Learn how to protect Node.js apps against denial-of-service attacks, and how to integrate static application security testing into DevSecOps pipelines.
This DoS Goes Loop-di-Loop
Do you know the common ways Node.js applications may be vulnerable to denial-of-service attacks?
The single-threaded nature of Node.js makes it very susceptible to DoS attacks. While the Node.js event loop allows you to perform some operations asynchronously, it’s still quite easy to write a vulnerable Node.js application by making a few simple mistakes.
In this talk, we’ll cover some common ways a Node.js application may be vulnerable to DoS attacks and some common best practices and countermeasures to defend against such attacks.
When: Tuesday, June 23 @ 10 a.m. BST
Who: Allon Mureinik, Senior Manager, Synopsys
5 Steps to Integrate SAST Into the DevSecOps Pipeline
Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.
First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:
- How do I manage false positives?
- How do I triage the results?
- What happens to new issues identified?
- My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
- What is a “baseline scan”?
Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.
When: Thursday, June 25 @ 1 p.m. SGT
Who: Meera Rao, Senior Principal Consultant, Synopsys
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/webinars-june-22-26/