AppSec in a World of Digital Transformation

Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have an attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.

Hybrid Cloud DevOps with Apprenda and UrbanCode Deploy

Claudia Ring

In this webinar, Michael Elder, IBM Distinguished Engineer for UrbanCode, Rakesh Malhotra, SVP of Product Strategy at Apprenda, and Chris Dutra, Senior Integrations Engineer at Apprenda, will walk through best practices and a live demo showing how to; Standardize, simplify and orchestrate deployments across IBM Bluemix and Apprenda with UrbanCode Deploy Cloud enable existing multi-tier applications with Apprenda PaaS, making them elastically scalable and reliable Enable modern applications built with Kubernetes to integrate with on premises systems of record Enable multiple development teams releasing code at different speeds to coordinate deployments Achieve abstraction over different cloud APIs

Enabling Developers in Your Application Security Program With Coverity and Th...

Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.

2018 NAMIC - Practical Applications for Web Services

Stream Video to Your Global Users Securely and Confidently

Cloudflare

2018 NAMIC Farm Forum

At Cloudflare, we not only protect 12 million domains against DDoS attacks with our global network but also accelerate their performance. Our 150+ data centers all over the world puts us in a key position to serve content from the edge to the end users, blazingly fast. Join this webinar to learn about: • How performance affects your revenue • What is the right metric to measure and how • Challenges in achieving an optimal performance on your web assets • How to improve your website’s performance and user-experience • Learn from industry experts on best practices for improving web performance

Embracing New Normal

SSFIndia1

Integrating BlueMix into a DevOps pipeline

Richard Irving

Code to Cloud: Three Trends for Faster, Safer Continuous Delivery

You’re faced with the business imperative to deliver value to your customers faster, with less risk, and at enterprise scale. But where do you start? There are so many approaches and products for implementing continuous delivery (CD) of modern apps. Join our webinar to learn about three trends that can make your delivery pipelines inherently resilient, accessible, and continuous: ● continuous delivery as a relay race ● turning monitoring into automated action ● developer experience at the heart We’ll share a demo of a delivery pipeline that includes Concourse CI, Pivotal Build Service, and Spinnaker CD with Pivotal Container Service as the destination. You’ll learn how a loosely coupled pipeline can provide speed with guardrails, enabling you to scale delivery of your modern applications. This webinar is especially relevant for those who: ● think full software delivery automation is a pipe dream. ● have an app delivery pipeline that’s a brittle monolith to maintain. ● suspect all your delivery problems are solved with Kubernetes. Speakers: Olga Kundzich, Pivotal, Senior Product Manager Spinnaker Tony Vetter, Pivotal, Technical Product Marketing Manager Patricia Johnson, Pivotal, Product Marketing Manager CI/CD

The Future of BriteCore - Product Development

Cloud Foundry Summit 2015: Leaving your Comfort Zone - Garmin and Cloud Foundry

Design Like a Pro: Building Better HMI Navigation Schemes

Inductive Automation

The Role of In-House & External Counsel in Managing Open Source Software

Flexera

The savvy security leader final dg ppt issa_la

ISSA LA

Introduction to Cobalt

Cobalt

Path to Production as a Service

Accelerating the Developers' Road to the Cloud at Enterprise Scale

DevOps for Enterprise Systems

Ag pres m for mobile conference 2nd march 2011Mithun Mandal

IBM InterConnect 2017 - Call for speakers is now open!

iSecureCyber (Long Pitch Deck)

iSecureCyber - Short Pitch Deck

Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy

IBM UrbanCode Products

Jenkins, the world’s leading open source continuous integration server, and IBM UrbanCode Deploy can be used together to automate the end-to-end continuous delivery process. See how Jenkins passes builds to IBM UrbanCode Deploy to automate the deployment of applications, middleware configurations and database changes into development, test and production environments—delivering higher quality software in a repeatable fashion. Presented by: Eric Minick, IBM DevOps Evangelist (and UrbanCode guy), and Kohsuke Kawaguchi, CTO of CloudBees.

Transformationplus Cyber Security Offering v10

Platform Health Assessment at Department of Homeland Security Citizenship and...

Assessing Business Operations Risk With Unified Vulnerability Management in T...

For almost 10 years, ThreadFix has been the preeminent solution for managing your application vulnerabilities. In that time, it has grown from that initial correlation and reporting engine which brought your SAST and DAST vulnerabilities together, into a developer-integrated, CI/CD-enabling management platform. Deployed and used in Fortune 100 companies ranging from entertainment to banking to health care, in addition to some of the largest organizations within the Federal Government, ThreadFix now helps organizations correlate and prioritize risk across their applications and the network infrastructure that supports them. Join us as we debut the largest update to the ThreadFix platform to date, ThreadFix 3.0. Featuring new network vulnerability management tools, a new containerized microservices architecture, and a new user interface, ThreadFix 3.0 is the solution for comprehensive and correlated risk-based reporting on your entire portfolio of applications and infrastructure assets.

The As, Bs, and Four Cs of Testing Cloud-Native Applications

Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.

Shifting security all day dev ops

What's hot

Web Performance Matters: Challenges, Solutions, Best Practices

Cloudflare

Embracing New Normal

SSFIndia1

Integrating BlueMix into a DevOps pipeline

Richard Irving

Code to Cloud: Three Trends for Faster, Safer Continuous Delivery

The Future of BriteCore - Product Development

Cloud Foundry Summit 2015: Leaving your Comfort Zone - Garmin and Cloud Foundry

Design Like a Pro: Building Better HMI Navigation Schemes

Inductive Automation

The Role of In-House & External Counsel in Managing Open Source Software

Flexera

The savvy security leader final dg ppt issa_la

ISSA LA

Introduction to Cobalt

Cobalt

Path to Production as a Service

Accelerating the Developers' Road to the Cloud at Enterprise Scale

DevOps for Enterprise Systems

Ag pres m for mobile conference 2nd march 2011Mithun Mandal

IBM InterConnect 2017 - Call for speakers is now open!

iSecureCyber (Long Pitch Deck)

iSecureCyber - Short Pitch Deck

Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy

IBM UrbanCode Products

Transformationplus Cyber Security Offering v10

Platform Health Assessment at Department of Homeland Security Citizenship and...

Assessing Business Operations Risk With Unified Vulnerability Management in T...

What's hot (20)

Web Performance Matters: Challenges, Solutions, Best Practices

Embracing New Normal

Integrating BlueMix into a DevOps pipeline

Code to Cloud: Three Trends for Faster, Safer Continuous Delivery

The Future of BriteCore - Product Development

Cloud Foundry Summit 2015: Leaving your Comfort Zone - Garmin and Cloud Foundry

Design Like a Pro: Building Better HMI Navigation Schemes

The Role of In-House & External Counsel in Managing Open Source Software

The savvy security leader final dg ppt issa_la

Introduction to Cobalt

Path to Production as a Service

Accelerating the Developers' Road to the Cloud at Enterprise Scale

Ag pres m for mobile conference 2nd march 2011

IBM InterConnect 2017 - Call for speakers is now open!

iSecureCyber (Long Pitch Deck)

iSecureCyber - Short Pitch Deck

Continuous Delivery with Jenkins Enterprise and IBM UrbanCode Deploy

Transformationplus Cyber Security Offering v10

Platform Health Assessment at Department of Homeland Security Citizenship and...

Assessing Business Operations Risk With Unified Vulnerability Management in T...

Similar to AppSec in a World of Digital Transformation

The As, Bs, and Four Cs of Testing Cloud-Native Applications

Shifting security all day dev ops

Enumerating Enterprise Attack Surface

Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.

An OWASP SAMM Perspective on Serverless Computing

Serverless architectures enable organizations to build and deploy software and services without maintaining or provisioning any physical or virtual servers. They are an excellent choice for a wide range of services, and can scale elastically as cloud workloads grow, and as a result have become a popular architectural element for development teams. However, this new approach can have a significant impact on the security of systems, and many teams are not familiar with how to securely incorporate serverless elements into their architectures. Using the OWASP SAMM maturity model as a framework, this webinar walks through how teams adopting serverless computing can do so in a secure manner and consistent with their organization’s roadmap for maturing their application security posture.

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)? The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools. These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.

How to Integrate AppSec Testing into your DevOps Program

During this live webinar, IBM & Denim Group join forces to demonstrate how Application Security Testing can be integrated with DevOps methodologies to identify and remediate high-risk vulnerabilities quickly, with minimal overhead. Specifically, we’ll discuss how you can integrate Dynamic Application Security Testing (DAST) using IBM AppScan Enterprise REST API into a DevOps CI/CD pipeline, which helps you to automatically identify high-risk vulnerabilities within web applications and web services. We’ll also show how using Denim Group’s ThreadFix offering with AppScan Enterprise allows for seamless integration with typical DevOps tool-sets, in order to further reduce the overhead associated with AppSec testing within the SDLC.

Enabling Developers in Your Application Security Program With Coverity and Th...

SAP Concur’s Cloud Journey

SBWebinars

The journey of cloud migration isn’t a straight and narrow path, and enterprise DevSecOps teams generally use a variety of tools to reach their goal. In this webinar, we will deep dive into SAP Concur’s journey, and how they are leveraging Contrast Security’s embedded application security model and AWS in tandem to “shift left”, create a seamless developer experience, and deliver secure application workloads on the cloud. Join key executives from SAP Concur, AWS and Contrast Security as they discuss how to avoid the pitfalls and pioneer a secure cloud path to success. In this webinar, you will learn: The start: Why SAP Concur moved to AWS The next step: Cloud enables increased velocity The chutes and ladders: Security challenges with increased software velocity The resolution: Design Architectures and Deployment Models between Contrast Security and AWS The lessons learned: Continuous Improvement & Best Practices.

Shifting Security Left - The Innovation of DevSecOps - AgileDC

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

Shifting Security Left from the Lean+Agile 2019 Conference

Cloud Migration for Financial Services - Toronto - October 2016

Amazon Web Services

Stages of Adoption leading to Complete Migration

Amazon Web Services

How do I grow with my organization and meet my organization's needs? How do I rise to the new challenges before me? In this session we discuss the differences in preparing to operate in the cloud, what your operational priorities need to be, how to start designing for operations, and building your operational readiness. We will walk you through the process of how to launch your new life in the cloud. You will learn to make the early choices that lay the foundations for a successful adoption of cloud services. At the end of this session you will understand the key considerations when planning your personal journey to the cloud. This session is for leaders, operations, service owners and anyone interested in how to get started in the cloud to ensure successful business outcomes.

SDM: The Fundamentals of Software Delivery Management

DevOps.com

Research and experience have proven that breaking down the barriers between Dev and Ops can yield tremendous efficiency, quality and velocity enhancements for software delivery teams. But, in the spirit of continuous improvement… what’s next? What happens when you break down the barriers between DevOps and other parts of the business? Join Jay Lyman (Principal Analyst, Cloud Native and DevOps, 451 Research) and Brian Dawson (DevOps Evangelist, CloudBees) as they review research on the current state of Software Delivery Management (SDM), and outline the key practices organizations should adopt to keep ALL teams on the same page about the software delivery function. We’ll discuss: How DevOps and SDM are critical for driving digital transformation. The key stakeholders you need to focus on, beyond development and IT operations. The role of security and governance, and how organizations can effectively measure and prove their DevOps success.

AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices

Amazon Web Services

Cloud technology for msme sector sujit panigrahi v2Sequoia Fitness and Sports Technology Pvt. Ltd.

Nuvem sem limites: IaaS, PaaS ou SaaS? Transforme seu negócio!, por Sergio Gama

iMasters

Understanding The Cloud For Enterprise Businesses.

Triaxil

Cloud is getting lots of attention these days. Cloud is a transformational platform that can support the opportunities of today’s digital business being shaped and driven by mobile, social, IoT (Internet of Things), Big Data and other forces. Cloud Computing not only is a powerful agent of change, but it also can accelerate transformation. The benefits are big. “Cloud computing is a disruptive phenomenon, with the potential to make IT organizations more responsive than ever,” says research firm Gartner. “Cloud computing promises economic advantages, speed, agility, flexibility,infinite elasticity an dinnovation.” As a result, more and more enterprises are moving to the cloud. According to Gartner, 78 percent of enterprises are planning to increase their investment in cloud through 2017.

Understanding The Cloud For Enterprise Businesses, an eBook from Triaxil!

Ezhilarasan Natarajan

Cloud is getting lots of attention these days. Cloud is a transformational platform that can support the opportunities of today’s digital business being shaped and driven by mobile, social, IoT (Internet of Things), Big Data and other forces. Cloud Computing not only is a powerful agent of change, but it also can accelerate transformation. The benefits are big. “Cloud computing is a disruptive phenomenon, with the potential to make IT organizations more responsive than ever,” says research firm Gartner. “Cloud computing promises economic advantages, speed, agility, flexibility,infinite elasticity and innovation.” As a result, more and more enterprises are moving to the cloud. According to Gartner, 78 percent of enterprises are planning to increase their investment in cloud through 2017. Interested further?

The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...

Security programs are almost always underfunded while organizations have no shortage of sophisticated threats. Getting executives to free up resources to invest in security before a breach is always difficult. How does one take modest formal authority, a bare-bones budget, and informal influence and leverage that to obtain scarce resources to protect the organization? How does a scrappy security leader identify pockets of existing resources, leverage ongoing business activities, and generally get others to do what they should already probably be doing in the world of security? This webcast helps those security leaders do a better job of identifying hidden resources within the enterprise to further the cause of security.

Similar to AppSec in a World of Digital Transformation (20)

The As, Bs, and Four Cs of Testing Cloud-Native Applications

Shifting security all day dev ops

Enumerating Enterprise Attack Surface

An OWASP SAMM Perspective on Serverless Computing

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

How to Integrate AppSec Testing into your DevOps Program

Enabling Developers in Your Application Security Program With Coverity and Th...

SAP Concur’s Cloud Journey

Shifting Security Left - The Innovation of DevSecOps - AgileDC

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

Shifting Security Left from the Lean+Agile 2019 Conference

Cloud Migration for Financial Services - Toronto - October 2016

Stages of Adoption leading to Complete Migration

SDM: The Fundamentals of Software Delivery Management

AWS FSI Symposium 2017 NYC- CTP & Cloud Migration Best Practices

Cloud technology for msme sector sujit panigrahi v2

Nuvem sem limites: IaaS, PaaS ou SaaS? Transforme seu negócio!, por Sergio Gama

Understanding The Cloud For Enterprise Businesses.

Understanding The Cloud For Enterprise Businesses, an eBook from Triaxil!

The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...

More from Denim Group

Long-term Impact of Log4J

In its aftermath, Log4j vulnerabilities put the spotlight on vendor management and supply chain security practices. Now that the dust has settled and the worst of the fallout has passed, this talk presents perspectives on likely mid- and long-term changes that the security industry will see as a result of dealing with the Log4j issue as the latest in an escalating series of open source and software supply chain incidents.

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors. This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Optimizing Security Velocity in Your DevSecOps Pipeline at Scale

Businesses are driving development teams to build, test and deliver app innovations faster and faster, while attackers continue to grow in sophistication and complexity. To protect the business, dev and security teams are deploying multiple app/network/OSS security testing tools, internal & 3rd party manual assessments, and other processes which in turn drives an exponential spike in volume of issues to analyze, correlate, triage, route and repair. Facing this data deluge, DevSecOps teams are turning to automation of mobile app security testing and orchestration of vulnerability management for speed and scale. Join Brian Reed, Chief Mobility Officer of NowSecure and Dan Cornell, Co-Founder and CTO of Denim Group in this best practices session to learn how to drive efficiencies in team and pipeline performance at scale.

Application Asset Management with ThreadFix

Too many organizations have an incomplete picture of their application portfolios. Because you are unable to protect attack surfaces that you don’t know about, this leaves them vulnerable. In this webinar, we will cover the capabilities that ThreadFix has to allows security teams to manage their application asset portfolios. We will also take a deeper dive into several tools such as nmap and OWASP Amass that can help security analysts better enumerate all of the applications in their organization’s portfolio.

OWASP San Antonio Meeting 10/2/20

Title: AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program Abstract: With all the focus on DevSecOps and integrating security into Continuous Integration/Continuous Delivery (CI/CD) pipelines, some teams may be lured into thinking that the entirety of a Software Security Assurance (SSA) program can be baked into these pipelines. While integrating security into CI/CD offers many benefits, it is critical to understand that a full SSA program encompasses a variety of activities – many of which are incompatible with run time restrictions and other constraints imposed by these pipelines. This webinar looks at the breadth of activities involved in a mature SSA program and steps through the aspects of a program that can be realistically included in a pipeline, as well as those that cannot. It also reviews how these activities and related tooling have evolved over time as the application security discipline has matured and as development teams started to focus on cloud-native development techniques and technologies. Speaker: Dan Cornell Bio: A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.

AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program

With all the focus on DevSecOps and integrating security into Continuous Integration/Continuous Delivery (CI/CD) pipelines, some teams may be lured into thinking that the entirety of a Software Security Assurance (SSA) program can be baked into these pipelines. While integrating security into CI/CD offers many benefits, it is critical to understand that a full SSA program encompasses a variety of activities – many of which are incompatible with run time restrictions and other constraints imposed by these pipelines. This webinar looks at the breadth of activities involved in a mature SSA program and steps through the aspects of a program that can be realistically included in a pipeline, as well as those that cannot. It also reviews how these activities and related tooling have evolved over time as the application security discipline has matured and as development teams started to focus on cloud-native development techniques and technologies.

Using Collaboration to Make Application Vulnerability Management a Team Sport

Vulnerability management - especially application vulnerability management - is a challenging business function because it crosses disciplinary boundaries. Security teams find and adjudicate vulnerabilities, DevOps and server ops teams have to fix them, and GRC teams need to be kept apprised of status and progress. As has always been the case - but especially in a necessarily remote work environment - collaboration is key to making these business functions operate efficiently and effectively. This webinar looks at common bottlenecks that snarl vulnerability remediation workflows and discusses strategies to address these issues via collaboration. Examples are given of implementing these via the ThreadFix platform, but the strategies are universally-applicable for vulnerability management professionals looking to streamline their vulnerability remediation workflows.

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Security Champions: Pushing Security Expertise to the Edges of Your Organization

Application security teams are outnumbered. Even in security-conscious environments, application developers often exceed application security professionals by a ratio of 100:1. In addition, the push for digital transformation is accelerating the pace of development – exacerbating these challenges. One technique forward-looking security teams have adopted to stay afloat is to deploy security champions into development teams throughout the organization. This webinar looks at different models for standing up security champion initiatives and relates Denim Group’s experiences helping organizations craft and staff these programs.

The As, Bs, and Four Cs of Testing Cloud-Native Applications

An Updated Take: Threat Modeling for IoT Systems

The Internet of Things (IoT) is an exciting and emerging area of technology allowing individuals and businesses to make radical changes to how they live their lives and conduct commerce. The challenge with this trend is that IoT devices are just computers with sensors running applications. Because IoT devices interact with our personal lives, the proliferation of these devices exposes an unprecedented amount of personal sensitive data to significant risk. In addition, IoT security is not only about the code running on the device, these devices are connected to systems that include supporting web services as well as other client applications that allow for management and reporting. A critical step to understanding the security of any system is building a threat model. This helps to enumerate the components of the system as well as the paths that data takes as it flows through the system. Combining this information with an understanding of trust boundaries helps provide system designers with critical information to mitigate systemic risks to the technology and architecture. This webinar looks at how Threat Modeling can be applied to IoT systems to help build more security systems during the design process, as well as how to use Threat Modeling when testing the security of IoT systems.

A New View of Your Application Security Program with Snyk and ThreadFix

Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.

Optimize Your Security Program with ThreadFix 2.7

ThreadFix 2.7’s feature set represents the most significant expansion to the platform since ThreadFix was first released almost 10 years ago. This release bundles new application risk-ranking capabilities with the powerful addition to receive a 3rd party assessment for any application managed within ThreadFix. Join us to see how your team’s capacity and capabilities can be instantly expanded through on-demand application security assessments delivered directly into your ThreadFix instance, adding Denim Group’s nearly two decades of application security experience to your team anytime you need it.

Application Security Testing for a DevOps Mindset

The cultural transition to DevOps is coming to organizations, and security teams must learn to adapt or be marginalized. Forward-thinking security teams will use this transition to their advantage and will reap the benefits of better and more frequent security insight into development cycles. By understanding the goals of development teams, security representatives can help to meaningfully include themselves in the development process and provide value through sensible risk management.

Reducing Attack Surface in Budget Constrained Environments

Sprawling networks, streaming vendor vulnerability updates, and an application portfolio that remains a mystery keep you up late wondering where your weakest link exists. Budget constraints make you wonder where to begin, given that the responsibility to protect your organization remains firmly on your shoulders. How do savvy leaders identify the most pressing exposures and prioritize their efforts given limited budgets? What are the strategies that sophisticated IT and security leaders pursue to identify the scariest vulnerabilities and fix them before attackers find them? This session will lay out actionable plans to immediately identify and reduce more of your organization’s attack surface.

Securing Voting Infrastructure before the Mid-Term Elections

The prospect of nation state interference with our 2018 mid-term elections is a reality that secretaries of state are facing. Given the fast-changing nature of the threat and the sprawling election infrastructure across the country, how are state officials securing their voting systems and databases in anticipation of the election? What are emerging strategies given the limited resources and unlimited needs? Where are the most vulnerable parts of the election systems and where should state officials focus their efforts given the potential for disruption? This webinar will provide an attacker’s view of a typical state-run election system and will make recommendations where to focus limited time and resources in the run up of the 2018 mid-term election in November.

Threat Modeling for IoT Systems

Understanding IoT Security: How to Quantify Security Risk of IoT Technologies

IoT devices are proliferating throughout corporate networks raising concerns about security risks they may introduce. However, IoT technologies differ in many ways from most enterprise-ready technologies that currently exist. Understanding the risks that IoT represents and how to best quantify that risk can be a challenge for many security leaders. This webinar provides an overview of IoT architectures, how they differ from existing infrastructure devices, and how best to measure the risk IoT devices represent. It will expose attendees to concepts like Threat Modeling for IoT and provide additional references that will help build a successful IoT security assessment program.

Elevate Your Application Security Program with Burp Suite and ThreadFix

Burp Suite is the premier software for web security testing, allowing organizations to deploy cutting-edge scanning technology to identify the very latest serious application vulnerabilities. ThreadFix is the industry leading vulnerability resolution platform that provides a window into the state of application security programs for organizations that build software. The combination of ThreadFix and Burp Suite allows organizations to efficiently identify security vulnerabilities, correlate and trend test results, and prioritize application risk to resolve vulnerabilities more quickly and more efficiently. This webinar will demonstrate how organizations can use ThreadFix and Burp Suite together to integrate application security into DevOps CI/CD pipelines and to track organization-wide metrics on progress finding and resolving web application vulnerabilities.

More from Denim Group (20)

Long-term Impact of Log4J

Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...

Optimizing Security Velocity in Your DevSecOps Pipeline at Scale

Application Asset Management with ThreadFix

OWASP San Antonio Meeting 10/2/20

AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program

Using Collaboration to Make Application Vulnerability Management a Team Sport

Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...

Security Champions: Pushing Security Expertise to the Edges of Your Organization

The As, Bs, and Four Cs of Testing Cloud-Native Applications

An Updated Take: Threat Modeling for IoT Systems

A New View of Your Application Security Program with Snyk and ThreadFix

Optimize Your Security Program with ThreadFix 2.7

Application Security Testing for a DevOps Mindset

Reducing Attack Surface in Budget Constrained Environments

Securing Voting Infrastructure before the Mid-Term Elections

Threat Modeling for IoT Systems

Understanding IoT Security: How to Quantify Security Risk of IoT Technologies

Elevate Your Application Security Program with Burp Suite and ThreadFix

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Designing Great Products: The Power of Design and Leadership by Chief Designe...

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

How world-class product teams are winning in the AI era by CEO and Founder, P...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Bits & Pixels using AI for Good.........

Alison B. Lowndes

DevOps and Testing slides at DASA Connect

Kari Kakkonen

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...