Hi [[ session.user.profile.firstName ]]

Integrating Fuzz Testing into the Cybersecurity Validation Strategy

Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

* The automotive cyber security engineering processes 
* How fuzz testing helps improve product security 
* An updated cyber security engineering process
Recorded May 11 2021 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
Presentation preview: Integrating Fuzz Testing into the Cybersecurity Validation Strategy
  • Channel
  • Channel profile
  • Crafting Reps and Warranties to Reduce Open Source Risk in M&A Transactions Sep 22 2021 4:00 pm UTC 46 mins
    Danny Ogburn & Matt Jacobs at Synopsys
    Synopsys is an active acquirer with more than 80 deals over the last 33 years. In addition to having a thorough tech due diligence process, we structure our M&A agreements to minimizing license, security, and code quality risks in the software we’re acquiring. We’re offering a peek at our approach.

    Join us for this lwebinar as we talk through how to minimize risk and maximize value with every transaction. We’ll cover:

    · The use of open source in targets’ offerings
    · Ensuring intellectual property value
    · Protecting against known vulnerabilities in open source components
    · Other elements of security and code quality
    · How software audits help inform reps and warranties

    Don’t miss this informational webinar. Register today.
  • Software Audits: The Good, The Bad & The Ugly Aug 25 2021 4:00 pm UTC 60 mins
    Phil Odence, Synopsys
    Interview with an Auditor: Best Practices in M&A Tech Due Diligence

    The Black Duck Audit Services team dives into over 1,500 codebases a year and we’ve seen things – lots of things. Whether your acquiring a company where the software is a big part of the deal or prepping for a sale, it’s always good to know what’s lurking in the code. You may be pleasantly surprised or a little concerned - but understanding risk is the key to managing risk.

    Join us for a live webinar as we share some real life examples of audits - anonymous, of course - that have ranged from very smooth to a little rocky to help as you go through the tech due diligence process. We’ll cover:

    • Open source risk in M&A by the numbers
    • How to make the most of an audit
    • An auditors perspective on best (and worst) practices
    • Practical advice on how to prepare for the due diligence process

    Don’t miss this informative webinar, Register today.
  • Time is Money - Interactive Application Security Testing at DevOps Speed Aug 19 2021 4:00 pm UTC 39 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Agenda:
    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 4:00 pm UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • Is IAST the Next Big Thing in AppSec? Jul 22 2021 4:00 pm UTC 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • What You Need to Know about Software Due Diligence Jul 21 2021 4:00 pm UTC 61 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
  • Getting your Organization ready for ISO/SAE 21434 Jun 30 2021 1:00 pm UTC 60 mins
    Dennis Kengo Oka, Principal Automotive Strategist, Synopsys & Chris Clark, Business Development Manager, Synopsys
    The latest ISO/SAE 21434 standard will be released in September to help automotive companies address cyber security for the entire vehicle life cycle.

    We will provide an overview of the ISO/ SAE FDIS 21434 Cybersecurity Engineering standard in our presentation. Join this Synopsys webinar to learn about:
    • Critical organizational cybersecurity topics assisting with your preparation for the new standard
    • Relevant cybersecurity activities and solutions for secure product development
    • Practical examples of tooling to help fulfil requirements in the software development process
  • The Seven Habits of Highly Effective Security Jun 30 2021 12:00 pm UTC 46 mins
    Girish Janardhanudu, VP of Security Consulting - Synopsys, Dr. Neil Daswani, Director - Stanford Advanced Cybersecurity
    Software vulnerabilities are one of the six technical root causes of breaches, and in this webinar, Neil Daswani, codirector of the Stanford Advanced Security Certification Program, and Girish Janardhanudu, vice president of Synopsys Security Consulting, discuss the key lessons learned from the biggest megabreaches and the 9,000+ reported breaches over the past 15 years. Learn the histories and take deep dives into breaches including those at Target, JPMorgan Chase, OPM, Yahoo, Equifax, Facebook, Marriott, and Capital One, as well as the still-unfolding SolarWinds hack. Daswani and Janardhanudu also share key insights into how the right mindset and the right habits help organizations manage security effectively.
  • Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down Jun 30 2021 9:00 am UTC 43 mins
    Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
    Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment.

    A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration.

    In this webinar, you’ll learn:

    Why legacy CI/CD approaches can’t keep up with the speed of DevOps
    How Synopsys Intelligent Orchestration:
    - Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time
    - Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback
    - Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale
  • Coverity and Black Duck: Supporting developers in working smarter and faster Jun 22 2021 5:00 pm UTC 55 mins
    James Croall, Product Management Director and Mike McGuire, Product Marketing Manager
    Static application security testing (SAST) tools such as Coverity® SAST are critical for uncovering and eliminating issues in proprietary software early in the software development life cycle (SDLC). However, SAST isn’t designed to find third-party open source software vulnerabilities or identify open source license types or versions. Open source is an essential component of application development today, with over 70% of code in an average application composed of open source components. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming.

    Join Synopsys experts James Croall, product management director, and Mike McGuire, product marketing manager, for this webinar where they will explore:

    • Security issues that are easily missed when you don’t use both SAST and SCA
    • Why adding Black Duck® SCA to your AppSec strategy is the best complement to Coverity SAST
    • Why only Synopsys solutions can identify context and business criticality and guide developers to the most pressing security issues
    • How combining software analysis tools lets developers address issues holistically as they code
    • How Synopsys can intelligently automate and orchestrate your testing needs across the SDLC
  • Coverity and Black Duck: Supporting developers in working smarter and faster Jun 22 2021 9:00 am UTC 55 mins
    James Croall, Product Management Director and Mike McGuire, Product Marketing Manager
    Static application security testing (SAST) tools such as Coverity® SAST are critical for uncovering and eliminating issues in proprietary software early in the software development life cycle (SDLC). However, SAST isn’t designed to find third-party open source software vulnerabilities or identify open source license types or versions. Open source is an essential component of application development today, with over 70% of code in an average application composed of open source components. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming.

    Join Synopsys experts James Croall, product management director, and Mike McGuire, product marketing manager, for this webinar where they will explore:

    • Security issues that are easily missed when you don’t use both SAST and SCA
    • Why adding Black Duck® SCA to your AppSec strategy is the best complement to Coverity SAST
    • Why only Synopsys solutions can identify context and business criticality and guide developers to the most pressing security issues
    • How combining software analysis tools lets developers address issues holistically as they code
    • How Synopsys can intelligently automate and orchestrate your testing needs across the SDLC
  • Managing open source security risk: Lessons from the 2021 OSSRA report Jun 17 2021 4:00 pm UTC 60 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Financial Services Study Shows Why Investing in AppSec Matters Jun 17 2021 3:00 pm UTC 34 mins
    Drew Kilbourne and Larry Ponemon
    If you’re a provider of financial services, then client trust, privacy, and risk management are critical to your success. Therefore, you must protect your organization’s sensitive data from cyber attacks and data breaches. A recent survey of current software security practices in the financial services industry explores the industry’s software security posture and its ability to address security-related issues.

    In this webinar with Drew Kilbourne, managing director, Synopsys and Larry Ponemon, chairman, Ponemon Institute, will review findings from the report and discuss what they mean for the industry at large. Here’s a preview of some key findings:

    - 56% of organizations had experienced an attack resulting in system failure and downtime.
    - 74% were concerned about security vulnerabilities introduced by third-party suppliers, but less than 43% said they require third parties to adhere to cyber security requirements.
    - Only 34% of financial applications are tested for vulnerabilities, and only 25% of respondents were confident in their ability to detect vulnerabilities before going to market.
  • Is Your Software Supply Chain a Security Mystery? Recorded: Jun 16 2021 58 mins
    Ian Hall, Head of Client Services, APAC
    One of the biggest challenges companies face with third-party software is lack of visibility into the vulnerabilities it introduces in their codebase. There have been major security breaches attributed to exploits of vulnerabilities in the open source frameworks used by Fortune 100 companies in education, government, financial services, retail, and media.

    These incidents highlight the need for organizations to carefully manage their supply chain, including the open source code in the third-party and commercial software they use. The goal is to protect themselves—and their customers—from the consequences of catastrophic security breaches.

    This session explores:
    1) How to make your supply chain more resilient from open source and commercial third-party code risks
    2) The types of risks faced by organizations as consumers and producers of software
    3) The types of activities organizations should be performing to secure the supply chain
    4) The tools, services, and frameworks available to help you get started
  • The Evolution of IAST: Building Security Into Testing Recorded: Jun 10 2021 56 mins
    Featuring Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • The Seven Habits of Highly Effective Security Recorded: May 27 2021 46 mins
    Girish Janardhanudu, VP of Security Consulting - Synopsys, Dr. Neil Daswani, Director - Stanford Advanced Cybersecurity
    Software vulnerabilities are one of the six technical root causes of breaches, and in this webinar, Neil Daswani, codirector of the Stanford Advanced Security Certification Program, and Girish Janardhanudu, vice president of Synopsys Security Consulting, discuss the key lessons learned from the biggest megabreaches and the 9,000+ reported breaches over the past 15 years. Learn the histories and take deep dives into breaches including those at Target, JPMorgan Chase, OPM, Yahoo, Equifax, Facebook, Marriott, and Capital One, as well as the still-unfolding SolarWinds hack. Daswani and Janardhanudu also share key insights into how the right mindset and the right habits help organizations manage security effectively.
  • Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down Recorded: May 26 2021 44 mins
    Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
    Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment.

    A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration.

    In this webinar, you’ll learn:

    Why legacy CI/CD approaches can’t keep up with the speed of DevOps
    How Synopsys Intelligent Orchestration:
    - Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time
    - Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback
    - Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale
  • The Security of Applications Supporting the New Remote Lifestyle Recorded: May 26 2021 49 mins
    Mike McGuire, Product Marketing Manager, Synopsys; Lisa Bryngelson, Senior Product Manager, Synopsys
    With very little preparation, society was forced to move online as social distancing and shutdown mandates were implemented in an attempt to slow the spread of COVID-19. Numerous parts of our lives that we were accustomed to doing in the physical world are now done virtually—changing the way we work, learn, and interact. As a result, we all developed an increased reliance on mobile applications.

    Using Black Duck® Binary Analysis, Synopsys set out to analyze the security of the most popular Android applications in categories experiencing significant growth throughout the pandemic. Join this live webinar to learn:

    • Which apps were analyzed and the analysis methods used
    • Noteworthy security findings
    • What the findings mean for app developers and consumers alike
  • Leveraging Seeker to Verify Vulnerabilities Reported by Black Duck Recorded: May 24 2021 48 mins
    Ira Cherkes-Levinshteyn, Synopsys
    Seeker’s interactive web application testing (IAST) integrates with Black Duck Binary Analysis to provide verification for third-party and open source components’ known vulnerabilities. Seeker provides not only the verification, but also the user code that ultimately invokes the vulnerable third-party code, thus providing developers with a risk-prioritized list of verified vulnerabilities to fix.

    You will:

    * Get a short introduction to Seeker and its main capabilities
    * Learn how to set up the integration between Seeker and Black Duck Binary Analysis.
    * Learn how to leverage Seeker to verify vulnerabilities reported by Black Duck.
  • Is IAST the Next Big Thing in AppSec? Recorded: May 20 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Integrating Fuzz Testing into the Cybersecurity Validation Strategy
  • Live at: May 11 2021 8:00 am
  • Presented by: Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
  • From:
Your email has been sent.
or close