SAST, DAST and IAST Are Not Enough (to Cover Your Ass)

SAST, DAST and IAST Are Not Enough (to Cover Your Ass)

SAST, DAST, SCA and IAST are security tools that address bugs, zero-day vulnerabilities and the first layer of potentially insecure components in the development and deployment process. They all have a place, but most of these tools do not scan open source components beyond the first dependency layer, if they scan open source components at all. Unfortunately, the reality of the last five years is that open source packages are being heavily targeted by malicious actors using new tools and tactics. These newfound vectors of attack call for new approaches, tools and controls. It’s time to make open source supply chain security mission-critical. In this webinar, our experts discuss the steps organizations can take to go from zero visibility to world-class supply chain security in practice. We cover:
  • The “two-stage compromise” nature of software supply chain attacks
  • Common issues with relying on open source public repositories
  • The SLSA framework as an actionable reference for best practice implementation
  • How our customers are addressing the gaps in traditional AppSec and secure software development frameworks (SSDFs)
  • Live demo of securing the supply chain for a Python project using the ActiveState Platform
Empower developers to move fast while also “covering your ass” when it comes to securing your entire software supply chain. Join us!

Watch On-Demand

Presenters:

Nicole Schwartz, Security Product Manager, ActiveState Nicole Schwartz speaks about Information Security, DevSecOps, Agile, and DEI. She is currently a Product Manager at ActiveState, Chief Operating Officer for The Diana Initiative, an organizer for the SkyTalks village at DEF CON. She holds a Master of Science in Information Technology from Clarkson University and can be found at @CircuitSwan.
Dana Crane, Product Marketing Manager, ActiveState With 25+ years in the software industry, Dana has both crossed and fallen into the chasm as a Product Marketer and Product Manager. When not playing basketball or writing blogs, his time is split between making products easier to use and easier to understand.

Recent Posts

Webinar - Walking Dead Past Python EOL
Walking Dead Past Python EOL

With Red Hat dropping Python 2 support, more organizations will be stuck maintaining zombie legacy apps. Stop racing against EOL dates and letting bad practices infect your new projects. Get current and stay current with the latest open source language versions.

Read More
Scroll to Top