Name: API Vulnerability Testing in the Real World: API Security Testing & Your SDLC
Start: 2023-07-25T14:00:00Z
End: 2023-07-25T14:00:27.000Z
Location: BrightTALK
Rating: 0

Invicti Security is transforming the way web applications are secured. An AppSec leader for more than 15 years, Invicti enables organizations in every industry to continuously scan and secure all of their web applications and APIs at the speed of innovation. Invicti is headquartered in Austin, Texas, and serves more than 3,500 organizations of all sizes all over the world. For more information, visit our website invicti.com.

TechTarget and Enterprise Strategy Group’s 2024 Technology Spending Intentions Study found that vulnerability management, penetration testing, API security, DDoS defense, and web app security topped the list of intended application security (AppSec) spending areas for the next 12 months. 

How do these investments align with your own, and what other emerging AppSec areas should you keep top of mind? For one, predictive risk scoring is growing in importance. 

Watch this Fireside Chat at the 2024 RSA Conference on May 6th, featuring Enterprise Strategy Group Practice Director Melinda Marks and CTO of Invicti Frank Catucci, for a predictive risk scoring deep dive, including:

• How does predictive risk scoring work?
• How does it utilize AI?
• How does this factor into the attack surface management (ASM) discussion? 
• And a spotlight on the future of AppSec and AppSec trends.

The Future of AppSec: Applying AI to Minimize Risk and Protect Applications

Many companies are embracing digital transformation and focusing on releasing new apps at high speed while keeping up with the latest technologies and solutions for their business needs – but also always keeping an eye on the budget.

With these challenging goals in mind, prioritizing robust security in apps and APIs emerges as a significant requirement for many IT professionals.

In this webinar, Invicti CTO Frank Catucci and Park ‘N Fly CTO Ken Schirrmacher are coming together to share their experiences on how, with the right solutions and workflows, security leaders can pin down many of the application security challenges that arise – and tackle them head-on.

Building App & API Security into Development: CTO panel discussion

New ways to exploit old vulnerabilities, MOVEit data breaches on a global scale, the meteoric rise of AI, legal actions against CISOs, tech layoffs across the industry, government regulations to improve security… 2023 has not been short on cybersecurity headlines – but which stories are only passing buzz and which will stay with us into 2024 and beyond? 

Join this thought-provoking discussion and learn:

How the cybersecurity landscape is shifting
What has changed in the application security industry
How Invicti is adapting and evolving
What to expect in 2024

Reflecting on 2023 in Application Security and Peering Into the Future

Implementing DevSecOps allows security to become a vital part of the software development lifecycle. In reality, only a few organizations have actually managed to implement DevSecOps effectively and see tangible benefits. Join this webinar to learn how to elevate your DevSecOps.

Mastering DevSecOps: Best Practices Learned From Common Mistakes

The vast majority of organizations rely on APIs to fuel digital transformation, enable integrations, and increase capabilities and efficiencies. However, with sprawling web application environments that change frequently, often on a daily basis, API abuses are fast becoming a major headache for security teams.

Incorporating APIs into the overall AppSec testing strategy is now a necessity, but for many, it still presents a major technical and organizational challenge.

Join Invicti Director of Product Marketing, Patrick Vandenberg, to learn:

- The importance of APIs and why they are a key attack surface for modern threat actors
- The challenges of including APIs in application security testing and ways to overcome them
- Best practices for building API scanning into your AppSec program

________________
About the Speaker - Patrick Vandenberg

A seasoned cybersecurity leader, Patrick Vandenberg is the Director of Product Marketing at Invicti Security. He works closely with security and DevSecOps stakeholders to understand today’s cybersecurity pain points so we can continue to help our customers solve their application security challenges. As an alumnus of several cybersecurity companies, including Hunters, Snyk, and IBM Security, Patrick brings over 20 years of experience in cybersecurity across product marketing and product management roles. Patrick holds a degree in Systems & Computer Engineering from Carleton University and, in his free time, continues a longtime passion for coaching and playing hockey.

API Security Decoded: Emerging Trends and Effective AppSec Strategies

There’s nothing like cold hard data to set the record straight on security.  Each year we analyze the most common web application vulnerabilities across thousands of assets and release the annual Invicti AppSec Indicator report. 
New research reveals how headline-grabbing breaches and pandemic-driven industry changes are influencing scan behavior and broader coverage. 

As part of this webinar, we will share a deep dive into the trends currently impacting AppSec programs and share some of the best practices that will help you achieve efficiencies in your program.
Join Invicti Director of Product, Patrick Vandenberg, as he presents the major web vulnerability trends and important highlights, including: 
The latest insights and trends to guide best practices in vulnerability identification and remediation 
Data that proves organizations can effectively reduce the risk of a breach by increasing web vulnerability scan frequency and expanding application and API scan exposure
How enterprise and SMB organizations successfully improve security posture by shifting their efforts both left and right by continuously scanning for security issues earlier in the software development pipeline and in production

Join this webinar to learn how baking in continuous scanning will help your organization find and fix more high-severity flaws faster and improve overall security posture.

The Invicti AppSec Indicator, Spring 2023: Scan more. Fix more. Reduce risk.

APIs have progressed from being add-ons to a core application to become the fundamental building blocks of modern software architecture. Many companies have had an API security incident in the past 12 months including the recent Optus hack. 
And yet, surprisingly many organizations are still overlooking or not realizing that the API part of the web application attack surface can be covered when planning and executing their AppSec programs. 

Join Invicti Senior AppSec Manager Suha Akyuz as he discusses the practical challenges of API vulnerability testing, technical solutions to overcome them, and best practices to make it all work in a modern web development pipeline. 
You will also learn:
- Why API vulnerability testing in modern development pipelines runs into so many obstacles
- How advances in AppSec technologies have made it possible to automatically test APIs in combination with the rest of your web attack surface, allowing you to save on valuable resources
- What best practices you can follow to make API security testing a routine and efficient part of your secure SDLC

There is no question that APIs are difficult to test. If undocumented API endpoints make it into production, they can quietly increase the overall attack surface, exposing sensitive data and critical functionality directly to attackers. Join the webinar to learn practical ways to make API security a routine part of a successful web application security program.

An Integrated Approach to Scanning APIs with DAST

Generative AI tools such as GitHub Copilot and ChatGPT seem to hold promise for developers looking to write code more efficiently and find quick answers to programming questions. But especially in these early days, carefree reliance on such tools can introduce a range of issues related to software functionality, licensing, and security. Superficially valid suggestions can result in vulnerable code that increases risk and requires additional remediation work down the line. And that’s even before considering the potential for abuse if such tools are used irresponsibly or with malicious intent. 
 
To systematically catch vulnerabilities that AI-generated application code can introduce, your AppSec teams can use techniques like dynamic application security testing (DAST) and software composition analysis (SCA), running automatic checks in the development pipeline. 


The webcast featuring Invicti will examine how DAST and other methods of application security testing and analysis can help to mitigate the security risks associated with AI-generated code. It will also warn viewers of other potential AI dangers that developers should look out for, including:
- Importing AI-suggested libraries that don’t exist (but can be spoofed by malicious actors)
- Privacy concerns surrounding AI engine queries 
- Superficially correct code that introduces business logic vulnerabilities
- Possible code licensing violations 

This webcast has been produced in collaboration with SC Media, Cyber Risk Alliance.

Generative AI: Understanding the AppSec risks and how DAST can mitigate them

NoSQL injection attacks against MongoDB databases are a major threat to full-stack JavaScript applications. The OWASP Top 10 for 2021 lists injection as the #3 overall risk category for web application security, and NoSQL injection is one of the more recent additions to that category.

Join Invicti Staff Security Engineer Sven Morgenroth as he shows how to find MongoDB injection vulnerabilities with an automated approach – and how to fix them.

You will also learn:
- The basics of MongoDB injection vulnerabilities
- Secure development practices for MongoDB
- How to find, analyze, and fix reported vulnerabilities with Invicti

MongoDB databases are a critical part of the modern web. By attending this webinar, you will learn many ways to fix MongoDB injection vulnerabilities and avoid them in the future.

NoSQL security scanning: Finding and remediating MongoDB vulnerabilities

When it comes to application security, identifying and managing all threats can be daunting, but when faced with the possibility of an attack that could derail development or, worse, cause a breach, testing for vulnerabilities both early and often is more than an obvious solution – it’s the specified standard.

With the 44% rise in publicly reported cybersecurity incidents over the past decade and a growing cost per incident between $266,000 and $52 million, organizations know they must introduce more-robust cybersecurity management systems.  


Updated in October 2022, new ISO 27001 requirements redefine application security controls for building a secure SDLC in modern software development environments, with an emphasis on vulnerability scanning.

Join the Invicti CISO and VP of Information Security, Matthew Sciberras, to learn more about the 2022 version of the ISO 27001 and 27002 standards, including:
- New set of requirements for the software development life cycle
- What the new requirements mean for developers
- Why vulnerability scanning is emphasized in multiple places in the standard, and how to incorporate it as part of the secure SDLC.

New ISO27001 Requirements for a Secure SDLC with Vulnerability Scanning

A panel discussion that has aired initially as part of the Dark Reading Virtual Event, sponsored by Invicti:

Today’s threat landscape calls for a more proactive approach to security, with regular vulnerability scanning and penetration testing of IT infrastructure as well as threat hunting by the security team or your security service provider. How do you set up a vuln scanning and pen testing regimen? What’s the best way to begin and conduct threat hunting? How do you apply the results of these practices to tighten up your defenses? Threat hunting specialists will share intel on how to practice proactive security using these processes as well as emerging technologies that support them.

Getting a Step Ahead of the Attacker with Vulnerability Scanning & Pen Testing

This panel discussion has originally appeared as part of the Dark Reading Virtual Event, sponsored by Invicti.

Agile development and continuous integration/continuous deployment have changed the game for application development practices, leading enterprises to “shift left” and build security into the software development lifecycle to catch any vulnerabilities before applications go into production. But what about those existing production applications running in the enterprise? In this webinar, you'll learn how to use modern security practices to manage the detection and remediation of vulnerabilities in those legacy applications. You’ll also get tips for how to help your dev team balance their development demands with the need to secure applications enterprise-wide.

How to Protect Your Legacy Software Applications

This democast has originally aired on SC Media.

Secure application development can be a painstaking process, but just how painful does DevSecOps actually need to be? 

Companies that are actively engaged in DevSecOps speak of multiple pain points, from struggles with asset visibility and discovery to finding ways to close every gap in their defenses. Along the way, they face an uphill battle to integrate dynamic application security testing (DAST) into their software development life cycle and maintain vulnerability testing coverage across all their application environments – and all this while constantly warding off time-wasting false positives.

Organizations are always looking for ways to ease these security pains and cut down on inefficiencies. One remedy for these ailments is Invicti’s web application security testing platform, which integrates throughout the SDLC to embed automated security testing into application development without hampering the pace of innovation.

 
This democast features a walkthrough of Invicti’s AppSec solution, with detailed commentary explaining how Invicti’s Proof-Based Scanning technology coupled with deep integration into CI/CD workflows provides a tried-and-true remedy for the biggest pain points that plague DevSecOps initiatives today.

Dr. DevSecOps: A prescription for alleviating AppSec’s biggest pain points

From fresh exploits to new attack vectors, things change fast – those sudden ebbs and flows can make or break how prepared you are to respond to future threats quickly and efficiently. Attacks aren’t slowing down, so neither can you. Looking at 2023, and beyond, what will the next five to ten years of cybersecurity trends look like? How can you ensure that your organization is ready when the next big exploit makes itself known?

Join Frank Catucci, Invicti CTO and Head of Security Research, to discuss the future of AppSec, including:
What are DevSecOps professionals most concerned about and where will they invest in 2023;
- Which cybersecurity trends will be shaping 2023 and beyond;
- How processes, tools, and workflows might change in response, and how will they affect you;
- And more.

Keeping an eye on trends is critical to staying ahead of the curve with a proactive approach. Join this webinar to prepare yourself for a more secure 2023, and beyond.

The next year of AppSec: 2023 and beyond

In the chaos generated by alert overload, inefficient communications, and inadequate toolchains, how do development and security practitioners deal with it all?
In partnership with Wakefield Research, Invicti polled 500 DevSecOps professionals to gain deeper insight into how organizations from varying industries deal with AppSec challenges, where they are truly investing, and where the greatest changes are taking place. 

Join Invicti CTO and Head of Security Research, Frank Catucci, as he presents the highlights from Invicti’s latest AppSec Indicator report, including: 
- The real-life effectiveness of existing AppSec processes
- The anticipated spending trends for security initiatives
- Tried-and-true ways to prove ROI by cutting through the noise, inefficiencies, and delays using dynamic application security testing (DAST)

When AppSec grows too noisy, vulnerabilities get the silent treatment to the detriment of both development and security. Join the webinar and learn how to tune out the noise and move towards an efficient DevSecOps process.

2022 AppSec Indicator: Tuning Out the AppSec Noise is All About DAST

Security teams are intensely focused on protecting their organizations, often leading to friction with developers who need to build and produce applications quickly. How can organizations speed up product releases and shorten innovation cycles while also improving security and working in tandem with development? 
To understand how successful organizations do this, we have partnered with Enterprise Strategy Group (ESG), an independent IT analysis, research, and advisory organization, to develop an in-depth white paper: Automated Application Security Testing for Faster Development.   

As part of this webinar, we will present the highlights from this white paper, including: 
- The challenges of securing cloud-native applications
- The case for embedding security testing directly into developer workflows for better coverage
- Ways to turn your security team into enablers instead of blockers
- The Invicti approach to helping you continuously secure all your applications
- How automated AppSec testing saves time and money

Join this webinar to learn how organizations like yours “cover their AST with DAST” by enabling both security and development teams and proactively taking control of the security of their web apps.

Automated Application Security Testing for Faster Development

As the DevOps teams are moving forward at speed to help fast forward business growth, traditional security teams seem to struggle to keep up with a fast pace of innovation, making it unsustainable to maintain a traditional DevOps approach without involving security directly.

Having security as an integral part of development is the only practical approach to modern agile workflows. 
Join Invicti Solutions Engineer Ali Marwani, and learn:
- What is DevSecOps, and why do we need it?
- How to implement DevSecOps
- DevSecOps best practices

Transforming your organization with DevSecOps

Security leaders know that securing APIs is vital to protect their businesses. With failures in API security leading to data breaches - Peloton, Experian and even the FBI are among recent household name organisations impacted - API security is in the spotlight more than ever before. 

Yet security leaders also know just how tricky implementing robust API security strategies can be. As innovation steps up and software teams have the tools to develop faster than ever before, undocumented API endpoints frequently make it into production and quietly increase the overall attack surface.  

In this Invicti webinar, experts are coming together to share how, with the right solution and workflows, security leaders can meet these challenges head on. 
Join this webinar to learn: 

- Why API vulnerability testing in modern development pipelines runs into so many challenges 
- Why SDLC integration is the most robust way to systematically cover APIs 
- How advances in AppSec technologies have made it possible to automatically test APIs along with the rest of your web attack surface 
- What best practices you can follow to make API security testing a routine and efficient part of your secure SDLC
- And more

API Vulnerability Testing in the Real World: API Security Testing & Your SDLC

APIs

API Management

Security

Data Breach

Data Best Practices

SDLC

Application Security

Cyber Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

API Vulnerability Testing in the Real World: API Security Testing & Your SDLC

Presented by

About this talk

More from this channel