Speaker Dragan Pleskonjic,
Designation: Senior Director of Application Security at IGT
Topic: What is the Present and Future of Software Security?
Date of Webinar: 7th Oct, 2020
Time and Location: 7:00 pm CEST / 10:30 pm IST / 01:00 pm EDT
Dragan Pleskonjic is the Senior Director of Application Security at IGT (formerly GTECH). In his current role, he directs, coordinates, and oversees application security efforts on the global organization level. Dragan is a well-known expert and influential strategic thinker in the area of information security, privacy, machine learning (ML), and artificial intelligence (AI). He is an experienced leader and has held top positions at international companies, working with clients and partners from various sectors worldwide, including finance and banking, technology, telecommunications, services, lotteries, gaming, education, government, and others. He possesses rich experience in creating and managing start-ups, new business development, and has proven leadership and talent for creating, managing, and organizing successful teams. He has initiated and held leading positions in a number of industry projects, as well as in research and development projects.
Dragan is an adjunct professor for various cybersecurity and computer science courses. He is the author of ten books so far, including university textbooks on topics such as cybersecurity, operating systems, and software. Dragan is an inventor with a set of patents granted by USPTO and also CIPO, EPO, and WIPO patent offices. He published more than seventy scientific and technical papers at conferences and journals. His current research and development focus is intelligent predictive security (INPRESEC), exploring the paradigm shift in information security and privacy with artificial intelligence (AI) and machine learning (ML). Dragan is the initiator and founder of INPRESEC project and solution as well as Glog software security solution, Security Predictions, and many other products, solutions, and projects.
In this webinar, the current state of application and software security, challenges that software development and security teams face, how the application and software security can be improved and what is the future.
It’s estimated that 90 percent of security incidents result from attackers exploiting known software security vulnerabilities. Resolving those issues early in the development phase of software could reduce the information security risks facing many organizations today. A number of technologies and tools are available to help developers catch security flaws before they’re baked into a final software release. They include SAST, DAST, IAST, and RASP.
However, you develop your software and scan it for security vulnerabilities with static, dynamic, interactive (SAST, DAST, IAST) or other application security testing methodologies and tools. They report a number of potential security vulnerabilities, which your developers and other teams need to analyze and fix the code. Then you rescan, find some old and some new vulnerabilities, then remediate again. This takes a lot of time, creates friction between teams and jeopardizes your delivery timelines. If you deliver and deploy vulnerable code that can be breached, the damage could be huge, and your reputation ruined.
There are numerous remediation challenges, for example:
- Developers lose too much time to or sometimes not very skilled to analyze findings
- Unclear or incomplete remediation advice offered
- Large number of findings, some of them false positives
- Time and resources to fix issues extensive, time-consuming and unpredictable
- Sometimes SAST reports don’t detect right process and data flows, entry points, sources and sinks of issues and also security controls in code which are already in place
There are research and development programs focused on the new advanced solutions that will be able to give remediation advice for security vulnerabilities in software code based on context or, even more, to fix the security vulnerabilities in the code automatically. Such a solution can be based on machine learning and AI. These tools can be integrated into IDEs, build and CI/CD systems. Bringing this solution to development and application security teams can be very beneficial, save a great amount of time and bring agility in the area of software security and privacy.
- Current state of application and software security
- Analysis of important challenges in application and software security, DevSecOps and application security testing
- How application and software security can be improved and what is the future
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)