Join us for a roundtable on GenAI's dual role in cybersecurity. Experts from GitGuardian, Snyk, Docker, and Protiviti, with Redmonk, discuss threat mitigation versus internal tool adoption, securing coding assistants, leveraging LLMs in supply chain security, and more. Gain valuable insights on harnessing GenAI to enhance your DevSecOps practices.

Join Mackenzie Jackson to discover actionable tactics for addressing hardcoded secrets in your software supply chain. Help security teams prioritize, investigate incidents collaboratively with development, and remediate leaks. Complement your existing detection capabilities with robust remediation strategies.

Jeevan Singh (Director of Security Engineering at Rippling) shares key insights on hiring for AppSec roles with Dwayne and Mackenzie. Three crucial qualities for application security team members. Must-watch for career changers and cybersecurity recruiters.

Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.

Gregory Zagraba at GitProtect.io (DevOps Backup & DR Solution) shares his advice on how to implement DevSecOps in an organization, from a high-level overview of what DevSecOps is to practical advice on implementing automation.

‍

Learn how Docker Scout generates signals across the software supply chain to help inform improved development workflows and overcome the contention between security and development teams.

Join our roundtable discussion on overcoming challenges in software supply chain security, focusing on open-source dependencies and DevSecOps collaboration. Experts from GitGuardian, Snyk, Docker, Chainguard, and CircleCI, with Redmonk share insights on improving security and developer relationships, leveraging emerging tools, and addressing fragmentation in security solutions.

Discuss the latest trends in open-source library attacks:  dependency confusion, malicious packages, hallucination of dependencies by AI tools. We will explain how to take advantage of a Software Composition Analysis tool to protect against these risks and eliminate vulnerabilities. We will also explore the risks of licensing code dependencies on companies' intellectual property.

Developer and security teams often clash on securing secrets for machine identities. In this session, Uzi Ailon, VP of DevOps, and Evan Litwak, Sr. Director of DevSecOps Solutions Strategy at CyberArk, explore differences in securing human vs. machine identities. They offer practical solutions for secrets sprawl, discuss ‘vault sprawl,’ and share strategies for centralized secrets management that won’t slow down development.

Join us for an insightful discussion on securing the modern software delivery pipeline. Explore topics like the impact of incidents such as Log4J, the role of SBOMs and SLSA in ensuring trust, and the challenges of implementing ASPMs. Gain valuable insights into securing your software ecosystem.

Learn how Snyk AppRisk Pro enables improved application visibility and discovery, risk-based prioritization, and security coverage management. The new integration with GitGuardian plays a critical role in extending the visibility of Snyk AppRisk across application security programs to help AppSec teams better manage their entire overall program.