Hi [[ session.user.profile.firstName ]]

Maximizing the Impact of Static Analysis

Static analysis, also known as white box testing, static application security testing (SAST), or secure code review, finds bugs in application code, back doors, and other code-based vulnerabilities so you can mitigate those risks. But no static analysis tool can effectively address threats to a development environment out of the box. And many users have the misconception that the cost of tool adoption depends primarily on getting the tool working in a build environment.

Static analysis is the only way to enable developers to automatically identify vulnerabilities as they write code in their integrated development environment (IDE). With SAST, developers can:
•Run scans in their IDE by using plugins that provide just-in-time security guidance.
•Review source code before checking it into a version control repository.
•Remediate identified vulnerabilities.
•Adopt a preventative mindset.

Automation is an important part of adopting a SAST tool, as it drives efficiency, consistency, and early detection, enabling organizations to shift left. For a static analysis implementation to be effective, several distinct activities must come together to establish and maximize its impact. This webinar covers some challenges of SAST implementation and provides real solutions to get the most value out of SAST tools.
Recorded Dec 15 2020 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Meera Rao, Senior Director – Product Management (DevOps Solutions)
Presentation preview: Maximizing the Impact of Static Analysis
  • Channel
  • Channel profile
  • Part 4: Automate the Initiation and Management of Out-of-Band AppSec Activities May 5 2021 12:00 pm UTC 45 mins
    Meera Rao
    The final part in the webinar series provides real-world guidance on how to balance application security activities, including both those that are automated and run inline in your CI/CD pipelines, and the out-of-band activities that are traditionally executed manually. Implementing security gates at strategic places in the CI/CD pipeline to break the build when critical and high vulnerabilities are found keeps teams informed and reduces communication overhead. Just as there must be continuous integration, continuous delivery, and continuous deployment, there also must be continuous collaboration, and continuous communication across development, security, and operations teams.
  • Part 3: Reduce the Burden on Developers With Automation Apr 15 2021 1:00 pm UTC 45 mins
    Meera Rao
    Developers are often taught to emphasize functionality over security, and many developers aren’t security experts. For this reason, it’s crucial to ensure they stay aware of the risks of vulnerable code. But training materials are often static and inconvenient to access, using the internet for guidance isn’t consistent or reliable, and remediation advice from tools isn’t necessarily project-aware or product-specific. And unfortunately, security experts are often seen as an impediment to business goals, and they may not be experienced developers. The third part of the webinar series covers developer enablement and avoiding defect management overload.
  • What You Need to Know about Software Due Diligence Mar 25 2021 4:00 pm UTC 60 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or teak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
  • Part 2: Common Challenges of Operationalizing Integration Mar 24 2021 1:00 pm UTC 45 mins
    Meera Rao
    In this second part of the webinar series, learn how to build security tools into a continuous integration/continuous delivery pipeline. Topics covered include:
    • How can you ensure that release cycles are not slowed down?
    • How should you manage false positives?
    • How do you satisfy compliance needs?
  • The Evolution of IAST: Building Security Into Testing Feb 25 2021 5:00 pm UTC 60 mins
    Sandy Carielli, Principal Analyst, Forrester & Kim Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • Illustrating the rationale for DevSecOps: A real-world example Feb 24 2021 9:00 am UTC 59 mins
    Meera Rao, Senior Director Product Management, Synopsys
    When presenting the rationale for a new cultural practice such as DevSecOps, the first question from leadership tends to be along the lines of “where are the savings coming from?” With that in mind, there are four pillars of DevSecOps where we can emphasize efficiency as it aligns with a return on investment: strategy, people, process, and technology.
  • Part 1: Integration of Automated Security Tools in CI/CD Pipelines Feb 23 2021 2:00 pm UTC 45 mins
    Meera Rao
    Join our Lunch and Learn Four-Part Series.

    Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:
    • How do you pick the right application security tools for your CI/CD pipeline?
    • Where should you integrate your tools in the pipeline?
    • How should you configure the tools?
  • Why Open Source Compliance Matters for SaaS: Truths, Myths, and Considerations Feb 18 2021 5:00 pm UTC 60 mins
    Anthony Decicco, Shareholder, GTC Law Group & Affiliates & Phil Odence, GM Black Duck Audits, Synopsys
    If you offer a product via a software-as-a-service (SaaS) model, you may have heard that some of the most common open source licenses, while being potentially quite problematic for distributed software, may give a "free pass” to SaaS applications. Are you required to adhere to open source license obligations in a SaaS model? 

    Join us for this live Synopsys webinar to learn how to address open source software use in a SaaS model. We’ll cover:

    - The legal considerations around open source license compliance 
    - How security impacts open source software in a SaaS application
    - The operational and strategic pitfalls to avoid
    - The impact on financing, M&A and IPO due diligence

    Don’t miss the informative webinar. Register today.
  • Time is Money - Interactive Application Security Testing at DevOps Speed Feb 10 2021 1:00 pm UTC 45 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • Why SAST and SCA Together Are Better, Faster, Stronger Jan 28 2021 2:00 pm UTC 42 mins
    Utsav Sanghani, Senior Product Manager, Staff, Synopsys
    Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn’t designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time consuming. That’s where software composition analysis (SCA) comes in.

    Join Utsav Sanghani, product manager, as he explores the benefits of bringing SAST and SCA together. He’ll explain why using an SCA tool to scan open source dependencies is as imperative to a software development strategy as using SAST to test proprietary code. He’ll also demonstrate how developers, by combining SAST and SCA analysis in the IDE, can address issues holistically as they code, saving time and increasing productivity so they can deliver secure, high-quality software faster.
  • Building Security in DevOps with Intelligent Orchestration Jan 28 2021 9:00 am UTC 59 mins
    Meera Rao, Senior Director Product Management, Synopsys
    Building security automation into the DevOps pipeline is a key pain point for many organisations. A risk-based, intelligent, adaptive DevOps pipeline can close the gap between DevOps and security teams, helping DevOps teams accelerate deployment to production without compromising security. Implementing risk-based, adaptable, intelligence within the DevOps pipeline supports security activities by matching the team’s velocity, providing continuous intelligent feedback, continuous learning, continuous metrics and continuously supporting organisations as they scale their security testing activities.

    Key Learnings:
    - The challenges associated with implementing security testing.

    - What is Intelligent Orchestration and what makes Intelligent Orchestration solution unique and optimised for DevOps?

    - How risk-based, adaptable, intelligent pipeline can help you rank risks, identify changes, and improve responsiveness

    - How to accelerate deployment to production without compromising security.
  • 5 Steps to Start Your Software Security Initiative Jan 27 2021 6:00 pm UTC 60 mins
    Eli Erlikhman Managing Principal, Synopsys
    It's a new year and it's time to create a roadmap to help you to achieve your 2021 software security goals.

    The Building Software in Maturity Model (BSIMM) can help you measure and understand current levels of success, weakness, and maturity of your organizations’ software security program. BSIMM allows CISOs and other security executives to compare data against their industry peers and pinpoint specific areas of need in their own AppSec programs.

    It this Synopsys webinar, we’ll outline five components to jumpstart an AppSec program, helping you understand how to:

    - Put the “Sec” in DevOps
    - Deploy automation in your software delivery pipeline
    - Modernize software delivery practices, such as: cloud, containers, orchestration, etc.
    - Establish a security satellite within engineering teams
    - Detect and respond to real-time security events
  • Managed Penetration Testing - An integral part of your risk management approach​ Jan 26 2021 9:00 am UTC 46 mins
    Aravind Venkataraman, Senior Principal Consultant and David Johansson, Principal Consultant, Synopsys
    Managed penetration testing is an integral part of an organization’s risk management strategy. It serves as a complementary security testing approach to identify and validate findings alongside existing security testing tools. It also fills testing gaps that can appear as organizations determine which testing tools to integrate into their development workflows. In this webinar, we’ll discuss how managed penetration testing can help you optimize your risk management strategy.
  • The 2020 Open Source Year in Review Jan 21 2021 5:00 pm UTC 75 mins
    Mark Radcliffe, Partner at DLA Piper & Tony Decicco, Shareholder, GTC Law Group & Affiliates & Phil Odence, GM, Synopsys
    Gain insights into important legal developments from two of the leading open source legal experts, Mark Radcliffe, partner at DLA Piper and general counsel for the Open Source Initiative, and Tony Decicco, shareholder at GTC Law Group & Affiliates.

    This annual review will highlight the most significant legal developments related to open source software in 2020.

    - Software Freedom Conservancy enforcement initiatives
    - Containers and open source compliance challenges
    - Cyber security and the Open Source Security Foundation
    - The rise of the software Bill of Materials
    - And much, much more

    Attendees of the live webinar will earn CLE credit. Don’t miss out—register today.

    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
    •California: 1.0 Credit (1.0 General, 0.0 Ethics)
    •New Jersey: 1.2 Credits (1.2 General, 0.0 Professional Responsibility)
    •New York: 1.0 Transitional & Non-Transitional Credit (1.0 Professional Practice, 0.0 Ethics and Professionalism)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.
  • Under Pressure – Building Security into Application Development Recorded: Jan 19 2021 61 mins
    Patrick Carey, Director Product Marketing, Synopsys and Dave Gruber, Senior Analyst, Enterprise Strategy Group
    A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security.

    In this webinar, we speak with the study’s author, ESG Senior Analyst, Dave Gruber, about how organizations are working to build security into their development toolchains and processes. Highlights include:

    - Why many organizations’ AppSec programs aren’t as effective as they think.

    - Key attributes of the most successful AppSec programs.

    - Trends and challenges organizations are facing in implementing their AppSec programs.

    - How organizations are working to improve AppSec ROI while simplifying deployments.
  • Implementing an Effective DevSecOps Strategy Recorded: Jan 19 2021 32 mins
    Sandesh Anand, Managing Consultant Synopsys
    How can security and application development teams work more closely together to enhance cybersecurity?

    In an in-depth video discussion, a panel of experts addresses critical issues. Participants include: Jaspal Singh Sawhney, global CISO at Tata Communications; Anish Ravindranathan, security architect at Tata Digital; and Sandesh Anand, managing consultant at Synopsys.
  • See the Larger Security Picture - Enhancing the Tools You Already Have Recorded: Jan 14 2021 43 mins
    Simon King, VP Solutions, Synopsys Software Integrity Group
    DevOps and Agile development teams work iteratively to deliver customer value faster. They accelerate productivity with external software such as open-source, and external infrastructure such as cloud and containers. But this increases the threat surface and potential security risk. This leads to using more security tools, and complexity associated with managing test results and governance.

    Join Simon King from Synopsys on this journey enabling teams to see the larger security picture – transparently – enhancing the tools you already use.

    In this session you’ll learn about:
    - The challenges associated with managing test execution with multiple tools.
    - The opportunities to streamline communication between teams when coordinating triage and issue remediation.
    - How to make app sec “invisible” to the development team inside your existing CI/CD toolchain.
    - How to manage continuous improvement in risk posture
  • That's Not How This Works - All Development Should Be Secure Development Recorded: Jan 7 2021 51 mins
    Jonathan Knudsen, Technical Marketing Manager, Synopsys
    Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Register for this webinar to learn:
    - Why traditional approaches to software development usually end in tears and heartburn
    - How a structured approach to secure software development lowers risk for you and your customers
    - Why automation and security testing tools are key components in the implementation of a secure development life cycle
  • What the Open Source Security & Risk Report Means for Your Security Team Recorded: Dec 17 2020 36 mins
    Shandra Gemmiti, Product Marketing Manager at Synopsys and Mike McGuire, Product Marketing Manager at Synopsys
    Open source is a great foundation for modern software development, but when left unmanaged, it exposes you to security risks. In the upcoming webinar “What the 2020 OSSRA Report Means for Your Security Team,” we’ll explore the findings of our 2020 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    · Why you need an accurate inventory of open source components

    · How to prioritize the vulnerabilities to fix

    · Where to integrate testing into your SDLC

    Join us and together we’ll harness the power of open source without sacrificing the security of your applications.
  • Open Source During an M&A Process: Buyer and Seller Tips on How to Manage Risk Recorded: Dec 16 2020 60 mins
    Ben Landry, Assistant General Counsel, Health Catalyst, Inc.
    Whether you sit on the buy-side or sell-side of an M&A transaction, open source use in the software development process introduces legal and security risks into the deal. There are a number of key considerations to be aware of to minimize risk through the M&A due diligence process.

    Join this live Synopsys webinar to get a practical advice on preparing for tech due diligence from an in-house attorney with experience on both sides of the transaction. We’ll cover:

    •When and how to invest in open source diligence
    •How to manage open source and prepare for a sale
    •How Covid has impacted the due diligence process

    Don’t miss this informative webinar. Register today.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Maximizing the Impact of Static Analysis
  • Live at: Dec 15 2020 5:00 pm
  • Presented by: Meera Rao, Senior Director – Product Management (DevOps Solutions)
  • From:
Your email has been sent.
or close