Learn about application security testing in CI/CD pipelines, how to scale responsiveness with a secure SDLC, and why software quality matters in tech M&A.
Bridging the Security Testing Gap in Your CI/CD Pipeline
Are you struggling with application security testing? Do you wish it were easier, faster, and better? Join us to learn more about Seeker, a modern interactive application security testing tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
- Run in the background and report vulnerabilities during functional tests, integrated QA, and CI/CD activities.
- Auto-verify, prioritize, and triage vulnerability findings in real time with 100% confidence.
- Fully automate secure app development, testing, and delivery, without the need for extra security scans or processes.
- Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
When: Tuesday, June 16 @ 1 p.m. Eastern / 10 a.m. Pacific
Who: Asma Zubair, Product Mgmt Mgr, Sr Staff, Synopsys; Kimm Yeo, Product Marketing Mgr, Staff, Synopsys
Shifting Left to Accelerate Security Approvals for ATOs in Defense Programs
Demands for more secure software and more rapid application development have led to the emergence of risk-based DevSecOps, which adds security activities, increases depth, and improves testing governance. The best strategy is to shift from a reactive to a proactive security approach that injects security at the right time and place with automated continuous testing. Arming developers with proven application security tools integrated within their supporting CI/CD toolchains reduces the time and effort needed to achieve authorization for changes in software to operate on a DOD network or weapon system. Key technologies such as static application security testing (SAST) and software composition analysis (SCA) help developers deliver high-quality and more secure codebases in the front end of the pipeline. Mitigating technical debt early in the software development life cycle (SDLC) provides significant cost savings while accelerating the delivery of more secure software.
Join Joe Jarzombek (USAF Lt. Col., retired) as he discusses means for successfully scaling responsiveness with a secure SDLC. He will cover how:
- Automated continuous testing can be used throughout the SDLC.
- Catching security defects at the desktop can be like using a spell-checker to drive savings while rapidly mitigating risks attributable to exploitable software.
- Developer productivity can provide more time for creating new features rather than fixing newly entered issues.
When: Wednesday, June 17 @ 2 p.m. Eastern / 11 a.m. Pacific
Who: Joe Jarzombek, Director for Government & Critical Infrastructure Programs, Synopsys
Do Design Quality and Code Quality Matter in M&A Tech Due Diligence?
(Spoiler alert: Yes.)
In an acquisition where a software asset is a core part of the deal valuation, it’s important to understand the overall quality of the software before doing the deal. Buggy software is problematic and needs to be cleaned up, so assessing code quality is important. But also, with poorly designed software, every fix is costly, laborious, and risky. The cost of fixes can significantly affect the long-term technical and economic viability of the application, and maintaining the software can seriously degrade ROI. That’s why understanding a software system’s design and architectural health and the likely “cost of ownership” is key.
Join us for this webinar to learn how to paint a complete picture of the technical quality of software to avoid buyer’s remorse post-close. We’ll cover:
- The dimensions of technical due diligence
- The difference between design quality and code quality
- How software architecture can have a long-term impact
- What to look for in software design and code quality audits
When: Thursday, June 18 @ 12 p.m. Eastern / 9 a.m. Pacific
Who: Dan Sturtevant, co-founder and CEO, Silverthread; Phil Odence, GM of Black Duck Audits, Synopsys
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/webinars-june-15-19/