Wednesday October 30th I’m doing the third part in the appsec static analysis webinar series for Parasoft. The topic for this session is “Strategies for Optimizing Application Security and Defect Prevention“. You can join for free online on Wednesday, October 30, 2013 10:00 AM – 10:30 AM PDT. Dont forget to register here.
Your application security (appsec) and defect prevention strategy is either a liability or a competitive advantage. Even if you are seeing a good ROI from your static analysis implementation, exploring strategies for optimizing application security and defect prevention is still essential for ensuring lowered risk, increased productivity, and brand protection.
In this webinar, I will discuss how organizations can take a proactive approach to securing its applications with a comprehensive tool set that will help development managers and stakeholders sleep better.
Next week I’m doing a static analysis webinar for Parasoft about “Getting More FOI from Static Analysis” on Tuesday October 15th at 10:00 AM Pacific. What I’ve been seeing is that a lot of people either don’t know how to determine the value they’re getting from static code analysis, or aren’t actually getting the value they need.
I’ll talk about some ways to make sure that you can maximize the value as well as measure it. It’s 30 minutes and free as always. Join us
A lack of time, resources, or training often makes getting beyond basicstatic analysis implementations difficult. Development managers and stakeholders may not even realize that their current static analysis configurations are leaving a wealth of untapped risk-reducing options on the table, which may lead to abandoning the critical software quality practice.
In this webinar, Parasoft Static Analysis Expert Arthur Hicken will discuss tips and tricks for getting more value from your static analysis. Drawing from his 20+ years of field experience, Arthur aka CodeCurmudgeon will offer advice on using policy to connect static analysis to your business needs at the process level, which ensures that you get a better return on your static code analysis investment, while avoiding common pitfalls.
[Update – even if you missed this webinar you can still watch the recording by going to the registration link.]
The abstract reads: The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. Engineers are extremely well poised to perform tasks critical for securing the application—provided that certain key obstacles are overcome.
The paper explores three ways to help development bear the burden of security that the cloud places on them:
Use penetration testing results to help engineers determine how to effectively “harden” the most vulnerable parts of the application.
Apply the emerging practice of “service virtualization” to provide engineers the test environment access needed to exercise realistic security scenarios from the development environment.
Implement policy-driven development to help engineers understand and satisfy management’s security expectations.
It’s an in-depth article with some practical suggestions for improving your code security in the cloud. If you’re not familiar with Crosstalk, it’s “The Journal of Defense Software Engineering” and is full of interesting articles but carries no advertising. Give it a try.