A Graph-Based Approach to Hunting Zero Day Vulnerabilities in DevOps Pipelines
iSpeech.org
Traditionally, zero-day vulnerabilities are discovered using patterns in code analysis during development or by conducting penetration testing in runtime environments. However, both approaches require heavy manual efforts and are far too slow to be a part of DevOps pipelines. Traditional code analysis methods are inaccurate, and pentesting is constrained by time and testers’ varying skill levels. Hence, most (if not all) releases are pushed to production without comprehensive security checks.
A graph-based approach can help deliver the holy grail of modern AppSec: Accurate and comprehensive security testing that is automated in the DevOps pipeline.
Join ShiftLeft CTO, Chetan Conikee, to learn how to accurately and comprehensively find vulnerabilities at the speed of DevOps.
This webinar will cover:
Extracting an application’s Security DNA with The Code Property Graph
Querying the Code Property Graph to identify attack surface of application
How to hunt zero-day vulnerabilities
Automating your policy checks
2019-03-13 19:19:30
source
Gloss