Defining and Stopping the "Plague" of Application Security False Positives

Presenters:
JJ Asghar, Developer Advocate at IBM
Erik Costlow, Director of Developer Relations at Contrast Security

Moderator:
Patrick Spencer, Editor-in-Chief of the Inside AppSec Podcast

False positives in application security are the kiss of death.

They kill time, confidence, and ultimately, the application if they detract from security’s ability to focus on the critical vulnerabilities.

Attend this webinar to get a better perspective on how pervasive the issue of false positives is, and the impact these erroneous alerts have on an organization—from the effects of alert fatigue to the impediments on a company’s digital transformation.

Some key takeaways from attending this webinar:

• How and why legacy scanning approaches often deliver more harm than good
• How perimeter defenses such as a WAF become “alert faucets” with a never-ending flow of false positives that weigh down both security and development teams
• How to measure the human and fiscal resource impact of these false positives
• How to achieve continuous security that’s accurate, through instrumentation
• How security observability of applications in development and production helps you see more of the critical risks and less of the noise

Plus, you’ll discover how recognizing the “plague” of false positives in the typical application security environment is a crucial step to moving security toward a business innovation enabler vs. a blocker—thereby making the case for increased AppSec investment.