Hi [[ session.user.profile.firstName ]]

Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down

Everyone expects for production web applications to be largely free of security defects. Expectation and reality aren’t always the same. Your organization may have any number of AppSec tools, but when and where you run them may depend on how long it takes for them to run. As release cycles speed up and code is deployed more frequently development and security need to collaborate more than ever.

Join this webinar with Dan Kennedy, 451 Research and Jason Schmitt, Synopsys as they talk about the pressures of keeping up with recycles and new technologies that may help alleviate challenges.

In this webinar, you’ll learn:

- Why legacy CI/CD approaches can’t keep up with the speed of DevOps
- What you can do to automate security gates and enforce policies at enterprise scale
- How tools like Intelligent Orchestration help decide which tools to use and when
Recorded Oct 7 2021 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
Presentation preview: Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down
  • Channel
  • Channel profile
  • Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down Oct 28 2021 6:00 am UTC 44 mins
    Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
    Integrating security testing into continuous integration / continuous delivery or deployment (CI/CD) pipelines requires integrating tool scans for static application security testing (SAST), dynamic application security testing (DAST), or software composition analysis (SCA), which are each performed at different stages of the CI/CD pipeline. These tools each have their own strengths and weaknesses and are complementary to each other. But how long each tool takes to complete a scan affects how often and when they are deployed into a staging or production environment.

    A recent paper by 451 Research shows that production web applications are expected to be largely free of security defects, and the pressures of keeping up with release cycles that deploy more frequently have compelled information security and development teams to better collaborate. Synopsys addresses those challenges with Intelligent Orchestration.

    In this webinar, you’ll learn:

    Why legacy CI/CD approaches can’t keep up with the speed of DevOps
    How Synopsys Intelligent Orchestration:
    - Helps break down silos and leverages a dedicated pipeline that automatically runs the right security tools at the right time
    - Triggers manual testing activities based on software development life cycle events and predefined policies, while also providing continuous metrics and feedback
    - Enables security teams to automate security gates and enforce policies for all applications across their organization, at enterprise scale
  • Reduce the Burden on Developers With Automation Oct 26 2021 6:00 pm UTC 53 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Your developers probably aren’t security experts as they’ve been taught to focus on functionality. Training helps, as long as it’s is dynamic, relatable, and accessible, which it often isn’t. Since your developers outnumber your security team, what can you do to ensure developers learn to be aware of security risks and vulnerable code?

    In this session, Meera Rao will discuss some things that really work to enable your developers and avoid defect management overload. Topics covered include:

    - Overcoming common challenges with AST tools
    - Managing false positive and false negative results
    - Adopting effective version control
  • AppSec for API Oct 26 2021 9:00 am UTC 48 mins
    Jamie Boote, Security Consultant, Synopsys
    As network-based APIs become the primary interface for containerized and microservice architecture, traditional Application Security programs find themselves struggling with the new demands of this emerging architecture. AppSec for APIs will describe how organizations can better prepare themselves to secure API based applications.
  • BSIMM12: Metrics Driven Software Security Oct 21 2021 6:00 pm UTC 60 mins
    Jacob Ewers, Managing Consultant at Synopsys
    The past two years have delivered major disruptions for supply chains. In 2020 alone supply chain disruptions were up 67%. If you find yourself fielding questions on what else you AppSec program is doing to keep the organization secure, this may be why. How you respond to those questions matters. While people like to hear you’re doing more, more isn’t better unless it’s done at the right time and place.

    This upcoming webinar talks about the Building Security in Maturity Model (BSIMM) and how it measures your security program. With real data, you can have real conversations about what’s happening and what needs done. Tune in to hear how your peers are:

    • Learning how to translate risk into actionable data
    • Increasing their security capabilities for open source, cloud, and container security
    • Lending security resources, staff, and knowledge to DevOps practices
  • PCI meets DevSecOps: Hazard or Opportunity? Oct 21 2021 9:00 am UTC 31 mins
    Stephen Gardner, Managing Consultant, Synopsys
    Under pressure to build software faster and cheaper, engineering teams are adopting DevOps. Does this ruin the pathway to application security, or does DevSecOps enable new efficiencies for security as well as engineering?

    Join this live webinar as we discuss DevSecOps best practices, and how these align with application security elements of PCI. We’ll cover:

    • Software security in PCI
    • DevSecOps: What and why
    • Pros and Cons of DevSecOps in a PCI-regulated environment

    Don’t miss this informative webinar. Register today.
  • Hot Topics: Open Source Software Legal Update Recorded: Oct 20 2021 73 mins
    Mark Radcliffe, DLA Piper, Tony Decicco, GTC Law Group & Phil Odence, Synopsys
    Open source software use continues to explode, and with increased growth comes increased legal, compliance and enforcement risk. Tune in to get an update on a few of the hot topics generating buzz in the open source software legal space, so you can continue benefiting from open source software while avoiding these risks.

    Join two of the leading open source legal experts for a live Synopsys webinar as they discuss the latest developments. They’ll cover:

    • Recent Statements by the Software Freedom Conservancy
    • OSS & Blockchain
    • Stockfish v. ChessBase Enforcement Action
    • Github’s Co-Pilot

    Don’t miss this informative webinar. Register today.

    CLE:
    DLA Piper LLP (US) has been certified by the State Bar of California, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought:
    • California: 1.25 Credit (1.25 General, 0.0 Ethics)
    • New Jersey: 1.5 Credits (1.5 General, 0.0 Professional Responsibility)
    • New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics and Professionalism)
    CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.
  • Common Challenges of Operationalizing Integration Recorded: Oct 19 2021 52 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    The benefits of AppSec tool integration in the CI/CD pipeline are greater the earlier you perform them in the process. Choosing the right tools is just one part of the process. Making sure the tools easily integrate into your build environment is something else entirely.

    In this session Meera Rao will share how to build security tools into a continuous integration/continuous delivery pipeline. Topics covered include:

    • How can you ensure that release cycles are not slowed down?
    • How should you manage false positives?
    • How do you satisfy compliance needs?
  • It’s Time to Rethink Your AppSec Approach Recorded: Oct 14 2021 60 mins
    Patrick Carey, Director Product Marketing, Synopsys and Sandy Carielli, Principal Analyst, Forrester Research, Inc.
    On average, organisations use more than 10 different AppSec tools to secure their applications. As development velocity increases, managing those AppSec tools and the results they produce can impede agility and innovation. As a result, many organisations are forced to choose between speed and security. But it doesn’t have to be that way.

    It’s possible to use intelligent automation and machine learning to secure your applications at the speed of DevOps—you just need a modern approach to AppSec and the right technology. Join Patrick Carey from Synopsys, and guest presenter Sandy Carielli, principal analyst at Forrester Research, to learn:

    • How AppSec orchestration technology triggers the right tests at the right time
    • How AppSec correlation technology reduces noise and streamlines vulnerability triage
    • How machine learning helps prioritise vulnerability remediation efforts

    With the right approach you can transform your AppSec program from a bottleneck to an enabler of DevSecOps.
  • Find More Bugs by Detecting Failure Better Recorded: Oct 14 2021 54 mins
    Jonathan Knudsen, Senior Security Strategist
    Software can fail in many ways, including process crashes, infinite loops, memory leaks, data leakage, corruption, unexpected behavior, and more. Part of the challenge of fuzz testing is accurately detecting when failure occurs.

    This webinar describes the instrumentation techniques that are built into Defensics. You’ll learn how Defensics:
    - makes it easy to detect a wide variety of software failures
    - can be extended to any type of instrumentation you can imagine
    - an agent framework makes it easy to detect failures
  • Application security risks in FSI by the numbers Recorded: Oct 13 2021 53 mins
    Mike McGuire, Product Marketing Manager, Synopsys
    We trust that financial applications and software are secure because of the sensitive nature of the information they manage and contain. But based on the numbers, we should be very concerned.

    Join us for this live Synopsys webinar to get an inside look at how prevalent mobile application security and open source risks are today, and the steps you can take to become more secure. We’ll cover:

    • Report methodology and findings for FSI
    • The types of risks to be aware of
    • What the numbers mean for security teams
    • Strategies to reduce AppSec risks
  • The Seven Habits of Highly Effective Security Recorded: Oct 7 2021 46 mins
    Girish Janardhanudu, VP of Security Consulting - Synopsys, Dr. Neil Daswani, Director - Stanford Advanced Cybersecurity
    Software vulnerabilities are one of the six technical root causes of breaches, and in this webinar, Neil Daswani, codirector of the Stanford Advanced Security Certification Program, and Girish Janardhanudu, vice president of Synopsys Security Consulting, discuss the key lessons learned from the biggest megabreaches and the 9,000+ reported breaches over the past 15 years.

    Learn the histories and take deep dives into breaches including those at Target, JPMorgan Chase, OPM, Yahoo, Equifax, Facebook, Marriott, and Capital One, as well as the still-unfolding SolarWinds hack. Daswani and Janardhanudu also share key insights into how the right mindset and the right habits help organizations manage security effectively.
  • Cybersecurity Executive Order Impact and Implications with The Chertoff Group Recorded: Oct 7 2021 56 mins
    Tim Mackey, Principal Security Strategist, Synopsys & David London, Managing Director, Cybersecurity, The Chertoff Group
    Most Executive Orders (EO) by a U.S. President are pretty straight forward, but not EO 14028. There are 74 directives contained within its 15 pages. While many of the President’s initiatives aim to promote greater awareness around operating software securely, others go further. The order also tackles security practices in the SDLC to address the risk profile. Combined these activities raise the bar for secure software development. One big question remains, how does all this impact you and your business?
    In this webinar, The Chertoff Group’s David London and Synopsys’ Tim Mackey share their perspectives on this EO and how it impacts software producers and consumers. Specifically, they’ll discuss:

    - How NIST and the NTIA have responded to the EO and how you can apply them in your organization
    - What you can use to identify your organizations “critical software”
    - Which deployment considerations you need to make for things like log management and zero trust principles

    In this webinar, Synopsys, a leader in software security innovation, and the Chertoff Group, a premier security risk management firm, offers their shared perspectives on the Executive Order and the broad implications for both software producers and consumers. Learn about some of the more significant outputs from National Institute of Standards and Technology (NIST) and National Telecommunications and Information Administration (NTIA) in response to the Executive Order and how they can be directly applied to your development and deployment teams. This webinar focuses on ways to identify critical software, best practices for communicating security information between teams and organizations, and deployment considerations like log management and zero-trust principles.
  • Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down Recorded: Oct 7 2021 44 mins
    Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
    Everyone expects for production web applications to be largely free of security defects. Expectation and reality aren’t always the same. Your organization may have any number of AppSec tools, but when and where you run them may depend on how long it takes for them to run. As release cycles speed up and code is deployed more frequently development and security need to collaborate more than ever.

    Join this webinar with Dan Kennedy, 451 Research and Jason Schmitt, Synopsys as they talk about the pressures of keeping up with recycles and new technologies that may help alleviate challenges.

    In this webinar, you’ll learn:

    - Why legacy CI/CD approaches can’t keep up with the speed of DevOps
    - What you can do to automate security gates and enforce policies at enterprise scale
    - How tools like Intelligent Orchestration help decide which tools to use and when
  • How to Communicate Risk Effectively Recorded: Oct 6 2021 52 mins
    Michael Fabian, Principal Consultant at Synopsys
    It’s no longer a question of if a cyber-attack will happen but when. You can’t ignore the fact your medical devices which connect to the cloud or a hospital network may be exposed to some cyber-attack. Risk assessment processes such as NIST 800-30 and ISO 27005 are a good starting point, but how do you share your findings in a meaningful way?

    Join Michael Fabian, medical device and security expert, as he reviews risk assessment best practices and how to communicate risk effectively. He’ll provide guidance on how you can:

    - Outline a risk assessment process 
    - Review your risk measurement methods
  • How to Communicate Risk Effectively Recorded: Oct 6 2021 45 mins
    Michael Fabian, Principal Consultant at Synopsys
    It’s no longer a question of if a cyber-attack will happen but when. You can’t ignore the fact your medical devices which connect to the cloud or a hospital network may be exposed to some cyber-attack. Risk assessment processes such as NIST 800-30 and ISO 27005 are a good starting point, but how do you share your findings in a meaningful way?

    Join Michael Fabian, medical device and security expert, as he reviews risk assessment best practices and how to communicate risk effectively. He’ll provide guidance on how you can:

    - Outline a risk assessment process
    - Review your risk measurement methods
  • Integration of Automated Security Tools in CI/CD Pipelines Recorded: Sep 30 2021 60 mins
    Meera Rao, Senior Director - Product Management (DevOps Solutions)
    Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:

    • How do you pick the right application security tools for your CI/CD pipeline?
    • Where should you integrate your tools in the pipeline?
    • How should you configure the tools?

    This is this first in a four-part series.
  • The Evolution of IAST: Building Security Into Testing Recorded: Sep 30 2021 57 mins
    Sandy Carielli, Principal Analyst, Forrester & Kimm Yeo, Product Marketing Manager, Synopsys
    Interactive application security testing (IAST) is evolving quickly to become a key DevSecOps tool used to build continuous application security into today’s modern but increasingly complex software ecosystem.

    There’s a growing demand for and shift toward complex composite-based apps, but they involve multiple dev teams as well as new technologies such as microservices, serverless, containers, and mixed deployment approaches (cloud, containers). How do you secure your web, cloud, and microservices applications? How do you balance the speed, quality, and innovation that your customers demanding today?

    Join this live Synopsys webinar to learn why organizations are looking into alternative dynamic security testing solutions, and why next-generation tools such as IAST are here to stay. In this webinar, learn about:

    •Trends in the latest Forrester IAST survey data
    •Developments in continuous testing, test automation, and DevSecOps
    •The role of IAST in testing and reporting

    Don’t miss this informative webinar. Register today.
  • How to Smartly Scale AppSec Testing Recorded: Sep 29 2021 25 mins
    Khalid Damrah, Head of Information Security Risk Department, Bank of Palestine and Frank Morris, Managing Director, Synopsys
    No matter what any blog or vendor says you know there is no silver bullet for application security. Complete one item on your to-do list, seven more things are there anxiously awaiting your attention. Since cloning yourself is out of the question, how are you scaling your AppSec program to keep up?

    Join Khalid Damrah, Bank of Palestine, State of Palestine, Ramallah and Frank Morris from Synopsys as they discuss how overwhelmed or understaffed organizations are scaling their AppSec testing. Topics covered include:

    - How to handle elasticity in testing demand in a global skills shortage
    - What happens when we share knowledge and experience more often
    - Why feedback and continuous improvement matters
  • Container Security Essentials Recorded: Sep 23 2021 61 mins
    David Benas, Associate Principal Consultant, Synopsys
    As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

    The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

    In this webinar, we’ll outline the essential elements required to secure your container environments, including:• What containers are and what they aren’t
    • How to look at container security holistically
    • Which of the top threats in the container landscapes you should worry about
  • Under Pressure – Building Security into Application Development Recorded: Sep 22 2021 62 mins
    Patrick Carey, Director Product Marketing, Synopsys and Dave Gruber, Senior Analyst, Enterprise Strategy Group
    Nearly half of the cybersecurity and development professionals say their organization knowingly pushes vulnerable code into production due to time pressures. As development and security teams grapple with the competing demands of development velocity and application security, tensions rise. If you’re looking for a way to defuse this ticking time bomb join this webinar.

    ESG senior analyst, Dave Gruber, and Synopsys product marketing director Patrick Carey discuss what organizations can do to build security into their development toolchains and processes.

    Highlights include:

    - Why many organizations’ AppSec programs aren’t as effective as they think
    - What key attributes set successful AppSec programs apart
    - How organizations are working to improve AppSec ROI while simplifying deployments
Build secure, high-quality software faster.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Integrate AppSec Tools Into DevOps Pipelines Without Slowing Down
  • Live at: Oct 7 2021 10:00 am
  • Presented by: Jason Schmitt, GM of Software Integrity Group at Synopsys and Dan Kennedy, Research Director at 451 Research
  • From:
Your email has been sent.
or close