Hi [[ session.user.profile.firstName ]]

Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down

Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment.

A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration.

In this webinar, you’ll learn:

Why legacy CI/CD approaches can’t keep up with the speed of DevOps
How Synopsys Intelligent Orchestration:
- Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time
- Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback
- Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale
Recorded Jun 30 2021 43 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
Presentation preview: Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down
  • Channel
  • Channel profile
  • The Evolution of IAST: Building Security Into Testing Sep 30 2021 6:00 am UTC 57 mins
    Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • How to Smartly Scale AppSec Testing Sep 29 2021 9:00 am UTC 45 mins
    Khalid Damrah, Head of Information Security Risk Department, Bank of Palestine and Frank Morris, Managing Director, Synopsys
    No matter what any blog or vendor says you know there is no silver bullet for application security. Complete one item on your to-do list, seven more things are there anxiously awaiting your attention. Since cloning yourself is out of the question, how are you scaling your AppSec program to keep up?

    Join Khalid Damrah, Bank of Palestine, State of Palestine, Ramallah and Frank Morris from Synopsys as they discuss how overwhelmed or understaffed organizations are scaling their AppSec testing. Topics covered include:

    - How to handle elasticity in testing demand in a global skills shortage
    - What happens when we share knowledge and experience more often
    - Why feedback and continuous improvement matters
  • Container Security Essentials Sep 23 2021 8:00 am UTC 61 mins
    David Benas, Associate Principal Consultant, Synopsys
    As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

    The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

    In this webinar, we’ll outline the essential elements required to secure your container environments, including:• What containers are and what they aren’t
    • How to look at container security holistically
    • Which of the top threats in the container landscapes you should worry about
  • Under Pressure – Building Security into Application Development Sep 22 2021 6:00 pm UTC 62 mins
    Patrick Carey, Director Product Marketing, Synopsys and Dave Gruber, Senior Analyst, Enterprise Strategy Group
    Nearly half of the cybersecurity and development professionals say their organization knowingly pushes vulnerable code into production due to time pressures. As development and security teams grapple with the competing demands of development velocity and application security, tensions rise. If you’re looking for a way to defuse this ticking time bomb join this webinar.

    ESG senior analyst, Dave Gruber, and Synopsys product marketing director Patrick Carey discuss what organizations can do to build security into their development toolchains and processes.

    Highlights include:

    - Why many organizations’ AppSec programs aren’t as effective as they think
    - What key attributes set successful AppSec programs apart
    - How organizations are working to improve AppSec ROI while simplifying deployments
  • Crafting Reps and Warranties to Reduce Open Source Risk in M&A Transactions Sep 22 2021 4:00 pm UTC 46 mins
    Danny Ogburn & Matt Jacobs at Synopsys
    Synopsys is an active acquirer with more than 80 deals over the last 33 years. In addition to having a thorough tech due diligence process, we structure our M&A agreements to minimizing license, security, and code quality risks in the software we’re acquiring. We’re offering a peek at our approach.

    Join us for this webinar as we talk through how to minimize risk and maximize value with every transaction. We’ll cover:

    · The use of open source in targets’ offerings
    · Ensuring intellectual property value
    · Protecting against known vulnerabilities in open source components
    · Other elements of security and code quality
    · How software audits help inform reps and warranties

    Don’t miss this informational webinar. Register today.
  • Accelerating your SDLC Securely using SAST Sep 22 2021 10:00 am UTC 24 mins
    Nivedita Murthy, Senior Security Consultant, Synopsys
    In today’s fast-paced world, everything needs to move quickly—including development. But organizations can’t compromise on security while delivering products in rapid succession. Modern static application security testing (SAST) tools address this urgent need to identify and secure applications while not impacting production timelines.

    In this session learn:
    - How you can integrate SAST tools in the SDLC
    - Why you should customize and optimize your tool for the best results
    - What some common challenges are when integrating SAST into a DevOps pipeline
  • Managing Open Source Security Risks: Lessons from the 2021 OSSRA Report Recorded: Sep 16 2021 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Illustrating the rationale for DevSecOps: A real-world example Recorded: Sep 16 2021 60 mins
    Meera Rao, Senior Director Product Management, Synopsys
    When presenting the rationale for a new cultural practice such as DevSecOps, the first question from leadership tends to be along the lines of “where are the savings coming from?” With that in mind, there are four pillars of DevSecOps where we can emphasize efficiency as it aligns with a return on investment: strategy, people, process, and technology.
  • PCI meets DevSecOps: Hazard or Opportunity? Recorded: Sep 15 2021 31 mins
    Stephen Gardner, Managing Consultant, Synopsys
    Under pressure to build software faster and cheaper, engineering teams are adopting DevOps. Does this ruin the pathway to application security, or does DevSecOps enable new efficiencies for security as well as engineering?

    Join this live webinar as we discuss DevSecOps best practices, and how these align with application security elements of PCI. We’ll cover:

    • Software security in PCI
    • DevSecOps: What and why
    • Pros and Cons of DevSecOps in a PCI-regulated environment

    Don’t miss this informative webinar. Register today.
  • Implementing SAST into your SDLC: What to look for & what to consider Recorded: Sep 9 2021 51 mins
    Rob Haines, Senior Sales Engineer, Synopsys
    So you’ve decided (or been told) that you need to implement SAST in your software development process. But SAST is not a one-size-fits-all solution, and implementation often requires a compromise between technology, time, process, and people—especially people. In this webinar, we’ll look at common objections and pitfalls that you might encounter along the way.

    We'll cover:

    • What you should look for in a tool
    • Which considerations to make when implementing SAST
    • How to get a good return on your investment
  • Building Security in DevOps with Intelligent Orchestration Recorded: Sep 9 2021 60 mins
    Meera Rao, Senior Director Product Management, Synopsys
    Building security automation into the DevOps pipeline is a key pain point for many organisations. A risk-based, intelligent, adaptive DevOps pipeline can close the gap between DevOps and security teams, helping DevOps teams accelerate deployment to production without compromising security.

    Listen as DevOps guru, Meera Rao, discusses how she helps organisations implement risk-based, adaptable, intelligence within the DevOps pipeline that scales with your development needs. The session will cover:

    - What are key challenges associated with implementing security testing.
    - How risk-based, adaptable, intelligent pipeline can help you rank risks, identify changes, and improve responsiveness
    - How to accelerate deployment to production without compromising security.
  • Securing Vehicles after Production: Vulnerability Management & Security updates Recorded: Sep 2 2021 63 mins
    Dennis Kengo Oka, Principal Automotive Strategist, Synopsys
    As the automotive software development life cycle puts greater focus on cyber security, we’ll see safer, more secure cars on the roads. OEMs and suppliers use static code analysis, software composition analysis, and fuzz testing to identify and remediate vulnerabilities in automotive components during development and testing. But even with the right tools and processes, it’s impossible to eliminate every software vulnerability in a vehicle’s 100 million lines of code before releasing it into the field.

    Therefore, it’s important to continue finding and fixing bugs in vehicles after production. During operations and maintenance, detecting and managing new vulnerabilities in automotive components is a high priority. Patching these vulnerabilities means performing secure over-the-air (OTA) updates—and ensuring those updates don’t introduce new vulnerabilities.

    This talk will present the current challenges and suggest solutions to securing vehicles during the operations phase.
  • That's Not How This Works - All Development Should Be Secure Development Recorded: Sep 2 2021 52 mins
    Jonathan Knudsen, Senior Security Strategist
    All Development Should Be Secure Development
    Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Register for this webinar to learn:
    - Why traditional approaches to software development usually end in tears and heartburn
    - How a structured approach to secure software development lowers risk for you and your customers
    - Why automation and security testing tools are key components in the implementation of a secure development life cycle
  • Maximizing the Impact of Static Analysis Recorded: Aug 26 2021 61 mins
    Meera Rao, Senior Director – Product Management (DevOps Solutions)
    Static analysis, also known as white box testing, static application security testing (SAST), or secure code review, finds bugs in application code, back doors, and other code-based vulnerabilities so you can mitigate those risks. But no static analysis tool can effectively address threats to a development environment out of the box. And many users have the misconception that the cost of tool adoption depends primarily on getting the tool working in a build environment.

    Static analysis is the only way to enable developers to automatically identify vulnerabilities as they write code in their integrated development environment (IDE). With SAST, developers can:
    •Run scans in their IDE by using plugins that provide just-in-time security guidance.
    •Review source code before checking it into a version control repository.
    •Remediate identified vulnerabilities.
    •Adopt a preventative mindset.

    Automation is an important part of adopting a SAST tool, as it drives efficiency, consistency, and early detection, enabling organizations to shift left. For a static analysis implementation to be effective, several distinct activities must come together to establish and maximize its impact. This webinar covers some challenges of SAST implementation and provides real solutions to get the most value out of SAST tools.
  • Why are software-related risks still a reoccurring theme today? Recorded: Aug 17 2021 37 mins
    Alex "Jay" Balan, Director Security Research, Bitdefender and. Boris Cipot, Senior Sales Engineer, Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and 60% contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this Synopsys discussion with Alex “Jay” Balan, director of security research at Bitdefender, and Boris Cipot, senior sales engineer at Synopsys, as we explore recent open source report findings and what they mean to organizations like yours. Specific topics include:

    -Report findings and consequences
    -Uptake in software vulnerabilities and steps to prevent them
    -Open source challenges and how to overcome them
  • Threat Modeling Program Maturity – Establish and Mature Threat Modeling Programs Recorded: Aug 12 2021 59 mins
    Chandu Ketkar, Director Security Architecture Practice at Synopsys and Himanshu Tiwari, Managing Consultant at Synopsys
    What differentiates a highly mature threat modeling program from a less mature program? How do companies get started with threat modeling? What does the journey to higher levels of maturity look like? What are the key anchors of building the threat modeling capability?

    Join our talk as we share what we've learned through the years working with clients. Find out how companies evolve their threat modeling programs and maturity.
  • Is IAST the Next Big Thing in AppSec? Recorded: Aug 4 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Recorded: Aug 3 2021 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • The Hidden Secrets of Software Security Recorded: Jul 22 2021 61 mins
    Sharlton Shadrac J
    Due to rapidly evolving digital technologies across industries including finance, healthcare, and the public sector, companies are collecting and processing larger amount of personal data than ever before. And as companies become more digitized, they must take appropriate steps in their application security processes to ensure that data is protected.

    A breach can ruin the reputation of a well-established company, and breaches happen every single day. When a product is developed the quality, performance, scalability, and maintainability must be considered from the very beginning. Firms should also ensure that security is an integral part of the development.

    In this webinar session, you will learn

    • Where the real problem lies for software security
    • Why robust and secure software needs forethought and planning
    • Why different personas need different software security touchpoints
    • What the OWASP Top 10 is and why it’s important in software security
  • What You Need to Know about Software Due Diligence Recorded: Jul 21 2021 61 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down
  • Live at: Jun 30 2021 9:00 am
  • Presented by: Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
  • From:
Your email has been sent.
or close