Name: Key Factors for DevSecOps Success
Start: 2018-12-05T12:00:00Z
End: 2018-12-05T12:44:19.000Z
Location: BrightTALK
Rating: 4.78

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

The need for effective AppSec these days is about as debatable for most software teams as the need for oxygen. What many fail to prioritize, though, is putting in place a strategic, well-organized process to manage their overall AppSec activities. This can lead to situations where the success criteria, roles and responsibilities, and AppSec testing processes are unclear, and the testing tools are not properly integrated.

The result is often that AppSec activities are fragmented, various stakeholders are frustrated, and the expected return on investment never materializes. This webinar will cover this crucial need and introduces the Checkmarx solution: AppSec Program Methodology and Assessment Framework (APMA). It’s an innovative program that:

-    Incorporates your clear goals and objectives
-    Clarifies your team’s roles and responsibilities
-    Offers low entry barriers
-    Works with Modern Application Development approaches
-    Addresses different stakeholder positions, such as developers, CISOs, and AppSec management

We hope you’ll join Dr. Carsten Huth, our global director of AppSec, and EMEA Lead AppSec Advisor Shelly Paramel for a detailed case study and discussion of the issue and a look at our APMA solution.

Fixing a Crucial Shortfall in Your AppSec Program

Unlike monolithic applications of the past, where coding was all in the same language, an average cloud-native application can have anything from 50-5,000 different components. The problem is, any one of those could be rife with vulnerabilities that present an expanding attack surface. Although organizations use an abundance of AST tools to test their code, they all lack results correlation, and that missing piece distorts their view of their overall security risks.

Checkmarx recognizes the inefficiency of trying to manually correlate results from the many siloed testing solutions, and the deficiency of alternate solutions that merely aggregate results. It led us to develop Checkmarx Fusion to provide advanced correlation in modern application development environments.

In this webinar, join Stephen Gates, senior solution specialist, and Miki Sharon, senior product manager, Checkmarx, for a deep dive on Checkmarx Fusion and Checkmarx One AST Platform.

    Learn which AppSec testing approaches don’t fit well in modern development environments
    See the new functionality Checkmarx Fusion brings to the software development industry
    Understand the main use cases of Checkmarx Fusion and Checkmarx One and what’s included
    View live demonstrations of both solutions in action, performed by our subject matter experts
    After this webinar, you’ll fully understand why your AppSec testing approach is flawed.

Without Correlation, Your AppSec Testing Approach Needs an Update

Application security is one of the most important components of an overall security program, yet some organizations struggle to identify and address their application security risks partly because they are not using the right tools to get the job done. The good news is it does not have to be that way. In this conversation, you will learn why traditional tools do not cut it when it comes to application security and why modern applications need modern application security.

You will walk away with expert insights on:
* Traditional applications vs. modern applications
* The evolution of application security
* The emergence of the last stage of this evolution - software supply chain security
* The challenges of security scanners with modern software
* The future of security scanners

Modern Applications Require Modern Application Security

Developers and AppSec teams have really simple marching orders—make all their software as secure as possible for the lowest viable cost. And do it fast. This leads teams to piece together divergent Application Security Testing (AST) solutions that typically just produce delays or, even worse, vulnerable software.

Organizations know they need to keep innovating, but traditional AST approaches can’t keep pace with modern application development and cloud-native approaches. So what’s the answer? We’ll discuss:

    The new risks that emerge in cloud-native applications
    What solutions are required to scan the various types of code in modern applications
    What developers and AppSec teams want from their AST solutions
    Why a platform-based approach is essential to securing modern codebases

We’ll end the webinar with a short demonstration of the Checkmarx AST Platform so you can see our comprehensive solution in action.

Is Your Application Security Testing Slowing You Down?

Organizations are under constant pressure to deliver applications and features that challenge their competition and deliver value to their audience. Those goals are often unreachable without open source code. Attackers understand this fact and are increasingly stashing malicious code in open source packages. It falls on software developers and security pros, then, to be aware of the risks and how to mitigate them more effectively.

Join a panel of Checkmarx supply chain security experts in a live discussion of the latest attack trends. They’ll include a few innovative approaches to help you ensure you’re managing supply chain risks.

In this webinar and extended Q&A session, you’ll learn about:

    The open source supply chain framework and inherent risks
    Where and how attackers take advantage of weaknesses in the supply chain
    Measures you should take to manage your risk
    Solutions and approaches that work

Securing the Open Source Supply Chain: Ask the Experts

The Modern Application Development approach is fast taking over DevOps. This method accelerates the rate of application development by leveraging open-source code and other third-party frameworks, freeing application teams from having to build software infrastructure. Instead, teams now focus on delivering valuable experiences which are unique to your business. However, this extends software supply chain which exposes your organization too difficult to track risks. Especially as more third-party code is used as building blocks for applications.

Join us on as we discuss:
    Understanding the benefits and risks of Modern Application Development
    Analyzing software supply chain and identifying the vulnerabilities within it
    How to focus mitigation and remediation strategies

Supply Chain Security Understanding Exposures and Security Strategies

The recent Apache Log4j vulnerability crystalized security concerns for organizations adopting Modern Application Development (MAD) initiatives. A significant advantage of MAD is found in freeing developers from having to recreate established functionality by allowing them to leverage open source software. But with the accelerating use of open source in today’s codebases, organizations must be able to understand the impact on their risk profile. At the end of day, do you know what open source code is being used in your software stack?

Watch the on-demand webinar as we discuss:

    Understanding the benefits and risks that come with Modern Application Development
    Recognizing what to look for in a Software Composition Analysis (SCA) solution
    How to identify and analyze the open source in your software stack
    Focusing mitigation and remediation strategies to manage vulnerabilities and license risks

Software Composition Analysis: What to Look for in a Solution

In the pursuit of greater agility and communication with customers and prospects, companies are rapidly producing applications across a number of environments. However, the dynamic nature of cloud-native architectures and the increasing use of open source components, serveless, low code/no code, and containers has left security struggling to keep up. Traditional on-prem monitoring and prevention measures are unable to identify, manage and prevent growing multi-cloud application threats.

According to Verizon, hackers are targeting applications more today than ever before. Last year 17% of all cyberattacks were categorized as Application Security threats. These attacks represented 26% of all breaches, with web application attacks ranked as  #2 for both incident and breach sources.

In this episode of The (Security) Balancing Act, we’ll examine how to ensure your applications are developed and managed securely, and the next generation of solutions.

Join us as we evaluate:
- Why automation and security testing tools are key components in the implementation of a secure AppSec cycle
- How to align AppSec with your other security solutions, to maximize value and efficiency
- Where and how the ShiftLeft/DevSecOps mindsets fit i
- A discussion around SAST and DAST (Static and Dynamic Analysis), and their role in a comprehensive Application Security
- The role of SBOMs (software bill of materials) and how a robust SCA (software composition analysis) program can help
- The considerations you must take when using third-party applications and evaluating if they meet app sec requirements
- The future of application security and the threats you need to guard against

Application Security for the Modern Enterprise

Between the rate of change in cloud technologies and the digital transformation of legacy products, there are growing gaps in both knowledge and security.

New languages, architectures, and deployment models have outpaced development teams’ ability to become experts ahead of time. Vendors and development consumers are learning as they go. Alarmingly, the gap is even larger when it comes to security. It makes you wonder: what can you do to shore things up?

Start with our new webinar. We’ve teamed up with AWS to examine the issue from three angles: cloud vendor, security vendor, and development consumer. We'll highlight both common and specific challenges and strategies to fill the continuous knowledge gap. We'll also show you how to pivot to improve as the industry matures so you can foster a more robust continuous learning culture.

Join us as we examine:

- What caused the gap
- How cloud technologies have matured over time
- What the AWS Shared Responsibility Model is
- How to keep up as everything evolves

Mind the Gap: at the Intersection of Cloud and Security

Today’s software-driven organizations know they need to keep innovating, but traditional software development models and release frequencies simply can’t keep up with ever-increasing demand. Clearly, modern application development processes and innovative cloud-native approaches are critical for organizations to stay viable.

Not surprisingly, leadership support for MAD initiatives is building, and quickly. However, MAD comes with cultural changes and some inherent application security challenges that need to be addressed proactively.

In this recorded webinar, we covered what you’ll need to know about MAD, including:

    Expected benefits and outcomes
    Likely hurdles and bumps you’ll run into
    MAD’s expanding risk landscape
    Solutions and approaches you’ll need to properly secure MAD

Securing Modern Application Development

Today’s organizations need to rapidly build and deploy custom applications to address their digital transformation. Many discover that their AppSec programs just can’t keep up, however, resulting in costly post-development bug and vulnerability triage as well as delaying application deployment. To meet time-to-market demands, they need a company-wide AppSec program that directly influences developers and security teams during the software development process. 

During this talk, we’ll explain why an effective AppSec program must incorporate the six fundamental aspects of secure software development: 

     Enforcing AppSec policies
     Integrating and automating security 
     Identifying vulnerabilities/risks 
     Correlating scan results 
     Remediating vulnerabilities 
     Managing and monitoring KPIs

How to Effectively Mature Your AppSec Program

A critical zero-day vulnerability was disclosed on December 9, 2021. It affects a wildly popular open source Java library called Log4j. The library is nearly ubiquitous in modern application infrastructures and applications and the vulnerability uncovered is a critical one.   

It allows an attacker to easily trigger a Remote Code Execution (RCE) on a vulnerable system, giving an attacker the ability to run malware and gain complete control of the system.  

Within hours of the release of the vulnerability, attacks began in earnest and have shown no signs of slowing down. Organizations need to understand if and where they are vulnerable, how to address this and other potential vulnerabilities which may be lurking in application stacks.  

This new webinar with our R&D team will help you understand: 

     What the Log4j vulnerability is and why it’s so important 
     How to understand if your organization is vulnerable 
     Steps you can take to avoid being surprised by vulnerabilities in your application stack

Log4j Vulnerability: What You Need to Know

Between the rate of change in cloud technologies and the digital transformation of legacy products, there are growing gaps in both knowledge and security.  New languages, architectures, and deployment models have outpaced development teams’ ability to become experts ahead of time. Vendors and development consumers are learning as they go. Alarmingly, the gap is even larger when it comes to security. It makes you wonder: what can you do to shore things up?  Start with our new webinar. We’ve teamed up with AWS to examine the issue from three angles: cloud vendor, security vendor, and development consumer. We'll highlight both common and specific challenges and strategies to fill the continuous knowledge gap. We'll also show you how to pivot to improve as the industry matures so you can foster a more robust continuous learning culture.  Join us as we examine:  - What caused the gap - How cloud technologies have matured over time - What the AWS Shared Responsibility Model is - How to keep up as everything evolves

Join us for an in-depth dialogue about the benefits of a modern application development environment. Our head of Global Services for North America moderates a lively customer-based discussion about the key learnings, best practices, and critical requirements to transform your AppSec and Development teams' ability to effectively execute their work with this modern mindset. Learn how critical tools and concepts such as AppSec maturity, managed services, and education play key roles in managing risk and driving positive business impact.

Building an Exceptional AppSec Program and Team

Did you know only 3 out of 10 devs feel completely confident their code is secure? Think about that. Most of your developers think their work could be a security risk. Reasons for this range from a lack of secure coding education to development moving faster than they can keep up. As software creation grows across every industry, so do vulnerabilities. The need to balance development velocity and security has never been greater. 

Good news: your organization can prevent coding errors leading to vulnerabilities if you invest in critical awareness and security training for your teams. In this webinar, we’ll explain how modern secure coding education can bridge the gap between your secure software initiatives and actually releasing secure code. 

During the session, we’ll discuss: 
- Industry challenges around successful AppSec training 
- Why traditional AppSec training often fails  
- Understanding the developer’s perspective 
- ROI for an effective AppSec training program

Reduce Security Risks with Better Developer Education

The security of your software all starts with the code. Ensuring that the code written for an application does what it was built to do and that it’s keeping the contained data secure is essential. So, how can we, as an industry, do a better job of writing more secure code? 

Here’s where security education and empowering DevOps teams come in. How can we better educate developers on application security and teach them to develop more secure code? 

Join this episode of the "On The Road to DevSecOps" series to learn why security matters for developers, how to give your developers secure coding training, and foster a culture of collaboration. Viewers will also learn about:
- When it comes to software development, who owns security?
- How to teach your developers to write more secure code
- The role of the security champions vs. integrated JIT training for secure coding education
- What are the most common – and easily correctable -- vulnerabilities and why?
- How do you create an effective AppSec Awareness Program?

Speakers:
- Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx (Host)
- Kurt Risley, Global Sales/SME–Codebashing, Checkmarx
- Jack Mannino, CEO, nVisium
- Jane Wang, Principal Security Architect, Charles River Development

Security Education for Developers

Just like in the private sector, the pace of the Public Sector Digital Transformation has massively accelerated in the past year, forcing many governmental organizations into an “adapt or fail” situation.

Software is at the center of it all, placing increased pressure on developers, security managers, and DevOps leaders to develop applications faster. However, this need for speed comes at a price, and security can be seen as a blocker and not an enabler.

Join Checkmarx Pre Sales Engineer, Andrew Thompson as he presents:

- Why now is the right time to prioritize software security 
- Where does security clash with DevOps Key requirements  
- Best practices and tips for using security tools through development, deployment, and testing. 

Public Sector Digital Transformation and Secure Software

It’s time to make it easier for developers to own the security of their code. 

Instead of finding and fixing vulnerabilities towards the end of the software development cycle, we need to make security seamless for developers from the start. This includes automating security scanning at the source code repository and integrating the security results seamlessly back into the source code repository.  This will give developers immediate feedback without having to leave their environment.  The “shift center” approach to DevOps works with security in mind at every stage and is fundamentally changing the way applications are developed. 

Join this episode of the "On The Road to DevSecOps" series to learn why a developer-friendly approach to AppSec is needed and how to make it easier to write secure code.  Our experts will discuss:

- Why Shift Left should really be Shift Center
- New approaches that seamlessly automate security testing into the development ecosystem
- How to create a closed-loop from repo to ticketing strategy to reduce manual updates
- Strategies for just in time developer security education to drive continuous improvement

Speakers:
- Stephen Gates, Security Evangelist and Senior Solutions Specialist, Checkmarx (Host)
- James Brotsos, Product Manager – Developer Experience, Checkmarx
- Tim Bach, Vice President of Engineering, AppOmni
- Cindy Blake, Sr Product Marketing Manager and Security Evangelist, GitLab

How to Bake Security Into the Developer Workflow

Why AppSec is Dead & Future Innovations for 2019

Creating a Winning Security Strategy for 2019

BrightTALK @ Black Hat 2018 (Europe)

Enterprises are moving beyond the traditional development model to incorporate software security from the beginning, instead of as the final step before the code is compiled or the product is released. DevSecOps (sometimes referred to as SecDevOps) aims to integrate security testing into DevOps to produce secure applications without impacting time-to-market.

Join this interactive panel of industry experts as they discuss the key factors for DevSecOps success. 

Viewers will also learn more about:

- Key principles for building software security into DevOps
- How to leverage automation when integrating software security testing into DevOps
- Speed vs Security: Where do you draw the line?
- Questions to ask when designing a solution for securing DevOps
- Measuring your program success
- Recommendations for improving software security in 2019

Panelists:
Matthew Rose, Global Director Application Security Strategy, Checkmarx
Amar Singh, Founder & CEO, Cyber Management Alliance
Keith Batterham, DevSecOps Evangelist

Panel Moderator: 
Raef Meeuwisse, ISACA Expert Speaker & author Cybersecurity for Beginners

Key Factors for DevSecOps Success

DevOps

devsecops

software security

secure applications

Automation

software integration

Testing

IT Security

Application Development

Application Security

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Key Factors for DevSecOps Success

Presented by

About this talk

More from this channel