SAST, DAST and IAST Are Not Enough (to Cover Your Ass)
SAST, DAST, SCA and IAST are security tools that address bugs, zero-day vulnerabilities and the first layer of potentially insecure components in the development and deployment process. They all have a place, but most of these tools do not scan open source components beyond the first dependency layer, if they scan open source components at all.
Unfortunately, the reality of the last five years is that open source packages are being heavily targeted by malicious actors using new tools and tactics. These newfound vectors of attack call for new approaches, tools and controls. It’s time to make open source supply chain security mission-critical.
In this webinar, our experts discuss the steps organizations can take to go from zero visibility to world-class supply chain security in practice. We cover:
- The “two-stage compromise” nature of software supply chain attacks
- Common issues with relying on open source public repositories
- The SLSA framework as an actionable reference for best practice implementation
- How our customers are addressing the gaps in traditional AppSec and secure software development frameworks (SSDFs)
- Live demo of securing the supply chain for a Python project using the ActiveState Platform
Watch On-Demand
Presenters:
Nicole Schwartz, Security Product Manager, ActiveState
Nicole Schwartz speaks about Information Security, DevSecOps, Agile, and DEI. She is currently a Product Manager at ActiveState, Chief Operating Officer for The Diana Initiative, an organizer for the SkyTalks village at DEF CON. She holds a Master of Science in Information Technology from Clarkson University and can be found at @CircuitSwan.
Dana Crane, Product Marketing Manager, ActiveState
With 25+ years in the software industry, Dana has both crossed and fallen into the chasm as a Product Marketer and Product Manager. When not playing basketball or writing blogs, his time is split between making products easier to use and easier to understand.
