Security Weekly

Risk management

Identity and access

Supply chain

Third-party risk

Architecture

Application security

Container security

DevOps

Cloud

Cloud security

Device Security

Strategy

Vulnerability management

Pen testing

Patch management

Incident response

Security awareness

Threat intelligence

Security research

Careers

Leadership

Threats

Insider threat

Deception

Policy

Compliance

Privacy

Endpoint Security

SWN #129

North America

Group Podcast

Related Events

(Aired on June 22, 2021) Earn up to 3 CPE&#8217;s Here’s the challenge: Web applications are progressively extending the range of critical business operations they support. But software development for cloud-native environments requires continuous security oversight. Against this backdrop, cybersecurity leaders and strategists must strike a balance between accelerating a business’s go-to-market and safeguarding the applications that fuel its growth and productivity. Producing quality code quickly and securely is always the goal. But efforts to integrate security into the software development cycle is more often perceived as a roadblock than a catalyst. Hear from top experts in a series of discussions and presentations focused on application security, topics include: • How to map application security requirements to compliance frameworks • Embracing and extending DevSecOps principles • Standardizing application security policies within business lines Discover how modern application security programs can operate at the speed and scale that’s required to empower, not deter, the business. 



AGENDA 11:00 AM ET KEYNOTE | Preventing the exhaust ports: How not to build a Death Star with your&nbsp;SDLC Kevin Johnson,&nbsp;CEO, Secure Ideas Millions of stormtroopers and galactic empire citizens were lost because engineers didn&#8217;t understand their design flaws.&nbsp;While this is a great movie reference, the reality is that organizations are deploying applications with their version of this fatal flaw every day.&nbsp;In this presentation, Kevin Johnson of Secure Ideas will walk attendees through various examples of application flaws, using real applications he and his team have tested.&nbsp;He will then discuss how the flaws happened and methods for improving your SDLC and security integration to prevent them in the future.&nbsp;



<div class="wp-container-6288ade57d0e1 wp-block-group"><div class="wp-block-group__inner-container">
<div class="wp-container-6288ade57cefa wp-block-group"><div class="wp-block-group__inner-container">
<div class="wp-container-6288ade57cce0 wp-block-group"><div class="wp-block-group__inner-container">
11:55&nbsp;AM ET Beyond DAST: A DAST-first tool with IAST depth&nbsp; Mark Schembri,&nbsp;Technical Solutions Engineer, Invicti The versatility of modern dynamic tools brings advantages that extend far beyond the typical vulnerability scanning functionality. The inclusion of&nbsp;True IAST functionality maintains the advantages of a DAST solution while going deeper than ever to identify and verify more vulnerabilities with access to the application code. You will learn how&nbsp;Netsparker’s&nbsp;IAST capabilities will help you:



<ul id="block-b68249d0-2801-474a-9579-3e43be3ede32" class="has-vivid-red-color has-text-color"><li>Find more&nbsp;vulnerabilities&nbsp;</li><li>Further reduce false positives&nbsp;</li><li>Simplify&nbsp;remediation</li></ul>
</div></div>
</div></div>
</div></div>



<div class="wp-container-6288ade57dabb wp-block-group"><div class="wp-block-group__inner-container">
<div class="wp-container-6288ade57d8d1 wp-block-group has-text-color" style="color:#444444"><div class="wp-block-group__inner-container">
<div class="wp-container-6288ade57d6ff wp-block-group"><div class="wp-block-group__inner-container">
12:35 PM ET Embed&nbsp;sophisticated&nbsp;bot&nbsp;detection into your CI/CD&nbsp;pipeline with a&nbsp;single&nbsp;line of&nbsp;code. Peter Craig,&nbsp;Director of Product Marketing, Human Security Enterprises find it increasingly difficult to defend web applications from automated attacks.&nbsp;Even when apps function as intended, they are vulnerable to criminals using sophisticated bots that mimic human behavior using mouse movements, keystrokes, and fake browser behaviors.&nbsp;Solution: By embedding effective, multilayered, bot detection and mitigation, you can protect your application from automated attacks while providing insight to development on the tactics your adversaries used and the resources they targeted.&nbsp;Learn how you can:&nbsp;



<div class="wp-container-6288ade57d525 wp-block-group"><div class="wp-block-group__inner-container">
<ul class="has-vivid-red-color has-text-color"><li>Detect even the most sophisticated, dynamic bots and gain full transparency into each&nbsp;detection&nbsp;</li><li>Mitigate malicious bots and nonstandard traffic in&nbsp;real-time&nbsp;</li><li>Enhance your application user experience with minimal performance&nbsp;impact</li></ul>



1:15 PM ET KEYNOTE | Scorched earth: Empirical research in hacking and securing&nbsp;APIs&nbsp; Alissa Knight,&nbsp;Partner,&nbsp;Knight Ink Application programming interfaces (APIs) are now everywhere, powering the way we live, work and play. But when authentication and authorization is broken, it opens everything up from the data these APIs are serving to remote control of connected passenger vehicles. Unfortunately, many organizations are using the wrong security control to secure their APIs, akin to using a hammer to nail in a screw. Cybersecurity professionals must ensure that APIs are secured correctly, so every request is authenticated and authorized. Solutions should interdict the traffic and ensure the traffic destined for the API is not synthetically generated by malicious tools. In this keynote session, Alissa Knight will share:



<ul id="block-822071bb-1a89-4e27-a30c-b01348f9155b" class="has-vivid-red-color has-text-color"><li>Several years of empirical data gleaned from her hacking of banks, automobile manufacturers, and healthcare providers and payers through their&nbsp;APIs</li><li>What her research produced when the wrong security control was used to secure these&nbsp;APIs</li><li>What you should be looking for in your API threat management solution</li><li>Most importantly, what the indicators of compromise are to the specific tactics and techniques used to breach&nbsp;APIs</li></ul>



1:55 PM ET Between the&nbsp;chair and&nbsp;keyboard J. Wolfgang Goerlich,&nbsp;Advisory CISO, Duo Security&nbsp;at Cisco People ultimately decide our security posture. The dreaded end-users.&nbsp;People performing conscientiously&nbsp;and consistently is a lofty goal. Risk management gives us the process to follow.&nbsp;Control&nbsp;frameworks&nbsp;give&nbsp;us the standards to set and meet. Yet it is people who ultimately decide our security posture.&nbsp;In this presentation, we look at the psychology and behavior science of individuals making risk decisions and leaders affecting culture change, and how it affects the security of organizations and the applications on which they rely.&nbsp;Attendees will leave with insights and pragmatic tactics for improving the human element in risk and compliance.



2:35 PM ET How to determine what your open-source risks look like&nbsp; David Lindner,&nbsp;CISO, Contrast Security&nbsp; Studies show that upwards of 80% of software code is comprised of open-source libraries. But the reality is that less than 10% of classes within active libraries are ever invoked by the application. Yet, open-source libraries contain significant vulnerability and licensing risks with 34 CVEs per application on average and 35% of applications containing a copyleft license. Attend this session to learn what open-source risks matter and how to focus on fixing them quickly and easily.



3:15 PM ET Best practices for developers for master security&nbsp; Anna Rozin,&nbsp;Director of R&amp;D,&nbsp;WhiteSource Shiri Arad&nbsp;Ivtsan,&nbsp;Director of Product,&nbsp;WhiteSource When you ask developers what they think of security, they will likely go into the situation without much enthusiasm as in their mind – security is slowing them down and holding them back from doing their “actual” job. But – it doesn’t necessarily have to be that way. The friction between developers and security teams can be&nbsp;reduced if the right tools and processes are in place. Want to learn how handling security can be quick, efficient and integrate into daily workflows?&nbsp;Join Anna Rozin, director of R&amp;D at&nbsp;WhiteSource, and Shiri Arad&nbsp;Ivtsan, director of product at&nbsp;WhiteSource, who will share their hands-on experience in managing&nbsp;open source&nbsp;components with WhiteSource tools. In this session you&#8217;ll learn:



<ul class="has-vivid-red-color has-text-color"><li>Practical advice on testing, managing and fixing vulnerabilities in&nbsp;open source&nbsp;code&nbsp;packages&nbsp;</li><li>The tools and processes to handle security in a fast and effective&nbsp;way&nbsp;</li><li>How to empower developers with security data through prioritization and remediation tips&nbsp;</li></ul>



<div class="wp-container-6288ade57d32d wp-block-group"><div class="wp-block-group__inner-container">
3:55 PM ET KEYNOTE | Preventing the next&nbsp;SolarWinds: A look at the evolving app security&nbsp;landscape Keith&nbsp;Hoodlet,&nbsp;Director, Application Experience, Thermo Fisher Scientific Attackers targeting vulnerabilities in applications are growing more sophisticated – looking beyond the low hanging fruit of consumer apps to enterprise software that provides an avenue in for widespread network compromise across an expansive supply chain. Keith&nbsp;Hoodlet,&nbsp;director of application experience at Thermo Fisher Scientific, speaks about the evolving tactics for infiltrating the network via gaps in software security, and must-do-defensive strategies to prevent the next SolarWinds or Accellion hack.&nbsp; 
</div></div>
</div></div>
</div></div>
</div></div>
</div></div>

Generic_215x132_bannerNEW4

Asset Management

eSummit

Integrating Application Security: Reengineering AppSec as a business catalyst

ukraine_protest

Analysis

What happens when ‘protestware’ sabotages open source in response to current events?

The White House in Washington DC

Perspective

Add runtime to an SBOM for even stronger security￼

Stores Offer Shopping Times For Elderly And Vulnerable Citizens To Protect Against Coronavirus Transmission

Ransomware

News

Ransomware seen as No. 1 threat of financial organizations￼

Security Weekly News

SWN #129

Special Guest Host, ‘Oddball’ Malware, iPhone WIFI Hacks, & Russian VPN Bans

Hosts

Related

What happens when ‘protestware’ sabotages open source in response to current events?

Add runtime to an SBOM for even stronger security￼

Ransomware seen as No. 1 threat of financial organizations￼

Add runtime to an SBOM for even stronger security

Ransomware seen as No. 1 threat of financial organizations