Proven Best Practices for Safer Code that Work: AppSec for the Win | Webinar Mend.io
In this session, Chris Lindsey discusses proven best practices for building a robust AppSec program, offering actionable insights for both developers and security teams. Chris, with over 35 years of experience in software development and 15+ years in security, shares strategies that helped him run a successful security program. Topics include fixed campaigns, container security, developer training, and handling vulnerabilities, with a focus on practical steps and real-world examples.
🔔 Subscribe now for the latest AppSec insights and expert discussions: https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ
Chapters:
00:00 - Welcome & Introduction
03:35 - Importance of Security Leadership & Communication
05:01 - Fixed Campaigns: Addressing Security Issues Post-Release
08:07 - Handling Dependencies and Security Debt
10:30 - Container Security: Best Practices for Safe Integration
15:31 - Developer Training: Enhancing Security Awareness from Onboarding
17:58 - Breaking Down Silos Between Developers & Security Teams
21:18 - Real-World Story: SQL Injection Discovery and Fixing It
24:52 - Automating Security with SCA and Renovate Tools
30:07 - API Security: Ensuring Proper Validation & Logging
34:59 - Session Expiry and Protecting Sensitive Data
39:25 - Password Security and Multi-Factor Authentication
42:25 - Handling Vulnerabilities: Common Injection & XSS Attacks
47:04 - Best Practices for Securing Cookies & Session Data
50:58 - Managing Cloud Misconfigurations & Ensuring Proper Access Control
52:48 - Final Thoughts and Q&A
What You'll Learn:
- How to build a strong, effective AppSec program
- Practical tips for managing vulnerabilities and security debt
- Best practices for securing containers and APIs
- Strategies for integrating security into developer workflows
- How to leverage automation tools for continuous security
📺 Watch Next:
- ️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist
- ️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist
- ️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw
- ️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
- ️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg
🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656
📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.
#CyberSecurity #SecureCoding #DeveloperTraining
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.