Ori Bendet
VP of Product Management, Checkmarx
Actions
Ori brings more than 16 years of senior-level experience to his role as VP of Product Management at Checkmarx where he oversees the entire AST portfolio, serving thousands of customers worldwide. He is an experienced product leader combining his strong technical and go-to-marketing skills. Ori also managed Checkmarx SAST which is a Gartner and Forrester market leading solution used by thousands of customers worldwide and has been instrumental in spearheading the flagship Checkmarx One AST Platform which is gaining ground with hundreds of global customers adopting the cloud-based platform. Prior to Checkmarx, he held leadership and engineering positions at Time To Know, HPE, PicApp, and Bezeq.
Links
The Cloud on the Horizon - What Lies Ahead for Security, Development, and CloudSec Teams?
With the increase in modern application development and cloud-native applications, additional parts of the application/system are now being managed as code—developed and deployed at the speed of DevOps and in a continuous manner.
From containers, IaC, and application source code to open source code and the OSS supply chain, a revision in your vital applications can reach production within a matter of minutes. This fact can majorly expand your attack surface and increases your risk of falling victim to exploitation. Do you currently know where best to direct your remediation efforts based upon what’s the most important areas to focus on? Clearly, time is of the essence and AppSec visibility is key.
In this session, we’ll discuss the complete paradigm shift away from today’s antiquated approach of vulnerability management, triage, and remediation. We’ll discuss an entirely new set of tools designed to help manage your application risks from a holistic view. And we’ll demonstrate our approach to results correlation, and the value it brings to organizations like yours.
You don’t want to miss this session.
Stop Worrying about Vulnerabilities - A practical guide to Application Security in a DevSecOps World
Today’s organizations often have hundreds of applications they develop, secure, and maintain. However, what CISOs and AppSec managers lack is an easy-to-understand view of their actual AppSec risk. And looking at opened and closed vulnerability tickets, plus charts and graphs of scan results data, are not helping. They need something more.
What CISOs and AppSec managers really want is a holistic, correlated, and straightforward view of their AppSec risk posture, per application, that would immediately let them know what needs to be done to lower risk as much as possible. And instead of having developers running around fixing vulnerabilities that may be totally irrelevant when equipped with an App Risk Indicator, they would be laser-focused on what vulnerabilities need to be remedied to truly reduce cyber risk.
Avoiding IaC misconfiguration (on multiple platforms)
Infrastructure as Code (IaC) makes deploying cloud or container configurations scalable and faster. If you are launching a microservice into a Kubernetes cluster, or even building an entire AWS virtual infrastructure, IaC can automate the deployment. By building repeatable templates you can also ensure that deployments happen exactly as you design, every time.
However, errors in infrastructure configuration are now regarded as the second biggest cause of data breaches. There are many ways to give adversaries an advantage through security misconfigurations. Overly permissive storage volumes, unauthenticated database access, or ports left open to the internet have all been a cause of compromise.
The solution? Treat your infrastructure code the same as your application code. During your build process, use tools to scan for infrastructure misconfigurations. When you find them raise alerts or even break the build.
While there are a few tools for a specific IaC platfrom, in practice DevOps use a variety of IaC platfroms. Our approach to this is to be able to handle all of your IaC platforms from one tool and save you multiple scans.
In this session, we will discuss common types of IaC misconfiguration (general and platform specific) and demonstrate how using KICS open-source security tool can help you avoid them.
2023 All Day DevOps Sessionize Event
AI DevWorld 2023 Sessionize Event
DeveloperWeek Cloud 2022 Sessionize Event
YallaDevOps 2021 Sessionize Event
DevSecCon24 2021 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top