Hi [[ session.user.profile.firstName ]]

Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down

Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment.

A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration.

In this webinar, you’ll learn:

Why legacy CI/CD approaches can’t keep up with the speed of DevOps
How Synopsys Intelligent Orchestration:
- Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time
- Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback
- Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale
Recorded Jun 30 2021 43 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
Presentation preview: Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down
  • Channel
  • Channel profile
  • Testing security of micro-services, APIs and cloud-native apps Nov 10 2021 5:00 pm UTC 52 mins
    Ainsley Braun, Product Director, Synopsys and John Salomon, Director Continental Europe, Middle East, & Africa FS-ISAC
    How are you security testing APIs, web services, and cloud-native applications? Are you able to test application security without impacting efficiency? Do you have sufficient visibility into sensitive data that your applications handle?

    This session we will be joined by guest speaker John Salomon from FS-ISAC where we discuss ways of ensuring that your security testing is developer friendly, and that your insight into application vulnerabilities and remediation guidance meet your organization’s risk appetite. We will go over ways of ensuring fast, relevant contextual training, and efficient remediation of detected vulnerabilities.
  • Crafting Reps and Warranties to Reduce Open Source Risk in M&A Transactions Sep 22 2021 4:00 pm UTC 46 mins
    Danny Ogburn & Matt Jacobs at Synopsys
    Synopsys is an active acquirer with more than 80 deals over the last 33 years. In addition to having a thorough tech due diligence process, we structure our M&A agreements to minimizing license, security, and code quality risks in the software we’re acquiring. We’re offering a peek at our approach.

    Join us for this webinar as we talk through how to minimize risk and maximize value with every transaction. We’ll cover:

    · The use of open source in targets’ offerings
    · Ensuring intellectual property value
    · Protecting against known vulnerabilities in open source components
    · Other elements of security and code quality
    · How software audits help inform reps and warranties

    Don’t miss this informational webinar. Register today.
  • Managing open source security risk: Lessons from the 2021 OSSRA report Sep 16 2021 4:00 pm UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • Managing open source security risk: Lessons from the 2021 OSSRA report Sep 16 2021 9:00 am UTC 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
  • PCI meets DevSecOps: Hazard or Opportunity? Sep 15 2021 4:00 pm UTC 30 mins
    Stephen Gardner, Managing Consultant, Synopsys
    Under pressure to build software faster and cheaper, engineering teams are adopting DevOps. Does this ruin the pathway to application security, or does DevSecOps enable new efficiencies for security as well as engineering?

    Join this live webinar as we discuss DevSecOps best practices, and how these align with Application Security elements of PCI. We’ll cover:

    • Software security in PCI
    • DevSecOps: What and why?
    • Pros and Cons of DevSecOps in a PCI regulated environment

    Don’t miss this informative webinar. Register today.
  • Software Audits: The Good, the Bad, & the Ugly Aug 25 2021 4:00 pm UTC 60 mins
    Phil Odence, Synopsys
    Interview with an Auditor: Best Practices in M&A Tech Due Diligence

    The Black Duck Audit Services team dives into over 1,500 codebases a year, so we've seen things – lots of things. Whether your acquiring a company where the software is a big part of the deal or prepping for a sale, it’s always good to know what’s lurking in the code. You may be pleasantly surprised or a little concerned - but understanding risk is the key to managing risk.

    Join us for a live webinar as we share some real-world examples of audits - anonymous, of course - that range from very smooth to a little rocky, to help you understand the software due diligence process. We’ll cover:

    • Open source risk in M&A by the numbers
    • How to make the most of an audit
    • An auditors perspective on best (and worst) practices
    • Practical advice on how to prepare for the due diligence process

    Don’t miss this informative webinar, Register today.
  • Container Security Essentials Aug 19 2021 5:00 pm UTC 60 mins
    David Benas, Associate Principal Consultant, Synopsys
    As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications, because of the agility and scalability they deliver. Gartner predicts that “By 2022, more than 75% of global organizations will be running containerized applications in production.”
    The popularity of containers however has also attracted the attention of hackers who and constantly looking for new ways to exploit them. Containers expand your organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.
    In this webinar, we’ll outline the essential elements required to secure your container environments, starting with the very basics:
    • Understanding what containers are (and aren’t).
    • How to look at container security holistically.
    • The top threats affecting our clients’ container landscapes.
    • Relevant case studies.
  • Time is Money - Interactive Application Security Testing at DevOps Speed Aug 19 2021 4:00 pm UTC 39 mins
    Scott Tolley, Application Security Specialist, Synopsys and Amit Sharma, Application Security Evangelist, Synopsys
    Would you like to find out more about Interactive Application Security Testing (IAST), a new category of AppSec born in the age of DevOps?

    Join Scott Tolley & Amit Sharma (Application Security Specialists) as they discuss how to bridge the gap from DevOps to DevSecOps, without slowing everything down.

    Agenda:
    Application Security trends and challenges in moving from DevOps to DevSecOps
    Introducing IAST and Seeker
    Product Demonstration
    Q&A - come prepared with your questions and we’ll answer live on the webinar.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 4:00 pm UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • 2021 OSSRA Report: Open Source Trends, Risks & Management Aug 11 2021 9:00 am UTC 59 mins
    Tim Mackey, Principal Security Strategist, Synopsys
    The 2021 Open Source Security and Risk Analysis report (OSSRA) looks at the state of open source use in over 1,250 distinct applications created by organizations in 17 industries. The use of open source continues to grow and businesses of all sizes are now powered by open source software. If left unmanaged, open source may introduce security, quality, and license compliance risks. Are you ready to take control of your open source?

    Join us for this live Synopsys webinar to get a look at our 2021 report results and learn how teams can use the data to inform their overall open source governance plans. We’ll cover:

    • Why open source governance matters
    • The latest trends in open source usage
    • Open source management strategies

    Don’t miss this informative webinar. Register today.
  • How to automate SBOM and save time and money Aug 4 2021 6:00 pm UTC 47 mins
    Michael White, Technical Director, Synopsys and Chris Clark, BDM and Medical Industry Expert, Synopsys
    Medical device manufacturers are fielding inquiries about Software Bill of Material (SBOM) information from regulators and HDOs alike. What’s in there, is it vulnerable, what are our obligations? On top of this, we’re expecting that 2021 brings updated FDA rules, too. In this session we discuss the different SBOM requirements, look at what organizations are doing today, and share insights on how organizations can develop the capabilities they need whilst avoiding the pitfalls that come with identification, communication, and distribution of managing SBOM at scale in complex product development environments.
  • How to automate a software Bill of Materials and save time and money Aug 4 2021 8:00 am UTC 47 mins
    Michael White, Technical Director, Synopsys and Chris Clark, BDM and Medical Industry Expert, Synopsys
    Medical device manufacturers are fielding inquiries about Software Bill of Material (SBOM) information from regulators and HDOs alike. What’s in there, is it vulnerable, what are our obligations? On top of this, we’re expecting that 2021 brings updated FDA rules, too. In this session we discuss the different SBOM requirements, look at what organizations are doing today, and share insights on how organizations can develop the capabilities they need whilst avoiding the pitfalls that come with identification, communication, and distribution of managing SBOM at scale in complex product development environments.
  • Is IAST the Next Big Thing in AppSec? Aug 4 2021 5:30 am UTC 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Aug 3 2021 6:00 pm UTC 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Integrating Fuzz Testing into the Cybersecurity Validation Strategy Aug 3 2021 8:00 am UTC 52 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist , Synopsys & Nico Vinzenz, Security and Connectivity, ZF Group
    Automotive systems are becoming increasingly complex and interconnected, and that makes them more vulnerable to cyber attacks. That's why modern cyber security tools and processes are vital to finding and fixing these vulnerabilities. In this presentation learn about:

    * The automotive cyber security engineering processes 
    * How fuzz testing helps improve product security 
    * An updated cyber security engineering process
  • Is IAST the Next Big Thing in AppSec? Recorded: Jul 22 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • Is IAST the Next Big Thing in AppSec? Recorded: Jul 22 2021 59 mins
    Kimm Yeo & Eugene Pakhomov, Synopsys
    Interactive application security testing (IAST) provides distinct advantages over traditional application security testing methods. No matter where you are in your AppSec maturity and test readiness model, you can benefit from real-time vulnerability testing in running applications. If you don’t already have an IAST or dynamic application security testing strategy, now is the time to make one.

    Join us for this live Synopsys webinar to learn why security and development teams are relying on IAST tools to fill the gap between static (SAST) and dynamic testing (DAST). We’ll cover:

    • What IAST is and why you should care
    • How IAST has quickly evolved to speed up modern application security testing
    • How to test and secure new technologies including microservices, APIs and more
    • Where IAST fits into your SDLC
    • What to look for in an IAST tool

    Don’t miss this informative webinar. Register today.
  • The Hidden Secrets of Software Security Recorded: Jul 22 2021 61 mins
    Sharlton Shadrac J
    Due to rapidly evolving digital technologies across industries including finance, healthcare, and the public sector, companies are collecting and processing larger amount of personal data than ever before. And as companies become more digitized, they must take appropriate steps in their application security processes to ensure that data is protected.

    A breach can ruin the reputation of a well-established company, and breaches happen every single day. When a product is developed the quality, performance, scalability, and maintainability must be considered from the very beginning. Firms should also ensure that security is an integral part of the development.

    In this webinar session, you will learn

    • Where the real problem lies for software security
    • Why robust and secure software needs forethought and planning
    • Why different personas need different software security touchpoints
    • What the OWASP Top 10 is and why it’s important in software security
  • What You Need to Know about Software Due Diligence Recorded: Jul 21 2021 61 mins
    Phil Odence, GM Black Duck Audits, Synopsys
    There’s risk in any M&A transaction but having the right software due diligence approach can help mitigate that risk. If software is a large part of the deal, understanding the legal, security, code and design quality risks in the target’s codebase is key. Do you know the right questions to ask?

    Join this live Synopsys webinar to create or tweak your due diligence playbook. We’ll cover:

    •Understanding the software due diligence landscape
    •The risks to look out for (and why)
    •What questions to ask in the process
    •How to choose the right audit partner

    Don’t miss this informative webinar. Register today!
  • Getting your Organization ready for ISO/SAE 21434 Recorded: Jul 20 2021 58 mins
    Dennis Kengo Oka, Principal Automotive Security Strategist, & Chris Clark, Global Solutions, Synopsys
    The latest ISO/SAE 21434 standard will be released in September to help automotive companies address cyber security for the entire vehicle life cycle.

    We will provide an overview of the ISO/ SAE FDIS 21434 Cybersecurity Engineering standard in our presentation. Join this Synopsys webinar to learn about:
    • Critical organizational cybersecurity topics assisting with your preparation for the new standard
    • Relevant cybersecurity activities and solutions for secure product development
    • Practical examples of tooling to help fulfil requirements in the software development process
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down
  • Live at: Jun 30 2021 9:00 am
  • Presented by: Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
  • From:
Your email has been sent.
or close