Name: Testing security of micro-services, APIs and cloud-native apps
Start: 2021-11-10T17:00:00Z
End: 2021-11-10T17:51:31.000Z
Location: BrightTALK
Rating: 5

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Les chaînes d'approvisionnement logicielles utilisées par les applications modernes peuvent se révélées très complexes. Elles consistent en un mélange de code propriétaire et d’open sources, d'API et d'interfaces utilisateur ainsi que de workflows de déploiement dans différents environnements. Les problèmes de sécurité à n'importe quelle étape de cette chaîne peuvent vous exposer, vous et vos clients, à un risque d'attaque. Selon les analystes du Gartner, 45 % des organisations dans le monde connaîtront une attaque d'ici 2025. Renforcer votre chaîne d'approvisionnement logicielle contre les menaces de sécurité est une nécessité, mais cela ne s'arrête pas là. Vous devez également être en mesure de démontrer que vous l'avez fait, afin d’avoir la confiance de vos clients et de respecter les obligations réglementaires.

Rejoignez-nous et découvrez comment nous proposons une approche globale de sécurité de la chaîne d'approvisionnement logicielle, notamment:
• À quoi ressemble une chaîne d'approvisionnement logicielle,
• Présentation des risques tout au long de la chaîne d'approvisionnement logicielle,
• Ce que cela signifie de sécuriser votre chaîne d'approvisionnement et de prouver que vous l'avez fait.

Sécuriser la chaîne d'approvisionnement logicielle

Travailler en mode DevOps est désormais très répandu, et maintenant le mouvement DevSecOps est en plein essor. Mais l'intégration de la sécurité applicative dans les chaînes DevOps peut provoquer des frictions entre les développeurs de logiciels, les équipes chargées de la sécurité des applications et les équipes chargées des opérations, car chaque équipe a sa propre feuille de route, ses responsabilités et ses priorités. 
 
Il est alors impératif d'instaurer une culture organisationnelle qui permette aux trois équipes de travailler vers le même objectif final: mettre l'application en production le plus rapidement possible en minimisant les problèmes de qualité et de sécurité. Dès lors, comment faire en sorte que la sécurité ne soit pas laissée pour compte ? 
 
La solution est de passer d'une sécurité réactive à une sécurité proactive. Au lieu de vous concentrer sur de nouveaux moyens de trouver des bugs déjà présents dans le code, vous devez vous attaquer à la cause première des bugs. Le moyen d'y arriver est de développer l'expertise de vos équipes et de fournir les informations nécessaires pour empêcher les bogues d'entrer dans votre base de code en premier lieu. N’attendez pas pour corriger les vulnérabilités qu’elles fassent des ravages dans vos applications. Traitez-les comme n’importe quel autre bug de développement.

Ce webinaire fournit des informations concrètes sur ces activités : 
- Les défis DevSecOps 
- Les tendances du secteur 
- Les bonnes pratiques pour intégrer la sécurité dans votre cycle de vie de développement logiciel 
- Les points clefs pour pouvoir passer à l'échelle avec vos pipelines

DevSecOps: Implémenter la sécurité dans les chaînes DevOps

To build security into DevOps and achieve true DevSecOps, organizations need to manage AppSec workflows without hindering speed and flexibility. But how do you get there?

Join this live Synopsys webinar to learn how to inject security into DevOps without sacrificing efficiency. We’ll cover how to:

• Secure code as fast as it’s written
• Run the right tests at the right time
• Automate security testing to focus on what matters

Achieving DevSecOps: Ways to reduce AppSec noise at scale

The executive order issued by the White House last year calls for more robust software supply chain protections for federal agencies. Meanwhile, companies are also taking steps toward securing their supply chains. And they are now facing many of the same struggles that government bodies have endured while attempting to adhere to the executive order. So what are the challenges? They include: 
- Improving visibility into the global partners from which you’re sourcing components 
- Instituting and operationalizing software bills of materials (SBOMs) 
- Establishing the required scope of your supply chain security program 

* determining what your testing procedures will entail 

Join us as Tim Mackey, principal security strategist at Synopsys, offers inside analysis into the U.S. government’s foray into supply chain security. He will then reveal what lessons businesses can apply toward their own efforts in this space.

Supply Chain Security Snags

Once you have a grasp on how open source can both benefit and introduce risk to your organization, your next consideration should be learning to manage it. How can you build open source risk management governance into your development pipelines, and prove to your customers that you’re doing your part in protecting your software supply chain? 

Join our talk as open source experts from Dell and GTC Law Group discuss:

• Determining which open source is the best fit for your company’s software
• Managing risk without slowing development and delivery
• Digitizing and automating open source risk governance
• Generating and utilizing compliant software Bills of Materials (SBOMs)

Take Action: Putting Open Source Risk Management Policies to Work

For a variety of reasons, everyone is talking about software Bills of Materials (SBOMs). Some organizations are being required to generate and provide them, while others are asking for them from their vendors. One thing is for certain though - there is a lot of noise surrounding SBOMs, and it's not making it any easier to understand what must be done, what should be done, and what can be done. 

Join Mike McGuire, security solutions manager with the Synopsys Software Integrity Group, as he cuts through the noise and simplifies the concept of the modern SBOM. Mike will address some of the market’s lingering questions, including:
- Why there is a heightened focus on SBOM
- What SBOM is and is not 
- How to build and use an SBOM
- How they can help you secure your software supply chain. 

And as a thank you for attending, we'll buy you a coffee. Please note that only the following countries are eligible for a voucher due to regional legal regulations and are subject to change: France, Italy, Belgium, Netherlands, UK, Denmark, Norway, Sweden, Austria, and Switzerland.

Coffee with a Slice of SBOM

A recent Forrester report reaffirms that “applications remain the most common attack vector.” The Synopsys Cybersecurity Research Center (CyRC) published a report that digs into the latest AppSec trends. 

In this webinar, we will focus on the findings of the “Software Vulnerability Snapshot” report. We will cover

• Latest AppSec trends and challenges  
• Findings  from “black box” and gray box” testing  
• A brief overview of best practices to address the latest AppSec challenges

The Future of AppSec: What You Need To Know

A Practical Guide to Operationalizing the Modern AppSec Framework

You need to modernize your application security program and you know how you are going to do it – by adopting the Modern AppSec Framework and utilizing a DAST-first approach. The next questions is, “How do I put it into practice?”

When implementing any application security process between DevOps and SecOps, there are many technical elements and considerations. As you adopt the Modern AppSec Framework you need to ensure that your development and security processes don’t bring each other to a screeching halt and leave your applications vulnerable. So where should you begin? At the beginning!  

Join Synopsys and panelists as we host this webinar, Making It All Work: A Practical Guide to Operationalizing the Modern AppSec Framework.

In Part 3 of our DAST webinar series, we discuss how your organization can operationalize the components of the Modern AppSec Framework by identifying the technical and programmatic considerations of each individual component.

Register now to learn how to modernize your application security program by operationalizing the Modern AppSec Framework.

Making It All Work

Gain insights into important legal developments from two of the leading open source legal experts, Mark Radcliffe, partner at DLA Piper and general counsel for the Open Source Initiative, and Tony Decicco, shareholder at GTC Law Group & Affiliates.

This annual review will highlight the most significant legal developments related to open source software in 2022, focusing on topics that were resolved, those that got started and what we can expect to see in coming years. 

We’ll cover:

• Potential liability for developers releasing and contributing to open source software
• Updates on key open source-related litigation and disputes
• Open source software sabotage, deals, bans, and hacks 
• And much, much more

 Attendees of the live webinar will earn CLE credit.

CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, Illinois MCLE Board, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought: 
• California: 1.25 Credit (1.25 General, 0.0 Ethics)
• Illinois: 1.25 Credit (1.25 General, 0.0 Professional Responsibility)
• New Jersey: 1.5 Credits (1.5 General, 0.0 Ethics/Professionalism)
• New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics/Professionalism)
CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.

The 2022 Open Source Year in Review

Listed at #5 on the OWASP Top 10 list, security misconfiguration refers to vulnerabilities that result from an application’s configuration. 

In this video see three examples of security misconfiguration and the mitigation tactics needed to ensure web applications don’t fall victim to misconfiguration vulnerabilities.

OWASP Top 10: Security misconfiguration

Nos technologies, processus, et activités reposent tous sur des logiciels pour fonctionner, des logiciels auxquels il est nécessaire de pouvoir se fier. Cela implique une bonne gestion des risques associés, au travers d‘un programme global de sécurité applicative qui ne saurait se restreindre à l’acquisition d’outils.
 
Dans ce webinaire, nous verrons ce qu’implique la construction d’un programme global de sécurité applicative. Nous étudierons :
 
• Comment mieux comprendre les risques et menaces externes et internes
• Comment définir des fondations solides pour votre programme sécurité applicative
• Comment exploiter au mieux vos outils de sécurité applicative (il ne suffit pas de les acheter)

Fondations d'un programme global de sécurité applicative

JSON web tokens (JWTs) are widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However, just using a JWT is not enough to ensure your information is handled in a secure way. Because JWTs are so simple to use, it's easy to accidentally change the configuration or misuse the data being sent—which can make the application vulnerable even while you're trying to make it secure.

In this talk you will learn  
• What a JWT is and how to avoid common security mistakes when using it 
• How to properly validate the tokens 
• Which settings disable the JWT signature and should be avoided 
• What information should not be sent when creating a JWT

How Do I Use JWTs Safely? The Do's and Don'ts

Cyber security breaches are becoming increasingly more public and costly affairs, leading organizations to pay a closer look at their current and future security postures. With Gartner predicting worldwide IT spending to grow by 5.3% in 2022, it’s clear that organizations are looking for ways to optimize their resiliency roadmaps with new strategies and investments. As ever, it helps to hear from those who have been there, done that and who can share insights into overcoming cyber breaches. 
 
In this episode of CISO Insights, we’ll be doing just that, as well as delving into Dan Lohrmann’s newest book, ‘Cyber Mayday and the Day After’, and exploring how organizations can handle cybersecurity incidents before, during, and after they happen. 
 
Join us to hear:
- What leaders wish they'd known before a cyber attack and how they prepare for future situations now
- Where leaders see cyber security heading and what challenges lie ahead
- How to communicate and collaborate with vendors and partner to implement your crisis response
- How to maintain public trust in your firm, and the importance of executive-level media responses
- And more

Speakers:
- Dan Lohrmann Field CISO Public Sector at Presidio
- Earl Duby CISO at Lear Corporation 
- Richard Meeus, Director of Security Technology and Strategy EMEA at Akamai
- Sammy Migues, Product Management Sr. Director at Synopsys

How to Prepare, Manage, and Recover from Inevitable Business Disruptions

Open source makes the world go round. It’s easy to use and simple to plug in. Used correctly, it gives you the competitive edge you need to focus more resources on innovation. But which projects do you depend on? What security and other threats do they bring? How are they licensed? If left unmanaged, open source can lead to costly risks for your organization. Join our webinar to learn
• How open source contributes to the software supply chain
• The benefits and risks associated with open source usage
• What various governmental and industry bodies are mandating to manage open source risk

Open Source: A Key Link in the Software Supply Chain

Listed at #4 in the OWASP Top 10 list, insecure design is a new category in the OWASP Top 10 in 2021 and is related to critical design and architectural flaws in web applications. 

In this video see an example of an insecure design flaw and what security controls are necessary to mitigate risks associated with these vulnerabilities.

OWASP Top 10: Insecure design

Modern application development and deployment models make for a software supply chain that’s more complicated than ever before. While managing the open source dependencies brought in by developers and package managers is a crucial consideration, you must begin looking further. Which dependencies are being included in containers after you’ve scanned the base image? What business, security and compliance risks are introduced by the web services you leverage? What are the license obligations of the code snippets automatically added by intelligent IDEs? Join us as we discuss how to stay on top the newest application development technologies and the risks that come along with them.

Takeaways from Recent Software Supply Chain Developments

Injection is listed as #3 on the OWASP Top 10 list and occurs when an attacker sends malicious data to an application to make it do something it’s not supposed to do.

Watch how an attacker can compromise a web application using two types of injection: SQL injection and cross-site scripting and learn what security activities can help mitigate these types of attacks.

OWASP Top 10: Injection

Software supply chain risk and software Bills of Materials (SBOMs) are top of mind across almost industry today. You’ve probably been bombarded with massive streams of information about what an SBOM is and what you can do to get one. What you might not have seen, though, is what an SBOM is not, and what type of information it does not provide. To truly mitigate risk across the software supply chain and maintain the trust of customers, it’s crucial that SBOMs are treated as part of a larger process, rather than a simple silver bullet artifact.

Join our Synopsys webinar to discover:
- What to expect from the SBOM process
- How to get the most out of your SBOM
- How to make an SBOM part of your software development and procurement life cycles

Demystifying SBOM: More Than Just an Artifact?

How are you security testing APIs, web services, and cloud-native applications?  Are you able to test application security without impacting efficiency?  Do you have sufficient visibility into sensitive data that your applications handle?
 
This session we will be joined by guest speaker John Salomon from FS-ISAC where we discuss ways of ensuring that your security testing is developer friendly, and that your insight into application vulnerabilities and remediation guidance meet your organization’s risk appetite.  We will go over ways of ensuring fast, relevant contextual training, and efficient remediation of detected vulnerabilities.

Testing security of micro-services, APIs and cloud-native apps

DevOps

DevSecOps

API Security

Microservices

Security Testing

Software Development

Cloud Security

Cloud Applications

Application Security

Risk Mitigation

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Testing security of micro-services, APIs and cloud-native apps

Presented by

About this talk

More from this channel