Hi [[ session.user.profile.firstName ]]

Application Security: From the Ground Up

If you have been tasked with building an application security program, or your organization is starting to consider one, you may be curious where to start.

Not only does application security rely on sound security understanding, it also relies on a fundamental understanding of software development. You must consider things like budget, or lack thereof, resources, priorities, and strategy when building an application security program.

In this talk, James Jardine, CEO of DevelopSec, will talk about these different considerations when just getting started. Come learn some of the key elements to helping get your application security program started in the right direction.

James Jardine is CEO of DevelopSec, owner of Jardine Software, an application security consultancy, as well as founder and regular contributor to Down the Security Rabbit Hole and DevelopSec podcasts. He has over 16 years experience focusing on application security and software development. James is a regular keynote speaker, including InfoSec World 2017.
Recorded Sep 14 2017 63 mins
Your place is confirmed,
we'll send you email reminders
Presented by
James Jardine, CEO, DevelopSec
Presentation preview: Application Security: From the Ground Up

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The State of Software Delivery Management: Exploring The Future of SDM Oct 7 2020 10:15 pm UTC 60 mins
    Mitchell Ashley, CEO and Managing Analyst, Accelerated Strategies Group (ASG)
    Truly disruptive organizations understand that agile software delivery pipelines are at the heart of their digital transformation. However, while some organizations may understand this in theory, in practice the situation looks very different for most.

    This research set assesses the current state of Software Delivery Management (SDM) and examines the impact of SDM adoption in the enterprise. The research consists of survey data and one-on-one interviews with key industry leaders and experts to gather and further refine the data on which this report is based.

    In this talk, Sanjeev Sharma from ASG will share data from the research and show how organizations with mature SDM strategies are better able to quantify both the cost of delivery and the cost of delays in delivery. Additionally, the research will show why organizations are enjoying an improved ability to tie software features and their delivery to business impact and customer value. This presentation will also breakdown how an SDM strategy addresses the gaps and inefficiencies in an organization’s ability to deliver software, based on three key capabilities that help organizations increase their software delivery efficiency and effectiveness.

    Top takeaways from this presentation include:

    • Survey data and research to share the current state of software delivery management
    • An understanding of what it takes to successfully execute a digital transformation strategy and why it’s imperative that organizations adopt SDM capabilities
    • Three capabilities to help increase software delivery efficiency, including:
    o Quantifying the impact of investment in software delivery;
    o The capability of software delivery teams to communicate and collaborate;
    o End-to-end visibility into the value flow of software delivery streams
  • Make your business fly Oct 7 2020 9:00 pm UTC 60 mins
    Alejandro Gonzalez, New Technologies Director, Aoniken Servicios IT S.A.
    In this webcast we’ll travel along the path of the development and operation of “PAD” system,
    supported by DevOps practices and infrastructure.

    This solution tracks the fueling charge of planes and helicopters by the principal oil company,
    in all the Argentinian airports.

    It’s composed of rugged tablets (front-end) running off-line (on-line when it’s possible), against
    a cloud backend, all over the country.

    The keys scenarios that our solution cover is:
    - Extensive on-field surveys and device integrations
    - Gas fueling to planes before international flights
    - Flowmeters interconnection
    - Corporate identity management
    - Assure a 24x7 operation, 99.9% SLA
  • [Panel] What Does DevOps Mean to the Business in 2020? Oct 7 2020 5:00 pm UTC 45 mins
    Panel of experts
    The role of the IT department has changed in recent years and is more aligned with the business than ever. In 2020, as DevOps matures, what does this mean for the role of DevOps and Agile in delivering business outcomes?

    Join this panel as DevOps experts explore what opportunities - and challenges - DevOps and Agile can create for the business. Points of discussion will include:

    - Are businesses investing enough in DevOps and IT teams to enable them to remain competitive in a landscape of accelerated Digital Transformation?
    - How can businesses ensure that they reap the rewards of investments they do make?
    - If businesses do it right, what benefits can they expect?
  • 5 Ways to Boost DevOps ROI with Value Streams Oct 7 2020 10:00 am UTC 60 mins
    Steve Pereira, Founder, Visible Value Stream Consulting
    DevOps is driving incredible results for many companies, but many more are struggling and every team has lots of room to improve. Recent focus on the bigger picture of value streams and flow provides us a much better perspective and model for improvement. In this talk, I'll share some of what's working for leaders, and how you can see improvement with a little investment in the right areas.

    I'll share:
    - How to tackle the worst bottlenecks
    - Where automation really matters
    - Remote-friendly mapping for teams
    - Strategies for driving alignment
    - How to get metrics from mapping
  • Don’t miss the train! Test automation is finally growing up. Oct 7 2020 8:00 am UTC 60 mins
    Marcel Veselka, Visionary, Tesena;
    The search for more efficient, quicker and cheaper testing has been ongoing for a long time. In the past test automation was frequently presented as the solution to this problem. These days it has become at least a small part of any modern software testing process. However, in the next four years the test automation market will grow 2.3 fold to over 25 billion USD.
    But it’s not only the size of test automation that is growing, it’s also increasing in maturity. It is now better that ever before as the tools are getting to grow more advanced and the practices more mature.
    We will share with you how test automation market is changing, what are the current hot trends, and what new opportunities these will bring to us. Some of the most interesting innovations relate to improving scope selection, execution and maintenance of the automated test pack, powered by AI and ML.
    This talk will give a high-level, understandable introduction to what’s happening and is about to happen in test automation. The target audience is testers, developers and technical resources.
  • The Goldilocks Problem of Software Delivery Oct 6 2020 10:15 pm UTC 60 mins
    Anders Wallgren, VP of Tech Strategy, CloudBees
    Over the last 15 years, organizations have had difficulty with the entire software delivery process, but two artifacts in particular became a recurring problem. The problem stems from the Goldilocks principle: one of these artifacts is much too big to overcome efficiently, and one of them is much too small to make a significant impact, so we need to find the one that is just right.

    So what artifact is “just right?” As the user, what we really care about are the Features: the stuff we use and interact with all the time to make our daily lives better. However, the systems we have today haven't advanced to the point where software features are the nearest proxy for customer value. In other words, the feature must be at the forefront of the UI.

    In this talk, I will share why features are the proxy for value and explore the different levels of abstraction for the “just right” aspect of a Feature in order to shift people's mindset from thinking in terms of Builds or Releases, to thinking in terms of the customer and business value. I will share tactics to address the Goldilocks problem and how to have these discussions at the right level of the software in order to make prioritizations, decisions, and discoveries.

    What Attendees Will Learn:

    A different perspective about software delivery, which will help them make better decisions about which features to pursue and builds/releases to postpone.

    Learn why features are the future and how they are the perfect middle-ground between individual builds and major releases.

    How to ultimately break free from the Goldilocks problem of software delivery.
  • Fastest Way to go from Prototype to Production with Machine Learning Oct 6 2020 10:00 pm UTC 60 mins
    Vinay Rao is the CEO and co-founder of RocketML
    Artificial Intelligence (AI) techniques are enjoying rapid adoption by all sizes of businesses across the world. However, evolving AI from
    “Prototyping” activities to “Production” face many challenges, in large part due to the radically different development and deployment profile of
    modern Machine Learning (ML) methods, and the range of practical issues that come with real-world use cases.

    This webinar will identify the challenges and demonstrate how these challenges could be mitigated with a remarkably scalable, flexible and
    extensible ML platform.
  • Why Test Automation Fails… and how you will succeed! Oct 6 2020 9:00 pm UTC 60 mins
    David Milette, Co-Founder and Managing Director of SQALogic
    Have you or your organisation tried to implement test automation and failed in doing so? Don’t be ashamed, you are far from being alone! The sad truth of the matter is most test automation initiatives fail!

    Attend this webinar and learn how to finally achieve the goal of fully functional test automation and reap the many benefits and rewards this will provide.

    About this Webinar
    2020 Has forced many organisations to revisit the way they do things and seek out ways to gain efficiencies and lower costs. While many development teams are turning to Agile methodologies and DevOps strategies in order to achieve better quality software and faster production releases, in many cases testing and quality assurance is proving to be a bottleneck. Automation is the only way to allow these new development strategies to achieve their full potential. This webinar will be of interest to anyone seeking to understand how to finally eliminate the roadblocks that have hindered so many others in the past from making test automation simply work!

    Join us as we take you through the reasons why test automation fails and equip you with the tools and understanding to put you finally on your way to success!
  • Effective Risk Management through DevSecOps Testing Oct 6 2020 3:00 pm UTC 60 mins
    Gary Robinson, CEO of Uleska & Global Board Member of OWASP; Todd Carey, Director, PwC
    Companies are moving to security automation to protect their software and assets. In this presentation PwC and Uleska will discuss the trend towards DevOps and Digital Transformation, and the risks that introduces for companies. Learn about the current problems with DevOps Security, scalability, and effective regulatory coverage through DevSecOps.

    Key takeaways will include:
    • How to scale DevSecOps
    • How to move from measuring inherent risk with software, to residual risk, automatically, and at scale
    • What are the current best practices we see in the industry, and what are the blockers
    • What will the future of security automation look like
  • DevSecOps – Ensuring built-in-Security in an evolved DevOps landscape Oct 6 2020 12:00 pm UTC 60 mins
    Sesh Murthy, Cloud Raxak CTO and Co-Founder; Tarun Krishnamurthy Managing Partner, Anzen Technology Partners
    DevSecOps extends DevOps, in that everyone in the software development life cycle is responsible
    for security bringing operations and development together with security functions. DevSecOps
    embeds security in every part of the development and operations processes. It is about automating
    core security tasks by embedding security controls and processes early in the DevOps workflow
    (rather than being bolted on at the end). For example, this could be the case when migrating to
    microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud
    infrastructure. It is about getting security back into the lifecycle, or as it has been described: ‘shifting security left’.

    Integrating security into DevOps to deliver DevSecOps requires new mindsets, processes, and tools.
    Starting with continual Risk Assessment, Security and Risk Management leaders need to adhere to
    the collaborative, agile nature of DevOps to be seamless and transparent in the development
    process, making security as silent, encompassing, and seamless as possible.

    How to get a business to approach built-in security, from the beginning and continually:
    1. By establishing a security and data privacy strategy – a Security Program spanning people, process, products with Risk Assessment and Policies.
    2. Integrating Data Protection, Secure Coding and Testing practices within the engineering
    lifecycle.
    3. Leveraging automation to integrate security into the DevOps & CI/CD pipeline – from code scanners through to continuous security configuration management and remediation – in Dev, Testing, Staging, Production environments.
    4. Finally, staying abreast of practices, regulations, auditing and remaining certified, in true intent and spirit.
  • A Multi-tenant Multi-cluster Kubernetes Datapocalypse is Coming Recorded: Jun 23 2020 57 mins
    Paul Burt, Technical Product Marketing Engineer, NetApp; Jim Fister, Principal, The Decision Place
    The need for rapid deployment of scalable clusters is creating an opportunity for container solutions such as Kubernetes. But what are the implications of multiple Kubernetes clusters in a broad deployment? What happens if a cluster goes down? What’s the impact on business resiliency? Managing and securing multiple clusters is becoming a key topic and area of debate. Multi-cluster Kubernetes that provides robustness & resilience is rapidly moving from “best practice” to a “must have”.

    In this webcast we’ll dive into:
    •The history of multi-cluster Kubernetes
    •How multi-cluster setups could affect data heavy workloads (such as multiple microservices backed by independent data stores)
    •Managing multiple clusters
    •Keeping the business functioning if a cluster goes down
    •How to prepare for the coming datapocalypse

    After you watch the webcast, check out the Q&A blog at: https://bit.ly/2DE91fL
  • Cloud Native DevOps: Why Kubernetes is a game-changer for enterprises Recorded: Apr 23 2020 49 mins
    Jim Bugwadia, Founder and CEO, Nirmata
    Cloud native technologies, like containers and Kubernetes, enable enterprise agility at scale and without compromises. In this session, Jim Bugwadia, who is a founder and the CEO at Nirmata - the Kubernetes Management Plane for Enterprises, will show how enterprises can warp speed their DevOps initiatives by embracing cloud native technologies. You will learn:

    - How containers and Kubernetes impact enterprise DevOps
    - What organizational patterns drive successful Kubernetes adoption
    - How to approach hybrid and multi-cloud strategies with Kubernetes
  • Oracle Databases in a DevOps World Recorded: Apr 23 2020 59 mins
    Nick Walter, Principal Architect
    Have you automated your entire CI/CD pipeline except for the manual DBA actions? Are untested SQL scripts your main source of deployment issues? You aren't alone. Many shops that embrace DevOps principles realize improvements in almost all areas... except for databases. In this talk, we will explore both methods for bringing Oracle DBA teams into a DevOps mindset, and practices for leveraging the benefits of DevOps automation for Oracle database operations.
  • Strategies for Driving DevOps Transformation in the Enterprise Recorded: Apr 23 2020 48 mins
    Jeanne Morain - iSpeak Cloud; Graham Berry - OpenShift, RedHat; Mark Berry - 6point6; TJ Gonen - Check Point
    Some analysts say that DevOps is starting to reach maturity, and as such there are numerous tools flooding the market. But all good tools only reap true benefits if there is a solid strategy to their use and implementation.

    Join this webinar as we take a closer look at how solid DevOps strategies can support emerging tools and foster transformation in mission-critical software environments.

    Topics will include:

    - Why it’s crucial to build a culture of continuous, collaborative improvement and evolution between dev and ops
    - What metrics and approaches can help to forecast the value of DevOps accurately
    - Foundational success factors, including management buy-in, the maturity of current processes, and CI/CD tools

    Moderator:
    - Jeanne Morain - Founder, iSpeak Cloud

    Panellists:
    - Graham Berry - EMEA Sales Lead - OpenShift, RedHat
    - Mark Berry - DevOps Director, 6point6
    - TJ Gonen - Head of Cloud Security Programs, Check Point
  • From Data Dependence to Testing Transcendence Recorded: Apr 22 2020 43 mins
    Akila Kavo, Delivery Manager, Emerging Technology, tap|QA
    Have you ever had challenges with unsuitable test data? Have you lost time each cycle due to tracing back data questions to key team members?
    Is your data structure so complicated and under-documented that you struggle to know where to even start?

    Whether you are contributing to a project using the latest technology trends or an antiquated mainframe system running on punch cards,
    having a robust Test Data Management Strategy in place is crucial to the timely and smooth execution of your testing effort.

    Join tap|QA's Akila Kavo, Delivery Manager of Emerging Technology, as we’ll explore best practices and real world examples in Test Data Management with a keen focus on how to integrate with your test automation solution.

    We’ll dive into the following topics:

    1) Why TDM is so important
    2) What questions to ask to properly identify your problems
    3) Strategies in creating the best TDM environment possible honed from multiple consulting engagements!
    4) A technical demonstration of different approaches

    Attendees will learn what questions to ask to get to the root source of data management woes. We’ll focus on how to solution a Test Data Management strategy, and plan its implementation.

    You’ll learn what metrics to capture and how you can use them to quantify the value you are providing to the business.
  • AI and Machine Learning in a Selenium World Recorded: Apr 22 2020 49 mins
    Mike Wagner, Test Architect and Principal Consultant for tap|QA
    Many testing teams today use Selenium for their automation needs and rightfully so, Selenium allows for cross browser and mobile support, it’s free and has a large open source community behind it.

    Regardless of its feature set, Selenium and test automation in general has its own list of pain points like test maintenance and test coverage.
    These pain points can have a large impact on testing metrics depending on the test architecture used and the design patterns being followed.

    To address these pain points a team can utilize areas of Artificial Intelligence (AI) and Machine Learning (ML) via open source libraries.
    This enables the tests to find their own elements and attempt every possible combination of test cases, which a tester could then store, rerun, and iterate on.
    This approach effectively gives Selenium a brain in the form of models and actions.

    Join Mike Wagner, Test Architect and Principal Consultant for tap|QA as he leads this informative session for teams interested in integrating Artificial Intelligence into their existing Selenium framework.

    Takeaways: Understanding of the different areas of Machine Learning/AI with an emphasis on:
    * Convolutional Neural Networks (How they apply to element selection)
    * Reinforcement Learning (How it applies to test coverage)
    Approach for implementing Convolutional Neural Networks and Reinforcement Learning into an existing Selenium framework.
    * Introduction to top open source libraries related to Machine Learning
  • [Panel] Finding the Balance Between Manual and Automated Testing Recorded: Apr 22 2020 45 mins
    Eran Kinsbruner - Chief Evangelist, Perforce | Matt Rose, Global Director Application Security Strategy at Checkmarx
    Keeping up with customer expectations in the digital age and continuously releasing high-quality software is tough. While not a silver bullet, the answer to doing both well in 2020 increasingly lies in test automation.

    However, adopting test automation is not without its challenges, and it must be blended correctly with manual testing.

    Join this panel of testing experts as they discuss how to find the balance between manual and automated testing, including:

    - Where to introduce automated testing
    - Why it’s crucial that you establish a repeatable manual documented process prior to implementing any automation
    - How to scale automated testing


    Panelists include:

    - Eran Kinsbruner - Chief Evangelist at Perfecto by Perforce
    - Matt Rose, Global Director Application Security Strategy at Checkmarx
  • An Introduction to Test Lifecycle Automation – Going Beyond Automated Regression Recorded: Apr 22 2020 27 mins
    Faz Ahmad, Prolifics Testing
    Prolifics Testing will present a guide to Test Lifecycle Automation and an overview of some of the tools that drive it. These use concepts such as Machine Learning, Data Mining, Predictive Analytics and Containerization with Open Source tools to automate all aspects of testing, including Test Design, Data, Execution and Validation.

    Int this session, we will show how you can implement Test Automation innovation within your organisation for all Web, Mobile, Desktop and Cloud-based applications.
  • Achieving Data Agility in a DevSecOps World Recorded: Dec 11 2019 35 mins
    Sanjeev Sharma, VP and Global Practice Director for Data Modernization, Delphix
    As organizations mature on their DevOps adoption journey, adopting Continuous Integration and Continuous Delivery (CI/CD) automation, and breaking down organizational silos, application delivery and infrastructure provisioning speed is being accelerated. The next challenge now being exposed is the lack of agility in delivering Data into non-production environments.

    Development and Testing require the availability of relevant data in the production-like Dev and Test environments on demand, to ensure rapid testing and validation of each Build. Data is however difficult to provision and deliver on demand. This results in Data Friction being the impediment to true ‘flow’ through application delivery pipelines. Other than the inherent cost and time it takes to provision and store data instances, there is also the risk that exponentially increases as more and more instances of Data are provisioned in multiple non-production environments.

    As Dev-Test teams deliver faster and leverage more environments across parallel development streams, the number of non-production Data instances is typically several orders of magnitude higher than Production instances, increasing the exposed surface area. The ask hence is to be able to provision and deliver production-like Data instances, on-demand, as, when and where Dev-test practitioners need them in non-prod environments, while securing the Data at the same time.

    In this session Sanjeev Sharma, VP and Global Practice Director for Data Modernization will discuss practices large enterprises need to adopt, across Process, Technology and People in order to be able to Provision, Deploy, Manage, Govern, and Secure Data in Application Delivery Pipelines, addressing Data Friction and Data Security challenges that may be impeding DevSecOps adoption.
  • Tips and Tricks for Docker-Based Pipelines Recorded: Nov 21 2019 47 mins
    Dan Garfield, Chief Technology Evangelist, Codefresh.io
    Most people think “adopting containers” means deploying Docker images to production. In practice, adopting containers in the continuous integration process provides visible benefits even if the production environment are VMs. In this webinar, we will explore this pattern by packaging all build tools inside Docker containers. Container-based pipelines allow us to create and reuse building blocks to make pipeline creation and management MUCH easier. It’s like building with Legos instead of clay.

    This not only makes pipeline creation and maintenance much easier, it also solves a myriad of classic CI/CD problems such as:
    Putting an end to version conflicts in build machines
    Eliminating build machine management in general
    Step portability and maintenance

    In a very real sense, Docker-based pipelines reflect lessons learned from microservices in CI/CD pipelines. We will share tips and tricks for running these kinds of pipelines while using Codefresh as a CI/CD solution as it fully supports pipelines where each build step is running on its own Docker image.
Trends and insights for developing apps and maintaining service
The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Application Security: From the Ground Up
  • Live at: Sep 14 2017 9:00 pm
  • Presented by: James Jardine, CEO, DevelopSec
  • From:
Your email has been sent.
or close