90% of data breaches are caused by software vulnerabilities.

Size: px
Start display at page:

Download "90% of data breaches are caused by software vulnerabilities."

Transcription

1 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Offered in partnership with

2 Secure Software Development (SSD) Certificate Program Benefits Individuals Be a real influencer in CyberSecurity Learn skills that increase your marketability Take courses at your convenience Earn CPE/CEU credits Corporations Secure mission critical applications Reduce IT and data risk Comply with mandates for security training Demonstrate commitment to customers An SSD certificate is highly-regarded because it addresses the root cause of data breaches application layer vulnerabilities. The knowledge attained is not general purpose; it is specialized and critical to thwarting cybercrime. The SSD Certificate Program provides assurance that an individual has demonstrated mastery of real-world software security skills. The knowledge and techniques learned in this certificate program is based on and developed by experts in application security field - and offer both defensive techniques as well as awareness as to how a hacker will attack software applications. Certificate Course Work Course hours: 8 Fundamentals of Application Security Fundamentals of Secure Architecture Fundamentals of Secure Development Fundamentals of Secure DB Development Fundamentals of Secure Mobile Development Fundamentals of Web 2.0 Security Choice: Fundamentals of the PCI-DSS or Web Vulnerabilities: Threats & Mitigations About UCF Second largest university in the nation Top 10 among U.S. universities for the power and impact of its patents Ranked fifth, Top Up-andcoming national university by U.S. News & World Report UCF Stands for Opportunity

3 Fundamentals of Application Security This two-part course is ideal for security and development practitioners that want to understand software security risk and seek specific implementation guidance on how to build and deploy more secure software applications. It starts off describing why software security is critical and the risk that software vulnerabilities represent, and proceeds to lay the foundation for secure software development by presenting specific security controls and principles that development teams can implement immediately to reduce software risk. Introduction to Software Security This module presents trends in the attack landscape, the attacker mindset, the concept of software security risk and the need to manage this risk as an organization. Challenging Security Misconceptions This module presents common and dangerous misconceptions that lead to a false sense of security, including: Client-side security does not exist QA is not security testing The application is not the network Tools are not solutions Patches do not guarantee security All software applications have bugs Recognize the need for managing application security risk Understand and leverage the OWASP top 10 list Learn how to implement specific software security controls Learn principles to reduce software risk This course concludes with an assessment that contains 15 questions aimed at measuring the effectiveness of the training Security Principles This module describes specific principles that help guide design, coding and implementation decisions. Layered security/defense in depth Segmentation Structural security Principle of least privilege Default to deny all Handling input and output The OWASP Top Ten List This module explains the OWASP Top Ten Threats, how each threat works, its impact and the best way to mitigate. Security Goals and Controls This module presents the goal of secure software design and security controls that will help mitigate software risk. Confidentiality, Integrity, Availability Error/exception handling Authentication, Authorization/access control Cryptography and encryption Security in the Software Development Lifecycle (SDLC) This module prescribes specific activities for each phase of the SDLC: Requirements, Design, Development, Testing, Production, and Maintenance.

4 Fundamentals of Secure Architecture Understand the state of the software industry with respect to security Learn from past software security errors and avoid repeating those mistakes Understand and use confidentiality, integrity, and availability (CIA) as the three main tenets of information security In the past, software applications were created with little thought to the importance of security. In recent times, businesses have become more rigorous about how they buy software. When looking at applications and solutions, companies don t just look at features, functionality, and ease of use. They focus on the total cost of ownership (TCO) of what they purchase. Security is a large and visible part of the TCO equation. State of the Industry This module explains how software has matured in an insecure world, the historical perspective, and the current state of software industry from a security perspective. It also discusses the deteriorating condition of software security and what you can do about it. After completing this module, you will understand the state of the software industry with respect to security. Learn from past mistakes This module discusses some of the biggest security disasters in software design, their expensive and sometimes tragic consequences. In this module, we will focus on what lessons can be learned from these mistakes. After completing this module, you will see how to avoid repeating mistakes of the past. Information Security Tenets The CIA triad - Confidentiality, Integrity, and Availability - are the information security tenets. You can use the CIA as a means of analyzing and improving the security of your application and its data. After completing this module, you will understand and use confidentiality, integrity, and availability as the three main tenets of information security.

5 Fundamentals of Secure Development In this course, students will learn an overview of software security and its latest trends, as well as the importance of software security for business. Students will also learn to perform threat modeling to identify threats proactively, create threat trees for application components, use threat trees to find vulnerabilities, classify vulnerabilities, and perform risk analysis and prioritize security fixes. Upon completion of this course, you will be able to: Explain why software security matters to your business. Describe how to write secure code on Windows and *nix platforms. Explain why software security matters to your business. Describe how to write secure code on Windows and *nix platforms. Introduction to Software Security This module will provide an overview of software security and its latest trends. It will also explain the importance of software security to your business. After completing this module, you will be able to Identify the latest trends in software security Explain why software security matters to your business This course concludes with an assessment that contains 15 questions aimed at measuring the effectiveness of the training OS Security This module discusses the implementation of security features to develop secure code and avoid OS-specific security pitfalls. It also talks about implementing code assumptions to heighten reliability and security. Finally, this module guides you about using networking facilities to avoid security vulnerabilities. After completing this module, you will be able to: Employ platform-provided security features to write secure code Avoid OS-specific security pitfalls Implement code assumptions to enhance reliability and security Use networking facilities to avoid common security vulnerabilities

6 Fundamentals of Secure Database Development Describe fundamental database concepts and the purpose of a database Gain a basic understanding of common database attacks Describe secure database development best practices List the database development practices that should be avoided Review sample software scenarios to understand database attacks and apply corresponding mitigation This course introduces developers to the fundamentals of secure database development. The course begins with a discussion on the role of databases and how they are used in today s software systems. It also discusses the common database attacks that could be used to cause significant loss to organizations. Next, it reviews the best practices that developers should incorporate to mitigate the risks from database attacks, including practices that developers should avoid. Finally, the course concludes with a walk-through of a software system scenario that allows you to apply the database attacks and developer best practices discussed. Introduction to Introduction to Database Security In this module, you will learn how to store, retrieve, and manage data using databases and database management systems or DBMSs. You will also learn about the various scenarios where a database can be used in software applications. This module also describes structured query language (SQL) and how it is used to manage data in the databases. Finally, this module discusses some database attacks that have been in the news. Common Database Attacks This module discusses common database attacks and vulnerabilities, including SQL injection, information disclosure, weak account passwords, exploitation of extra functionality, unprotected database backups, poorly patched databases, and unprotected communications. It also explains how privilege escalation adds to the severity of these attacks and vulnerabilities. Relevant attack examples and scenarios are included in the discussion. This module also describes how these attacks are perpetrated, and methods you can use to prevent these attacks or reduce their likelihood. Secure Database Development Best Practices In this module, you will learn about various secure database development best practices. Best practices like input validation and SQL statement parameterization check for valid database inputs and mitigate risks from common database attacks respectively. You can also increase database security by suppressing database error messages, reducing the attack surface of the database application, using the least privilege principle to deploy databases, and employing defense in depth.

7 Fundamentals of Secure Mobile Development The use of mobile devices has increased tremendously in the past few years. The convergence between computing and communication technologies is continuously evolving, with new mobile applications that can be accessed anywhere, anytime. Mobile applications often use sensitive user data and therefore pose serious risks that can lead to critical security issues. This course introduces some of the common mobile application risks and the best development practices that you should follow for development to overcome risks. The course also explains how to create a mobile application threat model. Mobile Application Risks Although mobile devices are very useful and convenient, they are also vulnerable to various risks. These risks arise due to security implementation flaws, access levels, or device constraints. This module introduces some common mobile application risks. After completing this module, you will be able to identify common mobile application risks. Identify common mobile application risks Use mobile application development best practices Create a mobile application threat model Mobile Application Development Best Practices The set of best practices that are appropriate for mobile development are similar in many ways to what you would use for a web application or a server-based application. Mobile development best practices mitigate risks from common vulnerabilities related to mobile platform security, network and latency issues, as well as privilege and input validation related problems. After completing this module, you will be able to use mobile application development best practices to secure your mobile code. Threat Modeling Mobile Applications Threat modeling is the most effective technique for risk analysis and remediation for mobile applications. Use a mobile application threat model to understand the assets you want to protect, the threats against these assets and mitigation techniques for both design and implementation vulnerabilities. This module illustrates how to create a threat model and provides an example. After completing this module, you will be able to create a mobile application threat model.

8 Fundamentals of Web 2.0 Security Describe the evolution of Web 2.0 Describe the technologies used in Web 2.0 applications Describe Web services and how they work Explain asynchronous transfers and RSS/Atom syndication Describe various Web 2.0 attacks Explain the cause and impact of Web 2.0 attacks Learn about development best practices to help prevent Web 2.0 attacks This course introduces you to the fundamentals of secure Web 2.0 development. The course begins with a discussion about Web 2.0, its evolution, and the technologies behind it. The course describes common Web 2.0 attacks that can cause significant loss to organizations. It reviews the best practices that you should incorporate to mitigate the risks from Web 2.0 attacks, as well as practices to avoid. The course concludes with a walk-through of a software system scenario that can help you better understand Web 2.0 attacks and apply the best practices discussed in the course. Introduction to Web 2.0 In this module, you will learn about Web 2.0 and its evolution over time, the technologies involved, and some examples of popular Web 2.0 applications. Web 2.0 Attacks This module builds on the concepts covered in Module 1 and discusses common Web 2.0 attacks that you should be aware of. For each attack, you will learn what attackers gain through the attack, the impact of the attack, and why a particular attack is possible. After completing this module, you will be able to describe Web 2.0 attacks with respect to their root cause and impact. Development Best Practices In this module, we will look at secure Web 2.0 development best practices that you can employ to prevent common attacks. In addition, we will look at some development practices that you should avoid. After completing this module, you will be able to use these development best practices.

9 Fundamentals of the PCI-DSS Payment Card Industry Data Security Standards (PCI-DSS) provides minimum requirements for addressing the security of systems handling credit card information. It also specifically requires that organizations implement a formal security awareness program to make all personnel aware of the importance of cardholder data security (12.6) and Educate personnel upon hire and at least annually (12.6.1) This course is designed to meet this requirement and will provide such awareness as well as an basic understanding of each of the PCI-DSS requirements addressing cardholder data security. Introduction to PCI This module introduces you to the Payment Card Industry Security Standards Council (PCI SSC), the standards maintained by the council, and the terminology used in the standards. The module also explains what cardholder data is, the PCI DSS scope, and the methods used to reduce it. PCI DSS Requirements and Scope This module introduces you to the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a set of standards for systems and networks that transmit, process, or store cardholder data. It provides a comprehensive framework for developing secure applications. Understanding the PCI DSS requirements, its purpose, and its compliance needs is a step towards better security. This module also explains the assessment process, the results of certification, and the actions to be taken in case of noncompliance. Describe the PCI Security Standards Council, standards maintained by the council, terminology, the PCI environment, and the scope of PCI standards Identify the PCI DSS requirements and describe the assessment scope

10 Web Vulnerabilities: Threats & Mitigations Understand and identify the most common and recent attacks against Web-based applications Describe the mechanisms of exploitation of Web vulnerabilities Apply best coding practices to avoid Web vulnerabilities Perform code reviews that detect Web vulnerabilities Locate additional Web vulnerabilities resources This course provides all the information you need to understand, avoid, and mitigate the risks posed by Web vulnerabilities. You are first provided with a detailed background on the most common and recent attacks against Webbased applications, such as cross-site scripting attacks and cross-site request forgery attacks. The course then delves into practical recommendations on how to avoid and/or mitigate Web vulnerabilities. Real-world examples are provided to help students understand and defend against Web vulnerabilities. Recognizing the Dangers of Web Vulnerabilities In order for you to effectively mitigate Web vulnerabilities, it is important that you understand the impact of these dangers. This module provides a historical perspective on the damage these types of vulnerabilities have caused and presents detailed mechanics of major web vulnerabilities and how they lead to serious security issues. After completing this module you will be able to: Describe the Origins and Impact of Web vulnerabilities Recognize the dangers of ActiveX control misuse Recognize the dangers of cross-site scripting, canonicalization, SQL Injection, HTTP response splitting, and cross-site request forgery vulnerabilities Challenging Security Misconceptions This module introduces several protections and best practices which if implemented properly, help mitigate the risk of web vulnerabilities in applications. Topics covered include the limitations of common mitigations, truly effective mitigations such as allow lists and frame restrictions, and SDL requirements aimed at mitigating Web vulnerabilities. After completing this module you will be able to: Recognize the limitations of common mitigations for Web vulnerabilities Recognize effective mitigations for Web vulnerabilities Recognize the SDL requirements aimed at mitigating Web vulnerabilities

11 Secure Software Development (SSD) Certificate Program REGISTER ONLINE NOW Offered in partnership with

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite: Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE

More information

Security Awareness, Training and Education Catalog

Security Awareness, Training and Education Catalog Security Awareness, Training and Education Catalog SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG Introduction The human factor what employees do or don t do is the biggest threat to an organization

More information

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Charting the Course to Your Success! Securing.Net Web Applications Lifecycle Course Summary Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based

More information

Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 AWA 008 AWA 009 AWA 010 AWA 012 AWA 013 AWA 014 AWA 015

Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 AWA 008 AWA 009 AWA 010 AWA 012 AWA 013 AWA 014 AWA 015 Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 - Information Privacy and Security Awareness for Executives (Duration: 45 minutes)...1 AWA 008 - Information Privacy

More information

OWASP Top 10 The Ten Most Critical Web Application Security Risks

OWASP Top 10 The Ten Most Critical Web Application Security Risks OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain

More information

SECURITY TRAINING SECURITY TRAINING

SECURITY TRAINING SECURITY TRAINING SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security

More information

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite: Securing Java/ JEE Web Applications (TT8320-J) Day(s): 4 Course Code: GK1123 Overview Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course, essential for experienced

More information

The Top 6 WAF Essentials to Achieve Application Security Efficacy

The Top 6 WAF Essentials to Achieve Application Security Efficacy The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and

More information

Will you be PCI DSS Compliant by September 2010?

Will you be PCI DSS Compliant by September 2010? Will you be PCI DSS Compliant by September 2010? Michael D Sa, Visa Canada Presentation to OWASP Toronto Chapter Toronto, ON 19 August 2009 Security Environment As PCI DSS compliance rates rise, new compromise

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

Hacking by Numbers OWASP. The OWASP Foundation

Hacking by Numbers OWASP. The OWASP Foundation Hacking by Numbers OWASP Tom Brennan WhiteHat Security Inc. tom.brennan@whitehatsec.com 973-506-9303 skype: jinxpuppy Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify

More information

Training Program Catalog SECURITY INNOVATION

Training Program Catalog SECURITY INNOVATION Training Program Catalog SECURITY INNOVATION Table of Contents Computer Based Training - Security Awareness - General Staff AWA 007 - Information Privacy and Security Awareness for Executives (Duration:

More information

Product Security Program

Product Security Program Product Security Program An overview of Carbon Black s Product Security Program and Practices Copyright 2016 Carbon Black, Inc. All rights reserved. Carbon Black is a registered trademark of Carbon Black,

More information

Cybersecurity Education Catalog

Cybersecurity Education Catalog Cybersecurity Education Catalog CYBERSECURITY EDUCATION CATALOG Introduction The human factor what employees do or don t do is the biggest vulnerability to an organization s information security, yet it

More information

Security Communications and Awareness

Security Communications and Awareness Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated

More information

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business

More information

TRAINING CURRICULUM 2017 Q2

TRAINING CURRICULUM 2017 Q2 TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training

More information

RiskSense Attack Surface Validation for Web Applications

RiskSense Attack Surface Validation for Web Applications RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment

More information

Security Communications and Awareness

Security Communications and Awareness Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated

More information

Security Solutions. Overview. Business Needs

Security Solutions. Overview. Business Needs Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.

More information

WHITEHAT SECURITY. T.C. NIEDZIALKOWSKI Technical Evangelist. DECEMBER 2012

WHITEHAT SECURITY. T.C. NIEDZIALKOWSKI Technical Evangelist. DECEMBER 2012 WHITEHAT SECURITY DECEMBER 2012 T.C. NIEDZIALKOWSKI Technical Evangelist tc@whitehatsec.com WhiteHat Security Company Overview Headquartered in Santa Clara, CA WhiteHat Sentinel SaaS end-to-end website

More information

Secure Development Processes

Secure Development Processes Secure Development Processes SecAppDev2009 What s the problem? Writing secure software is tough Newcomers often are overwhelmed Fear of making mistakes can hinder Tend to delve into security superficially

More information

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013 Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security

More information

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience

More information

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

.NET JAVA C ASE. Certified. Certified. Application Security Engineer. .NET C ASE Certified Application Security Engineer JAVA C ASE Certified Application Security Engineer Certified Application Security Engineer www.eccouncil.org EC-Council Course Description The Certified

More information

Effective Strategies for Managing Cybersecurity Risks

Effective Strategies for Managing Cybersecurity Risks October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive

More information

C1: Define Security Requirements

C1: Define Security Requirements OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security

More information

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,

More information

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Using Threat Analytics to Protect Privileged Access and Prevent Breaches Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers

More information

The Honest Advantage

The Honest Advantage The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

Continuous protection to reduce risk and maintain production availability

Continuous protection to reduce risk and maintain production availability Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Evolution of Cyber Attacks

Evolution of Cyber Attacks Update from the PCI Security Standards Council Troy Leach, CTO, PCI Security Standards Council Evolution of Cyber Attacks Viruses Worms Trojan Horses Custom Malware Advanced Persistent Threats 1 Modern

More information

Integrigy Consulting Overview

Integrigy Consulting Overview Integrigy Consulting Overview Database and Application Security Assessment, Compliance, and Design Services March 2016 mission critical applications mission critical security About Integrigy ERP Applications

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

Trustwave Managed Security Testing

Trustwave Managed Security Testing Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to

More information

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number

More information

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Brochure. Security. Fortify on Demand Dynamic Application Security Testing Brochure Security Fortify on Demand Dynamic Application Security Testing Brochure Fortify on Demand Application Security as a Service Dynamic Application Security Testing Fortify on Demand delivers application

More information

Practical Guide to Securing the SDLC

Practical Guide to Securing the SDLC Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure

More information

Automated, Real-Time Risk Analysis & Remediation

Automated, Real-Time Risk Analysis & Remediation Automated, Real-Time Risk Analysis & Remediation TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 VULNERABILITY SCANNERS ARE NOT ENOUGH 06 REAL-TIME CHANGE CONFIGURATION NOTIFICATIONS ARE KEY 07 FIREMON RISK

More information

A (sample) computerized system for publishing the daily currency exchange rates

A (sample) computerized system for publishing the daily currency exchange rates A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency

More information

Entertaining & Effective Security Awareness Training

Entertaining & Effective Security Awareness Training Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course

Terms, Methodology, Preparation, Obstacles, and Pitfalls. Vulnerability Assessment Course Terms, Methodology, Preparation, Obstacles, and Pitfalls Vulnerability Assessment Course All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

All the Latest Data Security News. Best Practices and Compliance Information From the PCI Council

All the Latest Data Security News. Best Practices and Compliance Information From the PCI Council All the Latest Data Security News Best Practices and Compliance Information From the PCI Council 1 What is the PCI Security Standards Council? Collaboration Education Simplified solutions for merchants

More information

Instructor-led Training Course Catalog

Instructor-led Training Course Catalog Instructor-led Training Course Catalog January 2018 800.873.8193 sig-info@synopsys.com synopsys.com/software GENERAL DISCLAIMER This document presents details about the training offerings from Synopsys

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard Introduction Verba provides a complete compliance solution for merchants and service providers who accept and/or process payment card data over the telephone. Secure and compliant handling of a customer

More information

Total Security Management PCI DSS Compliance Guide

Total Security Management PCI DSS Compliance Guide Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to

More information

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,

More information

Development*Process*for*Secure* So2ware

Development*Process*for*Secure* So2ware Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Threat Modeling. Bart De Win Secure Application Development Course, Credits to Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services.  #truecybersecurity Kaspersky Enterprise Cybersecurity Kaspersky Security Assessment Services www.kaspersky.com #truecybersecurity Security Assessment Services Security Assessment Services from Kaspersky Lab. the services

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information

Vulnerabilities in online banking applications

Vulnerabilities in online banking applications Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison

More information

Case Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office

Case Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers

More information

Escaping PCI purgatory.

Escaping PCI purgatory. Security April 2008 Escaping PCI purgatory. Compliance roadblocks and stories of real-world successes Page 2 Contents 2 Executive summary 2 Navigating the road to PCI DSS compliance 3 Getting unstuck 6

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA)

Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA) Information Security In Pakistan & Software Security As A Quality Aspect Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA) Software Quality [Includes Security] LETS OWN SECURITY! Agenda

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

Continuously Discover and Eliminate Security Risk in Production Apps

Continuously Discover and Eliminate Security Risk in Production Apps White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application

More information

Engineering Your Software For Attack

Engineering Your Software For Attack Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

Aguascalientes Local Chapter. Kickoff

Aguascalientes Local Chapter. Kickoff Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark

More information

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported

More information

Twilio cloud communications SECURITY

Twilio cloud communications SECURITY WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and

More information

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose: STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security

More information

How NOT To Get Hacked

How NOT To Get Hacked How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?

More information

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

E-guide CISSP Prep: 4 Steps to Achieve Your Certification CISSP Prep: 4 Steps to Achieve Your Certification Practice for the exam and keep your skills sharp : Thank you for downloading our CISSP certification guide. Aside from this handy PDF, you can also access

More information

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Carbon Black PCI Compliance Mapping Checklist

Carbon Black PCI Compliance Mapping Checklist Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and

More information

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

.NET JAVA C ASE. Certified. Certified. Application Security Engineer. .NET C ASE Certified Application Security Engineer JAVA C ASE Certified Application Security Engineer Certified Application Security Engineer www.eccouncil.org EC-Council Course Description The Certified

More information

Mitigating Security Breaches in Retail Applications WHITE PAPER

Mitigating Security Breaches in Retail Applications WHITE PAPER Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have

More information

Ingram Micro Cyber Security Portfolio

Ingram Micro Cyber Security Portfolio Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training

More information

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results. REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems Copyright 2018 UL LLC. All rights reserved. No portion of this material may be reprinted in any form without the express written

More information

SIEMLESS THREAT MANAGEMENT

SIEMLESS THREAT MANAGEMENT SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.

More information

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early

More information

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection White Paper Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection Table of Contents Introduction....3 Positive versus Negative Application Security....3 Continuous Audit and Assessment

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

CYBERSECURITY MATURITY ASSESSMENT

CYBERSECURITY MATURITY ASSESSMENT CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance

More information

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing

More information

IT infrastructure layers requiring Privileged Identity Management

IT infrastructure layers requiring Privileged Identity Management White Paper IT infrastructure layers requiring Privileged Identity Management Abstract Much of today s IT infrastructure is structured as different layers of devices (virtual and physical) and applications.

More information

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED AUTOMATED CODE ANALYSIS WEB APPLICATION VULNERABILITIES IN 2017 CONTENTS Introduction...3 Testing methods and classification...3 1. Executive summary...4 2. How PT AI works...4 2.1. Verifying vulnerabilities...5

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au

More information

IBM Rational Software

IBM Rational Software IBM Rational Software Development Conference 2008 Our Vision for Application Security David Ng Rational Software Security, Asean IBM Software Group 2008 IBM Corporation Agenda Application Security Defined

More information

Software Security Initiatives for Information Security Officers Marco Morana OWASP Cincinnati Chapter OWASP ISSA Cincinnati Chapter Meeting

Software Security Initiatives for Information Security Officers Marco Morana OWASP Cincinnati Chapter OWASP ISSA Cincinnati Chapter Meeting Software Security Initiatives for Information Security Officers Marco Morana OWASP Cincinnati Chapter OWASP ISSA Cincinnati Chapter Meeting July 14 th 2010 Copyright 2010 - The OWASP Foundation Permission

More information