Hi [[ session.user.profile.firstName ]]

Enterprise Security at Scale With IAST

With all the different application security testing tools available, you may be wondering whether interactive application security testing (IAST) makes sense for you. If you want to equip your developers with everything they need to fix vulnerabilities quickly and accurately in CI/CD workflows, then the answer is yes.

In this webinar, Asma Zubair, Sr. Product Manager for Seeker, our IAST solution and Tamir Shavro, Sr. Engineering Manager at Synopsys, will show you how to gain unparalleled visibility into the security posture of your web applications and how to identify vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, and CWE/SANS). You’ll also learn how IAST can:

- Be deployed in existing environments with ease
- Give you real-time, accurate results
- Integrate with software composition analysis
Recorded Aug 28 2018 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Asma Zubair, Sr. Product Manager, Synopsys and Tamir Shavro, Sr. Engineering Manager, Synopsys
Presentation preview: Enterprise Security at Scale With IAST
  • Channel
  • Channel profile
  • A Serial Seller’s Perspective on M&A Tech Due Diligence Sep 26 2019 4:00 pm UTC 60 mins
    Irad Deutsch, CTO, Belong.Life and Phil Odence, GM, Synopsys
    On the buy side of a tech deal and want to better understand sellers? Selling a company and want to benefit from the experience of someone who’s been there (and been there and been there)?

    Building a successful software company takes a lot of blood, sweat, and tears. When a liquidity opportunity presents itself, sellers want to make sure they get the best deal they can, and quickly. During due diligence, the potential acquirer will delve into all facets of the technology. The more prepared the sell side is, the fewer issues will arise, and the smoother the transaction will be.

    What do buyers need, and what can prepared sellers do to streamline the process? Security, quality, and the intellectual property rights of the software are critical. Buyers, sellers, and their legal advisors need to be comfortable that no big technical issues will crop up post-close. Plus, they want to know that they have absolute and uncontested rights to the software assets—in particular, that there are no issues with open source licenses.

    Irad Deutsch, CTO of Belong.Life, has successfully made it through the process with two companies and has it down to a science for his third. Join Irad and Synopsys’ Phil Odence as they discuss the seller’s perspective, lessons learned on the seller’s side, and how to prepare for the M&A tech due diligence process.

    Don’t miss this informative webinar. Register today.
  • Financial Services Study Shows Why Investing in AppSec Matters Sep 12 2019 5:00 pm UTC 60 mins
    Drew Kilbourne and Larry Ponemon
    If you’re a provider of financial services, then client trust, privacy, and risk management are critical to your success. Therefore, you must protect your organization’s sensitive data from cyber attacks and data breaches. A recent survey of current software security practices in the financial services industry explores the industry’s software security posture and its ability to address security-related issues.

    In this webinar with Drew Kilbourne, managing director, Synopsys and Larry Ponemon, chairman, Ponemon Institute, will review findings from the report and discuss what they mean for the industry at large. Here’s a preview of some key findings:

    - 56% of organizations had experienced an attack resulting in system failure and downtime.
    - 74% were concerned about security vulnerabilities introduced by third-party suppliers, but less than 43% said they require third parties to adhere to cyber security requirements.
    - Only 34% of financial applications are tested for vulnerabilities, and only 25% of respondents were confident in their ability to detect vulnerabilities before going to market.
  • Automating Pipeline Security with Synopsys and Azure DevOps Sep 12 2019 4:00 pm UTC 60 mins
    Sasha Rosenbaum, Sr. Program Manager, Microsoft and Tomas Gonzalez, Alliance Technical Engineer, Synopsys
    Microsoft Azure DevOps is a collection of modern dev services designed to help development teams plan smarter, collaborate better, and ship faster. Azure CI/CD Pipelines, where applications are built, tested, and deployed, benefit from additional functionality provided by third-party extensions.
    Synopsys Detect, an extension for Azure DevOps, simplifies the addition of static code analysis and open source composition analysis to your pipelines. Tune in to learn how to plug Synopsys into your Azure Pipelines to fix potential leaks before they burst.

    In this webinar, Synopsys and Microsoft will explain how to:
    •Add static code analysis to your build pipelines with Coverity on Polaris
    •Integrate Black Duck open source compliance and security checks into your delivery pipelines
    •Perform Seeker interactive testing on apps deployed to Azure App Service

    This site is jointly operated by Microsoft and Synopsys, and both companies are committed to protecting your privacy. Any personal information we collect from you on this site may be shared between Microsoft and Synopsys. For complete information on the data collection and use practices of each company, please read the full privacy statements by clicking on the links in the attachments.
  • Improving Fuzz Testing of Infotainment Systems and Telematics Units using Agent Sep 5 2019 9:00 am UTC 90 mins
    Dennis Kengo Oka, Senior Solutions Architect, Synopsys & Rikke Kuipers, Product Manager, Synopsys
    In the past few years, cybersecurity has become more intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. However, with limited instrumentation, especially on systems such as in-vehicle infotainment (IVI) system and telematics units, there are several types of issues that go undetected, such as memory leaks and cases where the application crashes but restarts quickly. Since these systems are typically based on operating systems providing more functionality such as Linux and Android, it is possible to use appropriate tools to collect additional information from the system under test (SUT) to determine whether there were any exceptions detected during the fuzz testing. Furthermore, it would be possible to gather more details about the detected exceptions on the SUT which helps developers to better understand and identify the root cause of the issues and fix the problems more efficiently. To this end, we introduce the Agent Instrumentation Framework and explain how it can be used to improve fuzz testing of IVIs and telematics units. We show how additional information can be collected from the target system and used to identify whether there are exceptions on the SUT and additionally help developers identify the underlying cause of any issues detected. Finally, to showcase the effectiveness of the agent instrumentation framework we built a test bench based on this approach and performed fuzz testing on multiple SUTs. Based on our findings we highlight several examples of issues that would have not been detected unless we used agent instrumentation.
  • Security Tool Misconfiguration and Abuse Recorded: Aug 20 2019 40 mins
    Thomas Richards, Network and Red Team Practice Director
    As any security program matures, it will use tools and techniques to automate processes to improve the security posture of the organization. This includes asset management and discovery, patch management, deploying software, and vulnerability discovery. However, if these tools are improperly configured, they can lead to a total compromise of your network by an attacker. In this talk we will go over a few case studies of abusing these tools while on penetration tests as well as remediation methods to prevent these attacks from occurring.
  • Shift Left, Shift Right, or Run Security Right Through The Middle? Recorded: Aug 20 2019 57 mins
    Meera Rao, Senior Principal Consultant, Synopsys, Brandon Dunlap, Moderator, (ISC)²
    Demands for more secure software and more rapid application development have led to the emergence of DevSecOps. DevSecOps maturity requires a risk-based approach to adding security activities, increasing depth, and improving testing governance. The best strategy is to shift from a reactive to a proactive security approach that injects security at the right time and place with automated continuous testing. This presentation covers these aspects of automated continuous testing:

    1. Practices to avoid
    2. Drawbacks
    3. Prerequisites
    4. When and where to use automated testing
    5. Best practices for implementing and improving continuous testing throughout the development life cycle
  • What You Need to Know About Open Source Licensing Recorded: Aug 15 2019 62 mins
    Mark Radcliffe, DLA Piper, Tony Decicco, GTC Law Group, Phil Odence, Synopsys
    Virtually every organization uses open source software, and lots of it, to create efficiencies in software development. But left unmanaged, open source can introduce legal, IP, compliance, and other risks for the business. With over 2,500 different licenses in use, legal professionals and technical managers need to understand the license obligations associated with open source and how to mitigate risks.

    Join top open source legal experts Mark Radcliffe from DLA Piper and Tony Decicco from GTC Law Group for a webinar as they do a deep dive into the types of open source licenses that could present challenges. They’ll cover:

    •The history and risk of open source software
    •Intellectual property law for software licensing
    •The most popular licenses and their obligations
    •Practical advice for helping your organizations or clients

    Don’t miss this informative webinar. Register today.


    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, the New York State Continuing Legal Education Board, and the Pennsylvania Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
    •California: 1.0 Credit (1.0 General, 0.0 Ethics)
    •New Jersey: 1.2 Credits (1.2 General, 0.0 Professional Responsibility)
    •New York: 1.0 Transitional & Non-Transitional Credit (1.0 Professional Practice, 0.0 Ethics and Professionalism)
    •Pennsylvania: 1.0 Credit (1.0 General, 0.0 Ethics)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.
  • Achieving Security Outcomes in a Cloud-Native World Recorded: Aug 14 2019 60 mins
    Steve White, Field CISO, Pivotal Software & Dave Meurer, Senior Technical Alliances Manager, Synopsys
    Modern enterprises are moving to hybrid cloud solutions, containers, microservices, and functions for their core applications. At the same time, technology teams are implementing agile and DevOps models for software development, deployment, and operations. These changes provide the business with measurable benefits in terms of agility and execution, but they also create the need for a shift in traditional approaches to cyber security. To respond, security leaders need to adopt a cloud-native model for security. In this webinar, we’ll examine how solutions from Pivotal and Synopsys enable this move, allowing security teams to achieve their target outcomes while acting as a key enabler, helping the business with their application transformation efforts.
  • Reviewing Modern JavaScript Applications Recorded: Jul 31 2019 60 mins
    Lewis Ardern, Senior Security Consultant, Synopsys
    Many penetration testers approach modern JavaScript applications from an “outside-in” perspective. But this approach often misses security issues in plain sight. In this webinar, we’ll demystify common JavaScript issues that should be better understood/identified during security reviews. We’ll discuss how to review applications in a code-centric manner by using freely available tools to help start identifying security issues through processes such as linting and dependency auditing.
  • Defuse Your Release Anxiety by Fusing DevOps and Security Recorded: Jul 30 2019 56 mins
    Vincent Lussenburg, XebiaLabs & Tomas Gonzalez, Synopsys
    In these times of DevSecOps, many companies claim that they’re “doing it.” But a false sense of security is worse than no security at all.
    In this webinar, Synopsys and XebiaLabs will explore how to embed multiple security perspectives on software vulnerability detection and
    prevention into your automated development release pipelines. The goal: To prevent your organization from being the next case study on how failure to cover an essential perspective resulted in an embarrassing data breach.

    By registering for this webinar you are agreeing to receive communications from both Synopsys and XebiaLabs.
  • Securing Vehicles after Production: Vulnerability Management & Security updates Recorded: Jul 30 2019 63 mins
    Dennis Kengo Oka, Senior Solutions Architect, Synopsys
    As the automotive software development life cycle puts greater focus on cyber security, we’ll see safer, more secure cars on the roads. OEMs and suppliers use static code analysis, software composition analysis, and fuzz testing to identify and remediate vulnerabilities in automotive components during development and testing. But even with the right tools and processes, it’s impossible to eliminate every software vulnerability in a vehicle’s 100 million lines of code before releasing it into the field.

    Therefore, it’s important to continue finding and fixing bugs in vehicles after production. During operations and maintenance, detecting and managing new vulnerabilities in automotive components is a high priority. Patching these vulnerabilities means performing secure over-the-air (OTA) updates—and ensuring those updates don’t introduce new vulnerabilities.

    This talk will present the current challenges and suggest solutions to securing vehicles during the operations phase.
  • Is Your Software Supply Chain a Security Blind Spot? Recorded: Jul 25 2019 51 mins
    Lisa Bryngelson, Senior Product Manager at Synopsys
    One of the biggest challenges companies face with third-party software is lack of visibility into the open source libraries used in the software they embed in their products. Over the last year, major security breaches have been attributed to exploits of vulnerabilities in open source frameworks used by Fortune 100 companies in education, government, financial services, retail, and media.

    These incidents shine a light on the need for organizations to carefully manage the open source used in the third-party software they consume. The goal is to protect themselves—and their customers—from the consequences of catastrophic security breaches.

    This session will:

    • Cover the key differences between identifying open source in source code versus binaries
    • Outline key use cases for binary analysis as part of a comprehensive approach to open source
    • Explain the next step toward making sure you avoid potentially costly security breaches

    Don’t miss this informative webinar. Register today.
  • Why All Open Source Scans Aren’t Created Equal Recorded: Jul 24 2019 59 mins
    Phil Odence & Emmanuel Tournier at Synopsys
    Understanding the risks associated with open source software has become the norm in tech due diligence but not all approaches are created equal. Are you approaching open source diligence in the most efficient and effective way possible? Do you understand the difference between a point in time open source analysis for M&A and ongoing open source management?

    Join us for this live webinar and learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:

    •The types of risk around open source software
    •Why depth of analysis matters, and what it results in during M&A diligence
    •Why accuracy, reporting and expert human analysis are keys to thorough diligence

    Don’t miss this informative webinar. Register today.
  • Building a Culture of Secure Programming in your Organisation Recorded: Jul 18 2019 69 mins
    Amanvir Sangha, Consultant, Synopsys
    We all know that fixing defects early in the SDLC is the right approach to building secure software. Security needs to be in every part of the pipeline but it’s often hard to get everybody onboard with software security initiatives.

    Come join us on this webinar to explore how to build a culture of proactive secure programming in your technical organization and how to implement security as an enabler without disrupting the velocity of projects in modern development teams. See how Synopsys tools and services can allow you to build secure, reliable and quality software.
  • Sécurité Applicative et DevSecOps dans un monde Agile Recorded: Jul 8 2019 50 mins
    Cem Nisanoglu, Managing Consultant, Synopsys
    Alors que l’adoption de DevOps pour des organisations Agile était une transition naturelle, le passage à DevSecOps a introduit de nouveaux défis. DevSecOps nécessite un changement important de mentalité et de culture d'entreprise pour intégrer les nouveaux outils et les nouvelles activités de sécurité. C’est la raison pour laquelle suivre le rythme d’Agile et la culture DevOps lors de l’introduction de la sécurité dans le cycle de développement logiciel (SDLC) est un défit pour de nombreuses entreprises.
    Dans ce webinaire, Cem Nisanoglu explore le modèle opérationnel de DevSecOps et souligne l'importance de la gestion des changements, de l'automatisation, et des indicateurs de sécurité dans une transition vers DevSecOps, ainsi que la manière dont ces activités peuvent contribuer à la formation de sécurité, à des cycles de release plus rapides, et à l'optimisation des budgets de sécurité dans l’entreprise.
  • Static Analysis Security Testing (SAST) in CI/CD – why and how Recorded: Jul 4 2019 38 mins
    Shi Chao, Senior Sales Engineering Manager, Synopsys Software Integrity Group
    Traditionally, and often unfortunately, security has been treated as a secondary and isolated process considered only at the end of the software development lifecycle (SDLC). Noble as their intentions are, it can be frustrating to discover security vulnerabilities at such a late stage.

    With the proliferation of agile development methodology and CI/CD, is it possible to leverage on Static Application Security Testing (SAST) tool to constantly verify the code changes and improve application integrity throughout the SDLC? In our 4th July 2019 webinar, Shi Chao, Senior Sales Engineering Manager, Synopsys Software Integrity Group, will provide insights into the following:
    •What is SAST? Are SAST Tools Glorified Grep?
    •What can SAST help?
    •Touch points – where and how do we apply SAST in CI/CD pipeline?
    •Considerations in choosing a SAST tool
  • Streamlining Your Tech Due Diligence Process for Software Assets Recorded: Jun 27 2019 53 mins
    Tim Mackey, Principle Security Strategist, Synopsys Cybersecurity Research Center
    Open source, legal, compliance, security, and code quality risks all come into play when you’re acquiring a company where the technology is a large part of the deal valuation. And if you’re making multiple acquisitions a year, how do you ensure that your tech due diligence process addresses each of these potential risks, all while moving at the speed of the deal?

    Join us for this webinar to learn how you can streamline your tech due diligence process without sacrificing quality assessments. We’ll cover:

    • Understanding open source, its license obligations, and its security vulnerabilities
    • Testing the overall security of code assets, including proprietary code
    • Understanding potential points of data leakage via third-party web API integrations
    • Steps for creating a repeatable software asset audit process

    Don’t miss this informative webinar. Register today.
  • Developers are your greatest AppSec Resource – Here’s How to Activate Them Recorded: Jun 25 2019 50 mins
    Amy DeMartine, Forrester Principal Analyst and Utsav Sanghani, Senior Product Manager, Synopsys
    Application vulnerabilities are a prime target for attackers, and the critical task of identifying and remediating these flaws before they’re exploited can be daunting, especially for organizations adopting DevOps and CI/CD practices. Security teams don’t have the time or resources to find and fix every vulnerability, and developers prefer to do what they do best – build and deploy features quickly. Fortunately, developers can be good at their jobs and be your most effective application security resources if you enable them with the low-friction tools and training at the precise time they need them.

    Join guest speaker Amy DeMartine, principal analyst at Forrester Research, and Utsav Sanghani, senior product manager at Synopsys, as they explore tools and techniques that can transform your developers into AppSec rock stars:
    - Rapid and continuous in-IDE security testing can help your developers find and fix issues before they ever get committed to your codebase.
    - Delivering short, contextualized AppSec training modules to developers in real time when they introduce vulnerabilities.
    - Most modern applications contain more open source code than proprietary code. Help your developers identify and avoid risky OSS components.
  • The State of Open Source and Security: What It Means for You Recorded: Jun 19 2019 61 mins
    Gordon Haff, Red Hat & Dave Meurer, Synopsys
    Development organizations view open source software as not just important but also strategic. That’s just one of the topics we’ll investigate in this joint webinar from Red Hat and Synopsys. Drawing from Red Hat’s “The State of Enterprise Open Source” report, technology evangelist Gordon Haff will explain why IT decision makers value open source so highly.

    At the same time, changing development practices and escalating threats mean that security remains a concern with respect to open source software, as it is for IT more broadly. Dave Meurer of the Synopsys Software Integrity Group will explain findings from the Synopsys “2019 Open Source Security and Risk Analysis” report to offer an in-depth look at the state of open source security, compliance, and code quality risk in commercial software.

    We’ll close with some practical advice about getting the most value from open source software while keeping your organization safe.
  • Using Metrics to Drive Your Software Security Initiative Recorded: Jun 18 2019 48 mins
    Kevin Nassery, Senior Principal Consultant, Synopsys
    Intuition can take you quite far at the beginning of your application security journey. But even the most experienced leaders will eventually need data to guide them through a decision or justify their investments. Well-designed software security metrics provide that compass.

    This webinar will arm software security group leadership with the knowledge necessary to design key metrics that drive thoughtful investment and enhancement of their software security initiative (SSI).

    We’ll pay special attention to must-have application security metrics, common missteps, and executive visibility across the Software Security Development Lifecycle (SSDL) and SSI.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Enterprise Security at Scale With IAST
  • Live at: Aug 28 2018 4:00 pm
  • Presented by: Asma Zubair, Sr. Product Manager, Synopsys and Tamir Shavro, Sr. Engineering Manager, Synopsys
  • From:
Your email has been sent.
or close