Name: Forrester Webinar: Protect Applications With OWASP API Security Top 10 and SAST
Start: 2021-04-22T16:00:00Z
End: 2021-04-22T16:00:59.000Z
Location: BrightTALK
Rating: 4.4

The innovation you need. The experience you trust. From development to QA, Parasoft’s comprehensive suite of software testing solutions reduces the time, effort, and cost of delivering secure, reliable, and compliant software. Leverage our AI-infused suite of automated testing tools to drive continuous quality practices throughout your development pipeline.

The long-awaited MISRA guidelines for the use of C++17 in critical systems has been published as MISRA C++ 2023! Finally, a formal coding guideline specification to address current C++ coding features like nested namespaces, direct list initialization of enums, the if constexpr statement, and more.  

MISRA C++ 2023 offers guidance and avoidance of all instances of undefined and unspecified behavior with the intended goal of delivering safe, secure, and highly reliable C++ software applications. 

Michal Rozenau, as a contributing member to the development of MISRA C++ 2023, will be presenting on what MISRA C++ 2023 is, how it relates to legacy MISRA C++ 2008 and AUTOSAR C++14, and a quick introduction to the guidelines. We’ll demonstrate how Parasoft C/C++test provides complete coverage for MISRA C++ 2023 and seamlessly integrates into modern development workflows. 

Watch a live demo of how to apply MISRA C++ 2023 in a DevOps CI/CD development workflow. Learn how to:  
• Create source code in the feature branch. 
• Run a quick, pre-commit static analysis session. 
• Trigger the pipeline with a pull request in GitHub. 
• Watch MISRA C++ 2023 perform as a quality gate. 
• Remediate identified violations. 
• Satisfy quality gate requirements and compliance.

MISRA C++ 2023: Everything You Need to Know

Generative AI tools like CoPilot and ChatGPT offer a 30-50% increase in software development productivity, but also come with potential risks of inaccuracies, “hallucinations,” and data privacy concerns. Governance of AI is in its infancy, so usage of this technology must tread carefully to ensure appropriate and consistent outcomes. 

In this webinar, Parasoft’s Chief Product Officer, Igor Kirilenko, and Nathan Jakubiak, Sr. Director of Development, will discuss what’s going on in AI today, what they’re excited about, and practical applications of AI in the scope of software testing.  

Join us to hear about: 
• The pros and cons of usage AI at its current stage 
• Mitigation of risks by incorporating generative AI in software testing solutions 
• Current and future use cases for applying AI to testing

Pros & Cons of Generative AI in Software Testing

When AI is employed in code-level testing, including static analysis processes and unit testing, it provides developers with a multitude of advantages to enhance and expedite their quality assurance and testing efforts. From the viewpoint of management, these enhancements result in heightened efficiency in the development of new code and assist projects in adhering to their schedules and budget constraints for software deliveries.

Join us on November 30 to learn about how solutions that leverage AI optimize and accelerate Java code testing practices and triage and remediate static analysis findings.

Learn how AI and ML technologies:
• Optimize static analysis triage workflows to accelerate violation remediation.
• Enhance unit testing practices from test creation to test customization, maintenance, and execution.
• Increase developer productivity to better deliver projects on time and on budget.

Transforming Java Code Testing: Accelerating Success With AI

General Motors (GM) pushes the limits of transportation. This leader in the automotive industry has engineers distributed all over the world and product lines that consist of thousands of small components and complex ECUs. Their challenge was consistently delivering high-quality software that would improve code quality and compliance with coding standards. 

Hear from James Nicholson, product owner and software architect at GM, on how adopting static analysis for their legacy code based enhanced the quality and security of their C programming language codebase. GM tailored this approach by merging the MISRA and CERT coding standards along with GM Standards to create a customized static analysis configuration that aligns with their development requirements.  This configuration has been seamlessly integrated into their CI/CD pipeline, enabling the automatic assessment of code quality at every stage of development.  

Learn how to:  
• Facilitate a smooth adoption of static analysis.  
• Enable real-time code quality in your CI/CD pipeline.  
• Balance strict coding standards and workflow efficiency.  
• Shift left safety and security testing.

General Motor’s Journey to Adopting Static Analysis With a Legacy Codebase

Code coverage is a unifying force between development and QA testers; however, it can be challenging to measure with microservices architectures. The insights from code coverage visibility improve test strategies, increasing collaboration and mitigating the risk of untested code in production. 

End-to-end testing is essential for verifying software functionality and compatibility, but it can also sometimes lead to compromises in regression test coverage as new builds are quickly promoted from development. To address this, understanding code coverage in each microservice can optimize regression testing in a DevOps pipeline, ensuring thorough testing while maintaining efficiency.

Join us to learn how microservices code coverage can empower development and testing teams to:
•  Identify previously unknown gaps in testing coverage.
•  Mitigate risks of untested microservices code.
•  Efficiently run regression tests continuously.

Close the Code Coverage Gap for Distributed Microservices

Achieving Secure & Compliant Software With Continuous Static Analysis: GitHub & Parasoft C/C++test Integration 

Software development organizations can streamline the product development process by incorporating continuous testing of static analysis through Parasoft’s C/C++test integration with GitHub. Deployed within a CI/CD pipeline, these tools allow continuous and rapid delivery of reliable, safe, and secure products by verifying code quality and ensuring compliance with industry coding standards, such as MISRA, CERT, AUTOSAR C++ 14, and others.   
 
Join us on October 31 for a live demo. See how to easily create a GitHub workflow with C/C++test static analysis, access static analysis results in GitHub, and download results from GitHub accounts to VS Code for convenient remediation. You’ll also see how to: 
 
• Create a demo repository in GitHub. 
• Prepare and configure the GitHub local runner. 
• Define the GitHub workflow with C/C++test static analysis.  
• Pull code using VS Code, make changes, and perform a push.

Achieve Secure & Compliant Software With Continuous Static Analysis

Are Environmental Constraints Slowing Down Your Testing Workflows?

Lack of control over test environment dependencies is a primary reason why many application testing teams are unable to achieve the test velocity needed to fully embrace concepts like agile workflows, continuous testing, and shift-left testing. This roadblock can often be easily addressed with service virtualization solutions that simulate environment dependencies. Service virtualization has been used to increase test velocity and remove these hinderances. 

Join us on October 26 to hear the top tips and strategies that have helped industry leaders streamline adopting and scaling service virtualization.

We'll discuss: 
• How service virtualization boosts test velocity by aligning with corporate tech strategies like agile workflows and automated testing.
• Accelerating and reducing the learning curve for the creation of new virtual services and ensure they’re always up-to-date.  
• Tips to successfully adopt, implement, and scale service virtualization across testing teams.

Top Tips to Accelerate Adopting & Scaling Service Virtualization

The automotive industry has been transforming from internal combustion engines (ICE) to autonomous driving assistance systems (ADAS) and electric vehicles (EV). It's now entering into a new era of software-defined vehicles (SDV).  

SDVs bring technological changes to the automotive architecture by introducing zonal gateways, high-speed Ethernet links, Time-Sensitive Networking (TSN) technology, and more. The gains include faster processing speeds, large storage capacities, better data security, and scalability. With the new development of a safety- and security-critical SDV platform for the future in automotive comes new challenges in software testing. Challenges that the Parasoft Continuous Quality Platform supports for every testing need include static code analysis, web UI testing, code coverage, unit testing, API testing, service virtualization, and more. 

Join us to discuss SDV technology, the business impact on consumers, OEMs and watch a live demo on one of our flagship solutions for embedded software, C/C++test with DTP's reporting and analytics dashboard.  

Key takeaways: 
• What is a software-defined vehicle? 
• How will SDVs affect consumers? 
• What impact do SDVs have on automotive manufacturers? 
• Enjoy a demo of C/C++test.

Automotive Software Testing for SDVs

Are you looking for ways to help your Java dev team meet their looming deadlines and free up more time for feature development? Adding more people doesn’t necessarily help with tight sprints since it takes a while to ramp up new developers.  

Unlock a new level of productivity to maximize output and minimize overhead. Invest in tools that help your developers deliver quality code faster. Most Java developers prefer to spend time writing code rather than testing it, so making unit testing easier has both short-term and long-term benefits. If they don’t have the time or skill to write or run unit tests, let our AI do it for you! 

Join this session to learn how Parasoft’s automated unit testing solution can improve your team’s efficiency: 
• Generate JUnit tests for existing and new code with one click. 
• Achieve 60% code coverage in under 5 minutes. 
• Reduce testing time by focusing on modified code. 
• Simplify and accelerate unit testing for developers.

Make Your Java Dev Team More Productive With AI-Led Unit Testing

Does your web UI testing achieve the repeatable and maintainable test automation that you need to validate the application’s functionality efficiently? 

As applications become more complex with underlying microservices and integrated architectures, testing strategies need to adjust to a Lean UI approach and incorporate API testing to test the application's functionality more efficiently and thoroughly. Combining this with AI-powered test automation, QA teams can easily and rapidly double their test suites and boost testing ROI. 

Join this session to learn about:  
• Why organizations are adopting Lean UI testing principles to scale regression testing.  
• How to increase testing ROI by expanding beyond web UI testing. 
• How to leverage AI to quickly create API test suites from existing web UI tests.

Use AI to Double Your Test Suite for a Higher ROI

Panelists: 
David Rubenstein, COO of D2 Emerge LLC, Editor-in-Chief of SD Times – moderator 
Stuart Wallis, Director, API & Application Performance Testing, CIBC
Manish Panchal, Vice President, Test Automation Architect, Bank of America
Wilhelm Haaker, Director, Solution Engineering, Parasoft

Organizations that want to modernize and mature their testing processes are expanding the use of API testing within their DevOps workflows. Functional API testing serves as a foundation for load, performance, and security testing. This panel will discuss how to shift API testing left to achieve quality and schedule targets. They'll also address topics including key metrics, release milestones, best practices, and more.

Panel: Tips and Tricks for API Testing Best Practices

In the effort to achieve software compliance, static code analysis helps developers discover safety violations and vulnerabilities that should be fixed. However, it can generate an abundance of issues without providing guidance on what’s important and what’s noise.  

Integrating AI into a static analysis tool makes it possible to automatically prioritize issues by determining their importance and risk. Generative AI can further enhance the static analysis process by recommending how to remediate violations that your SA tool has discovered. Your team can focus on fixing the real issues that must be addressed to reach compliance. 

Key takeaways: 
• Prioritize static analysis violations with AI-enabled testing. 
• Perform triage to identify and rank the most critical issues. 
• Use generative AI to remediate violations and vulnerabilities.

Accelerate Software Compliance With AI

Preparing your software application to handle peak loads and high-volume conditions is vital, whether your business is seasonal operations like e-commerce during holiday seasons, a ticketing system for big events, a live streaming service hosting the World Cup, or a financial institute that must provide seamless transactions.  

Load and performance testing, along with the creation of a simulated environment for testing, is your key to success. This combination provides the understanding of how your application will behave under high-stress circumstances and ensures stability and performance. 

In this webinar, we’ll discuss how to: 
• Reuse API tests to integrate load and performance testing into your CI/CD workflow. 
• Simulate a real end user experience without the cost of a complete performance testing environment. 
• Leverage virtual data for on-demand performance testing and bypass the constraints of production data.

Stressed About Performance Testing? Simulate It!

In the defense sector, many applications targeted for the development of new features supporting new requirements frequently leverage inherited codebases from earlier iterations of the system, integration source libraries, third-party subsystems, and so on.  

This inherited code is often not well understood and begs questions. 
• How well was this code tested before?  
• How safe and secure is the code we’re about to use?   
• How do I reduce the risk of breaking existing functionality as we evolve the code?  

On the journey toward successful delivery of these systems, it’s important to understand where you’re starting from in order to know where success is going to lead you.  

Join Parasoft on July 27 to learn how programs across the defense sector are using Parasoft's C/C++test solution to quickly baseline an in-depth understanding of inherited code while also creating the foundation for its safe evolution going forward.

Inheriting Legacy C/C++ Code: Where Do I Start?

Charter Communications offers broadband and cable services to over 32 million customers. To ensure customer satisfaction, they perform extensive testing across internal system components and downstream applications. When third-party services aren’t available, they use service virtualization to eliminate endpoint dependencies, manage test data, and identify performance risks, which reduces testing costs and time.

How Charter Communications Uses Service Virtualization to Improve Testing

MISRA completely dominates the landscape of coding guidelines for safe and secure C and C++ code. MISRA C in particular is a go-to standard for embedded dev teams. It's essential for these teams that write embedded C and C++ code to get complete coverage for the new coding guidelines introduced in MISRA C 2023 and MISRA C 2012 AMD4.

Join this session to learn how Parasoft, a participant in MISRA's C and C++ working groups, can help your organization achieve the most complete coverage.
• Learn about the structure of the MISRA C standard and the role of supporting documents.
• Discover essential restrictions in the use of atomics and multithreading.
• Watch a live demo showing coding compliance to MISRA C 2023 in a CI/CD workflow.

Speakers: 
Ricardo Camacho, Director Regulatory Software Safety & Security Compliance Product Management
Miroslaw Zielinski - Director of Product Management
Michal Rozenau - Project Lead Software Engineer Development

MISRA C 2023: What You Need to Know

APIs are the building blocks of modern applications. If the APIs aren’t secure, the system isn’t secure, but API security testing is tricky: it requires both API testing skills as well as developer skills to exercise the APIs in a meaningful way. It also has the challenges of security testing – you need security knowledge as well as application knowledge to attack the system and validate its behavior.

Shifting API security testing left is critical to minimize costs and reduce impact on release schedules. DAST and API testing get you started, but the best way to get ahead is to implement security best practices and standards in development, using SAST. The OWASP API Security Top 10 is a great way to start. 

In this session, learn how SAST can help drive your security testing efforts, including:
•	The importance of API security and how OWASP API Security Top 10 addresses the need.
•	Adding SAST to your SDLC and pipeline to harden the application against attack.
•	Producing the right reports for your security team without extra effort.

Forrester Webinar: Protect Applications With OWASP API Security Top 10 and SAST

API Security

OWASP

API Management

Security Testing

DAST

Security Threats

Testing

Application Security

Security

Forrester

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Forrester Webinar: Protect Applications With OWASP API Security Top 10 and SAST

Presented by

About this talk

More from this channel