Name: How to Smartly Scale AppSec Testing
Start: 2021-12-22T19:00:00Z
End: 2021-12-22T19:24:44.000Z
Location: BrightTALK

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Gone are the days when you only had to worry about the code your developers are writing. Now you have to think about a complex supply chain, which includes everything from open source dependencies and APIs to containers, infrastructure-as-code, and CI/CD toolchains. Recent supply chain attacks, along with the U.S. executive order on cybersecurity, have organizations re-evaluating the security of their software supply chains. 

In this webinar, our expert panelists will discuss 
• Why securing your supply chain means more than having an accurate software Bill of Materials (SBOM)
• What the executive order and other initiatives mean for software producers and consumers
• What security and development teams need to do to manage new and evolving supply chain threats

Learn what you can do to enhance the security of your software supply chain. Register now.

Securing the Software Supply Chain: More Than Just an SBOM?

Many enterprises have split their security functions between first-line defences, where AppSec tooling and penetration testing traditionally fits, and the second-line defences that encompass their governance, risk, and compliance (GRC) teams. This organizational and functional split has resulted in a major disconnect between the evolution of GRC practices and AppSec. This is further exacerbated by the huge challenges of improving application security at scale across CI/CD pipelines, infrastructure-as-code files, containers, the cloud—the list goes on and on. 

Organizations have tried bridging the gap with manual spreadsheets, but they need a better way to track and correlate tooling, security testing, and risk assessment results. 

Join this webinar to learn how Synopsys customers and partners are using application security orchestration and correlation (ASOC) tools like Code Dx® and Intelligent Orchestration to bridge the gap between GRC and AppSec and get the answers to questions such as

• When was the software tested?
• What was found?
• What was fixed?
• How can I identify my most vulnerable software?
• What is the extent of my exposure and exploitability?

Rethinking GRC for Modern Software Development

The past couple of years have seen major changes in the way applications are developed, deployed—and secured. They should accommodate these changes too. Are conventional security controls like SAST, DAST and pen test catering to the changing technology landscape? Do your existing controls support the new OWASP Top 10 requirements? Join us to hear from industry leaders about
 
· How the product security program should be modeled to cater to the new technology landscape
 
· Whether conventional approaches of securing software in the coding and testing phase meet the new OWASP Top 10 requirements
 
· What security controls are required in an end-to-end product life cycle

AppSec and the OWASP Top 10 2021

Software security, development velocity, and business risk are three things that keep security and development teams up at night. With lots of application security testing (AST) tools in play, how can you address the unique needs of each team while cost-effectively generating one source of record for automated and manual tests?

Join this live Synopsys webinar to understand how you can align your DevSecOps strategy to address security risks across all stages of the application lifecycle. We’ll cover:

• The AppSec challenges that organizations face today
• Why traditional AppSec testing leaves you vulnerable 
• How to tap into time and money saving testing strategies

Don’t miss this informative webinar. Register today.

Effective AppSec: Saving Time & Money Without Sacrificing Security or Velocity

Hiring and training the right staff with the right skills to manage an AppSec testing program is not only time consuming, it’s expensive. Is it even possible to build internal resources to keep pace in this dynamic environment?

Join the live Synopsys webinar to learn how you can leverage managed security testing services to cost-effectively extend your testing capabilities without sacrificing security. We’ll cover:

• The business case for managed security testing services in the era of the Great Resignation
• Doing more with less:  where you can extend your testing capabilities 
• What you should look for in a managed security testing provider

Don't miss this informative webinar. Register today.

The Great Resignation: Bridging the Gap on Your AppSec Team

Software is everywhere. And for organizations dependent on software, understanding and managing the software supply chain is vital. Changes to your software supply chain may have ripple effects for your business. How do you manage that?

Join us for this Synopsys webinar to learn why a software Bill of Materials (SBOM) is an important tool in managing your software supply chain. We’ll cover: 

• What an SBOM is and what role it plays in the supply chain
• How to efficiently manage the software supply chain
• What happens when something goes wrong with a link in the chain

Benefits of an SBOM Across the Software Supply Chain

AppSec teams often struggle to keep up with the rapid code releases produced by DevOps teams. Testing falls behind as development speeds up. Since slowing down development to suit security isn’t an option, what do you do? You centralize testing across development pipelines into a scalable, repeatable, and automated process.  This allows security to move at the speed of DevOps. 

Listen as Adrian Acuna discusses six ways an application security orchestration and correlation (ASOC) tool can benefit you. We'll cover:

- Why organizations continue to struggle with AppSec tool findings
- How centralized management and standardization of results helps everyone
- What ASOC actually does to support security AND development

6 Ways to Improve AppSec Accountability

Organizations are adopting DevOps to speed up software production, and building secure, resilient software means ensuring that application security can keep up with development. Critical software issues need to be identified and addressed at the appropriate stage within the SDLC. But the complexity required to integrate security tooling, and the time it takes to test, triage, and remediate within these short production cycles, causes many DevSecOps initiatives to stall or fail. As a result, applications can be less than fully tested—and less than fully secure. 

Join us for this live Synopsys webinar to learn how organizations can build security into DevOps without sacrificing speed for security. We’ll cover how to

• Use AppSec test orchestration to run the right tests at the right time, minimizing impact on build and release pipelines
• Use application vulnerability correlation and prioritization to align remediation efforts with business risks
• Empower your developers to secure code as fast as they write it

Don’t miss this informative webinar. Register today.

Top 3 Ways to Build Security into DevOps

The software supply chains that build today’s modern applications are complex. They consist of a mix of proprietary and open source code, APIs and user interfaces, application behavior, and deployment workflows. Security issues at any point in this chain can leave you and your customers at risk of an attack. And according to Gartner, 45% of organizations worldwide will experience and attack by 2025. Hardening your supply chain against security threats is a necessity, but it doesn’t stop there. You must also be able to demonstrate that you’ve done it, in order to gain the trust of your consumers and comply with regulatory obligations. Join us as we take a comprehensive approach to supply chain security, including:

• What the software supply chain looks like
• How risk is presented along the supply chain
• What it means to secure your supply chain and prove that you’ve done so

Establishing Trust with Software Supply Chain Security

Managed penetration testing is an integral part of an organization’s risk management strategy. It serves as a complementary security testing approach to identify and validate findings alongside existing security testing tools. It also fills testing gaps that can appear as organizations determine which testing tools to integrate into their development workflows. In this webinar, we’ll discuss how managed penetration testing can help you optimize your risk management strategy.

Managed Penetration Testing - An Integral Part of Your Risk Management Approach

Software due diligence is all about identifying and mitigating risk, and with fast-moving deals, you need to be prepared to evaluate a target’s software quickly and effectively. Many organizations rely on outside legal counsel to get it right – and with good reason.

Join this live Synopsys webinar to understand how expert software due diligence legal counsel strategically deploys software audits to accelerate due diligence. We’ll cover:

• Where audits come up and why should you care about them
• Where an audit fits into the M&A transaction process
• How to “right size” an audit and strategically select code for auditing

Don’t miss this informative webinar. Register today.

Best Practices for Accelerating Software Due Diligence

The DevOps methodology has become very popular, and now the DevSecOps movement is on the rise. But DevSecOps can cause friction among software developers, application security teams, and operations teams because each team has its own roadmap, responsibilities, and priorities. 

It’s imperative to build an organizational culture that enables all three teams to work toward one final goal: to get application to production as quickly as possible with minimal quality and security issues. How can you make sure security doesn’t get left behind?

The answer is to shift from reactive security to proactive security. Instead of focusing on new ways to find bugs already in the codebase, you should address the root cause of bugs. And you can do that by building expertise and providing the information needed to prevent bugs from entering the codebase in the first place. Don't wait to fix security vulnerabilities until after they wreak havoc on your applications. Treat them like any other bug within your DevOps process.

This webinar provides actionable insight into these activities:

• DevSecOps challenges
• Industry trends
• Building security into your DevOps software development life cycle
• Integrating and scaling the right tools in the DevOps pipeline

How to Build Security into DevOps

What I Wish I Knew About Security When I Started Programming
Have you heard? AppSec is hard. Nothing works, no one knows how to fix it, it’s a nightmare. Any of this sound familiar? We do a great job of scaring people away from AppSec when we should really be encouraging them. Developers are natural allies for the security team, and we should make security more accessible to them.
Developers may not be security experts, but that doesn’t mean they can’t be. In this webinar learn how to help developers embrace security. Topics include
- Why security is more than network and web application firewalls
- Why security through obscurity doesn’t work
- How including security tools within CI processes helps everyone

What I Wish I Knew About Security When I Started Programming

The past two years have delivered major disruptions for supply chains. In 2020 alone supply chain disruptions were up 67%. If you find yourself fielding questions on what else you AppSec program is doing to keep the organization secure, this may be why. How you respond to those questions matters. While people like to hear you’re doing more, more isn’t better unless it’s done at the right time and place.

This upcoming webinar talks about the Building Security in Maturity Model (BSIMM) and how it measures your security program. With real data, you can have real conversations about what’s happening and what needs done. Tune in to hear how your peers are:
 
 • Learning how to translate risk into actionable data
 • Increasing their security capabilities for open source, cloud, and container security
 • Lending security resources, staff, and knowledge to DevOps practices

BSIMM12: Metrics Driven Software Security

As the popularity of cloud-native applications continues to surge, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they deliver. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.”

The popularity of containers has also attracted the attention of hackers who are constantly looking for new ways to exploit them. Containers expand an organization’s attack surface and increase the risk to the applications they house. A comprehensive approach for container security is required to mitigate the risk to containerized applications and infrastructure.

In this webinar, we’ll outline the essential elements required to secure your container environments, including:
• Understanding what containers are (and aren’t)
• How to look at container security holistically
• The top threats to container landscapes
• Relevant case studies

Container Security Essentials

Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:

• How do you pick the right application security tools for your CI/CD pipeline?
• Where should you integrate your tools in the pipeline?
• How should you configure the tools?

Integration of Automated Security Tools in CI/CD Pipelines

Apache Log4j is a broadly used open source component within the Java community, making its recent zero-day vulnerability a major fire drill for countless development teams. As development teams scramble to find and patch the issue, due diligence teams are left wondering if the software they’re about to acquire is secure and how they can know for sure. 

Join Synopsys for a live webinar that explores why security vulnerabilities like Log4j introduce risk into a transaction, and what security audits can uncover in due diligence. We’ll cover

• Why it’s critical to uncover security risks
• What a security audit can teach you beyond vulnerability identification
• Best practices for software due diligence

Don’t miss this informative webinar. Register today.

Log4j, Security Risks, and M&A: Identifying Software Risk in Deals

조직이 소프트웨어에 의존하고 대부분이 소프트웨어를 사용하는 경우 소프트웨어 공급망을 관리하는 것이 중요합니다. Log4j와 같은 최근의 제로데이 이슈가 보여주듯이 정확한 소프트웨어 BOM(Bill of Materials) 제공은 반드시 실행되어야 하는 문화입니다.

오늘 저희와 함께 CISA(Cybersecurity and Infrastructure Security Agency)의 선임 전략가인 Dr. Allan Friedman이 SBOM의 효용가치에 대해 공유하는 내용을 들어보십시오. 다음과 같은 내용을 다루고 있으며 한글자막으로 제공됩니다:
• SBOM정의와 공급망에서 SBOM의 역할
• 소프트웨어 공급망을 효율적으로 관리하는 방법
• 소프트웨어 공급망 관리 부제로 발생하는 문제

소프트웨어 공급망 관리를 위한 SBOM의 가치- 한글자막

No matter what any blog or vendor says you know there is no silver bullet for application security. Complete one item on your to-do list, seven more things are there anxiously awaiting your attention. Since cloning yourself is out of the question, how are you scaling your AppSec program to keep up?

Join Khalid Damrah, Bank of Palestine, State of Palestine, Ramallah and Frank Morris from Synopsys as they discuss how overwhelmed or understaffed organizations are scaling their AppSec testing. Topics covered include:

- How to handle elasticity in testing demand in a global skills shortage
- What happens when we share knowledge and experience more often
- Why feedback and continuous improvement matters

How to Smartly Scale AppSec Testing

Application Security

Application Security Testing

Software Security Training

Penetration Testing

security compliance

Information Security

Information Risk

Cyber Security

CISSP

IT Security

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

How to Smartly Scale AppSec Testing

Presented by

About this talk

More from this channel