<img src="https://certify.alexametrics.com/atrk.gif?account=Zpb+p1uhUo20dG" style="display:none" height="1" width="1" alt="">
Making Security More Efficient for Developers

Webinar

Think About Your Audience Before Choosing a Webinar Title


Sponsored by shiftleft


Wednesday, July 15, 2020
1pm EDT

In order to scale application security (AppSec) to meet the pace of the software feature development, AppSec must engage developers with new workflows that balance security and productivity.  The increase in feature velocity of the modern software development lifecycle (SDLC) is driving a disconnect with AppSec. The SDLC is automated and fast, while AppSec remains manual and slow. In a recent survey, 96% of developers reported that the disconnect between security and development workflows inhibit their productivity. This point is not lost on AppSec professionals who, in the same survey, reported that building developer-friendly workflows is their top priority. Yet, every aspect of security polled had at least 86% of developers agreeing that it inhibited their productivity. It is clear that attempting to stretch traditional AppSec tools that were designed in a different era, for a different purpose and a different user is not working. 

The modern development workflow is git-based. Developers have become accustomed to immediate feedback loops for feature bugs, such as unit testing, as part of their check-in process. When submitting pull/merge requests, build rules prevent new code that fails unit tests from being accepted into the master branch. Hence, code quality standards are enforced and each developer is accountable for meeting them in the code they write. 

What can security learn from this efficient workflow? 

  • Developers like the process and buy-in to it willingly
  • Feedback is immediate & timely
  • Feedback is trusted
  • Feedback is regular and expected
  • Developers never have to leave their environment 
  • Developers are accountable for code they write
  • Quality standards are customizable per organization and/or repository 
  • Quality standards are enforceable and done so at the right time 
  • Developers adapt their coding practices to the standards enforced over time

This webinar will explain how to rethink AppSec workflows for developers from the ground up. The results of which can be a dramatic increase in developer productivity, typically resulting in a 5X decrease in mean-time-to-remediation of vulnerabilities. The webinar will cover:

  1. The traditional AppSec workflow
  2. Changes in the SDLC leading to development and AppSec disconnect
  3. What AppSec can learn from developer workflows
  4. Requirements for delivering developer-centric AppSec workflows
  5. Real-world data on the improvements from the developer-centric security workflows
  6. Example demo of efficiently inserting security into developers’ workflows
  7. Q&A
Arun Balakrishnan
Director of Product Management - ShiftLeft

On-Demand Viewing:

What You’ll Learn in This Webinar

You’ve probably written a hundred abstracts in your day, but have you come up with a template that really seems to resonate? Go back through your past webinar inventory and see what events produced the most registrants. Sure – this will vary by topic but what got their attention initially was the description you wrote.

Paint a mental image of the benefits of attending your webinar. Often times this can be summarized in the title of your event. Your prospects may not even make it to the body of the message, so get your point across immediately.  Capture their attention, pique their interest, and push them towards the desired action (i.e. signing up for your event). You have to make them focus and you have to do it fast. Using an active voice and bullet points is great way to do this.

Always add key takeaways. Something like this....In this session, you’ll learn about:

  • You know you’ve cringed at misspellings and improper grammar before, so don’t get caught making the same mistake.
  • Get a second or even third set of eyes to review your work.
  • It reflects on your professionalism even if it has nothing to do with your event.