Cybersecurity teams and developers continually struggle to reconcile what can seem like two competing priorities: Delivering new capabilities and addressing existing security technical debt. But what if they can do both at the same time? Forward-leaning AppSec programs are finding smart ways to reduce security debt by instituting a strategic approach to managing security vulnerabilities. This approach starts by reducing the attack surface early on and throughout development. In this webinar, you will learn the following:

  • How to automate dependency management so that it runs on autopilot
  • Why you should assign a confidence level to updates
  • How to mass-update group dependencies given a high confidence rating
  • How to prioritize vulnerability remediation and update within the repo.
View Webinar

As developers and engineers rely more heavily on APIs to deliver new services to the business, attackers become more keenly aware of the potential to exploit vulnerable APIs. Now, security professionals are trying to catch up and grappling with the right way to think about protecting the API attack surface. There’s not one answer – nor is there an easy answer – because APIs are everywhere.

Shift left and focus on secure coding? Focus on the processes behind API management? Shift right and protect APIs in production from attack? Where should you start the API security journey – and where will your travels take you? These are the questions we’ll explore in this program.

Key Takeaways:

  • Key questions to consider as you build an API security strategy
  • Lessons learned in the trenches from API security programs
  • Best practices for securing APIs – from left to right and in between

The advent of cloud-native, container-based architecture and microservices-based applications running on platforms like Kubernetes has sharpened the focus on API security and the software supply chain—from both security teams and cyberattackers. Software supply chains and APIs have become the new attack surfaces of choice, and with everyone from the White House to entry-level developers talking SBOMs, open source security and APIs, this is an area that’s getting lots of attention.

Cloud computing platforms are rife with misconfigurations that cybercriminals regularly exploit. Developers using infrastructure-as-code tools simply lack the cybersecurity expertise required to make sure cloud application environments are secure. It’s up to the cybersecurity team to make sure that the policies and guardrails created to secure cloud platforms are observed, especially when it comes to APIs.

But in the age of multi-cloud computing and cloud-native applications, the defensible attack surfaces are constantly increasing—both in terms of both the number of platforms used and the types of applications being deployed.

Join us as we explore the rapidly evolving application and API landscape and offer concrete ways organizations can protect against threats to their application code, APIs and related components.

View Webinar

Recent high-profile software supply chain breaches have sharpened the focus on application security. However, as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce, or outright eliminate, the vulnerabilities that now routinely make it into production applications.

Unfortunately, it’s still early days as far as DevSecOps is concerned, so the impact this shift might have is, at best, limited, especially when you consider the level of security knowledge the average developer possesses. Cybersecurity professionals know in their bones that developers are the root cause of most of the issues they face daily. It’s not that developers deliberately build and deploy vulnerable applications; rather, they simply don’t know what to look for. By the time the application is scanned—usually a few days before it’s supposed to be deployed—it’s too late to do much more than make note of the security flaws that need to be addressed. Breaking that cycle will require cybersecurity teams to meaningfully engage developers much earlier in the application development life cycle.

By now, everyone has heard of the *AST scanning technologies. Most have been around for 15+ years, yet organizations are still struggling to eliminate AppSec issues like SQL injection and XSS vulnerabilities because these scanning tools look at vulnerabilities through a vulnerability lens, not a contextual risk lens.

In this session, we will discuss how application security posture management (ASPM) solves not only application security risk but also application architecture risk and drift (risk associated with change). ASPM looks at risk from an architectural risk perspective and integrates with CI/CD pipelines to ensure you understand the entire application architecture and not just the security bugs in the architecture. ASPM will do today for security what APM did 10 years ago for performance.

Attend this webinar and learn:

  • A new and better approach to application security and architecture risk
  • New ways to make your *AST tools better
  • How you can understand your entire application architecture
  • Introduction to the dynamic bill of materials (dBOM)
  • Introduction to application drift

This webinar can help you:

  • Identify unique security risks outside of the standard OWASP Top 10
  • Holistically understand the applications your organization is deploying
  • Introduce new use cases associated with risk
  • Provide the source of truth for aggressive DevOps release cycles
  • Unite enterprise architecture and application security teams
View Webinar