Featured
PCI-DSS 4.0 Explained: Enhancements, Challenges, and APIs
John Waller, Cybersecurity Practice Lead – CCET Team
Join us for a webinar discussing the challenges organizations face in transitioning to PCI-DSS 4.0 and implementing new security measures. We will explore the updates to the security framework and the critical need to secure APIs to protect sensitive payment information. Don't miss this opportunity to learn about the latest in PCI-DSS 4.0 and how to effectively adapt to these new standards.
All episodes
-
AppSec vs. NetSec
Jonathan Knudsen, Head of Global Research
Software security is a large and complicated topic, with a bevy of acronyms and inconsistently applied terminology.
In this webinar, Jonathan Knudsen clears the air by providing a bird’s-eye view of software security. You will learn what application security is and what it is not. Topics include
- How the sausage is made
- Which vulnerabilities are most common
- What the secure software development life cycle entails
- What is in the toolbox -
DevSecOps Explained
Meera Rao, Senior Product Management Director
DevSecOps is a trending practice in application security that involves introducing security earlier in the software development life cycle. It expands the collaboration between development and operations teams to integrate security teams in the software delivery cycle.
DevSecOps needs to be risk-based like your application risk indicator. It needs to be able to optimize security testing based on your policies. It should be efficient so not every code change requires a full security analysis.
In this talk, you will learn
• Actionable insights into what DevSecOps is
• What DevSecOps is not
• How DevSecOps works from build to production -
What Is Software Composition Analysis?
Mike McGuire, Senior Software Solutions Manager, Synopsys
Modern applications are no longer created from scratch; instead they are constructed of various components, including open source code that is often developed by individuals outside the organization. Our research reveals that open source code makes up 76% of the average application.
Although leveraging open source software provides access to external expertise, it also entails responsibilities for organizations. Ensuring the security, compliance, and quality of the code is crucial. This is where software composition analysis (SCA) plays a significant role.
Join this discussion that explores the following topics:
o What SCA is and how it functions
o Addressing risks through SCA
o Key elements of an effective SCA solution
o Building a comprehensive open source risk management program with SCA -
What is Cloud Security?
Monika Chakraborty, Associate Principal Consultant
Cloud adoption is happening at unprecedented pace. In the race to migrate quickly, one aspect that sometimes takes back seat is cloud security. But application security and network security are still relevant on the cloud. Deploying infrastructure and applications on the cloud comes with its own set of challenges such as access controls, vulnerability management, securing the hybrid cloud model, and more. That’s why it has become imperative for organizations to understand cloud security concepts and how to secure cloud workloads.
In this webinar, we will discuss cloud security and some of its concepts.
• Shared responsibility and why it is important (IaaS, PaaS, SaaS)
• Secure deployments on cloud infrastructure (people, process, technology)
• Importance of cloud security (recent cloud security breaches) -
What is SAST?
Corey Hamilton, Security Solutions Manager
Static application security testing (SAST) is a key ingredient of any AppSec program. However, modern applications are built using processes, languages, and tools that didn’t exist when many SAST products were originally designed. This creates challenges for developers and security teams that need to deliver highly secure applications without slowing productivity.
In this webinar, we’ll discuss how SAST can help organizations drive security and quality across all their applications. Topics include
• Understanding how static analysis identifies weaknesses in application code
• Running the right level of SAST analysis for each application
• Integrating SAST throughout the software development life cycle
• Ensuring quality and compliance with policy-based code scans -
Fuzzing Essentials
Andy Pan
Organizations encounter challenges in security testing, especially on systems using a variety of technology stacks and protocols. Learn how to uncover system and protocol weaknesses with a technique called fuzzing. The webinar will cover the essentials of using fuzzing solutions to ensure quality and robustness in system and network testing programs.
-
CVE Explained
Matthew Hogg, Vulnerability Analyst
The Common Vulnerabilities and Exposures (CVE) system allows interested parties to track all the relevant information about a specific vulnerability. It helps avoid duplication and allows software vendors and users alike to ensure that they are referring to the same vulnerability in their efforts to protect systems against attack.
In this 15 minute session, you’ll gain
• An understanding of what the CVE system is
• Knowledge of the stakeholders involved
• Insight into the elements of a CVE ID
• A walkthrough of the CVE Record Lifecycle -
Life Cycle of a Vulnerability
Theo Burton, Vulnerability Analyst, Synopsys
Vulnerabilities pose a vast threat to the security of software, systems, and users, and the number of vulnerabilities discovered is increasing year-on-year. Understanding the life cycle of vulnerabilities can help you track, manage, and mitigate these threats effectively.
In this session, you'll gain
• Knowledge of the life cycle of a vulnerability, including examples
• An understanding of why managing vulnerabilities at each stage is crucial
• Awareness of how vulnerabilities are handled in the public and private domains
• Insight into the methods used to manage and fix vulnerabilities -
Vulnerability Scoring 101
Lauren Fearon, Vulnerability Analyst, Synopsys
The Common Vulnerability Scoring System (CVSS) helps you decide which vulnerabilities you should be most concerned about. This isn’t to say that the CVSS will make prioritization decisions for you, but it will give you one piece of information you need to make informed decisions that are best for your organization.
In this session, you'll gain:
• An understanding of CVSS, its metrics, and scoring process
• Insight into CVSS's history and role in vulnerability management
• A walkthrough of scoring a vulnerability's severity
• Knowledge of how CVSS is used in vulnerability management -
The Evolution of Pen Testing
Thomas Richards, Principal Consultant Network and Red Team Practice Director
Innovate or perish is the only choice available to tech companies. Innovation ensures a constant state of change—new programming languages, systems, and platforms are introduced often. This constant state of evolution poses new challenges to security.
A penetration (pen) test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Along with tech and software, pen testing has evolved over the past decade with the introduction of mobile, cloud, big data, IoT, microservices, and more. In this webinar, we will cover
- The new vulnerabilities associated with emerging technologies
- Associated secure coding best practices for developers
- On-premises / cloud network and infrastructure security principles
- Remediation and application of appropriate security controls
- Secure software and environment design -
Elevating Security in the Cloud: Detection and Response Unleashed
Cloud Security Practice, Synopsys Software Integrity Group
In today's fast-paced and ever-evolving cloud landscape, security is not just a necessity but a strategic enabler. To empower organizations to proactively prevent, detect, and respond to cloud security threats with precision and agility, cloud security solutions must scale on demand. Automation in detection and remediation efforts must be in place to meet this requirement.
In this webinar, you’ll learn
- Why cloud detection and response (CDR) is necessary
- How CDR is typically performed
- What business outcomes and benefits CDR provides -
What is Application Security Posture Management (ASPM)?
Natasha Gupta, Senior Product Marketing Manager, Synopsys
Companies adopt many application security testing (AST) tools to pinpoint where critical fixes are needed and avoid costly postproduction software issues. Yet despite a lot of AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM).
In this session, we’ll dive into
- The difference between application security orchestration and correlation (ASOC) and ASPM
- The capabilities that a comprehensive ASPM solution should have
- How ASPM can help your development and security teams mitigate software risk at scale -
Python 101
Boris Cipot, Senior Security Engineer
Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.
But like all programming languages, Python is not immune to security threats. Secure coding best practices must be adopted to avoid risks from attackers. In this webinar, we’ll explore Python security best practices that should employed when building secure application.
-
Pen Testing 101
Dylan Iuzzolino, Senior Security Consultant
A common adage states that “security is only as strong as its weakest link.” Penetration (pen) testing is meant to demonstrate this idea. Through administration of yearly pen tests, these entry points can be identified and patched, providing greater assurance in an application’s defense.
A pen test is a simulated attack on your apps and infrastructure to find exploitable flaws and vulnerabilities. Expert testers use varying and ever-changing tools and techniques to find and demonstrate the business impacts of weaknesses in a system.
In this webinar you will learn:
- Definition and types of pen tests
- The precautions you need to take before you start testing
- Approaches to vulnerability discovery across applications
- How (manual) pen testing fits in with automated tooling
- Development of an example vulnerability -
How Generative AI is Changing the SDLC
Jamie Boote, Associate Principal Consultant
As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks -
Finding Your Way in Container Security
Ksenia Peguero, Senior Manager Software Engineering
DevSecOps and cloud services are driving container adoption in software. As container architectures get complex, they're increasingly exploited. This talk aims to clarify containerization and infrastructure-as-code (IaC) for beginners. We'll cover container technologies, key terms, their value, popularity, challenges, and security issues. We'll discuss common threats, vulnerabilities, attack vectors, and provide real-world attack examples. We'll reference standards and resources like OWASP Docker Top 10, Container Security Verification Standard, NIST Application Container Security guide, and CIS Benchmarks. Finally, we'll provide guidelines and best practices for securing containers.
-
OWASP Top 10 | Understanding IT and Using IT
Nivedita Murthy, Associate Principal Consultant
Learn about OWASP as an organization and its key projects, and dive into the evolution and process of building the OWASP Top 10 list. Learn whether this list should be considered a one-size-fits-all standard for application security and how to use it for your application security activities. We will also discuss if there are any other alternatives.
The key takeaways from this talk include
· What OWASP and the OWASP Top 10 list are
· How the OWASP Top 10 list is defined and monitored
· How to use the OWASP Top 10 list for your application security activities -
Four Types of Supply Chain Attacks Development Teams Should Worry About
Mike McGuire, Senior Security Solution Manager
Log4Shell, SolarWinds, CodeCov, and the npm package repository are all associated with some type of software supply chain risk or incident, but each represents completely different attack vectors. As we depend more on build and release automation and third- party dependencies, we need to better understand how threat actors exploit them to attack the consumers of software. In this session, you’ll learn
• The riskiest points of your software development life cycle
• The four most common supply chain attacks, with real-world examples
• How to create a firewall around the software supply chain to protect your software and your customers -
What the EU Cyber Resilience Act Means for AppSec
Michael White, Technical Director and Principal Architect & Per-Olof Persson, Principal Solution Advisor Europe
With the cost of cyberattacks predicted to cost $10.5 trillion by 2025, the European Commission is looking to transform the cybersecurity landscape through the Cyber Resilience Act. The goal of the CRA is to “bolster cybersecurity rules to ensure more secure hardware and software products.” But what does that mean for those of us already involved in AppSec?
Join our experts as they discuss how AppSec professionals may be impacted by CRA as it exists today. Specifically, we’ll explore:
- Which products may be subject to the CRA based on the definition of “digital elements”
- What impacts this could have on software supply chain moving forward
- How you can assess your AppSec programs to see where you stand with CRA as defined todayThe CRA is currently a draft, as such opinions and insights from presenters are subject to change.
-
PCI-DSS 4.0 Explained: Enhancements, Challenges, and APIs
John Waller, Cybersecurity Practice Lead – CCET Team
Join us for a webinar discussing the challenges organizations face in transitioning to PCI-DSS 4.0 and implementing new security measures. We will explore the updates to the security framework and the critical need to secure APIs to protect sensitive payment information. Don't miss this opportunity to learn about the latest in PCI-DSS 4.0 and how to effectively adapt to these new standards.
-
Embracing the Future of Cybersecurity with NIST CSF 2.0
John Waller, Cybersecurity Practice Lead – CCET Team Synopsys - Software Integrity Group
In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness.
Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update
• Leveraging these changes to improve current cybersecurity programs -
Elevating API Security: A Structured Approach
John Waller, Cybersecurity Practice Lead – CCET Team
APIs have become central to the daily operations of most businesses. Their rapid proliferation has exposed significant vulnerabilities that need immediate attention. This presentation provides an in-depth assessment of the current state of API security. We discuss the growth of API-related incidents and provide a framework for improving API security within organizations.
Join this webinar to learn about
• API security challenges due to the increase in API usage, and the resulting vulnerabilities
• Proactive security integrations for incorporating security measures throughout the entire API development life cycle
• A framework for enhancing API security to protect against emerging threats