (MedianTTR) reduzieren können.
    • Möglichkeiten, wie Sie Sicherheitsschulden durch ein effektives Anwendungssicherheitsprogramm (AppSec) vermeiden können
  • VeraTalks - How to Mitigate Open Source Risk in your Organization Oct 21 2020 4:00 pm UTC 30 mins
    Chris Eng, Chief Research Officer at Veracode
    The data speaks for itself. In our analysis of over 85,000 applications, more than 500,000 open source libraries were in use. This trend is clearly here to stay and only growing, but what does it mean for your organization? In this discussion, Chris tells us what Open source is, the risks involved with some real-life examples and how you can keep your organization secure while also empowering your development teams.
  • Shift Application Security Knowledge Left to Deliver Secure Code On Time Oct 5 2020 4:00 pm UTC 44 mins
    Fletcher Heisler | Director, Developer Enablement at Veracode
    When it comes to software, developers are really the only ones in an organization who can fix the vulnerabilities in their code. Yet in many cases they don’t have the training needed to identify and remediate vulnerabilities, or to code securely enough to reduce the number of vulnerabilities found in production. In addition, security teams often don't have the bandwidth or expertise to teach them. The result is an ever-growing mountain of security debt.

    Join product experts from Veracode who will share strategies on how to bridge the gap between development and security including:

    Creating opportunities for real-world remediation skills for modern threats,
    Designing developer training programs specifically to meet compliance requirements,
    Deploying relevant and customized developer training at the speed of DevSecOps.
  • Panel - Debunking the AppSec Silver Bullet Myth with Veracode & HackerOne Oct 1 2020 6:00 pm UTC 59 mins
    Paul Farrington, Laurie Mercer, Chris Kirsch, James Kettle
    There is no AppSec silver bullet. All application security scans – static analysis, dynamic analysis, penetration tests, bug bounties, etc. – have a role to play, and they all work together to fully secure your application layer.

    Join Veracode, HackerOne, for a virtual meetup to learn about the strengths and weaknesses of different scan types as well as best practices and practical advice for building or maturing an application security program.

    Key takeaways
    The strengths and weaknesses of the different AppSec analysis types
    Knowing about your risks means you can mitigate against them
    Security is better achieved together

    We will be giving away digital vouchers to the first 50 registrants who register to this virtual panel.

    Help shape the conversation by completing this survey - https://ayandachiwuta.typeform.com/to/Uz45IT

    Panel Speakers
    Chris Kirsch, Director Product Marketing, Veracode - Moderator
    Paul Farrington, EMEA CTO, Veracode – Panelist
    Laurie Mercer, Security Engineer, HackerOne - Panelist
    James Kettle, Director of Research, Hacker, PortSwigger Web Security - Panelist
  • Shifting Left with Future Proofed AppSec – Customer Conversation Oct 1 2020 4:00 pm UTC 44 mins
    John Smith, Director Solution Architects, Veracode / Marco Ulgelmo, CISO, Quby
    Meeting the demands of modern software development requires fast and accurate security solutions that you can scale up or scale down, anytime, anywhere – especially in the face of a global digital transformation. As our Static Analysis scan numbers hit a new record in March and then another record high in April, our customers continue to impress with their drive for better application security in the face of current events.

    In this session we are sitting down with Quby, a Veracode customer and innovative Dutch-based energy and utilities company, to discuss how future proofing their application security with cloud-based solutions has allowed them to continue their “shift-left” strategy while keeping pace with the competition.

    Join this informative discussion between Quby’s CISO Marco Ulgelmo and Veracode’s Director of Solution Architects EMA/APAC John Smith to learn more about:
    • Quby’s journey to full automation and integration
    • How Quby leveraged the cloud to begin securing their applications right away
    • How a cloud-based solution boosted collaboration and productivity for remote teams
    • Scaling up, scaling down, and saving money with easy integration into their SDLC
  • Detect, Prioritize and Remediate: Discover an AppSec Solution With Coverage Sep 30 2020 3:00 pm UTC 45 mins
    Glenn Whittemore, Senior Solution Architect, Veracode
    Do you trust your application security (AppSec) solution? Good AppSec tools prevent breaches and – ultimately – lost revenue, lawsuits, and bad press. Cyberattacks and data leaks have a lasting impact on your organization, both financially and socially, which is difficult to bounce back from in today’s digital world. In order to keep your applications secure, you need a solution that is backed by proven success and comes equipped with features that help you find and fix flaws fast before they become headaches. A robust and efficient AppSec solution is one that brings critical benefits to the table, such as low false positives so that you know which findings you need to fix, and low false negatives so that you know your application is secure. AppSec vendors worth their weight should also offer a breadth of coverage with a portfolio of solutions that go beyond Static Analysis (SAST) to help you prioritize findings, track progress through comprehensive analytics, and cut through the weeds of finicky flaws with dedicated support.

    Join this webinar to learn why it’s important that you go beyond QA tools and SAST for a robust AppSec solution that will keep your company – and your customers – safe.
  • Veracode Security Labs – Hands-On Training to Secure Code From the Start Sep 29 2020 6:00 pm UTC 22 mins
    Fletcher Heisler - Director, Developer Enablement
    How are your prospects and customers training their developers to create secure code? Veracode Security Labs shifts application security knowledge “left,” earlier in the development cycle, through guided, interactive exercises that train developers to tackle modern threats in the evolving cybersecurity landscape and deliver secure code on time.
  • Learning from Organizations Running Successful AppSec Programs Sep 29 2020 4:00 pm UTC 48 mins
    Pejman Pourmousa | VP of Services at Veracode & Adrian Benvenuti, VP of IT Risk and Security Architecture at Moody's,
    Veracode has helped thousands of customers integrate security into their development cycle, and we’ve now got lessons learned best practices, and pitfalls to avoid. Join this session to hear from members of Veracode’s services team and a Veracode customer on how real-life AppSec programs are helping their security and development teams work together to secure code. You’ll learn:

    •Lessons learned from organizations who have effectively integrated security into development processes
    •Pitfalls to avoid when introducing security into development
    •Advice and tips from those who are working with development teams every day to create secure code
  • Getting AppSec Developer Buy In Recorded: Sep 24 2020 47 mins
    Tim Jarrett, Sr. Director of Product Management, Veracode | Gene Kim, Author, Researcher
    Development teams’ biggest fear when they hear their organization will enact an application security assessment program is that their development efforts will be slowed down. This team can be the biggest barrier to the success of the program because if they don’t follow the protocol set forth by the program plan, the security team will be unable to demonstrate the value of the plan.

    Join this session to get our tips on getting developer buy-in for your AppSec program, including implementing the right tools, establishing training on secure coding, and developing a security champions program.

    Key takeaways:
    - Find out what you need to know about your development teams’ processes and priorities in order to get AppSec buy-in
    - Understand why the right AppSec tools and training are key to developer buy-in
    - Get tips on developing a security champions program
  • Real-World Retrospective: AppSec First Steps Recorded: Sep 24 2020 39 mins
    Anne Correia, Veracode | Joe Leonard, CISO Advisory Services | Jason Curtis, Financial Industry Expert
    With AppSec, as with most initiatives, the first step is often the most difficult. Learn from someone who’s been there. Join our conversation with Joe Leonard a Cyber Security leader and more as they explain their recounts on how organizations have kick off their AppSec program. You’ll get best practices and lessons learned on the initial AppSec steps to take to set your organization up for success.

    Key takeaways:
    - Hear how real companies kicked off and expanded their AppSec programs
    - Get AppSec best practices you can take back to your own company
    - Get practical advice on AppSec pitfalls to avoid
  • Which AppSec Testing Type is Right for You? Recorded: Sep 22 2020 43 mins
    Chris Kirsch, Director Product Marketing, Veracode
    Although there are a variety of application security technologies, there is no silver bullet. You need to gather the strengths of multiple analysis techniques along the entire application lifetime — from development to testing to production — to drive down application risk. Each testing type, from static to dynamic to software composition analysis and manual pen testing, has different strengths and weaknesses and are better in different scenarios, but you won’t be effective without taking advantage of them all.

    Join this session to understand the strengths and weaknesses of the different AppSec testing types, how they work together, and how to get started.

    About the speaker:
    Chris Kirsch works on the products team at Veracode and has 22 years of experience in security, particularly in the areas of application security testing, security assessments, incident response, and cryptography. Previously, he managed Metasploit and incident response solutions at Rapid7 and held similar positions at Thales e-Security and PGP Corporation. He is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25.

    This session is part of Veracode's "Your AppSec Game Plan" Summit.
  • Application Security Metrics & How to Track Success Recorded: Sep 22 2020 48 mins
    Anne Nielsen, Principal Product Manager, Veracode
    Metrics are critical for measuring and expanding an application security program. However, executives don't always want to see a slew of complicated charts and graphs - they want one simple number that answers, in a nutshell, is this program working?

    Join us for a webinar with Anne Nielsen, Sr. Product Manager, Reporting & Strategy at Veracode, as we discuss our metric recommendation and dive into reporting best practices and tips for success.
  • VeraTalks - How Working Virtually Elevates the Need for Cybersecurity Recorded: Sep 17 2020 17 mins
    Chris Wysopal, Founder & CTO at Veracode
    Welcome to VeraTalks, our monthly video series where our executive team discusses hot topics in today's world of AppSec. Don't miss the first video in our series!
    As the global workforce moves towards working remotely temporarily and in some cases permanently, what does this mean for cybersecurity and the security needs of organizations?  At a glance, it means more applications in use, the need for more SAAS-based technology and more efficient software development.  Chris will discuss these trends and some predictions he has as we enter into an uncertain future.
  • How to Reduce Security Debt With Frequent Scanning Recorded: Sep 17 2020 39 mins
    Julian Totzek-Hallhuber, Solutions Architect at Veracode
    Security Debt is similar to credit card debt in that it gains interest (risk) the longer you wait to pay it off through flaw remediation, leaving your applications exposed to potential breaches and attacks. But there’s good news: we know from our 10th annual ‘State of Software Security Report’ that organizations scanning their applications frequently (300+ times) have 5 times less security debt than those who scan infrequently. Check out this video in our Veracode How-To series to learn more about security debt and how you can avoid it.

    What you will learn:
    •What security debt is and how it introduces unnecessary risk to the health of your applications
    •How frequent security scans can reduce security debt and median time to remediation (MedianTTR)
    •Ways you can avoid security debt through an effective application security (AppSec) program
  • How to Utiliser les bonnes pratiques de test AppSec dans le SDLC Recorded: Sep 17 2020 50 mins
    Nabil Bousselham | Solution Architect at Veracode
    Si vous ne disposez pas des outils appropriés intégrés aux étapes du cycle de vie du développement logiciel (SDLC), il y a de fortes chances que vous manquiez des failles et des vulnérabilités dans votre code. Cela augmente les risques, la dette de Sécurité et rend vos applications vulnérables.

    Regardez cette vidéo pour découvrir la place de chaque outils Veracode dans le SDLC et pourquoi il s’agit du type de test approprié afin que vous puissiez commencer à intégrer la sécurité à chaque phase de votre pipeline.

    Ce que vous apprendrez :
    • Comment les produits Veracode aident les équipes de développement et de sécurité à livrer des logiciels sécurisés, en toute confiance
    • Les avantages de solutions complètes comme Veracode Static Analysis et leur intégration dans votre SDLC
    • Pourquoi il est essentiel d’intégrer la sécurité à chaque phase du pipeline, de l’IDE au CD Pipeline
  • An Introduction to Hands-On Training for More Secure Code Recorded: Sep 16 2020 29 mins
    Fletcher Heisler, Director of Developer Enablement
    Developers are under intense pressure to produce good code every day, whether they’re working on new features, making continuous improvements, or chipping away at security debt. In the race to meet deadlines, taking extra time to pause and work on improving their skills often means application security is an afterthought for developers. The good news? Initiating programs that train developers on secure coding practices and integrating those programs into everyday tasks means less disruption to everyday work, and more secure code

    But it isn’t enough to simply offer bland multiple-choice quizzes or recycled tutorial-style videos; hands-on training programs in the languages developers use most make a lasting impact. Veracode Security Labs offers just this. It’s different from other educational tools on the market, leveraging real-world applications in contained environments. Once logged in, developers can practice exploiting and fixing the flaws that they face every day. This level of hands-on interaction is invaluable to helping developers understand – and retain – the steps they need to take to write more secure code, saving your organization time and money down the road.

    Join this webinar to gain an understanding of:
    •How our offering is different than other developer security training programs in the market
    •The unique gamification aspects of the solution through live, real-world examples
    •How you can satisfy compliance requirements through ongoing AppSec training
  • How to Permitir a los Desarrolladores Encontrar y Corregir Vulnerabilidades Recorded: Sep 15 2020 55 mins
    Antonio Reche, Solution Architect at Veracode
    Con el esfuerzo incesante de desarrollar un buen código de forma regular, los desarrolladores necesitan las herramientas y los procesos adecuados a mano para poder satisfacer la demanda, sin sacrificar la calidad de su código. Mire este video para obtener más información sobre cómo permitir a los desarrolladores encontrar y corregir vulnerabilidades rápidamente sin interrumpir su flujo de trabajo y ralentizar los proyectos.

    Lo que vas a aprender:

    • Cómo puede ayudar a los desarrolladores de su equipo a corregir los hallazgos de seguridad críticos para reducir el riesgo
    • Formas en las que puede trabajar con los desarrolladores para reducir la introducción de nuevas fallas de seguridad.
    • Cómo puede desarrollar un programa Security Champions para mejorar los conocimientos sobre seguridad
  • Veracode Security Labs - Formación en Seguridad de Aplicaciones Recorded: Jul 22 2020 54 mins
    Antonio Reche, EMEA Solution Architect, Veracode
    Con la Seguridad de las Aplicaciones – AppSec- cada vez siendo un factor más crítico para cualquier compañía, consideras que ¿tu equipo posee la formación y las herramientas adecuadas para desarrollar de manera más segura y sin ralentizar la puesta en producción? Si estás en riesgo por vulnerabilidades no solucionadas o si alguna vez has retrasado el lanzamiento del software por fallos cometidos en la fase de desarrollo, este taller te resultará de gran utilidad.

    Veracode Security Labs es la última solución de Veracode para la familia de soluciones e-learning. Security Labs forma a los desarrolladores en cómo corregir vulnerabilidades rápidamente y escribir un código mejor desde el inicio de un proyecto. A través de una experiencia práctica utilizando aplicaciones reales que los desarrolladores pueden explotar a través de escenarios interactivos. Lo que derivará en el futuro en una implementación más rápida, segura y con menores riesgos para su negocio.

    Únase a nosotros en este taller para que podamos mostrarle cómo funciona y las ventajas de contar con Security Labs, cómo puede ser integrado en un programa de capacitación para desarrolladores y ver la plataforma en acción. En este workshop cubriremos:

    · Introducción a Security Labs y demo de la plataforma.

    · Información sobre cómo Security Labs puede ayudarle a cumplir con los requisitos de seguridad

    · Orientación sobre cómo configurar los módulos, plazos y seguimiento del progreso en Security Labs.
  • How to Accelerate Open Source Adoption, Not Open Source Risk Recorded: Jul 15 2020 38 mins
    Brittany O'Shea, Product Marketing Manager at Veracode
    In a recent blinded survey by Red Hat to more than 950 global IT leaders, 69 percent said Open Source Software was very or extremely important to the organisation’s overall enterprise infrastructure software plans. With the advantages of speed, agility, and cost-reduction, open-source software libraries are here to stay.

    However, with the delineated ownership in open source development can introduce new and sometimes dangerous software risks to an enterprise. It’s vital to have a strategy and framework in place to manage open source libraries and components. Otherwise, the road to digital transformation will likely be paved with frustrations, problems, and even failures.

    Open source software risks revolve around three key areas: visibility, security, and governance.

    In this session we will help you understand these factors and how to formulate a stronger cybersecurity strategy that protects you from open source risk.
  • Addressing NIST 800-53 with Veracode & Optiv Recorded: Jul 9 2020 56 mins
    Chris Walton (SLED West Account Executive for Veracode) and Shawn Asmus (Director of Threat Management for Optiv)
    The security & privacy controls within NIST 800-53 are fast becoming a cybersecurity standard within government. As such agencies & departments need to prepare to address the controls and ensure compliance across their organizations. Join Veracode & Optiv to discuss the details behind NIST 800-53 and how to prepare for compliance.
Cloud-Based Application Security
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Right Scan at the Right Time, In the Right Place
  • Live at: Sep 16 2020 9:30 am
  • Presented by: Tom Smith, Solution Architect Veracode , Paul Kaye, CEO IntelliQa
  • From:
Your email has been sent.
or close