Learn about the security considerations for COVID-19 track and trace mobile apps and how to integrate static analysis into your DevSecOps pipeline.
Developing a COVID-19 Track and Trace App—Through the Lens of Synopsys
Adversaries continuously evolve their behaviours, and defenders must respond accordingly. Governments around the world are striving to supplement manual tracing efforts with track and trace mobile applications to help prevent further spread of COVID-19 and restore economic activity. In this short interactive session, Synopsys experts will discuss the topic as seen through their “security eyes” with some key takeaways:
- How can you develop applications at speed and remain security aware?
- What security measures are essential in building mobile applications?
- Where is your data being recorded and used? Does this feel too much like Big Brother is watching your every move?
- How can Synopsys support you through your own software development life cycle?
When: Thursday, July 30 @ 12 p.m. BST
Who: Ian Ashworth, Synopsys; Bhavin Shah, Synopsys
5 Steps to Integrate SAST Into the DevSecOps Pipeline
Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.
First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:
- How do I manage false positives?
- How do I triage the results?
- What happens to new issues identified?
- My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
- What is a “baseline scan”?
Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.
When: Wednesday, Aug. 5 @ 9:30 a.m. CEST
Who: Meera Rao, Senior Principal Consultant, Synopsys
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/webinars-aug-3-7/