THE FUTURE OF APPSEC AUTOMATION WHY YOUR APPSEC EXPERTS ARE KILLING YOU. Jeff Williams,
|
|
- Stephany Shields
- 5 years ago
- Views:
Transcription
1 THE FUTURE OF APPSEC AUTOMATION WHY YOUR APPSEC EXPERTS ARE KILLING YOU Jeff Williams, CONTRAST SECURITY 291 Lambert Avenue Palo Alto, California
2 ARE YOU SECURE? Threats Expected Security Model (claims) Verified Defenses (evidence) 2
3 Claims. asdf Not evidence. But still very cool.
4 1% DOS Espionage Application Security 9% Skimmers 22% 36% 4% Crimeware 14% Point of Sale Insiders 8% *2014 Verizon DBIR
5 1% DOS Espionage Application Security 9% Skimmers 22% 36% 1.7% of security spending 14% 4% Point of Sale Crimeware Insiders 8% *2014 Verizon DBIR
6 The frequency and sophistication of attacks is increasing as the complexity, connectivity, and criticality of our code is increasing * h,p:// biggest- data- breaches- hacks/ 6
7 Application security is eating security Alex Stamos (Yahoo CISO) 7
8 How Are We Doing? 1. Assurance? Coverage? 10% 3. Process Fit? Mad Assurance Coverage Process Fit *2014 Aspect Security Global Application Security Risk Report
9 Space Shu,le Spring Framework Windows 3.1 US Tax Code Window NT 3.5 Firefox Windows NT 4.0 MicrosoT Office 2013 Mac OSX Car SoTware Mouse DNA Financial Organiza9on 400,000 1,165,000 2,500,000 4,400,000 4,500,000 9,500,000 12,000,000 44,500,000 85,000, ,000, ,000,000 The Insane Complexity of Modern Code 1,000,000,000 9
10 TRADITIONAL APPSEC PROGRAM Assurance Application Portfolio Experts Expert Tools Coverage Process Fit Development organiza9ons interpret DELAYS as DAMAGE and route around them.
11 CONTEXT CONTENT IS KING! 11
12 A Vulnerability Is a Pattern of Events DB
13 Rootkits Aren t Always Evil! Enterprise Java Rootkits - BlackHat 2009 The holy grail of backdoors The Java Instrumentation API h,ps:// usa- 09/WILLIAMS/ BHUSA09- Williams- EnterpriseJavaRootkits- PAPER.pdf
14 Instrumentation 1. java -javaagent=agent.jar Class Original Class Bytecode Class 2. premain() 3. addtransformer() 4. loadclass() Agent Java Virtual Machine ClassFile Transformer 5. transform() ClassLoader Instrumented Class Class Class Bytecode Add sensors. bytecode is instrumented for security!
15 DEEP SECURITY INSTRUMENTATION HAS UNFAIR ADVANTAGES Deep Security Instrumentation Code Libraries Runtime Data Flow Software Architecture HTTP Traffic Frameworks Runtime Control Flow Server Configuration SAST DAST WAF Code HTTP Traffic HTTP Traffic Backend Connections Configuration Data Platform Runtime Etc 15
16
17 Daily Work Design Develop Test Code Accepted Released Product Released Product
18 Continuous AppSec 18
19 thousands of reports a minute csp_reports_at_scale.html
20 Surface security info for everyone, not just the security team
21 APPLICATION SECURITY TWO SEPARATE WORLDS Development Operations Tools to detect vulnerabilities Tools to stop attacks 21
22 TODAY EVOLUTIONARY ADVANCES Development Operations IAST Interactive Application Security Testing RASP Runtime Application Self-Protection DAST SAST Threat Agent WAF IDS/IPS Must have technologies Joseph Feiman (Gartner) 22
23 TOMORROW UNIFIED APPSEC Development AND Operations UNIFIED APPSEC RASP IAST A single appsec technology across the entire lifecycle 23
24 INFUSE SECURITY TECHNOLOGIES INTO APPLICATIONS Application SAST DAST Deep Security Instrumentation WAF Agent IDS/IPS Threat 24
25 EXAMPLE: CODE VULNERABILITIES (SQL INJECTION) Concept Architecture Design Development Unit Testing Integration QA Testing Operation Monitoring Generate accurate security architecture diagrams Provide instant vulnerability feedback Add security testing to existing test efforts Identify and block attacks and exploits 25
26 EXAMPLE: THIRD PARTY LIBRARIES (SPRING EL INJECTION) Employee Apps Third Party Apps Public Apps Cloud Apps Rogue Apps Automatically collect library inventory Notify projects of library vulnerabilities Ensure that developers use libraries safely Shield applications from attacks on known vulnerabilities 26
27 The world s fastest application security.
Application Security at Scale
Jake Marcinko Standards Manager, PCI Security Standards Council Jeff Williams CTO, Contrast Security Application Security at Scale AppSec at Scale Delivering Timely Security Solutions / Services to Meet
More informationTHE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security
THE THREE WAYS OF SECURITY Jeff Williams Co-founder and CTO Contrast Security 1. TODAY S AVERAGE APPLICATION IS A SECURITY DISASTER 2. SOFTWARE IS LEAVING SECURITY IN THE DUST SOFTWARE Typical enterprise
More informationApplication Security at DevOps Speed and Portfolio Scale. Jeff Contrast Security
Application Security at DevOps Speed and Portfolio Scale Jeff Williams @planetlevel Contrast Security OWASP XSS Prevention Cheat Sheet 1,000,000 Page Views! https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet
More informationCONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WHITEPAPER
WHITEPAPER CONTRAST ASSESS MARKET-DEFINING APPLICATION SECURITY TESTING FOR MODERN AGILE AND DEVOPS TEAMS WELCOME TO THE ERA OF SELF-PROTECTING SOFTWARE CONTRASTSECURITY.COM CONTENTS What is Interactive
More informationApplication Security Use Cases. RASP, WAF, NGWAF, What The Hell is The Difference.
Application Security Use Cases RASP, WAF, NGWAF, What The Hell is The Difference. Acronym Soup July 29, 2016 2 July 29, 2016 3 Definition of Terms WAF Web Application Firewall / waf / noun 1. An appliance,
More informationManaging an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1
Managing an Application Vulnerability Management Program in a CI/CD Environment March 29, 2018 OWASP Vancouver - Karim Lalji 1 About Me Karim Lalji Managing Security Consultant (VA/PT) at TELUS Previously:
More informationHow to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M. Matias Madou Ph.D., Secure Code Warrior
How to spend $3.6M on one coding mistake and other fun stuff you can do with $3.6M Matias Madou Ph.D., Secure Code Warrior Matias Madou, Ph.D. CTO and Co-Founder Ph.D. in Computer Engineering from Ghent
More informationBrochure. Security. Fortify on Demand Dynamic Application Security Testing
Brochure Security Fortify on Demand Dynamic Application Security Testing Brochure Fortify on Demand Application Security as a Service Dynamic Application Security Testing Fortify on Demand delivers application
More informationTHE CONTRAST ASSESS COST ADVANTAGE
WHITEPAPER THE CONTRAST ASSESS COST ADVANTAGE APPLICATION SECURITY TESTING COSTS COMPARED WELCOME TO THE ERA OF SELF-PROTECTING SOFTWARE CONTRASTSECURITY.COM EXECUTIVE SUMMARY Applications account for
More informationDiscover Best of Show März 2016, Düsseldorf
Discover Best of Show 2016 2. - 3. März 2016, Düsseldorf 2. - 3. März 2016 Softwaresicherheit im Zeitalter von DevOps Lucas von Stockhausen Regional Product Manager Fortify The case for Application Security
More informationINTERACTIVE APPLICATION SECURITY TESTING (IAST)
WHITEPAPER INTERACTIVE APPLICATION SECURITY TESTING (IAST) Software affects virtually every aspect of an individual s finances, safety, government, communication, businesses, and even happiness. Individuals
More informationPT Unified Application Security Enforcement. ptsecurity.com
PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over
More informationAn Introduction to the Waratek Application Security Platform
Product Analysis January 2017 An Introduction to the Waratek Application Security Platform The Transformational Application Security Technology that Improves Protection and Operations Highly accurate.
More informationThe Continuous Application Security Handbook
The Continuous Application Handbook Unify Strategy Across Development & Operations FALL 2016 We reject the old paradigm of periodic and serial scanning, hacking, and patching, which has proven expensive
More informationContinuously Discover and Eliminate Security Risk in Production Apps
White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application
More informationMicro Focus Fortify Application Security
Micro Focus Fortify Application Security Petr Kunstat SW Consultant +420 603 400 377 petr.kunstat@microfocus.com My web/mobile app is secure. What about yours? High level IT Delivery process Business Idea
More informationOfer MAOR CTO Quotium
Ofer MAOR CTO Quotium @OferMaor Application Performance Monitoring OWASP Israel Sep 2014 Introduction Incidents The Problem Runtime Analysis / IAST DataHound - Free Tool Q&A About Myself 20 years in information/application
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationWHITEHAT SECURITY. T.C. NIEDZIALKOWSKI Technical Evangelist. DECEMBER 2012
WHITEHAT SECURITY DECEMBER 2012 T.C. NIEDZIALKOWSKI Technical Evangelist tc@whitehatsec.com WhiteHat Security Company Overview Headquartered in Santa Clara, CA WhiteHat Sentinel SaaS end-to-end website
More informationSECURITY-AS-A-SERVICE BUILT FOR AWS
SOLUTION BRIEF: SECURITY-AS-A-SERVICE BUILT FOR AWS Alert Logic Security-as-a-Service solutions integrate cloud-based software, analytics and expert services to assess, detect and block workload threats
More informationHybrid 2.0 In search of the holy grail
Hybrid 2.0 In search of the holy grail A Talk for OWASP BeNeLux by Roger Thornton Founder/CTO Fortify Software Inc 2008 All Right Reserved Fortify Software Inc. 2 Before we Begin: Expectations Objectives
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationAn Introduction to Runtime Application Self-Protection (RASP)
Product Analysis June 2016 An Introduction to Runtime Application Self-Protection (RASP) The Transformational Application Security Technology that Improves Protection and Operations Highly accurate. Easy
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationTrustwave Managed Security Testing
Trustwave Managed Security Testing SOLUTION OVERVIEW Trustwave Managed Security Testing (MST) gives you visibility and insight into vulnerabilities and security weaknesses that need to be addressed to
More informationMicro Focus Security Fortify. Application Security
Micro Focus Security Fortify Application Security Secure the new Application security in DevOps Agenda: - Fortify in brief (Offerings) - Fortify Source Code Analyzer - Fortify WebInspect - Using Fortify
More informationIBM Rational Software
IBM Rational Software Development Conference 2008 Our Vision for Application Security David Ng Rational Software Security, Asean IBM Software Group 2008 IBM Corporation Agenda Application Security Defined
More informationTaking Control of Your Application Security
EDUCAUSE Wednesday, May 3 rd Taking Control of Your Application Security 2017 SANS Institute All Rights Reserved INTRODUCTION Eric Johnson, CISSP, GSSP-Java, GSSP-.NET, GWAPT Application Security Curriculum
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationSecure DevOps: A Puma s Tail
Secure DevOps: A Puma s Tail SANS Secure DevOps Summit Tuesday, October 10th 2017 Eric Johnson (@emjohn20) Eric Johnson, CISSP, GSSP, GWAPT Cypress Data Defense Principal Security Consultant Static code
More informationShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
More informationSecuring Production Applications & Data at Runtime. Prevoty
Securing Production Applications & Data at Runtime Prevoty Introducing Prevoty Scalable visibility and protection for all applications and services 20+ 3 Over Verticals: Awards & Recognitions Years in
More informationEU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux
EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider
More informationSTOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.
Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The
More informationApplication Security Using Runtime Protection
Application Security Using Runtime Protection How RASP can secure your web applications with point & click protection Waratek Solves the Application Security Problems That No One Else Can Application Security
More informationA Strategic Approach to Web Application Security
A STRATEGIC APPROACH TO WEB APP SECURITY WHITE PAPER A Strategic Approach to Web Application Security Extending security across the entire software development lifecycle The problem: websites are the new
More informationBETTER Mobile Threat Defense (BMTD)
BETTER Mobile Threat Defense (BMTD) Powered by BETTER Mobile Security, Inc. Enterprise Challenges Today s enterprise IT managers are looking for better and more efficient ways to empower workforces utilizing
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationIBM Application Security on Cloud
April, 2017 IBM Application Security on Cloud Service Overview Security has and will always be about understanding, managing, and mitigating the risk to an organization s most critical assets. - Dr. Eric
More informationTREND MICRO SMART PROTECTION SUITES
SOLUTION BROCHURE TREND MICRO SMART ROTECTION SUITES Maximum endpoint security from your proven security partner Get smarter security that goes where your users go The threat landscape is constantly changing,
More informationBehavioral Analytics A Closer Look
SESSION ID: GPS2-F03 Behavioral Analytics A Closer Look Mike Huckaby VP, Global Systems Engineering RSA The world is full of obvious things which nobody by any chance ever observes. Sherlock Holmes 2 Patterns
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationWHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION
WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION 2 Web application firewalls (WAFs) entered the security market at the turn of the century as web apps became increasingly
More informationUn SOC avanzato per una efficace risposta al cybercrime
Un SOC avanzato per una efficace risposta al cybercrime Identificazione e conferma di un incidente @RSAEMEA #RSAEMEASummit @masiste75 Mauro Costantini - Presales Consultant Agenda A look into the threat
More informationImproving Security in the Application Development Life-cycle
Improving Security in the Application Development Life-cycle Migchiel de Jong Software Security Engineer mdejong@fortifysoftware.com March 9, 2006 General contact: Jurgen Teulings, 06-30072736 jteulings@fortifysoftware.com
More informationBusiness Strategy Theatre
Business Strategy Theatre Security posture in the age of mobile, social and new threats Steve Pao, GM Security Business 01 May 2014 In the midst of chaos, there is also opportunity. - Sun-Tzu Security:
More informationQUICK WINS: Why You Must Get Defensive About Application Security
QUICK WINS: Why You Must Get Defensive About Application Security IN TODAY S COMPETITIVE BUSINESS ENVIRONMENT, DEMONSTRATING IMMEDIATE PAYOFFS WILL HELP YOU PROVE JUST HOW VALUABLE AN APPLICATION SECURITY
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security expert and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationBest Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security
Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate
More informationINJECTING SECURITY INTO WEB APPS WITH RUNTIME PATCHING AND CONTEXT LEARNING
INJECTING SECURITY INTO WEB APPS WITH RUNTIME PATCHING AND CONTEXT LEARNING AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix
More informationAdvanced Threat Intelligence to Detect Advanced Malware Jim Deerman
Advanced Threat Intelligence to Detect Advanced Malware Jim Deerman jdeerman@isc8.com Safe Harbor Statement All statements included or incorporated by reference in these slides, other than statements or
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationSoftware-Defined Secure Networks. Sergei Gotchev April 2016
Software-Defined Secure Networks Sergei Gotchev April 2016 Security Trends Today Network security landscape has changed. CISOs Treading Water Pouring money into security, yet not any more secure - Average
More informationTHE MAIN APPLICATION SECURITY TECHNOLOGIES TO ADOPT BY 2018
THE MAIN APPLICATION SECURITY TECHNOLOGIES TO ADOPT BY 2018 1 Application Security Continues to Evolve This September, consumer credit reporting agency Equifax reported a security breach that occurred
More informationWhy we need Intelligent Security? Juha Launonen Sourcefire, Inc.
Why we need Intelligent Security? Juha Launonen Sourcefire, Inc. 11-2010 About Sourcefire Mission: To be the leading provider of intelligent cybersecurity solutions for the enterprise. 2 Founded in 2001
More informationPEOPLE CENTRIC SECURITY THE NEW
PEOPLE CENTRIC SECURITY THE NEW PARADIGM IN CYBERSECURITY David Karlsson SE Nordics March 2018 1 2018 Proofpoint, Inc. Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY PARTNERS
More informationSECURITY-AS-A-SERVICE BUILT FOR MICROSOFT AZURE
Alert Logic Virtual Machines are Microsoft Azure Certified to ensure compatibility with the Azure platform. SOLUTION BRIEF: SECURITY-AS-A-SERVICE BUILT FOR MICROSOFT AZURE Alert Logic Security-as-a-Service
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationIDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO
IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO (US) @BEN_SMITH IDENTITY = THE MOST CONSEQUENTIAL ATTACK VECTOR Confirmed data breaches involving weak, default
More informationSECURITY-AS-A-SERVICE
SOLUTION BRIEF: SECURITY-AS-A-SERVICE FOR APPLICATIONS IN CLOUD & HYBRID ENVIRONMENTS Alert Logic solutions combine cloud-based software and innovative analytics with expert services to assess, detect
More informationHQ 754 th Electronic Systems Group. Application Software Assurance Center of Excellence (ASACoE) Maj Michael Kleffman, CTO ASACoE
HQ 754 th Electronic Systems Group Application Software Assurance Center of Excellence (ASACoE) Maj Michael Kleffman, CTO ASACoE Overview Context and Mission Resources and Tempo Accomplishments Services
More informationTREND MICRO SMART PROTECTION SUITES
SOLUTION BROCHURE TREND MICRO SMART ROTECTION SUITES Maximum Trend Micro XGen security from your proven security partner Get smarter security that goes where your users go The threat landscape is constantly
More informationRobots with Pentest Recipes:
Robots with Pentest Recipes: Democratizing Security Testing for DevOps Wins Abhay Bhargav - CTO, we45 Yours Truly Co-author of Secure Java For Web Application Development Author of PCI Compliance: A Definitive
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationWeb Applications & APIs
18 QUALYS SECURITY CONFERENCE 2018 Web Applications & APIs The Soft Belly of the Cloud Dave Ferguson Director, Product Management, WAS Remi Le Mer Director, Product Management, WAF Agenda Web Apps & APIs
More information1. APPLICATION SECURITY: KEY CHALLENGES
DATA SHEET PT APPLICATION FIREWALL DATA SHEET 1. APPLICATION SECURITY: KEY CHALLENGES Almost every modern enterprise uses hundreds of web, mobile or ERP applications to help run their operations. But as
More informationRoadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise
Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise Roadmap for the Modern Enterprise As your AWS environment grows, the importance of instilling governance and following best practice
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationFortify Software Security Content 2017 Update 4 December 15, 2017
Software Security Research Release Announcement Micro Focus Security Fortify Software Security Content 2017 Update 4 December 15, 2017 About Micro Focus Security Fortify SSR The Software Security Research
More informationWeaving Security into Every Application
Weaving Security into Every Application Paul Fox AVP Technology AT&T 2018 TM Forum 1 Cyber Security Accelerating Threat Telecom Breaches 300,000 Number of complaints filed with the FBI Internet Crime Complaint
More informationSuman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017
Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder
More informationPart 1: Anatomy of an Insider Threat Attack
Part 1: Anatomy of an Insider Threat Attack Shiri Margel Data Security Research Team Lead Imperva Carrie McDaniel Emerging Products Team Lead Imperva Shiri Margel Data Security Research Team Lead Masters
More informationYou ve Been Hacked: Why Web Application Security Programs Should Start with RASP
You ve Been Hacked: Why Web Application Security Programs Should Start with RASP Authored by for IMMUNIO /ebooks You ve Been Hacked: Why Web Application Security Programs Should Start with RASP Introduction
More informationThreat Landscape vs Threat Management. Thomas Ludvik Næss Country Manager
Threat Landscape vs Threat Management Thomas Ludvik Næss Country Manager Threat Landscape Past, Present and Future So it begins in the year of 1802 Joseph Marie Jacquard 3 Very first computer virus 1971
More informationtrend micro smart Protection suites
solution brochure trend micro smart rotection suites Connected, layered security for complete protection Get smarter security that goes where your users go Your users are increasingly accessing corporate
More information7 Ways to Scale Web Security
7 Ways to Scale Web Security Jeremiah Grossman Founder & Chief Technology Officer SANS AppSec Summit 04.30.2012 2012 WhiteHat Security, Inc. 1 Jeremiah Grossman Ø Founder & CTO of WhiteHat Security Ø 6-Continent
More informationThe Realities of Data Security and Compliance: Compliance Security
The Realities of Data Security and Compliance: Compliance Security Ulf Mattsson, CTO, Protegrity Ulf.mattsson @ protegrity.com Bio - A Passion for Sailing and International Travel 2 Ulf Mattsson 20 years
More informationNathan Desmet. Lead Engineer
Nathan Desmet Lead Engineer Degree in Applied Informatics - Computer and Cyber Crime Professional Co-founder of Sensei Security (which is merged with SCW) Leading the development of Sensei. Pieter De Cremer,
More informationIs Runtime Application Self Protection (RASP) too good to be true?
Is Runtime Application Self Protection (RASP) too good to be true? An introduction to the power of runtime protection: patch, secure, and upgrade your applications without source code changes or downtime
More information.NET JAVA C ASE. Certified. Certified. Application Security Engineer.
.NET C ASE Certified Application Security Engineer JAVA C ASE Certified Application Security Engineer Certified Application Security Engineer www.eccouncil.org EC-Council Course Description The Certified
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationBUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE:
BUYER S GUIDE APPLICATION SECURITY BUYER S GUIDE: 15 Questions to Ask Yourself and Your DAST Vendor > An Introduction to the AppSec Market Page 3 Dynamic Application Security Testing Requirements Page
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationCLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS
CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS Introduction The world of cybersecurity is changing. As all aspects of our lives become increasingly connected, businesses have made
More informationLAB3R12 A Successful Application Security Program Envision Build and Scale
LAB3R12 A Successful Application Security Program Envision Build and Scale Post Conference Summary Jyothi Charyulu Jaya Chilakamarri Table of Contents INTRODUCTION... 2 KEY TAKEAWAYS... 4 SUMMARY OF ACTIVITIES...
More informationTechnical Brochure F-SECURE THREAT SHIELD
Technical Brochure F-SECURE THREAT SHIELD F-SECURE THREATSHIELD F-Secure ThreatShield is a gateway-level security solution for protecting email and web traffic, with built-in network sandboxing technology.
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationA Practical Guide to Efficient Security Response
A Practical Guide to Efficient Security Response The Essential Checklist Start The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationBEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION
GUIDE BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION CONTINUOUS SECURITY With attackers getting more sophisticated every day, manual methods of locating and testing web-based apps
More informationApplication. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
More informationCensornet. CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH
Censornet CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH Censornet???? Former SMS passcode. One of the leading vendors in Multi factor authentifaction!
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationSaving Time and Costs with Virtual Patching and Legacy Application Modernizing
Case Study Virtual Patching/Legacy Applications May 2017 Saving Time and Costs with Virtual Patching and Legacy Application Modernizing Instant security and operations improvement without code changes
More informationTable of Content Security Trend
Table of Content Security Trend New Business, New Challenges Difficulties of O&M for Network Security New Security Model SANGFOR Security Concept NGAF Your Security Guard to the Future Cyber Risks: The
More information