Featured
Too Many Security Tools. Too Many Results. How to Focus on What Matters Most?
Lucas von Stockhausen, Senior Director of Security Engineering, Synopsys
Most teams are automating at least part of the application security testing within CI/DevOps pipelines. But as they begin to automate test they may find that their security tests significantly slow or break their build/test pipelines. In addition, as more tests are run, teams get overloaded by findings to triage and remediate. In this session you will learn how an Application Security Orchestration and Correlation (ASOC) solution can help teams solve these problem, while aggregating, normalizing, and prioritizing findings across multiple AST tools, so they can focus remediation efforts on security issues that pose the greatest business risk.
All episodes
-
From Business Risk to Application Security Testing
Richard Kirk, Vice President International Sales, Synopsys
In this session we’ll highlight how adopting a business risk management approach can help your organization shape your AppSec program to protect your business and maintain the trust of your users, even as the pace, complexity, and security risks of the software you deliver increases.
Session to paint the big picture and hit on the themes of the sessions that follow:
- How Software Composition Analysis is evolving into Software Supply Chain Risk Management
- The importance and benefits of shifting security “everywhere”
- Why Application Security Orchestration and Correlation enable teams to move from tracking security defects to managing security risks. -
Software Supply Chain Risk Management: The New EU and US SBOM Regulation
Matthew Brady, Senior Manager Sales Engineering, Synopsys
There is a lot of talk about SBOMs (Software Bills of Materials) and Software Supply Chains, as well as emerging software security requirements being developed in the US and EU. At the same time many organizations continue to be caught unprepared to respond when new OSS vulnerabilities like those in Log4J are disclosed. Confused on where to focus?
You are not alone. In this session, we’ll help you navigate the path from SCA to SBOM management to Software Supply Chain Security.
-
Shift Left. Shift Right. Shift Everywhere.
Molka Elleuch, Senior Solutions Engineer, Synopsys
Run static analysis on your source code. Run dynamic analysis or penetration testing prior to deployment. When you get a clean OWASP Top 10 report you are ready to ship. Right? Not anymore. You may already be “shifting left,” integrating security testing into your CI/CD pipelines. But have you thought about shifting right? And are you sure you are running the right tests at the right time in the right place? In this session we’ll provide you with a framework for implementing AST effectively across the entire application lifecycle, from the point at which developers are writing code through to continuous testing in production.
-
Too Many Security Tools. Too Many Results. How to Focus on What Matters Most?
Lucas von Stockhausen, Senior Director of Security Engineering, Synopsys
Most teams are automating at least part of the application security testing within CI/DevOps pipelines. But as they begin to automate test they may find that their security tests significantly slow or break their build/test pipelines. In addition, as more tests are run, teams get overloaded by findings to triage and remediate. In this session you will learn how an Application Security Orchestration and Correlation (ASOC) solution can help teams solve these problem, while aggregating, normalizing, and prioritizing findings across multiple AST tools, so they can focus remediation efforts on security issues that pose the greatest business risk.