Name: A Fresh, Risk-Based Approach to SAST Application Security
Start: 2022-01-11T14:13:00Z
End: 2022-01-11T14:13:18.000Z
Location: BrightTALK
Rating: 0

Apiiro's platform is being used by some of the largest enterprises in the world to analyze the behavior of millions of developers, security architects and champions across 100K+ code repositories. Apiiro is more than just a platform but a complete reinvention of the secure development lifecycle.

Watch as four software security experts discuss secrets in code identification and prioritization, their potential impact, how to define responsibilities and remediation best practices.

Speakers:
Moshe Zioni, VP of Security Research at Apiiro
Frank Catucci, Head of Application Security at DataRobot
Larisa Kirkland, Lead Application Security Engineer at Chegg
Henry McNeil, Product Security Engineer at iHerb

Let's talk about remediation of secrets in code

While Software Supply Chain attacks have gained attention, defensive frameworks are solely focused on code to deployment and cloud systems.

The software life cycle begins with conception and design. Although agile methodologies have been merging code writing with design, there is a blind spot that is all too often ignored by the security industry: the design stage.

Learn how we can shift our approach to software supply chain security by implementing Security at the Design principles and addressing risks earlier in the SDLC.

Software Supply Chain Security Threats at the Design: The Overlooked Risk

Today's approach to defense in depth for application security are siloed, lack context, and results have fallen short. But a layered approach is the key to building a world-class AppSec program that spans the entire Software Development Lifecycle (SDLC). So, how does our approach need to change?

In this webinar, you’ll hear from three experts at each of the core security touchpoints within the Software Development Life Cycle (SDLC): at the code level, pre-deployment, and post-deployment. They will share advice on:

- Key timeframes to implement security testing – and why
- How to incorporate risk context across the SDLC
- Best practices for application penetration testing and secure code review
- Proper implementation of application security tools for continuous monitoring
- Plus, more tips to achieve a layered application security strategy

Presenters:
- Nabil Hannan, Managing Director, NetSPI
- Samir Sherif, CISO, Imperva
- Moshe Zioni, VP of Security Research, Apiiro

Application Security in Depth: Understanding the Three Layers of AppSec Testing

Identifying and managing Secrets in Code is one of the most surprisingly complex aspects of an Application Security program. Join to hear the latest techniques from Igal Kreichman, VP of Engineering at Apiiro, on how AppSec teams can leverage context to accurately identify secrets in code, reduce false positives, and remediate risk. Igal will be joined for a discussion by Roy Avrahamy, Application Security Engineer at Kaltura and Russell Miller, VP of Marketing at Apiiro.

Speakers:

- Igal Kreichman, VP of Engineering, Apiiro
- Roy Avrahamy, Application Security Engineer, Kaltura
- Russ Miller, VP of Marketing, Apiiro

How to Contextually Identify, Prioritize, and Prevent Secrets in Code

In this interview Dave Gruber, Senior ESG Analyst, and Idan Plotnik, Apiiro CEO, discuss how today's Application Security programs are failing to scale and no longer meet the needs of today’s agile and cloud-native development processes.

Modern Application Security Is Failing

Your executives don't care about Security - they care about Risk! Hear the latest research from a guest speaker, Sandy Carielli, Principal Forrester Analyst, on the role of the Security team in building secure products. This is followed by a roundtable discussion about how to build a risk-based Application Security program.

SPEAKERS:
- Sandy Carielli, Principal Analyst at Forrester Research (guest speaker)
- Idan Plotnik, Chief Executive Officer and Co-Founder at Apiiro
- Alex Mor, Director of Application Security at Anheuser-Busch InBev
- Tomer Gershoni, Senior Director, Head of Engineering Security & Cyber Defense at Imperva

DISCOVER HOW BEST TO:
- Gain visibility: a key to building a successful and measurable AppSec program
- Understand risk: this requires a deep understanding of context across the SDLC
- Automate at scale: automation is essential to streamline, prioritize, and focus SSDLC processes

Practical Steps to Build a Risk-Based Application Security Program

"Garbage in, garbage out." That's a fundamental problem with traditional application security management, which lacks both context and automation. But Idan Plotnik, co-founder and CEO of Apiiro, proposes a new approach to application risk management.

In this video interview with Information Security Media Group, Idan discusses:

What's wrong with traditional approaches to application security;
The value of the right kind of context;
The role of automation.

Idan Plotnik is a serial entrepreneur and product strategist, bringing to Apiiro nearly 20 years of experience in cybersecurity. Previously, he was director of engineering at Microsoft following the acquisition of Aorato, where he served as the founder and CEO.

A Fresh, Risk-Based Approach to SAST Application Security

Application Security

Cloud Security

Cyber Security

DevOps

sast

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

A Fresh, Risk-Based Approach to SAST Application Security

Presented by

About this talk

More from this channel