EC-Council University invited me to be speaker in their Cyber Talks, among other Global Cyber Leaders, which are addressing the real, on-the-ground cybersecurity issues.
I will speak on the topic: “What is the Present and Future of Software Security?”
Date of Webinar: 7th Oct, 2020
Time and Location: 7:00 PM CEST / 10:30pm IST / 01:00pm EDT
You can register for webinar here.
Topic Abstract:
In this webinar, the current state of application and software security, challenges that software development and security teams face, how the application and software security can be improved and what is the future.
It’s estimated that 90 percent of security incidents result from attackers exploiting known software security vulnerabilities. Resolving those issues early in the development phase of software could reduce the information security risks facing many organizations today. A number of technologies and tools are available to help developers catch security flaws before they’re baked into a final software release. They include SAST, DAST, IAST, and RASP.
However, you develop your software and scan it for security vulnerabilities with static, dynamic, interactive (SAST, DAST, IAST) or other application security testing methodologies and tools. They report a number of potential security vulnerabilities, which your developers and other teams need to analyze and fix the code. Then you rescan, find some old and some new vulnerabilities, then remediate again. This takes a lot of time, creates friction between teams and jeopardizes your delivery timelines. If you deliver and deploy vulnerable code that can be breached, the damage could be huge, and your reputation ruined.
There are numerous remediation challenges, for example:
- Developers lose too much time to or sometimes not very skilled to analyze findings
- Unclear or incomplete remediation advice offered
- Large number of findings, some of them false positives
- Time and resources to fix issues extensive, time-consuming and unpredictable
- Sometimes SAST reports don’t detect right process and data flows, entry points, sources and sinks of issues and also security controls in code which are already in place
There are research and development programs focused on the new advanced solutions that will be able to give remediation advice for security vulnerabilities in software code based on context or, even more, to fix the security vulnerabilities in the code automatically. Such a solution can be based on machine learning and AI. These tools can be integrated into IDEs, build and CI/CD systems. Bringing this solution to development and application security teams can be very beneficial, save a great amount of time and bring agility in the area of software security and privacy.
Key takeaways:
- Current state of application and software security
- Analysis of important challenges in application and software security, DevSecOps and application security testing
- How application and software security can be improved and what is the future
EC-Council University is a premier institution of higher learning that specializes in cybersecurity technologies, enabling its graduates to obtain advanced cyber skill-sets. Their unique program allows graduates to lead their peers to strategically and effectively manage cybersecurity risks in their organizations.
Leave a Reply
You must be logged in to post a comment.