Name: Maximizing SAST: A Guide for Developers and Security Specialists
Start: 2024-09-02T12:54:00Z
End: 2024-09-02T12:54:50.000Z
Location: BrightTALK
Rating: 0

Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, link here, the open-source automated dependency update project.  For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter. 

Join Chris Lindsey as he shares proven best practices that will keep your application security program secure and on the right track.  
From real world examples, Chris walks through the following:
Fix Campaign - Focused effort that securely addresses hundreds of findings in less than a week.
Developer Training - Proper training methods that work, from on-boarding, hack-a-thons to beyond, learn how to successfully help train developers.
Container Security - Best practices that work to prevent you from releasing compromised containers quickly and securely.
Whether you're a developer, security professional, or IT leader, this session will equip you with the knowledge and tools to build more secure applications and stay ahead of potential threats.

AppSec for the Win: Proven Best Practices that Work

Could dependency automation be that rare concept embraced by both developers and security leaders alike?
As modern software development becomes increasingly complex, managing and updating dependencies efficiently is crucial. 
Dependency automation tools streamline this process by automatically identifying, updating, and managing libraries and packages, reducing the manual effort required and minimizing the risk of outdated or vulnerable components. 
This proactive approach not only enhances security by ensuring that known vulnerabilities are promptly addressed, but also accelerates development cycles by keeping projects up-to-date with the latest improvements and fixes. 
Join us to explore how automating dependency management can enhance both security and efficiency, and discover why it’s a game-changer in the software development lifecycle.

Dependency Automation: Developer delight & Security satisfaction

In today's complex software landscape, large organizations face increasing pressure to ensure the security and integrity of their software supply chains. SBOMs have emerged as a vital tool for achieving this goal. 
By leveraging SBOMs, organizations can generate an accurate and deeply comprehensive SBOM of all their open-source dependencies, helping to ensure that their software is secure and compliant.
In this advanced-level webinar, our expert delved into the critical role of SBOMs in:
- Identifying Vulnerabilities
- Navigating Complex Ecosystems
- Overcoming Challenges
Watch the webinar and get the chance to learn that SBOMs are not just about compliance; they open up a world of opportunities for improving software security and management.

SBOMs: A Critical Tool for Modern Organizations

AI is rapidly transforming industries, but its power comes with a hidden vulnerability: traditional security methods struggle to keep pace with the unique threats facing AI models.
Malicious attacks can harm your AI and damage your business.
The biggest challenge? Knowing what AI models you even have. Many companies lack visibility into the AI models embedded within their applications, especially those built by third-party libraries or open-source frameworks.
In this webinar, you will learn about:
The unique security challenges facing AI models
How to identify and automatically map all AI models within your codebase, even hidden ones
Proven strategies to proactively address vulnerabilities in third-party libraries and frameworks used by your AI

Securing Your AI: Protecting Against Hidden Threats

We all want to have the best security posture possible, especially when it comes to our mission-critical applications and the software we make available as part of the software supply chain. 
Every security team dreams of fully implementing Zero Trust as the standard across the whole of the organization and having flawless defenses.
In reality, though, security is a never-ending journey, as the landscape constantly shifts at an ever-accelerating rate. 
Defending the perimeter used to be the goal, but in the ultra-interconnected world of services, cloud platforms, and open-source dependencies, we need to rethink how we defend ourselves and our customers. 
We need to stop unrealistically striving for perfection and get back to basics to make sure we are guarding against the most likely, most common, and most costly threats that continue to emerge.

In this webinar we will cover:
- Understanding the threats throughout the Software Supply Chain
- The benefits and realities of implementing Zero Trust
- Thinking through trust, attestation, and scanning
- Finding the right balance of time and effort for security ROI
- Thinking past compliance and defending against the most likely scenarios

Good Enough: Practical Zero Trust Posture in The Software Supply Chain

Building a successful Security Champion program is just the beginning. 
Scaling these champions across your organization while maintaining their effectiveness and alignment with security objectives can be challenging. 
In this webinar, we'll delve deeper into the complexities of managing Security Champions, addressing common hurdles, and maximizing their impact on your application security posture.

Discover how to:
- Navigate conflicting priorities and maintain champion focus on security
- Effectively empower champions without compromising security standards
- Integrate security seamlessly into the development process
- Prioritize vulnerabilities and optimize remediation efforts

Empowering Security Champions: Optimizing for Security Excellence

Software vulnerabilities are at the heart of a data breach. 
Those bugs can be in your third-party software or your own internal applications. 
When software vendors regularly issue updates and patches, how do you know which ones to prioritize? 
How do you ensure your own development team is writing secure code? 
In this panel discussion, experts will discuss how to identify, assess, and prioritize the risk of an attacker exploiting the latest vulnerabilities in your systems. 
They will offer strategies for using DevSecOps for your internal apps as well as building a sound patching policy for your third-party software.

Finding & Fixing Software Vulnerabilities - Endanger your Data

Are you frustrated with developers disregarding security guidelines and AppSec alerts? 
Security Champions can transform this dynamic, turning developers into advocates for secure coding and creating a collaborative environment. 
Join our webinar to discover the secrets of building an effective Security Champion Program that can revolutionize your AppSec efforts.

Discover how to:
Overcome developer resistance and build trust
Foster effective communication and collaboration
Create a culture of security champions within your development teams
Drive meaningful improvements in your application security posture

Turn Developers into Allies: The Power of Security Champion Program

For many organizations, protecting the crown jewels means protecting the source code for their applications. How can security teams put effective controls around source code? 
One of the most common issues around source code management is secrets and configuration management. 
When the organization’s source code is stored within third-party code repositories, exposed configuration files and secrets such as credentials and API keys put organizations at risk. 
How can security teams work with the development teams to ensure that secrets are managed securely and not stored in publicly accessible locations? 
This webinar will offer insight on how to protect the source code from data exposures and theft.

Protecting the Crown Jewels: Source Code Security

In today's fast-paced DevOps environment, ensuring the security of containerized applications is more critical than ever. Traditional vulnerability management often falls short, leaving organizations exposed to potential threats. 

Join us for a webinar designed specifically for security engineers, where we'll delve into innovative techniques for analyzing and improving the security posture of container images using reachability analysis.

In this webinar, you will:
Discover how to identify and prioritize vulnerabilities based on their potential exploitation in runtime environments
Learn hands-on techniques to enhance your organization’s security defenses early in the SDLC
Understand the benefits of integrating reachability analysis into your container security strategy
Gain insights from real-world examples and best practices shared by our experts

Proactive Container Security: Prioritizing Vulnerabilities with Reachability

AppSec leaders are overwhelmed, understaffed, and misunderstood.
Key factors contributing to burnout include misalignment with development priorities, understaffed teams, difficulties in securing executive buy-in, poor collaboration between development and security teams, limited budgets, and the stress of managing known and unknown risks.

This webinar equips you to:
Build a high-performing team
Gain executive buy-in for security initiatives
Create a sustainable security program that protects your organization

By addressing these issues and providing actionable solutions, this webinar aims to empower AppSec leaders to manage their workload more effectively, achieve a healthier work/life balance, and ultimately enhance the security posture of their organizations.

Why AppSec Leaders are Burning Out (and How to Stop It)

Join us for an insightful panel discussion about recent developments in container security. 
Our industry experts will delve into the  trends and challenges facing AppSec practitioners who want to take full advantage of this crucial environment. 
Discover innovative strategies and best practices to safeguard your containerized applications in a constantly changing threat landscape.  

In this webinar, you will:
* Discover new approaches and technologies that speed secure container development
* Learn about cutting-edge technologies and methodologies shaping the future of container security
* Understand the evolving regulatory landscape and its implications for container security practices
* Delve into the role of predictive analytics to proactively identify and mitigate security risks in containerized environments

Navigating “Shift-left” in Container Security

A good patch management strategy is essential for securing enterprise data. 
However, security teams must also think about protecting applications where vulnerabilities haven’t been patched. 
Attackers are increasingly manipulating open-source, third-party components in software – and security teams need a response. 
In this webinar, top experts will update you on the latest critical application vulnerabilities and provide advice on how you can scan, detect, and remediate vulnerabilities.

How to Find and Fix Application Vulnerabilities…Fast

Building AI-powered applications with Large Language Models (LLMs) unlocks potential, but navigating this new space can feel like the "wild west" as security, legal, and compliance challenges loom large.

Fear no more - this webinar will equip you with the knowledge and strategies to confidently leverage LLMs in your applications.

Our experts will delve into:
* Understanding and Mitigating Risks: Equip yourself with insights into potential pitfalls and strategies for securing your applications.
* LLM Selection and Integration: Learn best practices for choosing and integrating open-source models responsibly.
* LLM Licensing and Compliance: Gain clarity on licensing requirements and ensure your projects adhere to best practices.
* Security Strategies for AI-Powered Applications: Discover practical approaches to safeguard your software against vulnerabilities.

Harnessing the Power of AI while Mitigating Risks: A Practical Guide

Struggling to optimize your security tools for web application security? Finding it tough to balance security integrity with rapid updates? 

In this session, our experts will delve into the intricacies of building a robust application security program. From understanding the diverse range of available security solutions to implementing comprehensive scanning strategies, they'll explore the key elements that contribute to a mature AppSec program. 

Join us as we navigate through the world of web app security solutions and uncover practical insights to enhance your application security posture.

Key Topics:
* Unveiling the benefits of a comprehensive scanning approach, encompassing SAST, SCA, DAST, IAST, and API Security, to bolster your security posture.
* Understanding the core components of a resilient application security program, including evaluating coverage and ensuring app and API security from the ground up.
* Gaining practical tips for navigating security hurdles, such as deploying hotfixes seamlessly within your pipeline while maintaining security integrity.

Secure your spot now to gain valuable insights and optimize your application security!

Maturing your Application Security Program

Do you know which vulnerabilities in your applications are exploitable? How confident are you in your organization's ability to thwart potential security threats? 

Approximately 70% of organizations have encountered at least one serious security incident from software vulnerabilities in the last year. Don't let your organization be next!

To effectively tackle critical vulnerabilities in their applications, developers need accurate insights. EPSS scores play a crucial role, providing a proactive approach for prioritizing security risks.

In this session, experts will delve into:
* What EPSS scores tell you about your security risk
* How you can use EPSS to address your most critical vulnerabilities
* Why CVSS scores are not enough

Don't miss your opportunity to learn from the EPSS expert team.

Harnessing Exploitability Information for Effective Prioritization

Today’s threat landscape is increasingly unmanageable for many companies as they struggle with an application security approach built to react rather than take charge. 
Take one example: vulnerability alerts. A reactive program is built to scan and alert, often overwhelming DevSecOps teams with red flags that are often false positives. Not only do real alerts get lost in the noise, but teams often have no way to prioritize the highest-risk flaws.  

Taking charge of the process requires an aligned approach that leverages agile learning techniques and SAST programs. This equips developers with the tools they need to eliminate vulnerable code writing and mitigate future risks. 

Join our interactive panel of experts to learn take-charge tactics, including the following: 
* Managing risk through a repo-centric SAST approach
* Innovative techniques to distill noise into actionable priorities aligned with business goals.
* Secure code training programs that deliver quantifiable value by integrating with SAST and training content

Don't miss out on the opportunity to cultivate a mindset for enhancing your application security.

Taking charge of vulnerability alerts

Struggling to maintain software security amidst evolving threats? 
Dive into our exclusive webinar tailored for developers AND security professionals alike. 

Explore the challenges encountered in securing software applications and unlock the transformative potential of Static Application Security Testing (SAST). 
Our seasoned experts will guide you through practical strategies to enhance your security posture using SAST. 
From configuring SAST tools for optimal performance to fostering a proactive security culture, gain actionable insights to fortify your software defenses.

In this webinar, you'll learn:
* Real-world insights: A deep dive into security vulnerabilities detected by SAST and their impact
* Maximizing SAST efficiency: Proven techniques for configuring SAST tools to deliver accurate results
* Proactive security methodologies: Transitioning from reactive to proactive security measures with SAST
* Developer empowerment: Equipping developers with secure coding practices identified through SAST

Maximizing SAST: A Guide for Developers and Security Specialists

Threat Analysis

Threat Defence

Threat Assessment

Developers

Development

Security

Security as a Service

Security Testing

Security Awareness

Secure Development

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Maximizing SAST: A Guide for Developers and Security Specialists

Presented by

About this talk

More from this channel