Name: The Rise of DevSecOps
Start: 2020-02-27T18:30:00Z
End: 2020-02-27T19:11:57.000Z
Location: BrightTALK
Rating: 5

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

In 2022, we’ve seen all sorts of shifts in the cybersecurity world. Nation state attacks, phishing and the growth of AI are only three out of the myriad of trends. In many ways, it’s been an unpredictable year, and security leaders have had to think on their feet to keep up with the wave of change. 

As the year comes to an end, it’s beneficial to evaluate the key trends we’ve experienced in the past 12 months, to truly consider and begin to understand what’s in store for us in the year ahead, and to plan for the unexpected. 

Join us in the final panel of 2022 as we discuss: 
-  Top security predictions for 2023
-  Balancing security and privacy
-  The evolution of the C-Suite 
-  And much more

Top Cybersecurity Predictions for 2023

Developers face a constant cycle: Deliver new features, implement bug fixes, refactor existing code, repeat. It’s tough for them to find time for chores like scanning for security vulnerabilities.

What’s more, carving out that time is a waste unless those risks are mitigated. But what if remediation could be done on your behalf, automatically? Before your alarm bells go off about having your code manipulated without your oversight, you should check out this webinar. Our experts explore three approaches to remediating identified security vulnerabilities in source code:

    Automated
    Semi-automated
    Manual
    Analysis of the costs and benefits of each

What if Your Code Vulnerabilities Got Fixed Automatically?

Open source software is part of your application ecosystem – but your team needs the most advanced tools to make sure any code you use is secure. That presents a major challenge, though: If your security solutions slow you down significantly or are difficult to use, they’re unworkable in today’s development environments.

How do you find a solution that seamlessly includes threat intelligence so developers can leverage open source software with confidence? Checkmarx and JetBrains are teaming up on a webinar that will bring clarity to the issue if you are:

    Part of a development team looking for ways to incorporate OSS with security confidence
    Tasked with integrating security into your software development life cycle
    Looking for the best value-to-effort place to start with application security testing

Explore Supply Chain Security That’s Built Into Your SDLC

Some recent high-profile vulnerabilities, such as Log4Shell, left many AppSec teams wondering, “Do I have vulnerable open source code in any of my apps?” Many were unsure, which illustrated perfectly the need for a Software Bill of Materials (SBOM), increasingly a must-have for those who build and use modern applications.

Developers source most of the code in their applications from the open source community and other vendors to form the basic plumbing of an application, allowing them to focus on their custom code. But with so much open source code, which in turn often includes other open source code, it’s nearly impossible to manually track what’s in an application. Without the transparent view that an SBOM delivers, organizations struggle to identify and address vulnerabilities like Log4Shell.

In this webinar, you’ll learn:

    What’s driving the need for SBOMs, including compliance mandates
    What an SBOM contains and how it’s generated
    How an SBOM increases visibility into application composition
    The value of an SBOM in real-world scenarios

Software Bill of Materials: Learn About This Vital Supply Chain Security Tool

Your developers are using APIs everywhere. But are your APIs secure? Statistics demonstrate that 95% of companies have experienced attacks targeting their usage of APIs in their modern applications, and this is most likely a concern for you. And yes, it’s likely keeping you up at night. 

When using other people’s code–via APIs–how do you make sure you’re not using, directly or indirectly, vulnerable APIs? There are good security approaches and best practices that start at the API code level. But the bigger question is, “do your developers know what those practices are?” Security and threat intelligence must play a role within each part of the API lifecycle to stay ahead of the curve. 

In this talk, you’ll hear from Steve Boone, Head of Product Management at Checkmarx, where he will dive deep into the following topics: 

    · How to shift security testing as far left as possible to create secure APIs on every pull request 
    · How to focus your developers’ efforts and attention on where the vulnerable API lives 
    · New ways to prioritize vulnerability remediation based on APIs handling of sensitive data 
    · Where best to correlate API security with SAST results to enhance vulnerability context

From Reactive to Proactive, Changing the Culture on API Security

Application security is one of the most important components of an overall security program, yet some organizations struggle to identify and address their application security risks partly because they are not using the right tools to get the job done. The good news is it does not have to be that way. In this conversation, you will learn why traditional tools do not cut it when it comes to application security and why modern applications need modern application security.

You will walk away with expert insights on:
* Traditional applications vs. modern applications
* The evolution of application security
* The emergence of the last stage of this evolution - software supply chain security
* The challenges of security scanners with modern software
* The future of security scanners

Modern Applications Require Modern Application Security

If shadow and zombie APIs are climbing your AppSec priority list, you’re not alone. Software development teams are increasingly using APIs for web applications and other needs, and that’s motivating attackers to find ways to exploit them.

In fact, security experts are predicting that APIs will continue to experience a growing number attacks. It’s a gap in application security testing that has become a growing problem for many teams.

This webinar will introduce our solution. Checkmarx has found a way to shift API security way left, giving AppSec teams complete API visibility and helping them fix problems earlier in the SDLC – faster and at a lower cost. Our experts will cover:

-   An explanation of shadow and zombie APIs
-   How Checkmarx identifies and fixes vulnerable APIs earlier in the SDLC
-   Remediation that prioritizes the vulnerabilities that represent real risks

Understanding Growing AppSec Concerns Around API Security

Unlike monolithic applications of the past, where coding was all in the same language, an average cloud-native application can have anything from 50-5,000 different components. The problem is, any one of those could be rife with vulnerabilities that present an expanding attack surface. Although organizations use an abundance of AST tools to test their code, they all lack results correlation, and that missing piece distorts their view of their overall security risks.

Checkmarx recognizes the inefficiency of trying to manually correlate results from the many siloed testing solutions, and the deficiency of alternate solutions that merely aggregate results. It led us to develop Checkmarx Fusion to provide advanced correlation in modern application development environments.

In this webinar, join Stephen Gates, senior solution specialist, and Miki Sharon, senior product manager, Checkmarx, for a deep dive on Checkmarx Fusion and Checkmarx One AST Platform.

    Learn which AppSec testing approaches don’t fit well in modern development environments
    See the new functionality Checkmarx Fusion brings to the software development industry
    Understand the main use cases of Checkmarx Fusion and Checkmarx One and what’s included
    View live demonstrations of both solutions in action, performed by our subject matter experts
    After this webinar, you’ll fully understand why your AppSec testing approach is flawed.

Without Correlation, Your AppSec Testing Approach Needs an Update

The need for effective AppSec these days is about as debatable for most software teams as the need for oxygen. What many fail to prioritize, though, is putting in place a strategic, well-organized process to manage their overall AppSec activities. This can lead to situations where the success criteria, roles and responsibilities, and AppSec testing processes are unclear, and the testing tools are not properly integrated.

The result is often that AppSec activities are fragmented, various stakeholders are frustrated, and the expected return on investment never materializes. This webinar will cover this crucial need and introduces the Checkmarx solution: AppSec Program Methodology and Assessment Framework (APMA). It’s an innovative program that:

-    Incorporates your clear goals and objectives
-    Clarifies your team’s roles and responsibilities
-    Offers low entry barriers
-    Works with Modern Application Development approaches
-    Addresses different stakeholder positions, such as developers, CISOs, and AppSec management

We hope you’ll join Dr. Carsten Huth, our global director of AppSec, and EMEA Lead AppSec Advisor Shelly Paramel for a detailed case study and discussion of the issue and a look at our APMA solution.

Fixing a Crucial Shortfall in Your AppSec Program

Developers and AppSec teams have really simple marching orders—make all their software as secure as possible for the lowest viable cost. And do it fast. This leads teams to piece together divergent Application Security Testing (AST) solutions that typically just produce delays or, even worse, vulnerable software.

Organizations know they need to keep innovating, but traditional AST approaches can’t keep pace with modern application development and cloud-native approaches. So what’s the answer? We’ll discuss:

    The new risks that emerge in cloud-native applications
    What solutions are required to scan the various types of code in modern applications
    What developers and AppSec teams want from their AST solutions
    Why a platform-based approach is essential to securing modern codebases

We’ll end the webinar with a short demonstration of the Checkmarx AST Platform so you can see our comprehensive solution in action.

Is Your Application Security Testing Slowing You Down?

Organizations are under constant pressure to deliver applications and features that challenge their competition and deliver value to their audience. Those goals are often unreachable without open source code. Attackers understand this fact and are increasingly stashing malicious code in open source packages. It falls on software developers and security pros, then, to be aware of the risks and how to mitigate them more effectively.

Join a panel of Checkmarx supply chain security experts in a live discussion of the latest attack trends. They’ll include a few innovative approaches to help you ensure you’re managing supply chain risks.

In this webinar and extended Q&A session, you’ll learn about:

    The open source supply chain framework and inherent risks
    Where and how attackers take advantage of weaknesses in the supply chain
    Measures you should take to manage your risk
    Solutions and approaches that work

Securing the Open Source Supply Chain: Ask the Experts

The Modern Application Development approach is fast taking over DevOps. This method accelerates the rate of application development by leveraging open-source code and other third-party frameworks, freeing application teams from having to build software infrastructure. Instead, teams now focus on delivering valuable experiences which are unique to your business. However, this extends software supply chain which exposes your organization too difficult to track risks. Especially as more third-party code is used as building blocks for applications.

Join us on as we discuss:
    Understanding the benefits and risks of Modern Application Development
    Analyzing software supply chain and identifying the vulnerabilities within it
    How to focus mitigation and remediation strategies

Supply Chain Security Understanding Exposures and Security Strategies

The recent Apache Log4j vulnerability crystalized security concerns for organizations adopting Modern Application Development (MAD) initiatives. A significant advantage of MAD is found in freeing developers from having to recreate established functionality by allowing them to leverage open source software. But with the accelerating use of open source in today’s codebases, organizations must be able to understand the impact on their risk profile. At the end of day, do you know what open source code is being used in your software stack?

Watch the on-demand webinar as we discuss:

    Understanding the benefits and risks that come with Modern Application Development
    Recognizing what to look for in a Software Composition Analysis (SCA) solution
    How to identify and analyze the open source in your software stack
    Focusing mitigation and remediation strategies to manage vulnerabilities and license risks

Software Composition Analysis: What to Look for in a Solution

In the pursuit of greater agility and communication with customers and prospects, companies are rapidly producing applications across a number of environments. However, the dynamic nature of cloud-native architectures and the increasing use of open source components, serveless, low code/no code, and containers has left security struggling to keep up. Traditional on-prem monitoring and prevention measures are unable to identify, manage and prevent growing multi-cloud application threats.

According to Verizon, hackers are targeting applications more today than ever before. Last year 17% of all cyberattacks were categorized as Application Security threats. These attacks represented 26% of all breaches, with web application attacks ranked as  #2 for both incident and breach sources.

In this episode of The (Security) Balancing Act, we’ll examine how to ensure your applications are developed and managed securely, and the next generation of solutions.

Join us as we evaluate:
- Why automation and security testing tools are key components in the implementation of a secure AppSec cycle
- How to align AppSec with your other security solutions, to maximize value and efficiency
- Where and how the ShiftLeft/DevSecOps mindsets fit i
- A discussion around SAST and DAST (Static and Dynamic Analysis), and their role in a comprehensive Application Security
- The role of SBOMs (software bill of materials) and how a robust SCA (software composition analysis) program can help
- The considerations you must take when using third-party applications and evaluating if they meet app sec requirements
- The future of application security and the threats you need to guard against

Application Security for the Modern Enterprise

Between the rate of change in cloud technologies and the digital transformation of legacy products, there are growing gaps in both knowledge and security.

New languages, architectures, and deployment models have outpaced development teams’ ability to become experts ahead of time. Vendors and development consumers are learning as they go. Alarmingly, the gap is even larger when it comes to security. It makes you wonder: what can you do to shore things up?

Start with our new webinar. We’ve teamed up with AWS to examine the issue from three angles: cloud vendor, security vendor, and development consumer. We'll highlight both common and specific challenges and strategies to fill the continuous knowledge gap. We'll also show you how to pivot to improve as the industry matures so you can foster a more robust continuous learning culture.

Join us as we examine:

- What caused the gap
- How cloud technologies have matured over time
- What the AWS Shared Responsibility Model is
- How to keep up as everything evolves

Mind the Gap: at the Intersection of Cloud and Security

Today’s software-driven organizations know they need to keep innovating, but traditional software development models and release frequencies simply can’t keep up with ever-increasing demand. Clearly, modern application development processes and innovative cloud-native approaches are critical for organizations to stay viable.

Not surprisingly, leadership support for MAD initiatives is building, and quickly. However, MAD comes with cultural changes and some inherent application security challenges that need to be addressed proactively.

In this recorded webinar, we covered what you’ll need to know about MAD, including:

    Expected benefits and outcomes
    Likely hurdles and bumps you’ll run into
    MAD’s expanding risk landscape
    Solutions and approaches you’ll need to properly secure MAD

Securing Modern Application Development

As CISOs are """"moving left"""" and integrating DevSecOps technologies into the daily routine of developers, testing and securing their own code is becoming the new normal. Educating software developers into better practices is key, especially in the context of securing applications.
Join this panel of industry experts and leaders to learn more about:
- The evolution of DevOps and DevSecOps
- Why security testing should be a part of the DevOps process
- How DevOps and security teams can get along better
- Dynamic tools to monitor applications and scan for vulnerabilities
- The future of DevOps and security
This panel will be broadcast LIVE during RSA Conference in San Francisco.

Speakers: 
Michelle McLean, Vice President of Product Marketing, StackRox
Matthew Rose, Global Director Application Security Strategy, Checkmarx 
Brian Soldato, Director of Sales Engineering, ReversingLabs
Alex Peay, Senior Vice President of Product, SaltStack

The Rise of DevSecOps

DevOps

DevSecOps

secure software development

application security

AppDev

secure code

vulnerability scanning

Security Testing

data leak prevention

data exposure

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Rise of DevSecOps

Presented by

About this talk

More from this channel