Name: Automated Application Security Testing for Faster Development
Start: 2022-12-01T10:00:00Z
End: 2022-12-01T10:21:58.000Z
Location: BrightTALK
Rating: 0

Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world. For more information, visit our website invicti.com.

What are the challenges that need to be navigated on the journey to building an automated AppSec set-up that truly works? What do AppSec and DevOps teams that have been there, done that wish they’d known at the start of their journey? And what can other businesses learn from those who have done it the right way?

In the third episode of Invicti Security’s Mastering Application Security series, an Invicti Security customer Michael Thompson - Information Security Manager, Zen Internet and Mike Mattos - Chief Customer Officer at Invicti Security are here to answer those questions. From sharing their experiences of how they created automated AppSec workflows that are leading to valuable business outcomes, to openly discussing how to overcome the (inevitable) stressful parts of building an application security program, join them as they share:

- The best ways to overcome the very diverse application security-related challenges facing organizations today when they start to build their application security programs
- How DAST can take your web AppSec testing to the next level, turning the stress and anxiety of testing to one that brings peace of mind
- The ROI and business-wide outcomes that automated AppSec testing can realise
- And more

AppSec Testing in the Real World: Stories of Success

NoSQL injection attacks against MongoDB databases are a major threat to full-stack JavaScript applications. The OWASP Top 10 for 2021 lists injection as the #3 overall risk category for web application security, and NoSQL injection is one of the more recent additions to that category.

Join Invicti Staff Security Engineer Sven Morgenroth as he shows how to find MongoDB injection vulnerabilities with an automated approach – and how to fix them.

You will also learn:
- The basics of MongoDB injection vulnerabilities
- Secure development practices for MongoDB
- How to find, analyze, and fix reported vulnerabilities with Invicti

MongoDB databases are a critical part of the modern web. By attending this webinar, you will learn many ways to fix MongoDB injection vulnerabilities and avoid them in the future.

NoSQL security scanning: Finding and remediating MongoDB vulnerabilities

When it comes to application security, identifying and managing all threats can be daunting, but when faced with the possibility of an attack that could derail development or, worse, cause a breach, testing for vulnerabilities both early and often is more than an obvious solution – it’s the specified standard.

With the 44% rise in publicly reported cybersecurity incidents over the past decade and a growing cost per incident between $266,000 and $52 million, organizations know they must introduce more-robust cybersecurity management systems.  


Updated in October 2022, new ISO 27001 requirements redefine application security controls for building a secure SDLC in modern software development environments, with an emphasis on vulnerability scanning.

Join the Invicti CISO and VP of Information Security, Matthew Sciberras, to learn more about the 2022 version of the ISO 27001 and 27002 standards, including:
- New set of requirements for the software development life cycle
- What the new requirements mean for developers
- Why vulnerability scanning is emphasized in multiple places in the standard, and how to incorporate it as part of the secure SDLC.

New ISO27001 Requirements for a Secure SDLC with Vulnerability Scanning

A panel discussion that has aired initially as part of the Dark Reading Virtual Event, sponsored by Invicti:

Today’s threat landscape calls for a more proactive approach to security, with regular vulnerability scanning and penetration testing of IT infrastructure as well as threat hunting by the security team or your security service provider. How do you set up a vuln scanning and pen testing regimen? What’s the best way to begin and conduct threat hunting? How do you apply the results of these practices to tighten up your defenses? Threat hunting specialists will share intel on how to practice proactive security using these processes as well as emerging technologies that support them.

Getting a Step Ahead of the Attacker with Vulnerability Scanning & Pen Testing

This panel discussion has originally appeared as part of the Dark Reading Virtual Event, sponsored by Invicti.

Agile development and continuous integration/continuous deployment have changed the game for application development practices, leading enterprises to “shift left” and build security into the software development lifecycle to catch any vulnerabilities before applications go into production. But what about those existing production applications running in the enterprise? In this webinar, you'll learn how to use modern security practices to manage the detection and remediation of vulnerabilities in those legacy applications. You’ll also get tips for how to help your dev team balance their development demands with the need to secure applications enterprise-wide.

How to Protect Your Legacy Software Applications

This democast has originally aired on SC Media.

Secure application development can be a painstaking process, but just how painful does DevSecOps actually need to be? 

Companies that are actively engaged in DevSecOps speak of multiple pain points, from struggles with asset visibility and discovery to finding ways to close every gap in their defenses. Along the way, they face an uphill battle to integrate dynamic application security testing (DAST) into their software development life cycle and maintain vulnerability testing coverage across all their application environments – and all this while constantly warding off time-wasting false positives.

Organizations are always looking for ways to ease these security pains and cut down on inefficiencies. One remedy for these ailments is Invicti’s web application security testing platform, which integrates throughout the SDLC to embed automated security testing into application development without hampering the pace of innovation.

 
This democast features a walkthrough of Invicti’s AppSec solution, with detailed commentary explaining how Invicti’s Proof-Based Scanning technology coupled with deep integration into CI/CD workflows provides a tried-and-true remedy for the biggest pain points that plague DevSecOps initiatives today.

Dr. DevSecOps: A prescription for alleviating AppSec’s biggest pain points

From fresh exploits to new attack vectors, things change fast – those sudden ebbs and flows can make or break how prepared you are to respond to future threats quickly and efficiently. Attacks aren’t slowing down, so neither can you. Looking at 2023, and beyond, what will the next five to ten years of cybersecurity trends look like? How can you ensure that your organization is ready when the next big exploit makes itself known?

Join Frank Catucci, Invicti CTO and Head of Security Research, to discuss the future of AppSec, including:
What are DevSecOps professionals most concerned about and where will they invest in 2023;
- Which cybersecurity trends will be shaping 2023 and beyond;
- How processes, tools, and workflows might change in response, and how will they affect you;
- And more.

Keeping an eye on trends is critical to staying ahead of the curve with a proactive approach. Join this webinar to prepare yourself for a more secure 2023, and beyond.

The next year of AppSec: 2023 and beyond

In the chaos generated by alert overload, inefficient communications, and inadequate toolchains, how do development and security practitioners deal with it all?
In partnership with Wakefield Research, Invicti polled 500 DevSecOps professionals to gain deeper insight into how organizations from varying industries deal with AppSec challenges, where they are truly investing, and where the greatest changes are taking place. 

Join Invicti CTO and Head of Security Research, Frank Catucci, as he presents the highlights from Invicti’s latest AppSec Indicator report, including: 
- The real-life effectiveness of existing AppSec processes
- The anticipated spending trends for security initiatives
- Tried-and-true ways to prove ROI by cutting through the noise, inefficiencies, and delays using dynamic application security testing (DAST)

When AppSec grows too noisy, vulnerabilities get the silent treatment to the detriment of both development and security. Join the webinar and learn how to tune out the noise and move towards an efficient DevSecOps process.

2022 AppSec Indicator: Tuning Out the AppSec Noise is All About DAST

As the DevOps teams are moving forward at speed to help fast forward business growth, traditional security teams seem to struggle to keep up with a fast pace of innovation, making it unsustainable to maintain a traditional DevOps approach without involving security directly.

Having security as an integral part of development is the only practical approach to modern agile workflows. 
Join Invicti Solutions Engineer Ali Marwani, and learn:
- What is DevSecOps, and why do we need it?
- How to implement DevSecOps
- DevSecOps best practices

Transforming your organization with DevSecOps

Security debt is inevitable for any organization. The good news is that turning down security debt while not adding new debt is possible. In this discussion between Ean Meyer of Marriott Vacations Worldwide and Sonali Shah of Invicti Security, you will learn about Meyer’s approach to supporting DevOps, maintaining speed-to-market, and targeting security debt to improve security posture.

Turning Technical Debt into Positive Business Experience

Application security has come a long way. From automation to increased AppSec budgets, the landscape of application security has changed dramatically. Yet even businesses who think they are doing AppSec and DevSecOps well can’t be entirely confident, with organisations becoming increasingly vulnerable due to the sheer number of web assets they have - or think they have - to secure.

With it being more imperative than ever for development and security teams to gain complete visibility into all their applications — including those that are lost, forgotten, or hidden - it’s crucial that they do it in the right way.

But what does the right way look like? In episode 2 of Invicti’s Mastering Application Security series, Nick Cavalancia and Mark Townsend are here to show you. From discussing how businesses can create a DevSecOps roadmap that truly works, to diving into how teams can integrate application security into their DevOps pipelines the right way, join them to hear:

- Why many organizations struggle with gaining full visibility of what applications they need to secure 
- How to navigate the complexity of integrating security tools within short production cycles 
- How critical software issues can be identified and addressed at the appropriate stage of the SDLC
- How to inspire DevOps and DevSecOps teams to grow the right development culture that fosters an environment where AppSec can truly thrive
- And more

DevSecOps Roadmap: Building Security Into Workflows the Right Way

During this exclusive fireside chat, moderated by Jo Peterson, Sonali Shah, will look to address the following topics:

- Are unsecure applications just plain easy targets maybe even easier than email?
- What are the top 3 application security challenges organizations face today?
- Why web applications will continue to be a main vector for external attacks 
- With Open source continuing to grow, what can organizations do to put themselves in a better position in 2023.

Fireside Chat with Invicti and Clarify360 on Application Security

Web apps and APIs present a major risk for organizations of all sizes, according to the Verizon DBIR about two of every five breaches originate in a web app – and the problem is only growing. In most organizations, innovation pressures still outweigh security priorities. 
So what can AppSec professionals do in order to reduce their web attack surface? In this presentation, Invicti Security Chief Product Officer Sonali Shah dives into the top five AppSec risks that every organization should be aware of and provides best practices for securing cloud-based web apps and APIs.

Application Security Trends and Best Practices

Many organizations need better strategies to counter the growing threat landscape and keep their web apps secure. However, there are still many lingering misconceptions around web application security that slow down the implementation of web application security best practices.

Join Invicti Solutions Engineer Ali Marwani as he debunks the most common web application security myths and delivers the facts to help you implement a comprehensive, rigorous, and effective web application security program at your organization. 
You will learn:
- Most common myths and facts about web application security
- How to start your AppSec program the right way

Debunking web application security myths

Are you covering the top AppSec threat in 2022?

Most organizations rely on APIs to fuel digital transformation, enable integrations, and increase capabilities and efficiencies. However, with sprawling web application environments that frequently change, often daily, API abuses are expected to become the #1 application threat vector in 2022 – and a major headache for security teams. 
Incorporating APIs into the overall AppSec testing strategy is now a necessity, but for many, it still presents a major technical and organizational challenge.

By attending this webinar, you will learn:
- The importance of web APIs and why they are a key attack surface for modern threat actors
- The challenges of including APIs in application security testing and ways to overcome them
- Best practices for building API scanning into your AppSec program

Join Laura Paine, Director of Product Marketing, and Mark Schembri, Solutions Engineering Manager, to learn how your organization can reduce security risks associated with web APIs.

Web API Security: Trends, Challenges, and Best Practices

Remote code execution (RCE) is a class of vulnerability that we’ve heard a lot about in the news recently. Many organizations are still feeling the aftershocks of Log4shell’s exploit of Log4j. In fact, RCE does not seem to be going away. The latest Invicti research shows a 3-4x increase in code execution findings over the past three years. RCE is severe — an attacker can exfiltrate data, steal credentials, and forge database records.
 
In this presentation, Invicti Security Distinguished Architect, Dan Murphy, showcases the latest data around RCE and delves into techniques that even the largest of organizations with thousands of web assets could use to safeguard their web applications from RCE.

The rise of RCE: Why code execution is booming and how to fortify your defenses

Are severe vulnerabilities getting any scarcer? The short answer is no.

Each year we analyze the most common web application vulnerabilities across thousands of assets and release the annual Invicti AppSec Indicator report. This year we analyzed aggregated usage data from 939 global Invicti customers who ran a whopping 23,630,985,830 security checks in 2021, which gave us a holistic view of vulnerability trends from automated scan results across regions.

Join us as we zoom in on some of the worst security flaw offenders that still plague DevSecOps teams today. We will also cover the AppSec best practices that will help us get a handle on these all-too-persistent flaws and improve security without sacrificing innovation.

In this webinar, you will learn:
- Why severe vulnerabilities aren’t getting scarcer
- How to leverage these findings with the aim of improving your AppSec program
- Tactics and initiatives to help prioritize web app security in your organization

Worrisome Vulnerability Trends in the Race to Innovation

Security teams are intensely focused on protecting their organizations, often leading to friction with developers who need to build and produce applications quickly. How can organizations speed up product releases and shorten innovation cycles while also improving security and working in tandem with development? 
To understand how successful organizations do this, we have partnered with Enterprise Strategy Group (ESG), an independent IT analysis, research, and advisory organization, to develop an in-depth white paper: Automated Application Security Testing for Faster Development.   

As part of this webinar, we will present the highlights from this white paper, including: 
- The challenges of securing cloud-native applications
- The case for embedding security testing directly into developer workflows for better coverage
- Ways to turn your security team into enablers instead of blockers
- The Invicti approach to helping you continuously secure all your applications
- How automated AppSec testing saves time and money

Join this webinar to learn how organizations like yours “cover their AST with DAST” by enabling both security and development teams and proactively taking control of the security of their web apps.

Automated Application Security Testing for Faster Development

Cyber Security

Application Security

IT Security

Cyber Attacks

Digital Transformation

Cloud Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Automated Application Security Testing for Faster Development

Presented by

About this talk

More from this channel