Name: Integration of Automated Security Tools in CI/CD Pipelines
Start: 2022-11-10T19:00:00Z
End: 2022-11-10T19:00:59.000Z
Location: BrightTALK
Rating: 5

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

AppSec Automation: Five Steps to Achieving Developer-First Security

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this live webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

The growth of software across every industry poses significant challenges for teams that need to keep up with the fast pace of innovation while making sure the software they put into production is secure. This has led to a proliferation of tools deployed by security teams. You may ask why? In simple terms, to tackle the increasing pressure of a larger and more sophisticated threat landscape. Ultimately, teams are now left with added complexity and friction in the SDLC and a bloated total cost of ownership (TCO).  

As a result, Gartner indicates an increase in organizations pursuing vendor consolidation from 29% in 2020 to 75% in 2022 to tackle the cost and complexity of present day AppSec programs. But, consolidating vendors is only one part of the equation. 

Join us, as we unlock the key to improving AppSec efficiency  in the era of rapid innovation. We delve into a differentiated approach to consolidation initiatives that extends beyond improving TCO.  

Join now and understand how to: 

- Streamline tools & processes to improve resource efficiency. 
- Focus your teams with prioritized risk data across your security program. 
- Deliver rapid, comprehensive risk insight for improved time to audit.

How to Improve AppSec Efficiency

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
 
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.

Python 101

Explore the current hype around software Bills of Materials (SBOMs), driven by new and upcoming legislation in the EU and elsewhere mandating their use across vendors, suppliers, and customers. Delve into the diverse capabilities required for SBOMs, varying by sector, jurisdiction, and supply chain position. This presentation will highlight key aspects of SBOM compliance, featuring crucial insights and a roundtable discussion with industry leaders IBM and Continental.

Together, we’ll address

- How to decipher legislative implication for SBOMs
- Streamlining effective SBOM processes
- Strategic insights for successful implementation

Demystifying SBOMs: Navigating Legislation and Processes

Vulnerabilities pose a vast threat to the security of software, systems, and users, and the number of vulnerabilities discovered is increasing year-on-year. Understanding the life cycle of vulnerabilities can help you track, manage, and mitigate these threats effectively. 
 
In this session, you'll gain
• Knowledge of the life cycle of a vulnerability, including examples
• An understanding of why managing vulnerabilities at each stage is crucial
• Awareness of how vulnerabilities are handled in the public and private domains
• Insight into the methods used to manage and fix vulnerabilities

Life Cycle of a Vulnerability

Dynamic application security testing (DAST) is a central component for many organizations’ AppSec programs. But legacy DAST tools can be too slow and difficult to use in fast-paced development environments. Our new fAST Dynamic technology enables DevOps teams to scan their applications quickly and accurately, eliminating the need for time-consuming configuration and triage efforts. 

Join us to see how fAST Dynamic

- Allows users without extensive technical knowledge easily initiate scans 
- Navigates and analyzes web apps without requiring specialized expertise
- Prioritizes quality or quantity of findings  

fAST Dynamic provides a self-serve, straightforward, and efficient dynamic testing solution for organizations aiming to secure their web applications without slowing their development pace.

Dynamic Analysis for Modern Day DevOps

Companies adopt many application security testing (AST) tools to pinpoint where critical fixes are needed and avoid costly postproduction software issues. Yet despite a lot of AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM). 

In this session, we’ll dive into 
- The difference between application security orchestration and correlation (ASOC) and ASPM
- The capabilities that a comprehensive ASPM solution should have
- How ASPM can help your development and security teams mitigate software risk at scale

What is Application Security Posture Management (ASPM)?

Consolidation des outils de Securité Applicative -  Comment réduire la complexité et le coût des solutions de sécurité applicative, avec l’aide de l’ASPM  

Alors que ces dernières décennies ont vu une multiplication des outils d’analyse de sécurité applicative, on assiste aujourd’hui à une volonté de consolidation afin de réduire leur coût et améliorer leur efficacité. Quels bénéfices peut-on attendre d’une telle initiative, et quels sont les défis qui y sont associés ? Rejoignez-nous dans cette présentation d’une approche graduelle, tirant partie de l’Application Security Posture Management afin de récolter les bénéfices d’une consolidation de la sécurité applicative sans que les défis ne se transforment en obstacles.

Consolidation des outils de Securité Applicative

Understanding the complexities of production testing is essential for any robust security strategy. Although conducting dynamic application security testing (DAST) in live environments is challenging, it is vital for ensuring application safety. This webinar bridges the gap between the daunting nature of production testing and its benefits.

Join our panel of experts to learn
- Common vulnerabilities that persist in production environments
- How to overcome challenges in configuration changes and supply chain vulnerabilities
- Real-world examples of how organizations have navigated these complexities

Secure Your Frontline: Start Continuous DAST in Production

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 84% of codebases contained at least one open source vulnerability.
 
Join this live Synopsys webinar as we explore the findings from the 2024 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2024 Guide to Open Source Security and Risk

在AI和元宇宙快速发展的今天,软件行业正处于前所未有的变革中。作为应用开发和应用安全领域的领军企业,新思科技一直致力于探索前沿技术的应用与实践。本次大会,我们很高兴可以和业内专家以及各位客户共同探讨2024年应用开发的新趋势与新挑战。无论是生成式AI,还是元宇宙,这些快速崛起的新技术都对软件生态带来了深刻影响。我们将分享生成AI在应用开发中应用的新思路和最佳实践,讨论引入AI可能面临的风险与解决方案。
此外,作为行业引领者,我们也将展望元宇宙、数码化转型等趋势将如何重塑行业格局,使应用开发更加智能化和个性化。我们衷心期待与您共同合作,开启应用开发的新纪元!

2024资讯安全与展望——变与不变

The Common Vulnerability Scoring System (CVSS) helps you decide which vulnerabilities you should be most concerned about. This isn’t to say that the CVSS will make prioritization decisions for you, but it will give you one piece of information you need to make informed decisions that are best for your organization.

In this session, you'll gain:
• An understanding of CVSS, its metrics, and scoring process
• Insight into CVSS's history and role in vulnerability management
• A walkthrough of scoring a vulnerability's severity
• Knowledge of how CVSS is used in vulnerability management

Vulnerability Scoring 101

Innovate or perish is the only choice available to tech companies. Innovation ensures a constant state of change—new programming languages, systems, and platforms are introduced often. This constant state of evolution poses new challenges to security. 

A penetration (pen) test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Along with tech and software, pen testing has evolved over the past decade with the introduction of mobile, cloud, big data, IoT, microservices, and more. In this webinar, we will cover 

- The new vulnerabilities associated with emerging technologies 
- Associated secure coding best practices for developers  
- On-premises / cloud network and infrastructure security principles 
- Remediation and application of appropriate security controls 
- Secure software and environment design

The Evolution of Pen Testing

In diesem Online-Webinar  geben wir Ihnen einen Überblick zur DORA-Verordnung und sprechen über mögliche Lösungsansätze zur Umsetzung.

• Einführung in DORA und die zugrunde liegenden RTS und IST
• Schwerpunkt: "RTS on ICT risk management tools, methods, processes and policies (JC 2023 86)"
• Erklärung der Anforderungen an Static Application Security Testing (SAST), Dynamic Application Security 
• Testing (DAST) und Software Composition Analysis (SCA)
• Praktische Einblicke und Empfehlungen für die Umsetzung

Welchen Einfluss hat DORA auf unsere Cybersecurity?

The Common Vulnerabilities and Exposures (CVE) system allows interested parties to track all the relevant information about a specific vulnerability. It helps avoid duplication and allows software vendors and users alike to ensure that they are referring to the same vulnerability in their efforts to protect systems against attack. 

In this 15 minute session, you’ll gain
• An understanding of what the CVE system is
• Knowledge of the stakeholders involved 
• Insight into the elements of a CVE ID
• A walkthrough of the CVE Record Lifecycle

CVE Explained

In the complex world of software development, generative artificial intelligence (GAI) coding tools appear as a beacon of productivity and effectiveness. When handled with precision, they brighten the path to innovation, cutting through the intricacies of coding. However, as with any unchecked flame, such tools must be carefully managed to avoid endangering an organization's valued IP, impacting its bottom line or introducing risk into an M&A transaction.

Join this webinar to get an introduction to GAI coding tools and how you can minimize risk when using these in your organization. We’ll cover:

- Introduction to GAI coding tools (from code completion to code generation)
- Legal, operational, and M&A risks arising from GAI coding tools (e.g., IP ownership, IP infringement, cybersecurity) 
- Establishing a general AI policy with provisions specifically tailored to issues arising in using AI for coding  
- Managing risk arising from GAI coding tools - this includes a mix of technical, operational and administrative safeguards (e.g., usage policies, auditing tools, optimal selection and implementation of tools) 

This presentation is intended for legal and technical teams involved in software development and M&A software due diligence.

Managing Software Risks in the Age of AI-Generated Code

소프트웨어 공급망 보안은 코드에 무엇이 포함되어 있는지 아는 것에서 시작합니다. AI로 생성된 코드와 오픈 소스 소프트웨어 사용의 보편화로 더욱 더 소프트웨어에 어떤 위험이 있는지 파악하는 것이 중요해지고 있습니다. 본 웨비나 에서는 "2024 오픈 소스 보안 및 위험 분석 보고서"의 조사 결과를 살펴보는 시간을 가질 예정입니다.

더불어, 소프트웨어 공급망 보안은 솔라윈즈 공급망 공격 사태 이후 사이버 보안 분야에서 중요성이 점차 높아지고 있습니다. 점점 더 많은 기업 및 조직들이 그 중요성을 체감하고 있으며, 정부에서도 국내 가이드라인을 준비하고 있습니다. 이러한 소프트웨어 공급망 보안의 중요성 및 가이드라인은 업계 전반에 점차 광범위하게 적용 및 확대되어갈 예정입니다. 

본 웨비나의 두번째 세션에서는 보안취약점과 관련하여 개발자 및 담당자 입장에서 알아야 할 Black Duck의 새로운 기능과 유용한 기능들에 대해 소개할 예정입니다. 또한, SBOM (Software BIll of Materials, 소프트웨어 자재명세서)의 국내외 동향 뿐만 아니라 Black Duck에서의 SBOM 지원과 리포트 생성에 대해서도 시연해드릴 예정입니다. 
 
2024 오픈 소스 보안 및 위험 분석 보고서의 최신 오픈소스 라이선스 및 보안 취약점 정보와 소프트웨어 구성 요소 중 오픈소스를 식별하여 SBOM을 생성할 수 있도록 지원해주는 신뢰성 있는 보안 도구인 Black Duck의 보안취약점 대응을 위한 활용성, 그리고 이를 통한 전략적 관리 방안을 소개해드릴 예정이오니, 웨비나 참여를  통해 많은 인사이트를 얻으시기 바랍니다.

2024 오픈 소스 보안 및 위험 관리 가이드

Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:

• How do you pick the right application security tools for your CI/CD pipeline?
• Where should you integrate your tools in the pipeline?
• How should you configure the tools?

Integration of Automated Security Tools in CI/CD Pipelines

Application Development

DevSecOps

DevOps

CICD

Application Security

Cyber Security

Information Security

CISSP

IT Security

Security as a Service

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Integration of Automated Security Tools in CI/CD Pipelines

Presented by

About this talk

More from this channel