Hi [[ session.user.profile.firstName ]]

Managing Open-Source Security for Modern-Day DevOps

Joe Coletta, Product Marketing Manager at Contrast Security
Pauline Logan, Product Manager of Contrast OSS at Contrast Security

Tackle open-source risks without grinding DevOps to a halt.

Is managing open-source software (OSS) with legacy tools causing more harm than good? This is often the case when it comes to outdated software composition analysis (SCA) tools that bury teams with false positives and require a series of tedious manual processes that waste valuable time.

Tune in for a webinar that will explain how these SCA tools fall short when it comes to managing OSS risk, as well as how to untangle the confusion and find a security strategy that doesn’t stop DevOps in its tracks. You’ll come away understanding:

- The rising rate of OSS vulnerabilities
- Different layers of risk that come with OSS
- Specific steps DevOps can take to managing an OSS security strategy
- How instrumentation can help streamline OSS security

Join us to discover a new way to protect OSS that doesn’t burden security or DevOps teams, but actually integrates into DevOps workflows for seamless, proactive protection.
Recorded Oct 27 2020 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Joe Coletta & Pauline Logan
Presentation preview: Managing Open-Source Security for Modern-Day DevOps

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Modernize Your Azure Journey with DevSecOps Princples Dec 9 2020 6:00 pm UTC 50 mins
    Surag Patel Chief Strategy Officer at Contrast Security, Steven Murawski
    Whether you have been on the cloud journey for 5 months or 5 years, over 75% of enterprises are still encountering a variety of architectural and security challenges when migrating legacy applications to the cloud, developing and delivering cloud-native applications, or managing hybrid and multi-cloud environments.

    Some of these hurdles include understanding dependencies between applications and application components, refactoring application security infrastructure for cloud hosting, and securing the API proliferation.

    During this fireside chat, Contrast Security and Microsoft will discuss how CIOs, CTOs, CISOs, and Chief Cloud Architects can overcome many of these obstacles and maximize cloud efficiencies by implementing DevSecOps principles.

    Specifically, they will cover how using DevSecOps can help you better:

    · Understand risk in your applications as you migrate to the cloud

    · Rebuild/refactor applications for cloud hosting

    · Secure production workloads once applications are deployed in the cloud

    · Manage application workloads across hybrid and multi-cloud environments
  • Managing Open-Source Security for Modern-Day DevOps Recorded: Oct 27 2020 46 mins
    Joe Coletta & Pauline Logan
    Joe Coletta, Product Marketing Manager at Contrast Security
    Pauline Logan, Product Manager of Contrast OSS at Contrast Security

    Tackle open-source risks without grinding DevOps to a halt.

    Is managing open-source software (OSS) with legacy tools causing more harm than good? This is often the case when it comes to outdated software composition analysis (SCA) tools that bury teams with false positives and require a series of tedious manual processes that waste valuable time.

    Tune in for a webinar that will explain how these SCA tools fall short when it comes to managing OSS risk, as well as how to untangle the confusion and find a security strategy that doesn’t stop DevOps in its tracks. You’ll come away understanding:

    - The rising rate of OSS vulnerabilities
    - Different layers of risk that come with OSS
    - Specific steps DevOps can take to managing an OSS security strategy
    - How instrumentation can help streamline OSS security

    Join us to discover a new way to protect OSS that doesn’t burden security or DevOps teams, but actually integrates into DevOps workflows for seamless, proactive protection.
  • Lessons from Top Echelon Development Teams: Higher Quality Code & Productivity Recorded: Oct 1 2020 63 mins
    Francis Cianfrocca, Luke Hinds, Erik Costlow, Patrick Spencer
    Francis Cianfrocca, CEO, InsightCyber Group
    Luke Hinds, Security Engineering Lead, Office of the CTO, Red Hat
    Erik Costlow, Director of Developer Relations at Contrast Security
    Patrick Spencer, Editor-in-Chief of Inside AppSec Podcast

    Over 60% of leading development teams deploy code to production every day or with every release. This demands a completely different security approach.

    Attend this webinar to learn how the “cream of the crop” are accelerating their release cycles and transforming their businesses by launching new applications and evolving existing ones. Attendees will learn:

    - Best practices from top development teams
    - What security tools and approaches they use
    - How they leverage open-source frameworks and libraries
    - What tools must be integrated into the IDE and CI/CD pipeline
    - How application security must change

    The digital age completely changes DevSecOps, and only those in the top echelon of practitioners are likely to succeed.
  • Application Security Jumps to the Top of the CISO's List of Priorities Recorded: Aug 27 2020 61 mins
    Sean Walls CISO & VP - Visionworks of America, Andre Tehrani Ptr. - Recrewmint, Patrick Spencer, EIC of Inside AppSec Podcast

    Sean Walls, CISO and VP at Visionworks of America
    Andre Tehrani, Partner at Recrewmint
    Patrick Spencer, Editor-in-Chief of Inside AppSec Podcast

    Strategies for implementing effective application security

    As the modern-day CISOs role continues to expand, CISOs must mitigate both business risk and execute successful cybersecurity strategies. This is especially true when it comes to the risk of application development vulnerabilities that can result in dire financial consequences—ranging from diminished brand reputation to severe financial loss.

    Tune in for a special moderated webinar that will feature insights from a seasoned executive recruiter and CISO practitioner about what it takes to manage an effective application security strategy. You’ll come away understanding:

    -Why application security is a highly sought-after skill for CISOs
    - What types of skills and experience help CISOs mitigate application risks
    - How to prioritize application security resources and budget
    - How CISOs can showcase application security skills and experience throughout the interview process.

    Join us to discover how to up-level your application security strategy as well as how to translate application security concerns and plans to the rest of the C-suite and your board of directors.
  • Security in a DevOps World: Unlocking Velocity and Innovation Recorded: Jul 16 2020 62 mins
    Jeff Williams CTO and CoFounder Contrast Security, Sam Guckenheimer Product Owner Azure DevOps, MC Reid Sr Solutions Architec
    Cloud technologies, new architecture stacks, DevOps tools, and agile methodologies have all contributed to productivity, software velocity, and business innovation. But what about security? Can security be an accelerator to innovation?

    Join CTO and Co-Founder of Contrast Security Jeff Williams, Sam Guckenheimer, Product Owner of AzureDevOps at Microsoft, and MC Reid, Senior Solutions Architect at Contrast Security as they demo how Contrast Security's embedded application security model integrates into the Microsoft AzureDevOps Pipeline. This talk will cover how to leverage application security instrumentation techniques in DevSec and SecOps (DevSecOps) to increase both developer and security productivity. By changing culture through advanced automation, we will cover the following 6 topics and how to apply them in real workflow environments:

    Shifting left starts with vulnerability visibility for developers

    Treating vulnerabilities for what they are, software bugs

    Enforcing application security policies into your CI/CD pipelines

    Enhancing threat intelligence with application threat and attack telemetry

    Aligning Development, Security, and Operations teams with real-time unified insights

    Deploying DevSecOps at scale

    Register today to understand how the combined benefits of Microsoft and Contrast Security can help you accelerate innovation with Security in a DevOps world.
  • Evaluating RASP - A discussion of Runtime AppSec Platforms and how they are used Recorded: Nov 19 2019 42 mins
    Securosis analyst, Adrian Lane & Contrast Application Security Specialist Erik Costlow
    Runtime Application Security Platforms, in light of disruptive trends like cloud computing, containers, continuous deployment and DevOps, is a key application security technology. In this webcast we are going to examine several facets of how to evaluate RASP solutions, including the threats they address, how they compare to WAF & static analysis solutions, and how they are integrated into build and production environments.

    Join Securosis analyst, Adrian Lane and Contrast Application Security Specialist Erik Costlow on how RASP works, how the solutions are architected, and then discuss common questions we have received over the last several years from customers of RASP solutions. We hope this webcast will help guide you in your evaluation and selection process.
  • Comment accélérer le cycle développement de vos applications? Recorded: Oct 2 2019 35 mins
    Chardy N’diki (Regional Manager, EMEA) & Laurent Levi (Sales Engineer, EMEA) at Contrast Security
    Une transformation digitale réussi dépend de l’agilité sa Software Factory. Comment la sécurité peut tenir le rythme et avoir une emprunte minimal sur les cycles développement ? Nous vous montrerons comment Contrast utilise les technologies d’instrumentations pour renforcer la sécurité des applications avant leur déploiement, de les protéger en production et offrir une visibilité sur les vulnérabilités tout au long du cycle de vie des applications. Enfin nous montrerons comment améliorer l’adoption auprès des développeurs et d’optimiser les ressources liées à la sécurité dans vos projets.
  • What the WAF? Understanding and augmenting what the WAF cannot see Recorded: May 29 2019 52 mins
    Erik Costlow, Principal Product Evangelist, Contrast Security
    In this webinar we will uncover why WAFs exist and go through architectures of a WAF, Cloud Native vs. On-Premise and of Self-Defending Applications. We’ll highlight what WAF’s can and cannot see and why they require augmentation to function to their fullest. We’ll also investigate into the three types of WAFs and highlight their similarities and differences:

    - Traditional WAF
    - “Next-Gen” WAF
    - Cloud WAF

    We will also discuss the commonalities and disparities of Cloud and on-premise WAF’s and present some best practices, deployment strategies and management for each. Additionally we’ll highlight WAF augmentation and underscore why you need to secure within the application instead of just in front and how Contrast’s platform can see things that are “invisible” to WAFs and comparing the different approaches to application protection.

    The webinar will illustrate how Runtime Application Self-Protection (RASP) works from within the application via instrumentation in production environments and show how easy it is to deploy in for DevOps, Cloud and Container environments. We will also illustrate why RASP is more accurate than a WAF, so you can block attacks out-of-the-box quickly, economically and effectively.
  • Key Application Security Strategies for your Cloud Migration Recorded: Mar 19 2019 52 mins
    Rohit Gupta, Global Segment Leader; Surag Patel, Chief Strategy Officer
    Cloud computing is one of the major shifts in technology that is gaining rapid traction and is helping fuel the growth in today’s digital transformation. As leading organizations modernize their hardware and software environments, they are demanding flexibility, business agility and operational efficiencies. This ultimately equates to tangible cost savings, loyal customers and higher profits, as organizations leverage the cloud to compete more effectively and differentiate their digital service and product offerings.

    As a real-world example, you will hear from Chris Perkins, Senior Security Architect at a major Fortune 500 medical technology and solutions company on:

    - Key drivers and use cases in migrating from traditional legacy technologies and embracing modern hybrid cloud computing approaches.
    - Application Security threat landscape, testing pipelines and native integrations.
    - Major hurdles and lessons learned (organizationally, culturally, technology) and how to reduce friction and increase collaboration between Dev & Ops teams
    in order to optimize resources and ensure a secure Cloud migration.
    - The cost curve for remediation of defects enabling a safer speed to market and growth

    You’ll also hear from Rohit Gupta, Global Segment Leader, Security: Amazon Web Services (AWS) highlighting key tenets for security for AWS and the framework required to help their customers meet compliance, regulation and security objectives and Surag Patel, Chief Strategy Officer, Contrast Security, underscoring modern approaches to automate, integrate and scale Application Security.

    As a result of this webinar, you will hear about the major benefits in migrating to a secure, compliant cloud environment and learn from a customer’s experience on how to successfully automate and secure your applications. There will also be a Q&A session at the end of the webinar.
  • Cloud-Native Security: Processes and Tools for Real-World Transformation Recorded: Feb 20 2019 59 mins
    Jeff Williams, co-founder and Chief Technology Officer of Contrast Security and David M. Zendzian, Pivotal Global CTO
    Can your organization support developer self-service across 11,000 workloads with certainty that 100% of the workloads are security-approved across the entire stack? The answer is yes with a cloud-native approach.

    Cloud-native platforms not only make it easier to support the kind of cultural shift necessary for continuously shipping software, they make it easier to practice good security and reduce the available attack surface. But an attack on the application itself can undermine all platform controls.

    In this webinar, Jeff and David will discuss application development code security in pre-production as well as runtime security at scale for cloud-native production applications. This session will cover the following:

    ● Tools that work well with rapid-cycle CI/CD pipelines
    ● Baking audit and compliance into pipelines
    ● Achieving zero downtime CVE patching and updates
    ● Vulnerability discovery, and blocking of application threats and attacks in the runtime
    ● Demonstration of threat discovery and blocking

    This is the second webinar in a series presented by Pivotal and Contrast Security on cloud-native security best practices. The previous webinar in this series is available in the attachment section.

    Pivotal Privacy Statement: 

    Contrast Privacy Statement: 

    This webinar:
  • Cloud-Native Security: Understanding the Why and How Recorded: Feb 14 2019 63 mins
    David M. Zendzian, CTO, at Pivotal and Jeff Williams, Co-founder and CTO at Contrast Security
    The latest Verizon Data Breach Investigations Report continues to confirm that top sources of data breaches continue to be at the application layer. DevOps and security teams are adopting modern, fully automated software delivery platforms to release apps to production environments multiple times a week or even daily. This has forced security teams to rethink the traditional processes and practices to make security a key component of their cloud-native transformation.

    Join Jeff and David to learn how enterprises are addressing cloud native application security at speed and scale. This session will cover:

    - Common security anti-patterns
    - What is Cloud-Native Security?
    - People: How to align Dev, Security and Ops teams to achieve Cloud Native Security
    - Process: How does Cloud Native change security processes to support the modern agile business?
    - Technology: Introducing Cloud Native Security tools to achieve continuous application security
    - Q&A

    This is the first webinar in a series presented by Pivotal and Contrast Security on Cloud-native Security best practices
  • Under the hood with Static Analysis – What is actually happening Recorded: Nov 29 2018 41 mins
    ERIK COSTLOW, Principal Product Evangelist, Contrast Security
    Do you use static analysis and want a better understanding of how it works? This technical webinar will walk through the basics that support the static analysis field, such as semantic analysis and how dataflow works between source and sink. We will walk through the model structure that is built, how it is queried, and how it is impacted by different development techniques.

    At the end of this webinar, attendees will be able to better understand what factors in to the quality of results.

    Questions this webinar will answer:

    What is the impact of microservices on analysis quality?
    As analysis traces data from source to sink, what exactly does it watch?
    How are frameworks and different architectures scoped and analyzed?
    What are techniques like inversion of control, dependency injection, and static/dynamic typing,
    and what impact do they have on code analysis?
  • The DevSecOps Journey: Why It Starts with Agile DevOps & App Security Recorded: Sep 18 2018 45 mins
    Jaweed Metz, Principal, Products at Contrast Security
    DevSecOps is best viewed as a journey that enlightened organizations are starting to embark on.

    The major constituent to consider on this journey is ensuring that organizations defenses have been properly configured, implemented and operated–to that end, application security testing is of paramount importance. As businesses strive to rapidly release code in order to satisfy customer demands and gain a competitive advantage,security must work in tandem with Agile DevOps processes.

    Traditionally, security has been an afterthought, or at the very least introduced late into the release process.Hence, security has been viewed as an impediment to high velocity Agile DevOps processes and becoming a primary bottleneck in the software delivery pipeline.This can cause major contention and distrust between development and security teams–but that doesn’t need to be the case.

    Cyber threats are continuous–so shouldn’t development and security practitioners work in tandem in order to deliver and deploy code securely and continuously?The cultural, differences between development and security teams needs to be addressed and a unified approach established in order to integrate security as early as possible.Automated application security addresses these cultural, technical and process issues.

    This webinar will highlight how modern, automated application security tools can help weave security into the code continuously and accurately throughout the SDLC.Automated application security enables the real-time identification and response to new attacks and vulnerabilities that emerge in custom and third party code. Additionally, we will discuss how integrated application security unites developers and security practitioners with the tools they are already using so that they can work even more effectively.
  • Embedding Security in a Modern DevOps Pipeline – A Customer Perspective Recorded: Aug 29 2018 60 mins
    Julie Chickillo, Brandon Grady, Ben Finke, from Beeline
    The adoption of a continuous integration & delivery (CI/CD) pipeline has fundamentally transformed how software is developed and supported. This modern DevOps pipeline has dramatically increased the pace of software release cycles and driven new innovations throughout the software industry. Hear directly from a customer’s unique perspective on how Beeline(the world leader in contingent workforce solutions) aligned Development, Operations and Security practitioners to set up a fully automated CI/CD pipeline and incorporated application security early in the process.

    In this presentation key Beeline staff, including software development, solution architects and security specialists will discuss the process for defining the parameters for successfully incorporating security in the automated pipeline as part of the overall SDLC (Software Development Life Cycle).

    Key principles to improve software delivery will be addressed as well as the full range of issues and obstacles that confronted them and solutions to overcome them. In this presentation you will learn the following:

    -Provide you with a framework and an overall blueprint to start securing your automated pipeline
    - How to start the conversation with the development and security teams for a continuous delivery culture
    - Understand why traditional manual Application Security approaches impedes rapid DevOps software releases
    - How automated Application Security supports the vision of DevOps and the continuous delivery culture
    - Understand how to make sure you are not missing critical pieces for audit oversight
    - Know how to support containers in a modern enterprise


    Julie Chickillo - VP Information Security Risk & Compliance Officer, Beeline
    Brandon Grady - SVP Engineering & Architecture, Beeline
    Ben Finke - Information Security Engineer, Beeline
  • Targeted Defense: The Future of Defending Applications in Production Recorded: Jul 25 2018 70 mins
    Mahesh Babu, General manager, Runtime Protection, at Contrast Security
    Raise your hand if this is you:

    - Our development teams have a massive security backlog and can’t fix everything in code
    - We need to protect legacy applications with no build pipeline or no dev team support them
    - Struts 2 made us realize we need better production controls and faster zero-day response
    - Our SOC has alert fatigue and has no visibility or context regarding production applications
    - RASP is interesting technology – we are curious to see how we would use it

    At Contrast Security, we have been hearing this from our customers and have been hard at work to solve these problems. We are proud to announce the release of the Contrast Targeted Defense Platform, the next generation of runtime protection.

    Join Mahesh Babu (General Manager, Runtime Protection) to learn more about Contrast’s new Targeted Defense Platform and its new capabilities that include, but are not limited to:

    - Intelligent, multi-technique detection
    - Advanced attack response that goes beyond monitoring and blocking
    - Language agnostic protection
    - Simple deployment
  • Application Security Testing for an Agile & DevOps World Recorded: Jun 7 2018 44 mins
    Omer Winker, Principal, Products at Contrast Security
    Security teams have a hard time keeping pace with software development in Agile / DevOps environments, and the result of rapidly rolling out software is increased risk. With the majority of cybersecurity attacks focused on applications, automatically detecting vulnerabilities and protecting your applications from attack is critical to your business.

    It’s easy to get tangled into the numerous approaches and technologies in application security testing, let alone selecting one that’s right for Agile and DevOps. As a result, it becomes challenging to even start developing an application security testing strategy for your business.

    In this presentation, you will learn:

    - SAST, DAST And IAST approaches used in Application Security Testing
    - Strengths and weaknesses of each approach
    - Best practices in securing your software code
    - How to start developing a winning application security testing strategy

    Remember, applications are the primary target for cyber criminals, so don’t let your most prized customer and corporate assets be exposed to potential attacks!
DevOps-Native AppSec Platform
Contrast Security is the leader in next-generation application security, embedding code vulnerability analysis and attack prevention directly into software through instrumentation. Contrast’s patented deep security instrumentation completely disrupts traditional application security approaches with integrated, comprehensive security observability that delivers highly accurate assessment and continuous protection of an entire application portfolio. This eliminates the need for disruptive scanning, expensive infrastructure workloads, and specialized security experts. The Contrast Application Security Platform accelerates development cycles, improving efficiencies and cost, and enabling rapid scale while protecting applications from known and unknown threats.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Managing Open-Source Security for Modern-Day DevOps
  • Live at: Oct 27 2020 5:00 pm
  • Presented by: Joe Coletta & Pauline Logan
  • From:
Your email has been sent.
or close