Webcasts

Webinar: State of Software Security Volume 4 Part 2

Welcome to the second installment of this two-part webinar series based on Veracode's recently-released State of Software Security Report: Volume 4. Research findings represent stringent analysis criteria, including a zero tolerance policy for Cross-Site Scripting (XSS) and SQL Injection, and the security quality of applications across a number of variables including supplier type, language and industry. In this series, Veracode will share key findings from the report and examine the resulting impact of these security findings on enterprise information security initiatives.

Webinar: State of Software Security Volume 4 Part 1

Welcome to the first installment of this two-part webinar series based on Veracode's recently-released State of Software Security Report: Volume 4. Research findings represent stringent analysis criteria, including a zero tolerance policy for Cross-Site Scripting (XSS) and SQL Injection, and the security quality of applications across a number of variables including supplier type, language and industry. In this series, Veracode will share key findings from the report and examine the resulting impact of these security findings on enterprise information security initiatives.

Penny Wise, Pound Foolish—Avoiding Security Spend Pitfalls

If your organization had an unlimited budget to spend on your enterprise security program, in what areas would you focus investments? Application security? Mobile strategy? WAFs? While this exercise may help you identity your security wish list, the reality is that no organization has an unlimited budget, and must delegate budgets wisely.

Join Wendy Nather from analyst firm 451 Research and Veracode CTO Chris Wysopal as they present the latest research on enterprise security spend, and discuss how to "make the case" for security initiatives. Hear from the experts about the latest research in enterprise security initiatives – what works, what’s forgotten and what’s not to be missed

A Conversation with Richard Clarke

Join Richard Clarke, author and former White house advisor to the Bush and Clinton administrations as he discusses the changing cyber threat environment, the evolving cyber legislation landscape and their ramifications on your information security program. In a conversation with Veracode CTO, Chris Wysopal, Mr. Clarke will discuss:

How software vulnerabilities have become the leading cause of attacks against the private and public sector
Rise of hactivism and nation state sponsored cyber espionage
Landscape of proposed cyber legislation and mandates
Steps organizations can take to strengthen their resilience to the current threat environment while complying with evolving regulations

Social Media Security Basics

NBC News. Steve Wozniak. Sarah Palin—all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations with respect to the measure they take to manage use of the applications across their workforces. Join Tyler Shields as he explores how enterprises can mitigate the security concerns that stem from these social media applications. Mr. Shields will also explore the motivations for these hacks-- Defamation of brand? Or a Trojan horse for IT and Infosec professionals—distracting them from the real breaches and threats to ensue?

Top 5 Most Prevalent Web Application Vulnerabilities

Whether you manage internal development activities, work with third party developers or are developing a COTS application for enterprise, you are leveraging the OWASP Top 10 or SANS/CWE list of the Top 25 Most Dangerous Programming Errors which are becoming the defacto "standards" for developing secure applications in many large enterprises. But what vulnerabilities deserve the most priority?

Join, Chris Eng, VP of Security Research and one of the 30 contributing authors of the SANS Top 25, as he discusses the:

• The Top 5 most prevalent application vulnerabilities
• Impact of attacks on your application and your customers
• Methods to identify, track and remediate these vulnerabilities

Application Security Fundamentals

Applications are the new perimeter for hackers and the number one attack vector used in some of today’s most high profile breaches like Sony, Epsilon and Google. Join Chris Wysopal, CTO & CISO of Veracode, as he outlines some of the basics to understand the application security risks that organizations face today, the methods and countermeasures to protect your apps from a breach and the frameworks that can be used to integrate application security policy in your overall infosec practice.

Top 10 Mobile Application Risks

With the DroidDream malware discovery in March, and then Pandora’s vulnerabilities identified in April, the inevitable happened: 2011 become the ‘year of mobile malware’. All the pieces of the malware ecosystem puzzle that researchers have been warning about are falling into place. Modern mobile applications run on devices that have the functionality of a desktop or laptop running a general-purpose operating system. While many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps, mobile devices aren’t just small computers. They’re designed around personal and communication functionality which makes the top mobile application risks different from the top traditional computing risks.

In this presentation, Veracode’s Vice President of Security Research, Chris Eng, will outline the Top 10 Mobile Application Risks, designed to educate developers and security professionals about the mobile application behavior – both maliciously- designed or inadvertent – putting users at risk.

Owning Your Phone at Every Layer

Mobile Applications -- What's Under the Hood?

Watch Veracode Security Researcher, Tyler Shields, as he previews this upcoming topic featured at Blackhat 2011 and explores the answers to these probing questions concerning mobile security.

According to IDC, 100 million smartphones were shipped in the fourth quarter of 2010, compared to just 92 million computers. With smartphone growth rates continuing to rise, mobile security is a topic fresh on everyone's mind. Security research in the area of mobile devices has also picked up over the last few years with a diversified attack portfolio targeting every level of the mobile security stack. But which of these attack models is the most dangerous to the enterprise? Which carries the most risk? When will the monetization of mobile attacks REALLY occur? What can an organization do to saves themselves?! These and other interesting mobile security questions will be posed to a panel of top mobile security experts in the world. See what happens when they are asked to defend their turf and attack models as the best.

Musings on the PSN Attack Vector

Over the last few weeks there’s been a lot of commentary around the breach of Sony’s PlayStation Network. Sadly, there has been no good discussion of how PSN was breached. What this breach means for Sony is largely defined by how it happened.

Join Veracode's Security Researcher, Chris Lytle, as he explores the rumors in the marketplace regarding the Sony breach, and discusses the "probable vs. "possible" attack vectors.

Mobile Applications -- What's Under the Hood?

OWASP’s recent release of the “Top 10 Mobile Risks” has spurred much discussion in enterprises regarding how they may begin to protect against mobile vulnerabilities and prepare for the next wave of threats on the horizon. At this point little has been done to clearly identify the risk of downloading applications from both official and unofficial application marketplaces. Join researchers from Praetorian and Veracode as they look under the hood of a huge selection of Android applications and provide a quantitative examination of the application security posture of today’s mobile application space.

Discussion will include:

• List most common mobile security risks
• Unintentional threats in the mobile landscape
• Overly permissive and malicious mobile applications
• Fake / malicious applications from application marketplaces
• Insecure mobile applications / security vulnerabilities

Dirty Little Secrets: Mobile Apps Invading Your Privacy

An article in the Wall Street Journal, dated April 5, 2011, disclosed that Federal prosecutors in New Jersey are investigating numerous smart phone application manufacturers for allegedly, illegally obtaining and distributing personal private information (such as GPS location, device identifiers, gender, and even user age) to third party advertisement groups. So who’s got your number? And address, and house keys…?

Join Tyler Shields, Senior Security Researcher at Veracode, as he discusses the evolving mobile security threat landscape and shares real-world examples of how your data is being used (or misused) in some of the most popular mobile applications.

State of Software Security V3 Webinar

Why are 66% of software industry applications of unacceptable security quality to enterprise? Find out in Veracode’s presentation of the third volume of The State of Software Security -- a semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode’s cloud-based application risk management services platform.

In this webinar event Veracode's VP of Product Marketing, Sam King, will share analytics derived from the code level analysis of more than 4,800 applications from across the software supply chain-- examining the security quality of applications by type of software supplier and then exploring application security by language, industry, and whether they are web applications or non-web applications. Join us as we dive into the detail of the latest findings.

Mobile and Smartphone Security – A Real Bug in Your Bed

The adoption of mobile phones, particularly smartphones or feature phones is astonishing. With over 400 million smartphones shipping each year they are attracting the attention of hackers that see the smartphone as the new target of choice. With the UK prime minister taking his Blackberry to bed so that he can follow the latest sports scores the mind boggles at the opportunities a compromised device will present criminals, terrorists and state sponsored spies. A smartphone can easily become the worst type of bed bug.

Join Bloor Research's Nigel Stanley and Veracode's Chris Wysopal to explore smartphone hacking techniques and the growth of malware targeting these popular devices and help attendees understand the steps they can take to protect their principals, intellectual property and organizations from this new and emerging threat.

Veracode Webcast: No More Excuses: Eradicate Cross-site Scripting Now.

Despite all the headlines lamenting yet another breach from a Cross-site scripting (XSS) vulnerability it seems that little progress has been made against reducing its prevalence. XSS is the most common vulnerability in web applications and subsequently one of the most exploited. Attacks have an insidious nature as they don’t look suspicious to the naked eye yet can do serious damage like account hijacking and identity theft.

It doesn’t have to be this way.

Join Forrester Research’s Chenxi Wang and Veracode CTO, Chris Wysopal, in a webinar that will not only discuss the challenges and best practices of securing your software from XSS, but also explore the actionable strategies your organization can take to implement a successful application security program even when resources are limited.

Veracode Webcast: Pre-flight Checklists & Seatbelts for Your Applications Trip to the Cloud

Featuring: Chris Wysopal. Developers and IT departments who are being told they need to move applications to the cloud are often left on their own to navigate the myths and realities related to developing and managing the security of applications in cloud-based environments. IT teams cant be content to use mitigation techniques only at the network or operating system level anymore. Nor can they be complacent in believing that any approach to application security testing perhaps with a slightly different wrapper on it - can be used in a cloud environment. Organizations cant just repackage what they know about application security. Applications in the cloud require special care.

Veracode Webcast: The Exploit Arms Race

Listen to Christien Rioux discuss the market dynamics of the exploit market from both a research and hacker community perspective. Exploits, which are commonly known as software, data or a sequence of commands that take advantage of a bug, glitch or vulnerability, enable behavior such as gaining control of a computer system or allowing privilege escalation or a denial of service attack. Rioux will present a historical perspective, elaborating on the techniques used by attackers and the reasons behind exploit development.

Veracode Webcast: Building Blocks for PCI DSS 2.0

Application security controls are becoming mandatory by many executives seeking to minimize public exposure, fines and increased credit card processing costs. With their own brands at risk, merchants and service providers must secure their applications from potential vulnerabilities to comply with PCI standards.

Join us to hear the top 5 things you need to know about the upcoming changes to PCI DSS 2.0.

Veracode Webcast: State of Software Security Volume 2

What vulnerabilities threaten the integrity and performance of your software in the software supply chain? Find out In Veracode’s presentation of the second volume of The State of Software Security -- a semi-annual report representing the anonymized data from billions of lines of code submitted for analysis by large enterprises, commercial software providers, open source projects, and software outsourcers in Veracode’s cloud-based application risk management services platform.

Veracode Webcast: Ask the Veracode Braintrust

What are the most secure development languages? What are the most prevalent flaws common between COTS and internally developed code? Is there a way to automate code reviews to find the CWE Top 25? What are the shortfalls of Blackberry spyware?

Ask Chris(es)

Join us for a unique Q&A session with Veracode’s triumvirate of security sages—Chris Wysopal (CTO & Founder), Christien Rioux (Chief Scientist), and Chris Eng (Director of Security Research)—where they will answer your questions about application security trends, technology and next generation security threats.

What’s on your mind? Submit your questions and join us on Wednesday, August 18th at 11 a.m. EST to hear the answers.

Veracode Webcast: Agile Use Case

It is an imperative to include security testing in application development. Yet, with Agile’s fast pace, and lean concepts, it easy to see how many organizations would simply consider testing for application security defects to be too costly in terms of both time and resources. This webinar addresses these concerns and describes methods that utilize Veracode’s Security Review and methodologies for security testing that succeed in the Agile world. Join us on this Agile case study webinar to hear and discuss:

At what stage in my Agile SDLC should I be thinking about security?
Considerations for implementing Security into your Agile SDLC
How Veracode integrates security into OUR agile SDLC

Veracode Webcast: Agile Overview

An Agile development process promotes a rigorous project management approach for rapid delivery of high-quality software. Agile requires inspection, adaptation, teamwork, self-organization, accountability, and best practices. Security testing should also be built into your Agile development lifecycle and is a best practice. Join us on this Agile overview webinar to hear and discuss:

An Overview of Agile Development and why companies are adopting it
Considerations for implementing Security into your Agile SDLC
Why Security is a Key requirement in an Agile SDLC

Veracode Webcast: Avoiding the SANS Top 25 Most Dangerous Programming Errors

The SANs/CWE list of the Top 25 Most Dangerous Programming Errors is already becoming the "standard" for developing secure applications in many large enterprises, and even the State of New York and DTCC plan to implement procurement contracts that include language mandating application security. Join, Chris Wysopal, security industry guru and one of the 30 contributing authors of the SANs Top 25, as he discusses the:

Prevalence of attacks using vulnerabilities listed in the SANs Top 25
Impact of attacks on your application and your customers
Methods to identify, track and remediate these vulnerabilities

Veracode Webcast: 5 Reasons to Get Your Software VerAfied

5 reasons to get your software VerAfied

As vulnerabilities in software increasingly lead to high-profile data breaches, enterprises and government agencies are increasingly requiring independent proof that the software or services they are purchasing are secure. Additionally, new compliance requirements such as PCI PA-DSS, OCC Bulletin 2008-16, the Cybersecurity Act of 2009 and the SANS Application Procurement Language require application security verification.

Join Veracode for this informative webcast as we discuss the five reasons you should get your software VerAfied

Veracode Webcast: The End of Application Development As You Know It

The End of Application Development As You Know It

There is no such thing as an internally developed application anymore. You think you know the sources of your code base—internal development teams, outsourcers, open source, etc. But do you know the inherent security risks in that code base? The government calls this SOUP—Software of Unknown Pedigree, but in the enterprise it’s often termed as third –party risk.

Join Veracode's Sam King, Vice President of Product Marketing, in a webcast where she shares her insight on 3rd Party Risk.

Veracode Webcast: Best Practices in Secure Coding for the SDLC

Best Practices in Secure Coding for the SDLC

Meeting the SANS Top 25 and OWASP Top 10 are just some of the checkboxes internal development teams are struggling to comply with in the delivery of secure software. Developer education in secure coding is the lynchpin for securing the SDLC and maintaining a secure application portfolio.

Join Veracode's Jon Stevenson, Senior Vice President of Technology and Service Operations, in a webcast where he shares his insight on securing the SDLC.

Application Security Testing and OCC Bulletin 2008-16 Compliance

Manage your application security risk and comply with OCC Bulletin 2008-16 cost-effectively...

Hear about how leading organizations are leveraging Bulletin 2008-16 as a blueprint for securing third party applications

Learn about contract language you can use in SLAs to demand secure software from third parties

Learn how you can cost-effectively manage the risk of built, bought or outsourced code without additional hardware, software or personnel investments

Your IT organization - no matter what the size - is learning to do more with less. Yet whether you choose to build applications internally, purchase third party software or outsource your needs, the burden of managing IT security risk-- and specifically application security risk-- has not reduced.

This webinar will discuss cost-effective measures your organization can take to secure your applications, comply with OCC Bulletin 2008-16 and develop an effective, comprehensive application security strategy.

Forrester Survey Briefing Webcast – Software Risk in Enterprises

Forrester

The "Application Risk in Business Survey", conducted by Forrester Research and Veracode, revealed that enterprises are struggling to protect their organizations from the costly and growing threat of application security breaches. The study of nearly 200 enterprises interviewed Development, Security and Risk professionals across the US & UK, and confirmed that risk associated with insecure software is a very real concern and a top priority for management and developers alike.

Join Forrester Research’s Principal Analyst Chenxi Wang Ph.D. and Veracode CTO, Chris Wysopal, in a webinar where they will be sharing the complete results from the survey along with their expert commentary on industry best practices.

Actionable Strategies to Secure Your Third Party Software

Forrester

Join Forrester Research’s Chenxi Wang and Veracode CTO, Chris Wysopal, in a webinar that will not only discuss the challenges and best practices of securing your 3rd party software, but also explore the actionable strategies your organization can take to implement a successful application security strategy even when resources are limited.

Stop Insecure Software at the Front Door

The commercial-off-the-shelf (COTS) software market represents over $350 Billion in yearly sales, yet the burden of minimizing risk and controlling operational cost from insecure third-party software has been placed largely on the enterprises purchasing COTS applications. Join Veracode's Director of Product Marketing, Mike Puglia, for a discussion on software security and learn about best-practices which leading organizations are using to lower their risks and liabilities from commercial software.

Is There Lead Paint in Your Offshore Code?

With over $50 billion in custom code being developed in locations such as India, China, and Eastern Europe, enterprises are looking for ways to gain insight into the security and risk found in their outsourced applications. Join Veracode's John Jacott and Mike Puglia for a discussion on approaches and best practices that leading organizations are taking to secure their applications developed by offshore outsourcing providers.

Defending The Front Lines: Securing Your Web Applications

Veracode Founder and CTO Chris Wysopal and Burton Group Analyst Diana Kelley, present on: "Defending the Front Lines: Securing Your Web Applications."