Hi [[ session.user.profile.firstName ]]

Two Models of Application Security: The DMV and the Fishing Teacher

What if application security testing were like a trip to the DMV? The security and development teams wouldn’t really understand each other, security testing would create long waits for product releases, and the relationship would quickly become antagonistic. Unfortunately, many organizations’ first attempts follow this model.

A better model is the fishing teacher. At too many organizations, the security team is trying to catch enough fish for everyone else in the organization. Instead, the security team should teach everyone how to fish for themselves by spreading the automation and integration of proactive security throughout the rest of the organization, unifying a security-first culture that drives down organizational risk.

A recent report from 451 Research, Designing a Modern Application Security Program, emphasizes the importance of automating and integrating security in your application development processes. This webinar shares best practices from the report and teaches you how to lower your risk without losing your mind.
Recorded Apr 21 2020 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jonathan Knudsen, Technical Marketing Manager, Synopsys
Presentation preview: Two Models of Application Security: The DMV and the Fishing Teacher
  • Channel
  • Channel profile
  • Testing security of micro-services, APIs and cloud-native apps Nov 10 2021 5:00 pm UTC 52 mins
    Ainsley Braun, Product Director, Synopsys and John Salomon, Director Continental Europe, Middle East, & Africa FS-ISAC
    How are you security testing APIs, web services, and cloud-native applications? Are you able to test application security without impacting efficiency? Do you have sufficient visibility into sensitive data that your applications handle?

    This session we will be joined by guest speaker John Salomon from FS-ISAC where we discuss ways of ensuring that your security testing is developer friendly, and that your insight into application vulnerabilities and remediation guidance meet your organization’s risk appetite. We will go over ways of ensuring fast, relevant contextual training, and efficient remediation of detected vulnerabilities.
  • Application security risks in FSI by the numbers Oct 13 2021 6:00 pm UTC 60 mins
    Mike McGuire, Product Marketing Manager, Synopsys
    We trust that financial applications and software are secure because of the sensitive nature of the information they manage and contain. But based on the numbers, we should very concerned.

    Join us for this live Synopsys webinar to get an inside look at how prevalent mobile application security and open source risks are today, and the steps you can take to become more secure. We’ll cover:

    • Report methodology and findings for FSI
    • The types of risks to be aware of
    • What the numbers mean for security teams
    • Strategies to reduce AppSec risks

    Don’t miss this informative webinar. Register today.
  • Crafting Reps and Warranties to Reduce Open Source Risk in M&A Transactions Sep 22 2021 4:00 pm UTC 46 mins
    Danny Ogburn & Matt Jacobs at Synopsys
    Synopsys is an active acquirer with more than 80 deals over the last 33 years. In addition to having a thorough tech due diligence process, we structure our M&A agreements to minimizing license, security, and code quality risks in the software we’re acquiring. We’re offering a peek at our approach.

    Join us for this webinar as we talk through how to minimize risk and maximize value with every transaction. We’ll cover:

    · The use of open source in targets’ offerings
    · Ensuring intellectual property value
    · Protecting against known vulnerabilities in open source components
    · Other elements of security and code quality
    · How software audits help inform reps and warranties

    Don’t miss this informational webinar. Register today.
  • Managing open source security risk: Lessons from the 2021 OSSRA report Sep 16 2021 4:00 pm UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Managing open source security risk: Lessons from the 2021 OSSRA report Sep 16 2021 9:00 am UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • PCI meets DevSecOps: Hazard or Opportunity? Sep 15 2021 4:00 pm UTC 30 mins
    Stephen Gardner, Managing Consultant, Synopsys
    Under pressure to build software faster and cheaper, engineering teams are adopting DevOps. Does this ruin the pathway to application security, or does DevSecOps enable new efficiencies for security as well as engineering?

    Join this live webinar as we discuss DevSecOps best practices, and how these align with Application Security elements of PCI. We’ll cover:

    • Software security in PCI
    • DevSecOps: What and why?
    • Pros and Cons of DevSecOps in a PCI regulated environment

    Don’t miss this informative webinar. Register today.
  • Software Audits: The Good, the Bad, & the Ugly Aug 25 2021 4:00 pm UTC 60 mins
    Phil Odence, Synopsys
    Interview with an Auditor: Best Practices in M&A Tech Due Diligence

    The Black Duck Audit Services team dives into over 1,500 codebases a year, so we've seen things – lots of things. Whether your acquiring a company where the software is a big part of the deal or prepping for a sale, it’s always good to know what’s lurking in the code. You may be pleasantly surprised or a little concerned - but understanding risk is the key to managing risk.

    Join us for a live webinar as we share some real-world examples of audits - anonymous, of course - that range from very smooth to a little rocky, to help you understand the software due diligence process. We’ll cover:

    • Open source risk in M&A by the numbers
    • How to make the most of an audit
    • An auditors perspective on best (and worst) practices
    • Practical advice on how to prepare for the due diligence process

    Don’t miss this informative webinar, Register today.
  • Container Security Essentials Aug 19 2021 5:00 pm UTC 60 mins
    David Benas, Associate Principal Consultant, Synopsys
    As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

    The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

    In this webinar, we’ll outline the essential elements required to secure your container environments, including:
    • Understanding what containers are (and aren’t)
    • How to look at container security holistically
    • The top threats to container landscapes
    • Relevant case studies
  • Time is Money - Interactive Application Security Testing at DevOps Speed Aug 19 2021 4:00 pm UTC 39 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Agenda:
    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • Why software-related risks are still a reoccurring theme today? Aug 17 2021 7:00 am UTC 37 mins
    Alex "Jay" Balan, Director Security Research, Bitdefender and. Boris Cipot, Senior Sales Engineer, Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and 60% contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this Synopsys discussion with Alex “Jay” Balan, director of security research at Bitdefender, and Boris Cipot, senior sales engineer at Synopsys, as we explore recent open source report findings and what they mean to organizations like yours. Specific topics include:

    -Report findings and consequences
    -Uptake in software vulnerabilities and steps to prevent them
    -Open source challenges and how to overcome them
  • Under Pressure – Building Security into Application Development Aug 17 2021 6:00 am UTC 62 mins
    Patrick Carey, Director Product Marketing, Synopsys and Dave Gruber, Senior Analyst, Enterprise Strategy Group
    A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security.

    In this webinar, we speak with the study’s author, ESG Senior Analyst, Dave Gruber, about how organizations are working to build security into their development toolchains and processes. Highlights include:

    - Why many organizations’ AppSec programs aren’t as effective as they think.

    - Key attributes of the most successful AppSec programs.

    - Trends and challenges organizations are facing in implementing their AppSec programs.

    - How organizations are working to improve AppSec ROI while simplifying deployments.
  • 5 Steps to Start Your Software Security Initiative Aug 12 2021 6:00 pm UTC 58 mins
    Eli Erlikhman Managing Principal, Synopsys
    It's time to create a roadmap to help you to achieve your 2021 software security goals.

    The Building Software in Maturity Model (BSIMM) can help you measure and understand current levels of success, weakness, and maturity of your organizations’ software security program. BSIMM allows CISOs and other security executives to compare data against their industry peers and pinpoint specific areas of need in their own AppSec programs.

    It this Synopsys webinar, we’ll outline five components to jumpstart an AppSec program, helping you understand how to:

    - Put the “Sec” in DevOps
    - Deploy automation in your software delivery pipeline
    - Modernize software delivery practices, such as: cloud, containers, orchestration, etc.
    - Establish a security satellite within engineering teams
    - Detect and respond to real-time security events
  • Threat Modeling Program Maturity – Establish and Mature Threat Modeling Programs Aug 12 2021 10:00 am UTC 59 mins
    Chandu Ketkar, Director Security Architecture Practice at Synopsys and Himanshu Tiwari, Managing Consultant at Synopsys
    What differentiates a highly mature threat modeling program from a less mature program? How do companies get started with threat modeling? What does the journey to higher levels of maturity look like? What are the key anchors of building the threat modeling capability?

    Join our talk as we share what we've learned through the years working with clients. Find out how companies evolve their threat modeling programs and maturity.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 4:00 pm UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 9:00 am UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • Is IAST the Next Big Thing in AppSec? Recorded: Aug 4 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Recorded: Aug 3 2021 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Recorded: Aug 3 2021 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Is IAST the Next Big Thing in AppSec? Recorded: Jul 22 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Is IAST the Next Big Thing in AppSec? Recorded: Jul 22 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Two Models of Application Security: The DMV and the Fishing Teacher
  • Live at: Apr 21 2020 3:30 pm
  • Presented by: Jonathan Knudsen, Technical Marketing Manager, Synopsys
  • From:
Your email has been sent.
or close