Events & Webinars

Learn from the best professionals on the market how to make your applications safer.

Webinar Head Icon

On Demand

Software Supply Chain Implications for Zero Trust

Software Supply Chain Implications for Zero Trust

Zero Trust (ZT) has been the source of hope and confusion for many organizations looking to improve and modernize their security program. It is not a new concept, but President Biden’s 2021 Executive Order has recently highlighted it. The order cites Zero Trust, Software Supply Chains, and SBOM as critical pieces toward better securing American institutions and people against cyber attacks. There is wide agreement that ZT concepts lead in a positive direction toward better security. Implementing it requires fundamental changes and raises questions: How does it really work? How do I apply it? What are its implications? In this webinar, Jerry Hoff and Julius Musseau break down Zero Trust’s fundamental concepts and resources.

When Container Scanning Falls Short

When Container Scanning Falls Short

Are you relying on your container scanning to secure your applications? You might be exposed! Containers have taken IT by storm. They increase delivery speed and stability. To secure them, you just run a scanner, right? Perhaps… Metal detectors cannot detect plastic explosives. Similarly, many container scanners (e.g., Quay, Docker Hub, and even Snyk) are unable to detect the most vulnerable libraries inside Docker containers or Kubernetes clusters. Do you want to know what your container scanner might be missing? Watch this live streaming event with the heavyweight security expert Julius Musseau, where he highlights the issues and presents solutions. Learn about the typical container scanning short falls.

Peaks vs. Valleys – Perspectives on Software Supply Chains

Peaks vs. Valleys – Perspectives on Software Supply Chains

Real-world supply chains can involve planes, ocean freighters, trains, trucks, and even bike couriers. So it’s no surprise that software supply chains also involve a wide variety of complementary production, distribution, and deployment channels. One of the challenges with securing software supply chains is that solutions must be combined to address each conduit supporting the entire chain. Patching the libraries your software engineers copied into your final build is insufficient—you must also consider your base images, the packages and platforms brought in via provisioning scripts, and even possibly plugins deployed by admins post-deployment! Unfortunately, these disparate channels often have different weaknesses and vulnerabilities and require different security approaches.

Log4J Reunion Tour 2022 !!!

Log4J Reunion Tour 2022 !!!

The unofficial, unauthorized retrospective, 9 months later. If it was not clear before, after Log4j, it certainly is now! Everybody uses open-source software in their applications. There are no exceptions, and as a result, we are all at risk of being breached by vulnerabilities in open-source software. The Log4J bug was a wake-up call. The Apache Log4j vulnerability was one of the most significant breaches in recent history. Its impact was felt worldwide, and the repercussions are still being felt today. In this live event, Lunasec founder and CEO Free Wortley, AppSec Expert Jim Manico, and vulnerability scanning implementor (and Apache committer) Julius Musseau come together to discuss the 2021 Log4J debacle.

API Security – Preventing an API Breach

API Security – Preventing an API Breach

ISt goes without saying that APIs are deployed everywhere. For instance a website click quickly initiates a dozen REST calls directly from your browser and another dozen behind the scenes...

OWASP Top Ten #1 Worst Problem: Poor Access Control

OWASP Top Ten #1 Worst Problem: Poor Access Control

Access control is the biggest problem in Application Security. Find out what industry experts have to say about it and how you can protect your applications from it....

How To Avoid Catastrophic Cryptographic Failures In Your Apps

How To Avoid Catastrophic Cryptographic Failures In Your Apps

Danger, Cryptography Ahead! The latest OWASP Top 10 ranks “Cryptographic Failures” as the 2nd worst security problem currently facing software engineers today. In this webinar AppSec experts Jim Manico (OWASP Top Ten contributor), Farshad Abasi (OWASP Chapter Lead), and Julius Musseau will discuss why this is the case and offer the best practices and resources for developers trying to avoid such failures in their own systems. As the very recent (and very serious) CVE-2022-21449 shows – this problem never goes away! It’s hard for software practitioners to stay up-to-date because new critical cryptographic weaknesses and configuration disasters are discovered and disseminated every year, and seemingly tiny benign mistakes can be game over.

OWASP ASVS: your balanced appsec diet

OWASP ASVS: your balanced appsec diet

Build strength, fitness and peace of mind! In this webinar, application security heavyweights Jim Manico (OWASP Top Ten contributor), Farshad Abasi (OWASP Chapter Lead), and Julius Musseau will talk about the best thing that can happen to you if your application security team is overwhelmed, overworked and over-worried. What you will learn in this section: Are you thinking of establishing a balanced appsec process, or are you looking at fine-tuning your existing process? The first application security standard by developers for developers! That defines three risk levels with 200+ controls. And gives you a similar value to ISO 27034 for a fraction of the hassle.