AppSec Day Utrecht

As the application security industry evolves, various organizations are shifting their focus toward AI-based solutions by integrating with application security solutions for threat detection and prevention. It has developed as a key technology in the fight against these threats, offering the ability to detect and respond to security incidents in real-time.

The Fortify team at OpenText Cybersecurity invites you to join us for this event, where we’ll explore how innovation meets compliance with NIS2, EU Cyber Resilience Act and DORA.

Learn how to stay ahead of evolving application security threats with a close look at the transformative power of AI. We'll be joined by two customers who will be sharing their experiences to help your organization get clarity around how to prioritize and implement this into your software supply chain management.

12:00	Registration & Networking Lunch
12:45	Welcome by Arthur
12:55	Will developers become extinct? Critical steps for developer security enablement in the brave new world of AI pair programming by Matias Madou, Co-Founder and Chief Technology Officer at Secure Code Warrior In this presentation, Matias Madou, will reveal, based on AI experiments and key research with CISOs, the critical pathways security leaders can take to execute developer-focused training programs that reduce risk, shift negative security sentiment in the development cohort, and safely adapt AI technology, including understanding comparisons between AI and human coding, what works, and what can affect enterprise security maturity.
13:25	Customer Case with ABN AMRO: The Future of DevSecOps - AI's Unexplored Capabilities by Fatma Dahmane, Secure Coding Domain Expert at ABN AMRO In the pursuit of robust software security, integrating security measures early in the development lifecycle is crucial. This presentation envisions the transformative role of artificial intelligence (AI) in enhancing DevSecOps practices in the near future. We will explore the potential of AI technologies to revolutionize security testing, vulnerability detection, and threat mitigation, offering automation and precision that surpass traditional methods. The discussion will provide insights into how AI can fundamentally change the landscape of early-stage security integration, making development processes more secure and efficient. As we look ahead, attendees will be invited to imagine the future of an AI-enhanced DevSecOps ecosystem and the exciting changes it could bring.
13:55	Break
14:05	The impact of AI on Application Security Testing by Frans van Buul, Sr. Manager, Product Management at OT Join us as we explore the transformative role of AI in Application Security, focusing on Static Application Security Testing (SAST) and beyond. We'll investigate the opportunities that AI brings to AppSec. A key example is extremely accurate machine auditing: recognize which issues are false positives or noise and provide nuanced remediation advice for the rest. Additionally, we'll shift our lens to the emerging security vulnerabilities inherent in AI-driven applications, discussing how modern AppSec tools can address these challenges. We'll review the new OWASP LLM Top-10 as part of this
14:35	Mindset of Open-Source secure intake process for Developer by Jonathan Jogenfors, Principal Solutions Consultant at OT Build security knowledgeable developments teams and make it easy for them to find & only including safe & compliant code into the codebase in the first place Making sure that the developers are skilled and “security savvy” (SCW) Help developers to easily search and find the right OS that is safe & in compliance (Open Source Select) Block insecure OSS that should not find its way into the code (Sonatype Firewall)
15:05	Break
15:15	Regulations, Software Security, and Open Source Development by Ryan Dobson, Cybersecurity Account Manager at Sonatype After Solarwinds and Log4j, governments are pressing CEOs for secure software development. Regulations like EU Cyber Resilience Act, NIS2, BSI, DORA, ISO 21434 demand action for better software security. This talk examines these regulations, compliance, and their effect on open source development.
15:45	Customer Case: Navigating the Intersection of AI-Generated Code, License Compliance, and Security by Ibrahim Haddad In today’s rapidly evolving software deployment landscape, ensuring security and license compliance has become a critical priority across the global software supply chain. The rise of AI-generated code has introduced new complexities, necessitating heightened vigilance to maintain compliance, enhance security, and manage cybersecurity risks. Legislative efforts worldwide—from the US and EU to Canada, China, Japan, and beyond—further emphasize the importance of software security and the need for comprehensive tracking of software components. In this talk, Dr. Haddad will explore the intricate challenges of license compliance and security, with a focus on software composition analysis. The presentation will highlight common issues and provide practical insights into addressing these challenges through automated tools, educational initiatives, and active participation in leading organizations. These efforts, supported by collaboration among companies, universities, governments, and open-source projects, are paving the way for innovative solutions in this critical area.
16:15	Wrap Up & Network Drink