In this week’s webinars, we’ll share how to get the most out of your static analysis tool and how to make the transition from on-site to remote testing.
Maximizing the Impact of Static Analysis
Static analysis, also known as white box testing, static application security testing (SAST), or secure code review, finds bugs in application code, back doors, and other code-based vulnerabilities so you can mitigate those risks. But no static analysis tool can effectively address threats to a development environment out of the box. And many users have the misconception that the cost of tool adoption depends primarily on getting the tool working in a build environment.
Static analysis is the only way to enable developers to automatically identify vulnerabilities as they write code in their integrated development environment (IDE). With SAST, developers can:
- Run scans in their IDE by using plugins that provide just-in-time security guidance.
- Review source code before checking it into a version control repository.
- Remediate identified vulnerabilities.
- Adopt a preventative mindset.
Automation is an important part of adopting a SAST tool, as it drives efficiency, consistency, and early detection, enabling organizations to shift left. For a static analysis implementation to be effective, several distinct activities must come together to establish and maximize its impact. This webinar covers some challenges of SAST implementation and provides real solutions to get the most value out of SAST tools.
When: Tuesday, July 14 @ 1 p.m. Eastern / 10 a.m. Pacific
Who: Meera Rao, Senior Principal Consultant, Synopsys
Remote Security Testing & Training: Busting Myths and Offering Solutions
While digital transformation and BYOD have allowed many IT activities to occur remotely, many enterprises still prefer to perform security testing on-site. Concerns about data security, network/application accessibility, assessment quality, and project management have discouraged teams from making the leap to remote testing.
In this webinar, we draw on lessons learned from many years of delivering managed application security services to provide guidelines on addressing these concerns and offer solutions for conducting remote security testing and security training.
When: Wednesday, July 15 @ 11:30 a.m. Eastern / 8:30 a.m. Pacific
Who: Sandesh Mysore Anand, Managing Consultant, Synopsys; Rakshitha R. Rao, Security Consultant, Synopsys
Secure Automotive Software Development in the Age of ISO/SAE 21434
Modern vehicles run on software containing more than 150 million lines of code. As a result of more advanced safety-relevant functionality, such as ADAS and autonomous driving, as well as new communication interfaces, mobile apps, and back-end servers based on connected car use cases, the need for developing secure systems in the automotive industry is higher than ever. A draft of the new cyber security standard ISO/SAE 21434 was recently released to help automotive companies address cyber security for the entire vehicle life cycle.
This talk presents cyber security activities in the software development process based on ISO/SAE 21434 to help automotive companies develop more secure systems. We’ll provide examples of what is required from a resources and tools perspective to ensure an efficient and practical implementation of the various cyber security steps in the development process.
When: Wednesday, July 15 @ 9:30 a.m. BST
Who: Dr. Dennis Kengo Oka, Principal Automotive Security Strategist, Synopsys
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/webinars-july-13-17/