Hi [[ session.user.profile.firstName ]]

Understanding Applications and Adapting SAST for DevOps

As the "shift-left" paradigm extends through development organizations, addressing application security presents new constraints on time, usability, and accuracy - especially with regards to static application security testing, or SAST. These hurdles demand that SAST solutions adapt to an ever-evolving digital landscape; yet development organizations are often held back by the tools they use. In this talk, John Peyton, Enterprise Software Architect for HCL AppScan, explores how the underlying techniques of SAST solutions can be adapted to meet the needs of modern DevOps environments.

After the discussion you'll come away with a better understanding on:

· How to adapt SAST for DevSecOps and how to consider any performance and accuracy tradeoffs
· The variety of SAST techniques and how they work
·The challenges of automatically deciphering source code
Recorded Nov 19 2019 46 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Peyton, Enterprise Software Architect, HCL AppScan
Presentation preview: Understanding Applications and Adapting SAST for DevOps

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • A CISO's Perspective on Managing Application Security Recorded: Jul 14 2020 56 mins
    Joseph Rubino, Dave Munson
    HCL Software CISO Joe Rubino explains how his team manages application security in a global company, including:

    - Keeping up with the pace of security change in a global organization.
    - Instilling credibility with development, in a high-volume security environment.
    - Maintaining security control in today’s “Work from Home” world.
  • On-Demand Webinar: Go Beyond Application Testing to Continuous Security Recorded: Jun 2 2020 58 mins
    Colin Bell, Rob Cuddy & Kris Duer
    By watching our webinar, you’ll learn how Continuous Security can empower your organization’s journey beyond Application Security Testing.

    Specifically, you’ll learn why:
    •Continuous security Is more than running application security scans and testing, as part of your pipeline and vulnerability reporting.
    •Why your applications need to be more than functional – they also need to be trustworthy.
    •Continuous Security’s potential impact on industry and governmental regulations such as GDPR, NYDFS and CCPA.

    We encourage you to share this link with colleagues who may also be interested in this topic.
  • HCL AppScan V10 APAC Launch Recorded: May 26 2020 61 mins
    HCL Software AppScan Leaders; Randeep Chhabra and Peter Lee
    Fast, Accurate, Agile Security Testing with HCL AppScan V10. Empower your CISO, AppSec and Development Teams with Application Security Testing.

    Join us on Tuesday 26th May for the APAC Launch of HCL AppScan V10, the premier version of the most comprehensive application security solution in the market.

    Hear from Randeep Chhabra, Application Security Business Leader, Asia Pacific and Peter Lee, Application Security Technical Lead, Asia Pacific at HCL Software and learn how HCL AppScan V10 can be your single solution for application security testing and management activity. This live webinar event will showcase the latest AppScan V10 enhancements in the Fast, Accurate Scanning, Secure DevOps and Enterprise Management categories. Experience a demo and see how AppScan V10 integrates directly into your software development lifecycle tools and DevOps toolchains and processes.
  • Fast, Accurate, Agile Security Testing​ with AppScan V10 Recorded: Mar 17 2020 78 mins
    Laura Guazzelli | Vandana Verma | Dragan Pleskonjic | Eitan Worcel | Julie Reed | Florin Coada | Billy Weber
    March 17th, 2020 marked a historic day for HCL AppScan, the premier and most reliable application security solution in the market.

    Listen to our recorded playback session with a panel of application security experts, as they discuss the importance of Secure DevOps and the future of Application Security Testing. Our panel discussion is followed by a sneak preview of the latest AppScan features with HCL’s product management team.

    Livestream playback details appear below:

    Current State of Secure DevOps & Future of Application Security Testing (0:34 time-stamp)

    Panelists:
    Laura Guazzelli, Information Security Architect, Hitachi Vantara
    Dragan Pleskonjic, Senior Director Application Security, IGT
    Vandana Verma, Information Security Architect, IBM
    Eitan Worcel, Head of AppScan Product Management, HCL

    AppScan V10 New Features Overview & Demos with AppScan Product Management Team (36:43 time-stamp)
    Questions & Answers Session with AppScan Product Management Team (1:01 time-stamp)

    Panelists for both sessions:
    Florin Coada, Product Manager, AppScan Source
    Julie Reed, Product Manager, AppScan on Cloud
    Billy Weber, Product Manager, AppScan Standard & Enterprise
    Eitan Worcel, Head of AppScan Product Management
  • The Ins and Outs of Interactive Application Security Testing Recorded: Dec 17 2019 36 mins
    Shahar Sperling, Chief Architect, and Gal Ben-Yair, Enterprise Architect, HCL AppScan
    Interactive Application Security Testing, or IAST, is an emerging technology in the application security domain that is quickly gaining notoriety in many DevOps circles. IAST is an unobtrusive means run automated security tests during activities such as QA, human testing, or any activity that "interacts" with the application's functionality.

    However there are many different approaches to instituting IAST into your AppSec program and, because the technology is new, many businesses need help in evaluating a solution that meets their security objectives.

    In this session, Shahar Sperling and Gal Ben-Yair, Enterprise Architects with HCL AppScan, will take a deeper dive into the ins and outs of IAST to help you better understand what it is, how it can help expedite security testing, and how to assess the right solution for your business.

    You'll come away with a better understanding of:

    1) The different approaches to IAST such as passive and active testing

    2) How to institute IAST into your SDLC to shift security testing to the left, as well as to the right

    3) Things to consider when evaluating IAST such as how to benchmark apps, understanding the quality of sanitizers, and assessing ease of deployment
  • Shifting Left: A Practitioner's How To Guide Recorded: Dec 10 2019 31 mins
    Florin Coada, HCL AppScan Product Manager
    "Shift left" is an expression that is commonly used among application security practitioners.

    Its meaning refers to initiating security checks earlier in the development lifecycle; and though there are many benefits, many organizations are still in the dark about how to execute this in practice.

    In this webinar, HCL AppScan Product Manager Florin Coada will discuss the goals and benefits pf '"Shifting Left", as well as the methods to use to incorporate it into your software development lifecycle successfully.

    This talk will explore:

    - How integrating security within the IDE can streamline your application security testing program

    -How to empower developers to make educated security decisions from their own environments

    - How to systematically identify risks in an application
  • Understanding Applications and Adapting SAST for DevOps Recorded: Nov 19 2019 46 mins
    John Peyton, Enterprise Software Architect, HCL AppScan
    As the "shift-left" paradigm extends through development organizations, addressing application security presents new constraints on time, usability, and accuracy - especially with regards to static application security testing, or SAST. These hurdles demand that SAST solutions adapt to an ever-evolving digital landscape; yet development organizations are often held back by the tools they use. In this talk, John Peyton, Enterprise Software Architect for HCL AppScan, explores how the underlying techniques of SAST solutions can be adapted to meet the needs of modern DevOps environments.

    After the discussion you'll come away with a better understanding on:

    · How to adapt SAST for DevSecOps and how to consider any performance and accuracy tradeoffs
    · The variety of SAST techniques and how they work
    ·The challenges of automatically deciphering source code
  • HCL AppScan Demo Series (Part 2): Integrating ASoC with AppScan Standard Recorded: Nov 12 2019 37 mins
    Neil Kreinbrink, Application Security Technical Advisor, HCL AppScan
    The HCL AppScan product demo series continues on with Part 2: Integrating AppScan on Cloud (ASoC) with AppScan Standard. Application Security Advisor, Neil Kreinbrink, will once again lead the discussion on how AppScan on Cloud correlates with AppScan Standard to enable a hybrid approach to securing your most critical web applications.

    After this discussion you'll be able to...

    • Leverage AppScan's hybrid deployment to accommodate dashboarding, user access controls, issue management, scan metrics and scan history.

    • Use concurrent scanning across AppScan Standard and AppScan on Cloud to eliminate bottlenecks

    • Expand your program beyond DAST to include SAST, mobile and open source with AppScan on Cloud.

    • Centralize AppScan Standard results to one SaaS platform via AppScan on Cloud
  • HCL AppScan Demo Series (Part 1): A Tour of AppScan on Cloud Recorded: Oct 24 2019 52 mins
    Neil Kreinbrink, Application Security Technical Advisor, HCL AppScan
    HCL AppScan is kicking off our product demo series to showcase how our family of application security solutions satisfy various use cases affecting application security practitioners. The first episode of our series will be a tour of the AppScan on Cloud UI. Join Application Security Advsior, Neil Kreinbrink, as he takes you on a deep dive of the AppScan on Cloud (ASoC) UI to help familiarize yourself with ASoC's many features and capabilities.

    Some key takeaways include:

    - A better understanding of how to navigate AppScan on Cloud's interface to affectively onboard, test, and monitor applications.

    - How to easily kick off static, dynamic, and open source security tests.

    - How to affectively track results over time to ensure your team is meeting remediation benchmarks.
  • How to Optimize DAST for Your DevOps Program Recorded: Oct 10 2019 47 mins
    Michael Smith, Head of Application Security Consulting, HCL AppScan, and Shawn Varughese, Program Consultant, HCL AppScan
    Dynamic application security testing (DAST) has been a mainstay in many application security programs across a variety of companies. DAST has proven to be a reliable means to test the security integrity of web applications but it has come leaps and bounds in terms of adapting to agile and DevOps development methodologies.

    Join HCL's Head of Application Security Consulting, Michael Smith, and HCL Program Consultant, Shawn Varughese, as they discuss how dynamic testing can automated and optimized to fit into your DevOps pipeline.

    By the end of the session, you'll be able to:

    Cater your dynamic testing cadence to meet rapid development windows

    Configure dynamic analysis to perform functional testing for QA

    Incorporate DAST into your overall DevSecOps testing regimen
  • What Can A.I. Do For Your DevSecOps Program? Recorded: Oct 1 2019 27 mins
    David Marshak, Director of Product Management, HCL AppScan and Kristofer Duer, Lead Cognitive Researcher, HCL AppScan
    Artificial Intelligence has become a widely discussed topic in cyber security; yet many businesses are still in the dark about how it can be applied within their security programs - specifically with regards to application security.

    During this webinar, HCL AppScan's Director of Product Management, David Marshak, and Lead Cognitive Researcher, Kristofer Duer, will walk you through how AppScan's AI-based capabilities -- Intelligent Finding Analytics (IFA) and Intelligent Code Analytics -- help organizations better conduct application security testing with both speed and accuracy by:

    •Focusing on the most critical application vulnerabilities
    •Reducing false positives by more than 98 percent
    •Identifying the optimal place in the code to address multiple findings
    •Analyzing new APIs to advance learnings and prevent future security defects
Fast, Accurate, Agile Security Testing​ with AppScan V10
Learn how AppScan enables security testing across the entire software development lifecycle (SDLC) from the experts that pioneered application security testing (AST)

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Understanding Applications and Adapting SAST for DevOps
  • Live at: Nov 19 2019 4:00 pm
  • Presented by: John Peyton, Enterprise Software Architect, HCL AppScan
  • From:
Your email has been sent.
or close