Hi [[ session.user.profile.firstName ]]

The Hidden Secrets of Software Security

Due to rapidly evolving digital technologies across industries including finance, healthcare, and the public sector, companies are collecting and processing larger amount of personal data than ever before. And as companies become more digitized, they must take appropriate steps in their application security processes to ensure that data is protected.

A breach can ruin the reputation of a well-established company, and breaches happen every single day. When a product is developed the quality, performance, scalability, and maintainability must be considered from the very beginning. Firms should also ensure that security is an integral part of the development.

In this webinar session, you will learn

• Where the real problem lies for software security
• Why robust and secure software needs forethought and planning
• Why different personas need different software security touchpoints
• What the OWASP Top 10 is and why it’s important in software security
Recorded Jul 22 2021 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Sharlton Shadrac J
Presentation preview: The Hidden Secrets of Software Security
  • Channel
  • Channel profile
  • Hot Topics: Open Source Software Legal Update Oct 20 2021 6:00 pm UTC 75 mins
    Mark Radcliffe, DLA Piper, Tony Decicco, GTC Law Group & Phil Odence, Synopsys
    Open source software use continues to explode, and with increased growth comes increased legal, compliance and enforcement risk. Tune in to get an update on a few of the hot topics generating buzz in the open source software legal space, so you can continue benefiting from open source software while avoiding these risks.

    Join two of the leading open source legal experts for a live Synopsys webinar as they discuss the latest developments. They’ll cover:

    • Recent Statements by the Software Freedom Conservancy
    • OSS & Blockchain
    • Stockfish v. ChessBase Enforcement Action
    • Github’s Co-Pilot

    Don’t miss this informative webinar. Register today.

    CLE:
    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
    • California: 1.25 Credit (1.25 General, 0.0 Ethics)
    • New Jersey: 1.5 Credits (1.5 General, 0.0 Professional Responsibility)
    • New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics and Professionalism)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.
  • Common Challenges of Operationalizing Integration Oct 19 2021 7:00 pm UTC 52 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    The benefits of AppSec tool integration in the CI/CD pipeline are greater the earlier you perform them in the process. Choosing the right tools is just one part of the process. Making sure the tools easily integrate into your build environment is something else entirely.

    In this session Meera Rao will share how to build security tools into a continuous integration/continuous delivery pipeline. Topics covered include:

    • How can you ensure that release cycles are not slowed down?
    • How should you manage false positives?
    • How do you satisfy compliance needs?
  • Part 2: Common Challenges of Operationalizing Integration Oct 19 2021 6:00 pm UTC 52 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    In this second part of the webinar series, learn how to build security tools into a continuous integration/continuous delivery pipeline. Topics covered include:
    • How can you ensure that release cycles are not slowed down?
    • How should you manage false positives?
    • How do you satisfy compliance needs?
  • Future-Proofing Digital Transformations Oct 19 2021 9:00 am UTC 63 mins
    Anil Bhat, VP of Platform Transformation, MetricStream and Lekshmi Nair, Managing Principal, Synopsys
    Enterprises are redefining their key success factors and long-term ambitions while considering for volatility, scalability, and resiliency. As a result, digital transformation jumped multiple notches up the C-suite agenda. Is digital transformation is just about introducing more technology and developing a digitally literate workforce? Are we prepared enough to address eventualities arising out of diminishing perimeters and distributed data storage? Are organizations ready to accept identity and context as the new perimeter and not the traditional data centers?

    Join this informative discussion to learn about critical components you should consider in “future proofing” your digital transformation journey. The session will outline a practical framework that implementors can adopt to look at the entire lifecycle of data and implement appropriate safeguards and controls.

    These include:

    • Compliance considerations for digital transformation.
    • Remodeling your application security framework to add data security considerations
    • Sustainable and repeatable system engineering practices to S-digitization
    • Secret management considerations for systems engineering
  • Find More Bugs by Detecting Failure Better Oct 14 2021 6:00 am UTC 54 mins
    Jonathan Knudsen, Senior Security Strategist
    Software can fail in many ways, including process crashes, infinite loops, memory leaks, data leakage, corruption, unexpected behavior, and more. Part of the challenge of fuzz testing is accurately detecting when failure occurs.

    This webinar describes the instrumentation techniques that are built into Defensics. You’ll learn how Defensics:
    - makes it easy to detect a wide variety of software failures
    - can be extended to any type of instrumentation you can imagine
    - an agent framework makes it easy to detect failures
  • Application security risks in FSI by the numbers Oct 13 2021 6:00 pm UTC 60 mins
    Mike McGuire, Product Marketing Manager, Synopsys
    We trust that financial applications and software are secure because of the sensitive nature of the information they manage and contain. But based on the numbers, we should be very concerned.

    Join us for this live Synopsys webinar to get an inside look at how prevalent mobile application security and open source risks are today, and the steps you can take to become more secure. We’ll cover:

    • Report methodology and findings for FSI
    • The types of risks to be aware of
    • What the numbers mean for security teams
    • Strategies to reduce AppSec risks
  • The Seven Habits of Highly Effective Security Oct 7 2021 6:00 pm UTC 46 mins
    Girish Janardhanudu, VP of Security Consulting - Synopsys, Dr. Neil Daswani, Director - Stanford Advanced Cybersecurity
    Software vulnerabilities are one of the six technical root causes of breaches, and in this webinar, Neil Daswani, codirector of the Stanford Advanced Security Certification Program, and Girish Janardhanudu, vice president of Synopsys Security Consulting, discuss the key lessons learned from the biggest megabreaches and the 9,000+ reported breaches over the past 15 years.

    Learn the histories and take deep dives into breaches including those at Target, JPMorgan Chase, OPM, Yahoo, Equifax, Facebook, Marriott, and Capital One, as well as the still-unfolding SolarWinds hack. Daswani and Janardhanudu also share key insights into how the right mindset and the right habits help organizations manage security effectively.
  • Cybersecurity Executive Order Impact and Implications with The Chertoff Group Oct 7 2021 5:00 pm UTC 60 mins
    Tim Mackey, Principal Security Strategist, Synopsys & David London, Managing Director, Cybersecurity, The Chertoff Group
    In May, President Biden issued “Executive Order on Improving the Nation’s Cybersecurity,” which has sweeping implications for both the federal government and the private sector. In this order, the President outlines a number of initiatives designed to promote greater awareness of not only the security practices required to operate software in a secure manner, but also how the security practices used during software creation impact the software product’s risk profile. When combined, these elements heighten expectations for software producers and will ultimately allow software consumers greater visibility into the security practices applied during software design and implementation.

    In this webinar, Synopsys, a leader in software security innovation, and the Chertoff Group, a premier security risk management firm, offers their shared perspectives on the Executive Order and the broad implications for both software producers and consumers. Learn about some of the more significant outputs from National Institute of Standards and Technology (NIST) and National Telecommunications and Information Administration (NTIA) in response to the Executive Order and how they can be directly applied to your development and deployment teams. This webinar focuses on ways to identify critical software, best practices for communicating security information between teams and organizations, and deployment considerations like log management and zero-trust principles.
  • Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down Oct 7 2021 10:00 am UTC 44 mins
    Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
    Everyone expects for production web applications to be largely free of security defects. Expectation and reality aren’t always the same. Your organization may have any number of AppSec tools, but when and where you run them may depend on how long it takes for them to run. As release cycles speed up and code is deployed more frequently development and security need to collaborate more than ever.

    Join this webinar with Dan Kennedy, 451 Research and Jason Schmitt, Synopsys as they talk about the pressures of keeping up with recycles and new technologies that may help alleviate challenges.

    In this webinar, you’ll learn:

    - Why legacy CI/CD approaches can’t keep up with the speed of DevOps
    - What you can do to automate security gates and enforce policies at enterprise scale
    - How tools like Intelligent Orchestration help decide which tools to use and when
  • How to Communicate Risk Effectively Oct 6 2021 6:00 pm UTC 60 mins
    Michael Fabian, Principal Consultant at Synopsys
    It’s no longer a question of if a cyber-attack will happen but when. You can’t ignore the fact your medical devices which connect to the cloud or a hospital network may be exposed to some cyber-attack. Risk assessment processes such as NIST 800-30 and ISO 27005 are a good starting point, but how do you share your findings in a meaningful way?

    Join Michael Fabian, medical device and security expert, as he reviews risk assessment best practices and how to communicate risk effectively. He’ll provide guidance on how you can:

    - Outline a risk assessment process 
    - Review your risk measurement methods
  • How to Communicate Risk Effectively Oct 6 2021 8:00 am UTC 60 mins
    Michael Fabian, Principal Consultant at Synopsys
    It’s no longer a question of if a cyber-attack will happen but when. You can’t ignore the fact your medical devices which connect to the cloud or a hospital network may be exposed to some cyber-attack. Risk assessment processes such as NIST 800-30 and ISO 27005 are a good starting point, but how do you share your findings in a meaningful way?

    Join Michael Fabian, medical device and security expert, as he reviews risk assessment best practices and how to communicate risk effectively. He’ll provide guidance on how you can:
    - Outline a risk assessment process
    - Review your risk measurement methods
  • It’s Time to Rethink Your AppSec Approach Oct 5 2021 8:00 am UTC 60 mins
    Patrick Carey, Director Product Marketing, Synopsys and Sandy Carielli, Principal Analyst, Forrester Research, Inc.
    On average, organizations use more than 10 different AppSec tools to secure their applications. As development velocity increases, managing those AppSec tools and the results they produce can impede agility and innovation. As a result, many organizations are forced to choose between speed and security. But it doesn’t have to be that way.

    It’s possible to use intelligent automation and machine learning to secure your applications at the speed of DevOps—you just need a modern approach to AppSec and the right technology. Join Patrick Carey from Synopsys, and guest presenter Sandy Carielli, principal analyst at Forrester Research, to learn:

    • How AppSec orchestration technology triggers the right tests at the right time
    • How AppSec correlation technology reduces noise and streamlines vulnerability triage
    • How machine learning helps prioritize vulnerability remediation efforts

    With the right approach you can transform your AppSec program from a bottleneck to an enabler of DevSecOps.
  • Part 1: Integration of Automated Security Tools in CI/CD Pipelines Sep 30 2021 6:00 pm UTC 60 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:

    • How do you pick the right application security tools for your CI/CD pipeline?
    • Where should you integrate your tools in the pipeline?
    • How should you configure the tools?

    This is this first in a four-part series.
  • The Evolution of IAST: Building Security Into Testing Sep 30 2021 6:00 am UTC 57 mins
    Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • How to Smartly Scale AppSec Testing Sep 29 2021 9:00 am UTC 45 mins
    Khalid Damrah, Head of Information Security Risk Department, Bank of Palestine and Frank Morris, Managing Director, Synopsys
    No matter what any blog or vendor says you know there is no silver bullet for application security. Complete one item on your to-do list, seven more things are there anxiously awaiting your attention. Since cloning yourself is out of the question, how are you scaling your AppSec program to keep up?

    Join Khalid Damrah, Bank of Palestine, State of Palestine, Ramallah and Frank Morris from Synopsys as they discuss how overwhelmed or understaffed organizations are scaling their AppSec testing. Topics covered include:

    - How to handle elasticity in testing demand in a global skills shortage
    - What happens when we share knowledge and experience more often
    - Why feedback and continuous improvement matters
  • Container Security Essentials Recorded: Sep 23 2021 61 mins
    David Benas, Associate Principal Consultant, Synopsys
    As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

    The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

    In this webinar, we’ll outline the essential elements required to secure your container environments, including:• What containers are and what they aren’t
    • How to look at container security holistically
    • Which of the top threats in the container landscapes you should worry about
  • Under Pressure – Building Security into Application Development Recorded: Sep 22 2021 62 mins
    Patrick Carey, Director Product Marketing, Synopsys and Dave Gruber, Senior Analyst, Enterprise Strategy Group
    Nearly half of the cybersecurity and development professionals say their organization knowingly pushes vulnerable code into production due to time pressures. As development and security teams grapple with the competing demands of development velocity and application security, tensions rise. If you’re looking for a way to defuse this ticking time bomb join this webinar.

    ESG senior analyst, Dave Gruber, and Synopsys product marketing director Patrick Carey discuss what organizations can do to build security into their development toolchains and processes.

    Highlights include:

    - Why many organizations’ AppSec programs aren’t as effective as they think
    - What key attributes set successful AppSec programs apart
    - How organizations are working to improve AppSec ROI while simplifying deployments
  • Crafting Reps and Warranties to Reduce Open Source Risk in M&A Transactions Recorded: Sep 22 2021 46 mins
    Danny Ogburn & Matt Jacobs at Synopsys
    Synopsys is an active acquirer with more than 80 deals over the last 33 years. In addition to having a thorough tech due diligence process, we structure our M&A agreements to minimizing license, security, and code quality risks in the software we’re acquiring. We’re offering a peek at our approach.

    Join us for this webinar as we talk through how to minimize risk and maximize value with every transaction. We’ll cover:

    · The use of open source in targets’ offerings
    · Ensuring intellectual property value
    · Protecting against known vulnerabilities in open source components
    · Other elements of security and code quality
    · How software audits help inform reps and warranties

    Don’t miss this informational webinar. Register today.
  • Accelerating your SDLC Securely using SAST Recorded: Sep 22 2021 24 mins
    Nivedita Murthy, Senior Security Consultant, Synopsys
    In today’s fast-paced world, everything needs to move quickly—including development. But organizations can’t compromise on security while delivering products in rapid succession. Modern static application security testing (SAST) tools address this urgent need to identify and secure applications while not impacting production timelines.

    In this session learn:
    - How you can integrate SAST tools in the SDLC
    - Why you should customize and optimize your tool for the best results
    - What some common challenges are when integrating SAST into a DevOps pipeline
  • Managing Open Source Security Risks: Lessons from the 2021 OSSRA Report Recorded: Sep 16 2021 47 mins
    Mike McGuire, Product Marketing Manager at Synopsys
    Open source has become the foundation for modern software development, but when left unmanaged, it exposes both vendors and consumers to security risks. In fact, 84% of the codebases we audited in 2020 contained a vulnerability, and sixty percent contained a high-risk vulnerability. How are you managing your open source security risks?

    Join this live Synopsys webinar as we explore the findings of our 2021 Open Source Security and Risk Analysis report and what that means to teams like yours. Specific topics include:

    • What it means to manage your open source usage
    • Why you need an accurate inventory of open source components
    • How to prioritize the vulnerabilities to fix
    • Where to integrate testing into your SDLC

    Don’t miss this informative webinar. Register today.
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Hidden Secrets of Software Security
  • Live at: Jul 22 2021 5:30 am
  • Presented by: Sharlton Shadrac J
  • From:
Your email has been sent.
or close