A CISO's Perspective on Managing Application Security

HCL Software CISO Joe Rubino explains how his team manages application security in a global company, including:

- Keeping up with the pace of security change in a global organization.
- Instilling credibility with development, in a high-volume security environment.
- Maintaining security control in today’s “Work from Home” world.

By watching our webinar, you’ll learn how Continuous Security can empower your organization’s journey beyond Application Security Testing.

Specifically, you’ll learn why:
•Continuous security Is more than running application security scans and testing, as part of your pipeline and vulnerability reporting.
•Why your applications need to be more than functional – they also need to be trustworthy.
•Continuous Security’s potential impact on industry and governmental regulations such as GDPR, NYDFS and CCPA.

We encourage you to share this link with colleagues who may also be interested in this topic.

Fast, Accurate, Agile Security Testing with HCL AppScan V10. Empower your CISO, AppSec and Development Teams with Application Security Testing.

Join us on Tuesday 26th May for the APAC Launch of HCL AppScan V10, the premier version of the most comprehensive application security solution in the market.

Hear from Randeep Chhabra, Application Security Business Leader, Asia Pacific and Peter Lee, Application Security Technical Lead, Asia Pacific at HCL Software and learn how HCL AppScan V10 can be your single solution for application security testing and management activity. This live webinar event will showcase the latest AppScan V10 enhancements in the Fast, Accurate Scanning, Secure DevOps and Enterprise Management categories. Experience a demo and see how AppScan V10 integrates directly into your software development lifecycle tools and DevOps toolchains and processes.

AppScan V10

March 17th, 2020 marked a historic day for HCL AppScan, the premier and most reliable application security solution in the market.

Listen to our recorded playback session with a panel of application security experts, as they discuss the importance of Secure DevOps and the future of Application Security Testing. Our panel discussion is followed by a sneak preview of the latest AppScan features with HCL’s product management team.

Livestream playback details appear below:

Current State of Secure DevOps & Future of Application Security Testing (0:34 time-stamp)

Panelists:
Laura Guazzelli, Information Security Architect, Hitachi Vantara
Dragan Pleskonjic, Senior Director Application Security, IGT
Vandana Verma, Information Security Architect, IBM
Eitan Worcel, Head of AppScan Product Management, HCL

AppScan V10 New Features Overview & Demos with AppScan Product Management Team (36:43 time-stamp)
Questions & Answers Session with AppScan Product Management Team (1:01 time-stamp)

Panelists for both sessions:
Florin Coada, Product Manager, AppScan Source
Julie Reed, Product Manager, AppScan on Cloud
Billy Weber, Product Manager, AppScan Standard & Enterprise
Eitan Worcel, Head of AppScan Product Management

Interactive Application Security Testing, or IAST, is an emerging technology in the application security domain that is quickly gaining notoriety in many DevOps circles. IAST is an unobtrusive means run automated security tests during activities such as QA, human testing, or any activity that "interacts" with the application's functionality.

However there are many different approaches to instituting IAST into your AppSec program and, because the technology is new, many businesses need help in evaluating a solution that meets their security objectives.

In this session, Shahar Sperling and Gal Ben-Yair, Enterprise Architects with HCL AppScan, will take a deeper dive into the ins and outs of IAST to help you better understand what it is, how it can help expedite security testing, and how to assess the right solution for your business.

You'll come away with a better understanding of:

1) The different approaches to IAST such as passive and active testing

2) How to institute IAST into your SDLC to shift security testing to the left, as well as to the right

3) Things to consider when evaluating IAST such as how to benchmark apps, understanding the quality of sanitizers, and assessing ease of deployment

"Shift left" is an expression that is commonly used among application security practitioners.

Its meaning refers to initiating security checks earlier in the development lifecycle; and though there are many benefits, many organizations are still in the dark about how to execute this in practice.

In this webinar, HCL AppScan Product Manager Florin Coada will discuss the goals and benefits pf '"Shifting Left", as well as the methods to use to incorporate it into your software development lifecycle successfully.

This talk will explore:

- How integrating security within the IDE can streamline your application security testing program

-How to empower developers to make educated security decisions from their own environments

- How to systematically identify risks in an application

As the "shift-left" paradigm extends through development organizations, addressing application security presents new constraints on time, usability, and accuracy - especially with regards to static application security testing, or SAST. These hurdles demand that SAST solutions adapt to an ever-evolving digital landscape; yet development organizations are often held back by the tools they use. In this talk, John Peyton, Enterprise Software Architect for HCL AppScan, explores how the underlying techniques of SAST solutions can be adapted to meet the needs of modern DevOps environments.

After the discussion you'll come away with a better understanding on:

· How to adapt SAST for DevSecOps and how to consider any performance and accuracy tradeoffs
· The variety of SAST techniques and how they work
·The challenges of automatically deciphering source code

The HCL AppScan product demo series continues on with Part 2: Integrating AppScan on Cloud (ASoC) with AppScan Standard. Application Security Advisor, Neil Kreinbrink, will once again lead the discussion on how AppScan on Cloud correlates with AppScan Standard to enable a hybrid approach to securing your most critical web applications.

After this discussion you'll be able to...

• Leverage AppScan's hybrid deployment to accommodate dashboarding, user access controls, issue management, scan metrics and scan history.

• Use concurrent scanning across AppScan Standard and AppScan on Cloud to eliminate bottlenecks

• Expand your program beyond DAST to include SAST, mobile and open source with AppScan on Cloud.

• Centralize AppScan Standard results to one SaaS platform via AppScan on Cloud

HCL AppScan is kicking off our product demo series to showcase how our family of application security solutions satisfy various use cases affecting application security practitioners. The first episode of our series will be a tour of the AppScan on Cloud UI. Join Application Security Advsior, Neil Kreinbrink, as he takes you on a deep dive of the AppScan on Cloud (ASoC) UI to help familiarize yourself with ASoC's many features and capabilities.

Some key takeaways include:

- A better understanding of how to navigate AppScan on Cloud's interface to affectively onboard, test, and monitor applications.

- How to easily kick off static, dynamic, and open source security tests.

- How to affectively track results over time to ensure your team is meeting remediation benchmarks.

Dynamic application security testing (DAST) has been a mainstay in many application security programs across a variety of companies. DAST has proven to be a reliable means to test the security integrity of web applications but it has come leaps and bounds in terms of adapting to agile and DevOps development methodologies.

Join HCL's Head of Application Security Consulting, Michael Smith, and HCL Program Consultant, Shawn Varughese, as they discuss how dynamic testing can automated and optimized to fit into your DevOps pipeline.

By the end of the session, you'll be able to:

Cater your dynamic testing cadence to meet rapid development windows

Configure dynamic analysis to perform functional testing for QA

Incorporate DAST into your overall DevSecOps testing regimen

Artificial Intelligence has become a widely discussed topic in cyber security; yet many businesses are still in the dark about how it can be applied within their security programs - specifically with regards to application security.

During this webinar, HCL AppScan's Director of Product Management, David Marshak, and Lead Cognitive Researcher, Kristofer Duer, will walk you through how AppScan's AI-based capabilities -- Intelligent Finding Analytics (IFA) and Intelligent Code Analytics -- help organizations better conduct application security testing with both speed and accuracy by:

•Focusing on the most critical application vulnerabilities
•Reducing false positives by more than 98 percent
•Identifying the optimal place in the code to address multiple findings
•Analyzing new APIs to advance learnings and prevent future security defects