Name: Log4j Vulnerability: What You Need to Know
Start: 2022-01-12T18:30:00Z
End: 2022-01-12T18:30:33.000Z
Location: BrightTALK
Rating: 4.67

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

Developer experience matters. See how Checkmarx integrates with:
—Top code repositories to scan code as early as check-in
—The most popular IDEs your developers are using
—Common bug-tracking tools to put vulnerabilities in the language of developers

Build trust with developer experience

Hear directly from our experts about:
—Top enterprise-specific challenges that our AppSec platform is designed to help solve.
—New platform features designed to help you better prioritize and remediate vulnerabilities.
—Demonstrations of our tools that help you get the most out of platform consolidation.

Get the most out of consolidation

The use of open-source software has quickly exposed all parts of the software development process as part of the overall attack surface and has even led to the creation of new attack types.  Enterprises must put in place protection against next-generation SCS attacks, like AI package hallucinations, dependency confusion, typosquatting, and repo jacking.  
 
Hear our experts talk about the ever-changing SCS landscape and some of our industry-leading solutions. Jossef Harush, Head of Software Supply Chain Security, and Rachel Levi, SCS Senior Product Manager, will dive into: 

—How malicious actors are using open-source software to target the software supply chain 
—Our new tool and product features that add necessary context for enterprises 
—The impact of generating code with AI tools on the supply chain

Secure Your Software Supply Chain

Join our experts to hear about:
—Checkmarx’ AI-powered AppSec vision
—How AI is impacting development practices
—Bringing AI to DevSecOps
—How Checkmarx’ latest AI-driven tools accelerate AppSec

GenAI: The good, the bad and the unknown

Join our experts for a deep dive to:
—Explore what it means to be proactive vs. reactive with API security.
—Learn why popular runtime solutions can’t identify shadow APIs.
—See how to scan source code to discover every API.
—Prioritize remediation based on business context.

Shift everywhere to secure APIs

Introducing Checkmarx One 3.0.

To succeed you need to build that trust. As CISO, AppSec, and development leaders, you’re measured on how well you secure your applications, and your ability to prioritize your teams on what matters and impacts your business.

Settling for good enough is not enough. An enterprise AppSec platform is key to your business success: Introducing Checkmarx One 3.0.
Join our platform launch and experience first-hand why leaders like SAP, Salesforce, Siemens, Sanofi, and Toyota choose us as their enterprise AppSec partner.

Technology That Builds #DevSecTrust

To keep up with today's “need it now” consumers, organizations are developing applications at hyper-fast speeds —which involves the use of open-source libraries, APIs, and containers. But these modern development tactics are expanding the attack surface.
You need end-to-end application security that is fast, efficient, and developer friendly. That’s where Checkmarx One Application Security Platform and Brinqa's Attack Surface Intelligence Platform come into play. The platforms are the perfect pairing to strengthen your security posture and streamline vulnerability management.
In our upcoming webinar, hosted by Checkmarx CISO Peter Chestna, you will learn how this powerful integration can help you:
Detect vulnerabilities faster.
Prioritize vulnerabilities based on their criticality.
Improve developer experience by reducing alert fatigue and offering expert guidance.
Track your KPIs and develop a plan for vulnerability management.

Better Together: Checkmarx One and the Brinqa Platform

Unlike monolithic applications of the past, where coding was all in the same language, an average cloud-native application can have anything from 50-5,000 different components. The problem is, any one of those could be rife with vulnerabilities that present an expanding attack surface. Although organizations use an abundance of AST tools to test their code, they all lack results correlation, and that missing piece distorts their view of their overall security risks.

Checkmarx recognizes the inefficiency of trying to manually correlate results from the many siloed testing solutions, and the deficiency of alternate solutions that merely aggregate results. It led us to develop Checkmarx Fusion to provide advanced correlation in modern application development environments.

In this webinar, join Stephen Gates, senior solution specialist, and Miki Sharon, senior product manager, Checkmarx, for a deep dive on Checkmarx Fusion and Checkmarx One AST Platform.

    —Learn which AppSec testing approaches don’t fit well in modern development environments
    —See the new functionality Checkmarx Fusion brings to the software development industry
    —Understand the main use cases of Checkmarx Fusion and Checkmarx One and what’s included
    —View live demonstrations of both solutions in action, performed by our subject matter experts
    —After this webinar, you’ll fully understand why your AppSec testing approach is flawed.

Without Correlation, Your AppSec Testing Approach Needs an Update

If shadow and zombie APIs are climbing your AppSec priority list, you’re not alone. Software development teams are increasingly using APIs for web applications and other needs, and that’s motivating attackers to find ways to exploit them.

In fact, security experts are predicting that APIs will continue to experience a growing number attacks. It’s a gap in application security testing that has become a growing problem for many teams.

This webinar will introduce our solution. Checkmarx has found a way to shift API security way left, giving AppSec teams complete API visibility and helping them fix problems earlier in the SDLC – faster and at a lower cost. Our experts will cover:

-   An explanation of shadow and zombie APIs
-   How Checkmarx identifies and fixes vulnerable APIs earlier in the SDLC
-   Remediation that prioritizes the vulnerabilities that represent real risks

Understanding Growing AppSec Concerns Around API Security

Some recent high-profile vulnerabilities, such as Log4Shell, left many AppSec teams wondering, “Do I have vulnerable open source code in any of my apps?” Many were unsure, which illustrated perfectly the need for a Software Bill of Materials (SBOM), increasingly a must-have for those who build and use modern applications.

Developers source most of the code in their applications from the open source community and other vendors to form the basic plumbing of an application, allowing them to focus on their custom code. But with so much open source code, which in turn often includes other open source code, it’s nearly impossible to manually track what’s in an application. Without the transparent view that an SBOM delivers, organizations struggle to identify and address vulnerabilities like Log4Shell.

In this webinar, you’ll learn:

    —What’s driving the need for SBOMs, including compliance mandates
    —What an SBOM contains and how it’s generated
    —How an SBOM increases visibility into application composition
    —The value of an SBOM in real-world scenarios

Software Bill of Materials: Learn About This Vital Supply Chain Security Tool

The banking industry was recently hit with some alarming news: Two first-of-their-kind attacks hit the industry’s open-source software supply chain. The Checkmarx research team uncovered the attacks — and is offering its insight to help you adapt quickly and minimize your risk.

In this Webinar, Tzachi Zorenshtain, Head of Software Supply Chain at Checkmarx, talks about ways to prevent frontlines attacks. As a CISO or AppSec manager, you can expect detailed information regarding these types of attacks, including:

—Threat trends — Get a look into a six-month build-up of attacks. 
—A look behind enemy lines — Dive deep into adversary tactics, techniques, and procedures (TTPs).
—Strategizing your reaction — Arm yourself with a blueprint for an AppSec approach resilient against these calculated strikes.
—Don’t miss this opportunity to gain vital intel needed to protect against this new attack trend.

Shield your Bank from Supply Chain Attacks

Developers face a constant cycle: Deliver new features, implement bug fixes, refactor existing code, repeat. It’s tough for them to find time for chores like scanning for security vulnerabilities.

What’s more, carving out that time is a waste unless those risks are mitigated. But what if remediation could be done on your behalf, automatically? Before your alarm bells go off about having your code manipulated without your oversight, you should check out this webinar. 

Our experts explore three approaches to remediating identified security vulnerabilities in source code:

    —Automated
    —Semi-automated
    —Manual
    —Analysis of the costs and benefits of each

What if Your Code Vulnerabilities Got Fixed Automatically?

Open-source software is part of your application ecosystem – but your team needs the most advanced tools to ensure any code you use is secure. That presents a significant challenge, though: If your security solutions slow you down significantly or are difficult to use, they’re unworkable in today’s development environments.

How do you find a solution that seamlessly includes threat intelligence so developers can leverage open-source software with confidence? Checkmarx and JetBrains are teaming up on a webinar that will bring clarity to the issue if you are:

—Part of a development team looking for ways to incorporate OSS with security confidence
—Tasked with integrating security into your software development life cycle
—Looking for the best value-to-effort place to start with application security testing

Explore Supply Chain Security That’s Built Into Your SDLC

The Modern Application Development approach is fast taking over DevOps. This method accelerates the rate of application development by leveraging open-source code and other third-party frameworks, freeing application teams from having to build software infrastructure. Instead, teams now focus on delivering valuable experiences which are unique to your business. However, this extends the software supply chain that exposes your organization to too difficult-to-track risks. Especially as more third-party code is used as the building blocks for applications.

Join us as we discuss:
—Understanding the benefits and risks of Modern Application Development
—Analyzing software supply chain and identifying the vulnerabilities within it
—How to focus mitigation and remediation strategies

Supply Chain Security Understanding Exposures and Security Strategies

Generative AI is changing the way we develop software. From ChatGPT to Copilot to Bard, GenAI is already a part of every developer's life.
However, there is a dark side to using GenAI when it comes to security. In this webinar, we will review common risks of using GenAI solutions and what you can do about them. Our experts, Ori Bendet, VP of Product Management, Alex Roichman, VP of Research & Innovation, and Lior Kaplan, Open-Source Officer, will discuss:
• Your security exposure and risks based on your GenAI use
• New types of supply chain attacks
• Prompt injection attacks and how to minimize your risk

The Dark Side of GenAI: Security Aspects of Using Generative AI

Are you looking to future-proof your applications against evolving API security risks? Then you won’t want to miss our info-packed webinar, where industry experts will dive deep into the 2023 OWASP API Security Top 10. 

In this webinar, Erez Yalon, Checkmarx VP of Security Research, and guest speaker Sandy Carielli, Principal Analyst at Forrester, will discuss: 
·         What is new and what has changed in the 2023 OWASP API Security Top 10 
·         What trends in the technological landscape drove changes in the Top 10 risks 
·         Practical advice for designing and developing secure API-based applications

OWASP API Security Top 10 2023

A critical zero-day vulnerability was disclosed on December 9, 2021. It affects a wildly popular open source Java library called Log4j. The library is nearly ubiquitous in modern application infrastructures and applications and the vulnerability uncovered is a critical one.   

It allows an attacker to easily trigger a Remote Code Execution (RCE) on a vulnerable system, giving an attacker the ability to run malware and gain complete control of the system.  

Within hours of the release of the vulnerability, attacks began in earnest and have shown no signs of slowing down. Organizations need to understand if and where they are vulnerable, how to address this and other potential vulnerabilities which may be lurking in application stacks.  

This new webinar with our R&D team will help you understand: 

     What the Log4j vulnerability is and why it’s so important 
     How to understand if your organization is vulnerable 
     Steps you can take to avoid being surprised by vulnerabilities in your application stack

Log4j Vulnerability: What You Need to Know

Application Monitoring

Application Security

IT Security

Javascript

Log4j

Open Source

Secure Code Analysis

Security Breach

Strong Customer Authentication

Vulnerabilities

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Log4j Vulnerability: What You Need to Know

Presented by

About this talk

More from this channel