Name: Tanya Janca discusses the worst DevSecOps practices
Start: 2023-05-12T16:00:00Z
End: 2023-05-12T16:00:15.000Z
Location: BrightTALK
Rating: 0

Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.

In a survey of your peers, the Ponemon Institute uncovered a stark reality:
 
Teams are struggling to secure software supply chains as fast as advances in things like AI are increasing developments ability to produce it. For example, 52% of organizations leverage AI tools to generate code. Yet only 32% say they have processes in place to evaluate it.  And less than half say they are effective in securing open source or evaluating the security of commercial software in their supply chain.
 
Where do you rank? 
 
Join the webinar to understand the state of software supply chain security and how you can help your team keep pace with managing it. We’ll cover:   
 
• How prepared organization are for supply chain attacks
• How to secure and manage open source and commercial software in your applications
• How things like AI and SBOM mandates are impacting security readiness

By the Numbers: Software Supply Chain Security Risks

Understanding the complexities of production testing is essential for any robust security strategy. Although conducting dynamic application security testing (DAST) in live environments is challenging, it is vital for ensuring application safety. This webinar bridges the gap between the daunting nature of production testing and its benefits.

Join our panel of experts to learn
- Common vulnerabilities that persist in production environments
- How to overcome challenges in configuration changes and supply chain vulnerabilities
- Real-world examples of how organizations have navigated these complexities

Secure Your Frontline: Start Continuous DAST in Production

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

AppSec Automation: Five Steps to Achieving Developer-First Security

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this live webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

The growth of software across every industry poses significant challenges for teams that need to keep up with the fast pace of innovation while making sure the software they put into production is secure. This has led to a proliferation of tools deployed by security teams. You may ask why? In simple terms, to tackle the increasing pressure of a larger and more sophisticated threat landscape. Ultimately, teams are now left with added complexity and friction in the SDLC and a bloated total cost of ownership (TCO).  

As a result, Gartner indicates an increase in organizations pursuing vendor consolidation from 29% in 2020 to 75% in 2022 to tackle the cost and complexity of present day AppSec programs. But, consolidating vendors is only one part of the equation. 

Join us, as we unlock the key to improving AppSec efficiency  in the era of rapid innovation. We delve into a differentiated approach to consolidation initiatives that extends beyond improving TCO.  

Join now and understand how to: 

- Streamline tools & processes to improve resource efficiency. 
- Focus your teams with prioritized risk data across your security program. 
- Deliver rapid, comprehensive risk insight for improved time to audit.

How to Improve AppSec Efficiency

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
 
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.

Python 101

Explore the current hype around software Bills of Materials (SBOMs), driven by new and upcoming legislation in the EU and elsewhere mandating their use across vendors, suppliers, and customers. Delve into the diverse capabilities required for SBOMs, varying by sector, jurisdiction, and supply chain position. This presentation will highlight key aspects of SBOM compliance, featuring crucial insights and a roundtable discussion with industry leaders IBM and Continental.

Together, we’ll address

- How to decipher legislative implication for SBOMs
- Streamlining effective SBOM processes
- Strategic insights for successful implementation

Demystifying SBOMs: Navigating Legislation and Processes

Vulnerabilities pose a vast threat to the security of software, systems, and users, and the number of vulnerabilities discovered is increasing year-on-year. Understanding the life cycle of vulnerabilities can help you track, manage, and mitigate these threats effectively. 
 
In this session, you'll gain
• Knowledge of the life cycle of a vulnerability, including examples
• An understanding of why managing vulnerabilities at each stage is crucial
• Awareness of how vulnerabilities are handled in the public and private domains
• Insight into the methods used to manage and fix vulnerabilities

Life Cycle of a Vulnerability

Dynamic application security testing (DAST) is a central component for many organizations’ AppSec programs. But legacy DAST tools can be too slow and difficult to use in fast-paced development environments. Our new fAST Dynamic technology enables DevOps teams to scan their applications quickly and accurately, eliminating the need for time-consuming configuration and triage efforts. 

Join us to see how fAST Dynamic

- Allows users without extensive technical knowledge easily initiate scans 
- Navigates and analyzes web apps without requiring specialized expertise
- Prioritizes quality or quantity of findings  

fAST Dynamic provides a self-serve, straightforward, and efficient dynamic testing solution for organizations aiming to secure their web applications without slowing their development pace.

Dynamic Analysis for Modern Day DevOps

Companies adopt many application security testing (AST) tools to pinpoint where critical fixes are needed and avoid costly postproduction software issues. Yet despite a lot of AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM). 

In this session, we’ll dive into 
- The difference between application security orchestration and correlation (ASOC) and ASPM
- The capabilities that a comprehensive ASPM solution should have
- How ASPM can help your development and security teams mitigate software risk at scale

What is Application Security Posture Management (ASPM)?

Gain insights into important legal developments from two of the leading open source legal experts, Tony Decicco, Principal at GTC Law Group & Affiliates and Chris Stevenson, Of Counsel at DLA Piper.

This annual review will highlight the most significant legal developments related to open source software in 2023, focusing on topics that were resolved, those that got started and what we can expect to see in coming years.

We’ll cover:

• Updates on key open source-related litigation and disputes
• The Cyber Resilience Act and the Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence
• Potential liability for developers releasing and contributing to open source software
• The impacts of GAI coding tools, such as GitHub Copilot and Amazon CodeWhisperer
• Open source software controversies, deals, and hacks
• And much, much more

Register today!

CLE:
DLA Piper LLP (US) has been certified by the State Bar of California, Illinois MCLE Board, the Board on Continuing Legal Education of the Supreme Court of New Jersey, and the New York State Continuing Legal Education Board as an Accredited Provider. The following CLE credit is being sought: 
• California: 1.5 Credit (1.5 General, 0.0 Ethics)
• Illinois: 1.5 Credit (1.5 General, 0.0 Professional Responsibility)
• New Jersey: 1.8 Credits (1.8 General, 0.0 Ethics)
• New York: 1.5 Transitional & Non-Transitional Credit (1.5 Professional Practice, 0.0 Ethics)
CLE credit will be applied for in other states where DLA Piper has an office with the exception of Minnesota, North Carolina, and Puerto Rico.

The 2023 Open Source Year in Review

Consolidation des outils de Securité Applicative -  Comment réduire la complexité et le coût des solutions de sécurité applicative, avec l’aide de l’ASPM  

Alors que ces dernières décennies ont vu une multiplication des outils d’analyse de sécurité applicative, on assiste aujourd’hui à une volonté de consolidation afin de réduire leur coût et améliorer leur efficacité. Quels bénéfices peut-on attendre d’une telle initiative, et quels sont les défis qui y sont associés ? Rejoignez-nous dans cette présentation d’une approche graduelle, tirant partie de l’Application Security Posture Management afin de récolter les bénéfices d’une consolidation de la sécurité applicative sans que les défis ne se transforment en obstacles.

Consolidation des outils de Securité Applicative

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 84% of codebases contained at least one open source vulnerability.
 
Join this live Synopsys webinar as we explore the findings from the 2024 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2024 Guide to Open Source Security and Risk

在AI和元宇宙快速发展的今天,软件行业正处于前所未有的变革中。作为应用开发和应用安全领域的领军企业,新思科技一直致力于探索前沿技术的应用与实践。本次大会,我们很高兴可以和业内专家以及各位客户共同探讨2024年应用开发的新趋势与新挑战。无论是生成式AI,还是元宇宙,这些快速崛起的新技术都对软件生态带来了深刻影响。我们将分享生成AI在应用开发中应用的新思路和最佳实践,讨论引入AI可能面临的风险与解决方案。
此外,作为行业引领者,我们也将展望元宇宙、数码化转型等趋势将如何重塑行业格局,使应用开发更加智能化和个性化。我们衷心期待与您共同合作,开启应用开发的新纪元!

2024资讯安全与展望——变与不变

It is impossible to see if an application is vulnerable or non-compliant when you don't have visibility into components, versions and licenses used by your software. 

With the Component Views feature in Software Risk Manager (SRM), security and development teams can obtain a single view of all components used in their applications.

With Component Views in SRM you get:

-An up-to date inventory of software components used by your applications
- The ability to quickly assess if a component is in use when a new zero-day is announced
- Easy to access upgrade guidance for vulnerable components

To learn more, visit https://www.synopsys.com/software-risk-manager

Software Risk Manager: Get a single view of your applications components

Synopsys Software Integrity Community invites you to join us for a live webinar that covers how to integrate a popular source code management repository (GitHub) into Polaris in a few simple steps and triage any issues detected, followed by a brief live Q&A session.

Polaris: Code Security Made Easy

The Common Vulnerability Scoring System (CVSS) helps you decide which vulnerabilities you should be most concerned about. This isn’t to say that the CVSS will make prioritization decisions for you, but it will give you one piece of information you need to make informed decisions that are best for your organization.

In this session, you'll gain:
• An understanding of CVSS, its metrics, and scoring process
• Insight into CVSS's history and role in vulnerability management
• A walkthrough of scoring a vulnerability's severity
• Knowledge of how CVSS is used in vulnerability management

Vulnerability Scoring 101

Security at Every Stage: Integrating AppSec for Efficient DevSecOps

DevSecOps in the Wild: Examining Global Security Factors in 2023

Transforming DevSecOps in Turbulent Times

Achieving DevSecOps: Ways to reduce AppSec noise at scale

Coffee with a Side of DevSecOps

Top Challenges With Shifting Security to Development

It’s Time for AppSec to Evolve

Enable your DevSecOps Initiative with Security Champions

Building Security into DevOps Without Breaking It

DevSecOps Explained

Cracking the Code of DevSecOps

5 Steps to Integrate SAST into the DevSecOps Pipeline

Raising the security bar in DevSecOps

The evolution of application security

Where Will DevSecOps 'Shift' Next?

Achieving security simplicity amongst application chaos

Improving the Sec in DevSecOps

Polaris Software Integrity Platform

Building Security into DevOps

Tanya Janaca, a keynote speaker at the 2023 RSA Conference, addresses some of the worst
DevSecOps practices she has witnessed while working in IT for over 25 years.

Tanya Janca discusses the worst DevSecOps practices

DevOps

DevSecOps

Application Development

Application Delivery

Application Security

Developers

Cyber Security

Information Security

CISO

SDLC

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Tanya Janca discusses the worst DevSecOps practices

Presented by

About this talk

More from this channel