Name: The Future of AppSec: What You Need To Know
Start: 2023-02-23T10:00:00Z
End: 2023-02-23T10:37:49.000Z
Location: BrightTALK
Rating: 4.5

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

The Log4j debacle highlighted just how difficult it is for security teams to find vulnerable software, and the recent executive order around a software bill of materials is highlighting the importance of knowing what software the organization is using. How can a software bill of materials help security teams with detection and response? In this webinar, experts discuss how organizations can use the software bill of materials as part of their enterprise security strategy. Learn how to implement a software bill of materials, identify controls and processes that need to be implemented alongside it, and understand potential challenges to be aware of. Organizations rarely have a clear picture of what software is running in their organization, but it doesn't have to be that way.

During this webinar you will:

- Unpack the potential, as well as limitations of a SBOM.
- Find out what you should look for in an SBOM, and how to ask for one.
- Get the facts about how security teams have successfully implemented SBOMs into their overall security strategy.

SBOMS and the Modern Enterprise Software Supply Chain

As you start down the path of using generative artificial intelligence (GAI) in software development to improve efficiency, reduce costs, and increase revenue, you must also be aware of the associated legal issues. How can you leverage AI and minimize the risk it presents?

Join this live Synopsys webinar in which a panel of legal experts and practitioners will answer your questions about the rise of AI in software development, and how you can responsibly leverage this new technology. We’ll cover:

• The benefits and risks for using AI in software development 
• The evolving legal and regulatory landscape 
• Practical advice for using AI today and into the future

Ask the Experts: AI and Software Development

Innovate or perish is the only choice available to tech companies. Innovation ensures a constant state of change—new programming languages, systems, and platforms are introduced often. This constant state of evolution poses new challenges to security. 

A penetration (pen) test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Along with tech and software, pen testing has evolved over the past decade with the introduction of mobile, cloud, big data, IoT, microservices, and more. In this webinar, we will cover 

- The new vulnerabilities associated with emerging technologies 
- Associated secure coding best practices for developers  
- On-premises / cloud network and infrastructure security principles 
- Remediation and application of appropriate security controls 
- Secure software and environment design

The Evolution of Pen Testing

Malicious code has been making headlines over the past years. The type of attacks may vary, but the consequences are real. We’ve seen a spate of malicious open source components identified within the NPM repository, or an ethical hacker gaining access to the systems of several notable tech companies using publicly hosted packages. 

Today, threat actors are looking beyond exploiting weaknesses in the application layer. Now they have started taking advantage of the inherent trust associated with open source software. Inadvertently building code with these weaknesses into applications leaves businesses and their customers prime targets of supply chain attacks.  

Join us as we discuss

• What can be classified as malicious code or malware 
• Some of the techniques that attackers use to inject malicious code into the supply chain 
• Methods for identifying malicious code and open source components

How Does Malicious Code Enter Applications?

Generative artificial intelligence (GAI) will fundamentally change the way that software is built. Whether they are developing or using AI tools, organizations must understand the opportunities and risks involved, and evolve governance, policies and processes to address those risks.

Join this live Synopsys webinar for a deep dive into the issues that arise when using GAI in software development. We’ll cover:

• Open source data and software licenses and risks with AI
• Licensing and clearance considerations for materials used to train AI models
• Licensing considerations in building, training, and using AI models
• A deep dive on GitHub Copilot, including implications of the class action suit

Generative AI, Training Data, Open Source, and GitHub Copilot, Oh My!

Digital transformation initiatives are forcing development teams to make tough decisions. They have to make tradeoffs between feature velocity and managing application security risk. Developers may lack the knowledge to address the risks they’re aware of, and adding security tools often adds friction to their workflows. A new approach is needed to meet the demands of modern application development.

Join us for this webcast with Enterprise Strategy Group (ESG) to learn about:

- How DevOps and automation are changing application security landscape
- What challenges teams face when automating their AST tools
- How a new approach to DevSecOps can address these challenges
- What your team can do to make your DevSecOps initiative successful

Cracking the Code of DevSecOps

As enterprises deal with multiple threats coming in different forms, security teams are shifting to a risk-based security to handle these challenges. One of the key tools is threat modeling, a process intended to help identify potential weaknesses and prioritize how to fix them. In this webinar, experts discuss how to define security requirements, pinpoint and quantify potential vulnerabilities, and prioritize remediation methods. Learn how to conduct a threat modeling exercise and make risk-based decisions to strengthen your organization’s security.

During this webinar you will: 

- Gain insights into how to establish a successful threat modeling process. 
- Hear experts discuss how to shift to a more risk-based approach to cybersecurity.  
- Learn what to expect out of a threat modeling exercise and how to apply it to shore up cybersecurity.

Why Threat Modeling Is Critical for Enterprise Cyber Defense

There is no shortage of buzz around generative artificial intelligence (GAI). GAI can be used in software development to generate and augment code which saves times and reduces development cycles. But using AI in software development comes with its own set of risks.

Join this live Synopsys webinar to get an introduction to GAI and how you can minimize risk when using it in your organization. We’ll cover:

• What GAI is and how machines learn
• Legal issues with AI including copyright, web scraping, and more
• Overview of current litigation
• Practical approaches to using GAI while minimizing risk

Best Practices for Using AI in Software Development

Cloud adoption is happening at unprecedented pace. In the race to migrate quickly, one aspect that sometimes takes back seat is cloud security. But application security and network security are still relevant on the cloud. Deploying infrastructure and applications on the cloud comes with its own set of challenges such as access controls, vulnerability management, securing the hybrid cloud model, and more. That’s why it has become imperative for organizations to understand cloud security concepts and how to secure cloud workloads.

In this webinar, we will discuss cloud security and some of its concepts.
• Shared responsibility and why it is important (IaaS, PaaS, SaaS)
• Secure deployments on cloud infrastructure (people, process, technology)
• Importance of cloud security (recent cloud security breaches)

What is Cloud Security?

As development technologies become more fast-paced, modular, and automated, the tools and practices used to secure the software that passes through these pipelines must evolve. While many application security testing (AST) tools can be integrated into pipelines, teams often struggle with complexity, performance, and noisy results. Injecting security into DevOps without sacrificing efficiency requires a concerted approach focusing on:  

- Integration and automation that minimizes impediments, running necessary tests at appropriate times 
- Remediation of prioritized risks aligned to business needs 
- AppSec-enabled developers equipped with what they need to secure code as they write it 
- Modular AST that can be employed based on the software being tested

Building Security into DevOps Without Breaking It

To build security into DevOps and achieve true DevSecOps, organizations need to manage AppSec workflows without hindering speed and flexibility. But how do you get there?

Join this live Synopsys webinar to learn how to inject security into DevOps without sacrificing efficiency. We’ll cover how to:

• Secure code as fast as it’s written
• Run the right tests at the right time
• Automate security testing to focus on what matters

And as a thank you for attending our webinar live, we'll buy you a coffee. Please note that only the following countries are eligible for a voucher due to regional legal regulations: France, Italy, Belgium, Netherlands, the U.K., Denmark, Norway, Sweden, and Austria. Furthermore, please note that we only accept business email addresses - no personal addresses will be eligible to receive a voucher.

Coffee with a Side of DevSecOps

Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.

First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:
- How do I manage false positives?
- How do I triage the results?
- What happens to new issues identified?
- My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
- What is a “baseline scan”?

Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.

5 Steps to Integrate SAST into the DevSecOps Pipeline

The Board and C-Suite are starting to take notice of the opportunities and risks inherent with powerful new generative artificial intelligence (GAI) tools that can quickly create text, code, images, and other media. Product Development and Engineering teams want to use such tools to increase productivity by at least one order of magnitude. In response, the Security, Legal, and Compliance teams typically raise legitimate concerns about the risks involved. What role can the Board and C-Suite play in this situation?
 
Join this live Synopsys webinar to get a jump start on what AI strategy, security, and governance looks like from the Board-level and C-suite. We’ll cover:
 
• Fundamentals of AI, types of models, and data used to inform them
• Expanding existing processes and procedures to address the security risks of GAI
• The top three questions the Board and C-Suite should be asking about GAI
• How to navigate the existing and evolving legal and regulatory landscape

AI Strategy, Security, and Governance: The View from the Top

You’ve automated security tooling in development pipelines and your organization has moved to agile practices, but you are still not experiencing the DevSecOps promise land you were told about.

The three pillars of DevSecOps are people, process, and technology. Have you invested enough into your people? Without a bridge between the security and the development teams, all your hard work can get stuck in mud. 

A Security Champions program can help enable your teams reduce process friction and ensure successful adoption of security within developers’ daily work. This talk will address 

• Common challenges organizations experience
• Ways a Security Champions program can help
• Getting started with building your Security Champions program

Enable your DevSecOps Initiative with Security Champions

Static application security testing (SAST) is a key ingredient of any AppSec program. However, modern applications are built using processes, languages, and tools that didn’t exist when many SAST products were originally designed. This creates challenges for developers and security teams that need to deliver highly secure applications without slowing productivity.
 
In this webinar, we’ll discuss how SAST can help organizations drive security and quality across all their applications. Topics include

• Understanding how static analysis identifies weaknesses in application code
• Running the right level of SAST analysis for each application
• Integrating SAST throughout the software development life cycle
• Ensuring quality and compliance with policy-based code scans

What is SAST?

Security breaches can happen at any time. You need to stay ahead of the game and secure your applications—now. But how can you overcome application security challenges? 

Join our experts as they discuss how your organization can operationalize the components of the Modern AppSec framework. In this webinar, we’ll cover

- The markets’ challenges in AppSec
- The roadblocks that prevent you from securing applications
- Solutions that can ease the problems

And as a thank you for attending our webinar live, we'll buy you a coffee. Please note that only the following countries are eligible for a voucher due to regional legal regulations: France, Italy, Belgium, Netherlands, the U.K., Denmark, Norway, Sweden, and Austria.

Coffee with a Dash of DAST

Open source is widely used in software development because it allows you to create high-quality software quickly. But if left unmanaged, open source can lead to license compliance issues as well as security and code quality risks. Whether you’re on the buy side or sell side, these risks could negatively affect valuation in an M&A transaction.

Join this live Synopsys webinar for an inside look at the data Black Duck Audits complied in 2022 from the hundreds or tech transactions and thousands of codebases we audited. We’ll cover: 
 
• Open source license and security risks by the numbers
• Why audits have become the norm in M&A tech due diligence
• How you can get a complete picture of open source risks

By the Numbers: 2023 Open Source Risk in M&A

Les chaînes d'approvisionnement logicielles utilisées par les applications modernes peuvent se révélées très complexes. Elles consistent en un mélange de code propriétaire et d’open sources, d'API et d'interfaces utilisateur ainsi que de workflows de déploiement dans différents environnements. Les problèmes de sécurité à n'importe quelle étape de cette chaîne peuvent vous exposer, vous et vos clients, à un risque d'attaque. Selon les analystes du Gartner, 45 % des organisations dans le monde connaîtront une attaque d'ici 2025. Renforcer votre chaîne d'approvisionnement logicielle contre les menaces de sécurité est une nécessité, mais cela ne s'arrête pas là. Vous devez également être en mesure de démontrer que vous l'avez fait, afin d’avoir la confiance de vos clients et de respecter les obligations réglementaires.

Rejoignez-nous et découvrez comment nous proposons une approche globale de sécurité de la chaîne d'approvisionnement logicielle, notamment:
• À quoi ressemble une chaîne d'approvisionnement logicielle,
• Présentation des risques tout au long de la chaîne d'approvisionnement logicielle,
• Ce que cela signifie de sécuriser votre chaîne d'approvisionnement et de prouver que vous l'avez fait.

Sécuriser la chaîne d'approvisionnement logicielle

Where Will DevSecOps 'Shift' Next?

Software Risk is Business Risk

The Future of AppSec: What You Need To Know

AppSec Trends for 2022 and Beyond

Manage AppSec Risks at Enterprise Scale​

The Forrester report, “The State of Application Security: 2022,” notes that web application exploits are the third-most-common cybersecurity attack. Of the 4,000+ tests Synopsys Application Security Testing (AST) services conducted for its annual “Software Vulnerability Snapshot” report, 95% uncovered some form of vulnerability in the target applications

In this webinar, we will focus on the findings of the “Software Vulnerability Snapshot” report as well as 

• Latest AppSec trends and challenges  
• Findings  from “black box” and gray box” testing  
• A brief overview of best practices to address the latest AppSec challenges

Vulnerability Management

Application Security

Security Awareness

Application Development

Information Security

Cyber Security

CISO

Cyber Attacks

IT Security

Risk Management

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

The Future of AppSec: What You Need To Know

Presented by

About this talk

More from this channel