Name: Under the hood with Static Analysis – What is actually happening
Start: 2018-11-29T18:00:00Z
End: 2018-11-29T18:00:40.000Z
Location: BrightTALK
Rating: 5

Contrast Security is the leader in next-generation application security, embedding code vulnerability analysis and attack prevention directly into software through instrumentation. Contrast’s patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for disruptive scanning, expensive infrastructure workloads, and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improving efficiencies and cost, and enabling rapid scale while protecting applications from known and unknown threats.

Now that dust is settling from Log4Shell, how can you prepare for and prevent the next zero-day vulnerability from impacting your organization?

Join this webinar to hear from Larry Maccherone, DevSecOps Transformation lead at Contrast Security, and Farshad Abasi, Chief Security Officer at Forward Security and hear an interactive discussion about how to future-proof against emerging threats on the horizon so your organization is prepared to respond instantly to zero-day vulnerabilities like Log4Shell.

Topics for discussion include:

What lessons should we draw from our experiences since Log4Shell?
Have you seen changes in behavior as a result of Log4Shell?
Have other vulnerabilities been discovered due to increased scrutiny of open source libraries?
How would you respond to the FTC alert regarding Log4Shell
How has this changed your thinking on use of open source libraries, and budget allocation to secure them?
What could have been done to protect against the perils of Log4Shell, and how can you prevent the next threat?

PREPARING FOR THE NEXT ZERO-DAY VULNERABILITY

The second annual 2021 Application Security Observability Report provides key insights and industry benchmarks on an array of different application security areas.   This moderated webinar features three subject-matter experts from Contrast who will speak to some of the findings in the just-published report, including:  • Discussion of the newly formulated vulnerability escape rate and how it demonstrates how well—or how poorly—developers are doing when it comes to writing and releasing secure code • The percentage of active application code is custom versus open source and what this means when it comes to risk • The median time to remediate resolved vulnerabilities—for Contrast versus other application security tools • Which vulnerability types are up, the ones that are down, and the ones that pose the highest risk in terms of likelihood and impact • And much more …  This is truly a “can’t miss” webinar for the year.

Key Insights and Benchmarks from Contrast’s 2021 AppSec Observability Report

38% of open-source libraries are active and only 12% of classes within them are actually invoked in applications.  Discover key findings recently published in Contrast Security's “2021 State of Open-Source Security Report.” Attendees will learn ... • The average number of libraries in individual applications • The average age of library versions and how this dramatically ratchets up risk • The total number of vulnerabilities found in libraries • The presence of potential licensing issues in open source used in applications • Strategies and tactics organizations can employ to mitigate open-source risks • And more …

How To Determine What Your Open-Source Risks Look Like

The average enterprise uses 765 web applications to run their business, and many of these have serious vulnerabilities. 

Organizations around the world evaluate their application risk using the OWASP Top Ten. On September 24, the OWASP Foundation released the OWASP Top 10 2021. It’s been four years since the last release, and there are some notable additions, changes, and combinations.

Organizations are recalibrating how they measure application risk and reevaluate strategies based on these changes. The co-founders of OWASP address the latest changes to the Top Ten and provide their perspectives on each one. Topics covered during the moderated webinar include:

● New entrants, deletions, and combinations to the Top Ten
● Risks—in terms of prevalence and likelihood to exploit—posed by each of the Top Ten
● How to use the OWASP Top Ten to evaluate risk and existing application security programs
● Potential application security gaps not covered by the OWASP Top Ten
● How to assess application security coverage based on the OWASP Top Ten
● Future trajectories for application cyber threats

Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten

Larry Maccherone launched and for five years scaled the DevSecOps Transformation program across the hundreds of development teams at Comcast. Along the way, he and his team found through experimentation a number of high-leverage approaches. Similarly, Jimmy Xu has seen what works well at a variety of very different organizations in his current and previous consulting roles.  Jimmy and Larry put their heads together to present this short list of key concepts that are critical in making your DevSecOps transformation more actionable and successful.

Five Key Concepts for DevSecOps Transformation

Learn how Contrast can help application security teams improve the security of Go applications with the industry’s first interactive application security analyzer for the Go language.

The addition of the Contrast Go agent to the Contrast Application Security Platform provides an automated method of detecting critical security vulnerabilities in Go-based code—without false positives that cause workflow bottlenecks.

This webinar looks at how Contrast can help organizations improve testing and protection of their Golang projects. Watch the on-demand webinar to learn …
•	Where Go fits into software and why development teams choose it
•	How security analyzers focus on simplifying any gaps or discussions between software teams
•	The difference between composition analysis (dependencies) and integrated analysis (custom vulnerabilities)
•	How to use interactive application security testing (IAST) in the software development life cycle
•	How integrated analyzers work in different software languages
•	And more …

Why Interactive Security Analysis for Go Applications Is Needed

Almost ¾ of financial services firms are traveling at DevOps speed—releasing code multiple times per day or with every change. But only 25% of security teams are able to review and pass all alerts back to their development teams—a big security gap that must be closed.

Contrast’s 2021 State of Application Security in Financial Services Report highlights these and other trends that application security and development leaders and practitioners need to know to effectively and securely embrace Agile and DevOps.

Attend this webinar to learn: 

•	How well application security and development teams are collaborating
•	What percentage of application vulnerabilities are prioritized for remediation
•	How compliance and risk are shaping financial services and DevSecOps
•	How much time is spent running security scans and triaging and diagnosing alerts
•	How often financial services firms’ applications are successfully exploited
•	If DevSecOps outcomes are affected by company size, number of applications in development, who is responsible for AppSec, etc.
•	And more!

How DevOps in Financial Services Is Creating Application Risks

98% of organizations reported 3+ successful application exploits in the past year.  

In response to the cascade of successful cyber exploits, President Biden issued an executive order that mandates the need for strengthening cybersecurity. Contrast Protect does just that for production applications. Unlike perimeter defenses, protection from the inside delivers unparalleled insights and remediation capabilities. 

Attend this webinar to learn: 

•	Where your production applications are vulnerable today
•	Why existing application security solutions are ineffective for critical security use cases
•	How Contrast Protect delivers application security from inside application code to block actual exploits—both known and unknown
•	How application security teams can support developers with precise attack information
•	And more …

How To Stop SQL Injection and Other Common Application Attacks in Their Tracks

History is being made. Don’t get left behind. 

Slow, inefficient, and inaccurate legacy static analysis is history. Contrast Scan is pipeline native and revolutionizes 15-year-old SAST technology to produce results that include …

●	10x faster scan times
●	45x faster remediation times
●	30% improvement in application security efficiency

Attend this webinar to learn … 

●	The journey with SAST from the view of a founder
●	The benefits and pains of SAST for the enterprise from the view of a customer
●	What the future needs to look like for SAST to thrive and serve the market
●	Why SAST must be pipeline native to be focused, actionable, and fast

The SAST of the Future: Pipeline-native Static Analysis

Whether you have been on the cloud journey for 5 months or 5 years, over 75% of enterprises are still encountering a variety of architectural and security challenges when migrating legacy applications to the cloud, developing and delivering cloud-native applications, or managing hybrid and multi-cloud environments.

 

Some of these hurdles include understanding dependencies between applications and application components, refactoring application security infrastructure for cloud hosting, and securing the API proliferation.

 

During this fireside chat, Contrast Security and Microsoft will discuss how CIOs, CTOs, CISOs, and Chief Cloud Architects can overcome many of these obstacles and maximize cloud efficiencies by implementing DevSecOps principles.

 

Specifically, they will cover how using DevSecOps can help you better:

 

·  Understand risk in your applications as you migrate to the cloud

·  Rebuild/refactor applications for cloud hosting

·  Secure production workloads once applications are deployed in the cloud

· Manage application workloads across hybrid and multi-cloud environments

How to Modernize Your Azure Journey with DevSecOps Princples

Presenters:
Joe Coletta, Product Marketing Manager at Contrast Security
Pauline Logan, Product Manager of Contrast OSS at Contrast Security

Tackle open-source risks without grinding DevOps to a halt.

Is managing open-source software (OSS) with legacy tools causing more harm than good? This is often the case when it comes to outdated software composition analysis (SCA) tools that bury teams with false positives and require a series of tedious manual processes that waste valuable time.

Tune in for a webinar that will explain how these SCA tools fall short when it comes to managing OSS risk, as well as how to untangle the confusion and find a security strategy that doesn’t stop DevOps in its tracks. You’ll come away understanding:

- The rising rate of OSS vulnerabilities
- Different layers of risk that come with OSS
- Specific steps DevOps can take to managing an OSS security strategy
- How instrumentation can help streamline OSS security

Join us to discover a new way to protect OSS that doesn’t burden security or DevOps teams, but actually integrates into DevOps workflows for seamless, proactive protection.

Managing Open-Source Security for Modern-Day DevOps

Presenters:
Francis Cianfrocca, CEO, InsightCyber Group
Luke Hinds, Security Engineering Lead, Office of the CTO, Red Hat
Erik Costlow, Director of Developer Relations at Contrast Security
Patrick Spencer, Editor-in-Chief of Inside AppSec Podcast

Over 60% of leading development teams deploy code to production every day or with every release. This demands a completely different security approach.

Attend this webinar to learn how the “cream of the crop” are accelerating their release cycles and transforming their businesses by launching new applications and evolving existing ones. Attendees will learn:

- Best practices from top development teams
- What security tools and approaches they use
- How they leverage open-source frameworks and libraries
- What tools must be integrated into the IDE and CI/CD pipeline
- How application security must change

The digital age completely changes DevSecOps, and only those in the top echelon of practitioners are likely to succeed.

Lessons from Top Echelon Development Teams: Higher Quality Code & Productivity

Presenters:

Sean Walls, CISO and VP at Visionworks of America
Andre Tehrani, Partner at Recrewmint
Patrick Spencer, Editor-in-Chief of Inside AppSec Podcast

Strategies for implementing effective application security

As the modern-day CISOs role continues to expand, CISOs must mitigate both business risk and execute successful cybersecurity strategies. This is especially true when it comes to the risk of application development vulnerabilities that can result in dire financial consequences—ranging from diminished brand reputation to severe financial loss.

Tune in for a special moderated webinar that will feature insights from a seasoned executive recruiter and CISO practitioner about what it takes to manage an effective application security strategy. You’ll come away understanding:

-Why application security is a highly sought-after skill for CISOs
- What types of skills and experience help CISOs mitigate application risks
- How to prioritize application security resources and budget
- How CISOs can showcase application security skills and experience throughout the interview process.

Join us to discover how to up-level your application security strategy as well as how to translate application security concerns and plans to the rest of the C-suite and your board of directors.

Application Security Jumps to the Top of the CISO's List of Priorities

Cloud technologies, new architecture stacks, DevOps tools, and agile methodologies have all contributed to productivity, software velocity, and business innovation. But what about security? Can security be an accelerator to innovation?

Join CTO and Co-Founder of Contrast Security Jeff Williams, Sam Guckenheimer, Product Owner of AzureDevOps at Microsoft, and MC Reid, Senior Solutions Architect at Contrast Security as they demo how Contrast Security's embedded application security model integrates into the Microsoft AzureDevOps Pipeline. This talk will cover how to leverage application security instrumentation techniques in DevSec and SecOps (DevSecOps) to increase both developer and security productivity. By changing culture through advanced automation, we will cover the following 6 topics and how to apply them in real workflow environments:

Shifting left starts with vulnerability visibility for developers

Treating vulnerabilities for what they are, software bugs

Enforcing application security policies into your CI/CD pipelines

Enhancing threat intelligence with application threat and attack telemetry

Aligning Development, Security, and Operations teams with real-time unified insights

Deploying DevSecOps at scale

Register today to understand how the combined benefits of Microsoft and Contrast Security can help you accelerate innovation with Security in a DevOps world.

Security in a DevOps World: Unlocking Velocity and Innovation

Runtime Application Security Platforms, in light of disruptive trends like cloud computing, containers, continuous deployment and DevOps, is a key application security technology. In this webcast we are going to examine several facets of how to evaluate RASP solutions, including the threats they address, how they compare to WAF & static analysis solutions, and how they are integrated into build and production environments.

Join Securosis analyst, Adrian Lane and Contrast Application Security Specialist Erik Costlow on how RASP works, how the solutions are architected, and then discuss common questions we have received over the last several years from customers of RASP solutions. We hope this webcast will help guide you in your evaluation and selection process.

Evaluating RASP - A discussion of Runtime AppSec Platforms and how they are used

Une transformation digitale réussi dépend de l’agilité sa Software Factory. Comment la sécurité peut tenir le rythme et avoir une emprunte minimal sur les cycles développement ? Nous vous montrerons comment Contrast utilise les technologies d’instrumentations pour renforcer la sécurité des applications avant leur déploiement, de les protéger en production et offrir une visibilité sur les vulnérabilités tout au long du cycle de vie des applications. Enfin nous montrerons comment améliorer l’adoption auprès des développeurs et d’optimiser les ressources liées à la sécurité dans vos projets.

Comment accélérer le cycle développement de vos applications?

In this webinar we will uncover why WAFs exist and go through architectures of a WAF, Cloud Native vs. On-Premise and of Self-Defending Applications. We’ll highlight what WAF’s can and cannot see and why they require augmentation to function to their fullest.  We’ll also investigate into the three types of WAFs and highlight their similarities and differences:

- Traditional WAF 
- “Next-Gen” WAF 
- Cloud WAF

We will also discuss the commonalities and disparities of Cloud and on-premise WAF’s and present some best practices, deployment strategies  and management for each. Additionally we’ll highlight WAF augmentation and underscore why you need to secure within the application instead of just in front and how Contrast’s platform can see things that are “invisible” to WAFs and comparing the different approaches to application protection.

The webinar will illustrate how Runtime Application Self-Protection (RASP) works from within the application via instrumentation in production environments and show how easy it is to deploy in for DevOps, Cloud and Container environments. We will also illustrate why RASP is more accurate than a WAF, so you can block attacks out-of-the-box quickly, economically and effectively.

What the WAF?  Understanding and augmenting what the WAF cannot see

Cloud computing is one of the major shifts in technology that is gaining rapid traction and is helping fuel the growth in today’s digital transformation. As leading organizations modernize their hardware and software environments, they are demanding flexibility, business agility and operational efficiencies. This ultimately equates to tangible cost savings, loyal customers and higher profits, as organizations leverage the cloud to compete more effectively and differentiate their digital service and product offerings.

As a real-world example, you will hear from Chris Perkins, Senior Security Architect at a major Fortune 500 medical technology and solutions company on:

- Key drivers and use cases in migrating from traditional legacy technologies and embracing modern hybrid cloud computing approaches.
- Application Security threat landscape, testing pipelines and native integrations.
- Major hurdles and lessons learned (organizationally, culturally, technology) and how to reduce friction and increase collaboration between Dev & Ops teams
in order to optimize resources and ensure a secure Cloud migration. 
- The cost curve for remediation of defects enabling a safer speed to market and growth
 
You’ll also hear from Rohit Gupta, Global Segment Leader, Security: Amazon Web Services (AWS) highlighting key tenets for security for AWS and the framework required to help their customers meet compliance, regulation and security objectives and Surag Patel, Chief Strategy Officer, Contrast Security,  underscoring modern approaches to automate, integrate and scale Application Security. 

As a result of this webinar, you will hear about the major benefits in migrating to a secure, compliant cloud environment and learn from a customer’s experience on how to successfully automate and secure your applications. There will also be a Q&A session at the end of the webinar.

Key Application Security Strategies for your Cloud Migration

Do you use static analysis and want a better understanding of how it works? This technical webinar will walk through the basics that support the static analysis field, such as semantic analysis and how dataflow works between source and sink. We will walk through the model structure that is built, how it is queried, and how it is impacted by different development techniques. 

At the end of this webinar, attendees will be able to better understand what factors in to the quality of results.

Questions this webinar will answer:

What is the impact of microservices on analysis quality?
As analysis traces data from source to sink, what exactly does it watch?
How are frameworks and different architectures scoped and analyzed?
What are techniques like inversion of control, dependency injection, and static/dynamic typing, 
and what impact do they have on code analysis?

Under the hood with Static Analysis – What is actually happening

AppSec

Security

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Under the hood with Static Analysis – What is actually happening

Presented by

About this talk

More from this channel