Web Applications Part 1 The Weak Link in Information Security Your Last Line of Defense
|
|
- Hector Griffin
- 5 years ago
- Views:
Transcription
1 Web Applications Part 1 The Weak Link in Information Security Your Last Line of Defense Anthony Lim MBA FCITIL CISSP CSSLP Director, Security Rational Software - Asia Pacific 1 Hong Kong 17 Nov 2009
2 Welcome to THE SMARTER PLANET * Web 2.0 Billions of mobile devices accessing the Web Globalization and Globally Available Resources SOA CLOUD Access to streams of information in the Real Time New Possibilities.. 2
3 SMARTER PLANET. means SOFTWARE IS EVERYWHERE NOT JUST COMPUTERS -millions of lines of code everywhere - Mobile smart phones, home appliances, motor vehicles, planes - National infrastucture (eg utilities grid, traffic controls) HIGH AND INCREASING DEPENDENCY ON WEB APPS - For work: Intranet, Extranet, Corporate Services, Accounting, Data - Communications: , Instant Messaging, Blog, Web pages data transfer LinkedIn - Transactions : e-banking, e-trading, SCM, CRM, logistics scheduling, - Research and Education - Recreation : Facebook, Youtube, Second Life etc New Possibilities, New Complexities NEW RISKS! 3
4 The Myth: Our Site Is Safe We Have Firewalls and IPS in Place Port 80 & 443 are open for the right reasons We Audit It Once a Quarter with Pen Testers Applications are constantly changing We Use Network Vulnerability Scanners Neglect the security of the software on the network/web server We Use SSL Encryption Only protects data between site and user not the web application itself 4
5 SOMETHING Governance & Risk Management IS STILL OUT THERE 5
6 6
7 WORST CREDIT CARD IDENTITY THEFT CASE - DONE BY SQL INJECTION : A WEB APP ATTACK! STRAITS TIMES SINGAPORE 19AUG09 7
8 2008 Web Threats Take Center Stage Web application vulnerabilities Represent largest category in vuln disclosures (55% in 2008) 74% of Web application vulnerabilities disclosed in 2008 have no patch to fix them Even ISS X-Force, which normally reports on network security, start talking about app security now 8 8
9 Hackers love such error pages 9
10 10 Parameters encourage one to try
11 11 Why does you debug tool appear
12 This info is for the developer not the hacker 12
13 A file list on html? 13
14 Real Example: Online Travel Reservation Portal Governance & Risk Management Change the reserid to
15 Real Example : Governance & Risk Management Parameter Tampering Reading another user s transaction insufficient authorization Another customer s transaction slip is revealed, including the address 15
16 Parameter Tampering Reading another user s invoice Governance & Risk Management The same customer invoice that reveals the address and contact number 16
17 Now there s Web Man-in-the Middle Attacks First presented at OWASP AP Conference Mar 09 Brisbane 17
18 Malware on Web Applications Malware can be delivered in many ways: , IM, network vulnerabilities Today, Malware is primarily delivered via Web Applications: Aims to infect those browsing the site Installed via Client-Side (e.g. Browser) Vulnerabilities & Social Engineering Malicious content can be downloaded: From the web application itself Through frames & images leading to other websites Through links leading to malicious destinations Legitimate Sites Hijacked to distribute Malware! McAfee, Asus, US Govt Staff Travel Site, Wordpress.org, SuperBowl, <script src=file.js> IFrame (ads.com) Image (host.com)
19 DON T TRY THIS AT HOME! Governance & Risk Management 19
20 Top 10 OWASP Critical Web Application Security Issues 09 1 Unvalidated Input 2 Broken Access Control 3 Broken Authentication and Session Management 4 Cross Site Scripting Flaws 5 Buffer Overflows 6 Injection Flaws 7 Improper Error Handling 8 Insecure Storage 9 Denial of Service 10 Insecure Configuration Management 20
21 WHY ARE SOFTWARE APPLICATIONS FLAWED? Today I m being asked to: Deliver product faster (a lot faster!) Increase product innovation Improve quality Reduce cost Deliver a secure product (?) Cheap Fast Good - Choose 2 21
22 WHY DO APPLICATION SECURITY PROBLEMS EXIST? IT security solutions and professionals are normally from the network /infrastructure /sysadmin side They usually have little or no experience in application development And developers typically don t know or don t care about security or networking Most companies today still do not have an application security QA policy or resource IT security staff are focused on other things and are swarmed App Sec is their job but they don t understand it and don t want to deal with it Developers think its not their job or problem to have security in coding People who outsource expect the 3 rd party to security-qa for them It is cultural currently to not associate security with coding Buffer Overflow has been around for 25 years! Input Validation is still often overlooked. Back then coding was done by engineers Then came Y2K 22
23 SECURITY TESTING IS PART OF SDLC QUALITY TESTING Collaborative Application Lifecycle Management SDLC Quality Assurance Quality Dashboard Requirements Management Test Management and Execution Defect Management Create Plan Build Tests Manage Test Lab Report Results Open Platform Best Practice Processes Functional Testing SAP Java Performance Testing TEAM SERVER Open Lifecycle Service Integrations Web Service Quality Code Quality System z, i.net Security and Compliance homegrown 23
24 Building security & compliance into the SDLC further back SDLC Coding Build QA Security Production Developers Enable Security to effectively drive remediation into development Developers Developers Provides Developers and Testers with expertise on detection and remediation ability Ensure vulnerabilities are addressed before applications are put into production 24
25 You need a professional solution to Governance & Risk Management Identify Vulnerabilities 25
26 With Rich Report Options 44 Regulatory Compliance Standards, for Executive, Security, Developers. 26
27 And Most Important : Actionable Fix Recommendations Governance & Risk Management 27
28 AppScan Enterprise Dashboards and Metrics 28 28
29 29
30 AppScan - CQTM & RQM Integration 30
31 Software Security Testing Technologies Primer Static Code Analysis = Whitebox - Looking at the code for security issues (code-level scanning) Code integrity Total Potential Security Issues Dynamic Analysis = Blackbox - Sending tests to a functioning application Static Analysis Complete Coverage Dynamic Analysis Relationship with: -Other apps, o/s -Middleware, infra 31
32 SOFTWARE APPLICATION SECURITY two Areas BLACK BOX (Dynamic APP Analysis) WHITE BOX (State CODE Analysis) - don t need to worry about code - good for developers (good for security folks who are who are not into security not into code) - good for interim audit - Test for relationship between App and - test for more than just * other apps (eg SOA, Web 2.0) HTML/HTTP code * network / OS / infra * middleware - Like IPS : tests for unknown - Like Firewall: checks for known 32
33 Rational End-to-End Application Security at the Source REQUIREMENTS CODE BUILD QA SECURITY PRODUCTION Req ts Definition (security templates) AppScan Developer AppScan Build (desktop) (scanning agent) W H I T E B O X AppScan Tester (scan agent & clients) AppScan Enterprise / Reporting Console (enterprise-wide scanning and reporting) AppScan Standard (desktop) B L A C K B O X AppScan OnDemand (SaaS) Security requirements defined before design & implementation Build security testing into the IDE* Automate Security / Compliance testing in the Build Process Security / compliance testing incorporated into testing & remediation workflows Security & Compliance Testing, oversight, control, policy, audits Outsourced testing for security audits & production site monitoring Application Security Best Practices Address security from the start Security audit solutions for IT Security Security for the development lifecycle 3333
34 Conclusion: Application QA for Security The Application Must Defend Itself You cannot depend on firewall or infrastructure security to do so Bridging the GAP between Software development and Information Security QA Testing for Security must now be integrated and strategic We need to move security QA testing back to earlier in the SDLC at production or pre-production stage is late and expensive to fix Developers need to learn to write code defensively and securely 34 Lower Compliance & Security Costs by: Ensuring Security Quality in the Application up front Not having to do a lot of rework after production
35 WEB APPLICATIONS PART 1: THE WEAK LINK IN INFORMATION SECURITY T h a n k Y o u Anthony LIM MBA CISSP CSSLP FCITIL Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others
CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance
IBM Innovate 2010 CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance Anthony Lim MBA CISSP CSSLP FCITIL Director, Asia Pacific, Software Security Solutions IBM,
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationThe Challenge of Managing WebSphere Farm Configuration. Rational Automation Framework for WebSphere
IBM Software Group The Challenge of Managing WebSphere Farm Configuration Rational Automation Framework for WebSphere Terence Chow Technical Specialist IBM Rational Hong Kong 2007 IBM Corporation Example:
More informationValue of managing and running automated functional tests with Rational Quality Manager
Value of managing and running automated functional tests with Rational Quality Manager Shinoj Zacharias (Shinoj.zacharias@in.ibm.com) Senior Software Engineer, Technical Lead IBM Software Fariz Saracevic
More informationIBM Rational Software
IBM Rational Software Development Conference 2008 Our Vision for Application Security David Ng Rational Software Security, Asean IBM Software Group 2008 IBM Corporation Agenda Application Security Defined
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationWEB APPLICATION Q.A. - Ensuring Secure & Compliant Web Services - YOUR LAST LINE OF DEFENSE
WEB APPLICATION Q.A. - Ensuring Secure & Compliant Web Services - YOUR LAST LINE OF DEFENSE Anthony Lim MBA CISSP FCITIL Director Asia Pacific, Watchfire IBM Rational, Singapore www.watchfire.com 2007
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationWeb Applications (Part 2) The Hackers New Target
Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application
More information20 years of Lotus Notes and a look into the next 20 years Lotusphere Comes To You
20 years of Lotus Notes and a look into the next 20 years Lotusphere Comes To You Kevin Cavanaugh, Vice President, Messaging and Collaboration Lotus Software and WebSphere Portal email@us.ibm.com Organizations
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationIBM Next Generation Intrusion Prevention System
IBM Next Generation Intrusion Prevention System Fadly Yahaya SWAT Optimizing the World s Infrastructure Oct 2012 Moscow 2012 IBM Corporation Please note: IBM s statements regarding its plans, directions,
More informationHacker Attacks on the Horizon: Web 2.0 Attack Vectors
IBM Software Group Hacker Attacks on the Horizon: Web 2.0 Attack Vectors Danny Allan Director, Security Research dallan@us.ibm.com 2/21/2008 Agenda HISTORY Web Eras & Trends SECURITY Web 2.0 Attack Vectors
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationIntegrate IBM Rational Application Developer and IBM Security AppScan Source Edition
Integrate IBM Rational Application Developer and IBM Security AppScan Source Edition Security testing for the Rational Application Developer application G Kiran Kumar Singh & Arnab Roy July 19, 2012 Page
More informationHacking 102 Integrating Web Application Security Testing into Development
Hacking 102 Integrating Web Application Security Testing into Development Greg Pedley - gpedley@au1.ibm.com Brett Wallace - bretwal@au1.ibm.com Denice Wong deniwong@au1.ibm.com An IBM Proof of Technology
More informationLab DSE Designing User Experience Concepts in Multi-Stream Configuration Management
Lab DSE-5063 Designing User Experience Concepts in Multi-Stream Configuration Management February 2015 Please Note IBM s statements regarding its plans, directions, and intent are subject to change or
More informationName Aaron Clark. Title: Security Shifts to the Application
Name Aaron Clark Title: Security Shifts to the Application You re late to the party Some found that out the hard way Night Dragon Sony LizaMoon HBGary Federal Others were told they had to go PCI Disa STIG
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationImproving Security in the Application Development Life-cycle
Improving Security in the Application Development Life-cycle Migchiel de Jong Software Security Engineer mdejong@fortifysoftware.com March 9, 2006 General contact: Jurgen Teulings, 06-30072736 jteulings@fortifysoftware.com
More informationIBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation
IBM Security Endpoint Manager- BigFix Daniel Joksch Security Sales Establish security as an immune system Malware protection Incident and threat management Identity management Device management Data monitoring
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationIBM Security Systems IBM X-Force 2012 Annual Trend and Risk Report
IBM Security Systems IBM X-Force 2012 Annual Trend and Risk Report Leslie Horacek X-Force Threat Response Manager horacek@be.ibm.com April 2013 1 X-Force is the foundation for advanced security and threat
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationIBM Security Network Protection Open Mic - Thursday, 31 March 2016
IBM Security Network Protection Open Mic - Thursday, 31 March 2016 Application Control and IP Reputation on the XGS Demystified Panelists Tanmay Shah, Presenter IPS/Network Protection Product Lead Bill
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationMSS VSOC Portal Single Sign-On Using IBM id IBM Corporation
MSS VSOC Portal Single Sign-On Using IBM id Changes to VSOC Portal Sign In Page Users can continue to use the existing Client Sign In on the left and enter their existing Portal username and password.
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationIBM Threat Protection System: XGS - QRadar Integration
IBM Security Network Protection Support Open Mic - Wednesday, 25 May 2016 IBM Threat Protection System: XGS - QRadar Integration Panelists Tanmay Shah - Presenter Level 2 Support Product Lead Danitza Villaran-Rokovich,
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationIBM Rational Software
IBM Rational Software Development Conference 2008 Benefits realized in using Rational Functional Tester and Performance Tester Presenters Name Sumika Mukerji & Sharath TS sumika.mukerji@accenture.com sharath.t.s@accenture.com
More informationBenchmarking z/os Development Tasks - Comparing Programmer Productivity using RDz and ISPF
IBM Software Group Benchmarking z/os Development Tasks - Comparing Programmer Productivity using RDz and ISPF Jon Sayles RDz Technical Enablement jsayles@us.ibm.com 2010 IBM Corporation Agenda and Disclaimer
More informationInnovate 2013 Automated Mobile Testing
Innovate 2013 Automated Mobile Testing Marc van Lint IBM Netherlands 2013 IBM Corporation Please note the following IBM s statements regarding its plans, directions, and intent are subject to change or
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationWayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk
Wayward Wi-Fi How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk 288 MILLION There are more than 288 million unique Wi-Fi networks worldwide. Source: Wireless Geographic Logging
More informationNew World, New IT, New Security
SESSION ID: GPS1-R08 New World, New IT, New Security Jackie Chen Chief Product & Marketing Officer Sangfor Technologies (HQ) #RSAC New World, New IT, New Security Internet of Things BYOD Cloud Estimated
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationAngelo Gentili Head of Business Development, EMEA Region, PartnerNET
Angelo Gentili Head of Business Development, EMEA Region, PartnerNET The Innovation Solution in the Business Security Field. PartnerNet introduces Seqrite Welcome To Dynamic. Scalable. Future-Ready. Why
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationISAM Advanced Access Control
ISAM Advanced Access Control CONFIGURING TIME-BASED ONE TIME PASSWORD Nicholas J. Hasten ISAM L2 Support Tuesday, November 1, 2016 One Time Password OTP is a password that is valid for only one login session
More information5 IT security hot topics How safe are you?
5 IT security hot topics How safe are you? Why this whitepaper? We meet many people in IT, of various levels of experience and fields of work. This whitepaper is written for everybody who wants to read
More informationINNOV-09 How to Keep Hackers Out of your Web Application
INNOV-09 How to Keep Hackers Out of your Web Application Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com What is a Web Application? Any access to your data via the Internet
More informationUnit Level Secure by Design Approach
Unit Level Secure by Design Approach Abstract Authors: Vasantharaju MS & Joshua Cajetan Rebelo Vasantharaju_MS@McAfee.com Joshua.Rebelo@Siemens.com With cyber-attacks on the rise and high-profile breaches
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationDesign your network to aid forensics investigation
18th Annual FIRST Conference Design your network to aid forensics investigation Robert B. Sisk, PhD, CISSP Senior Technical Staff Member IBM Baltimore, Maryland USA Master Outline Introduction Incident
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationEthical Hacker Foundation and Security Analysts Course Semester 2
Brochure Software Education Ethical Hacker Foundation and Security Analysts Course Semester 2 The Security Management Course is a graduate-level foundation course in the Information Security space. Brochure
More informationA Guide to Closing All Potential VDI Security Gaps
Brought to you by A Guide to Closing All Potential VDI Security Gaps IT and security leaders are embracing virtual desktop infrastructure (VDI) as a way to improve security for an increasingly diverse
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationWebSphere Commerce Developer Professional
Software Product Compatibility Reports Product WebSphere Commerce Developer Professional 8.0.1+ Contents Included in this report Operating systems Glossary Disclaimers Report data as of 2018-03-15 02:04:22
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationPresentation Overview
Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With Vulnerable Applications Understanding the Software Attack Surface Mean Time to Fix (MTTF) Explained Application
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationIBM MaaS360 Kiosk Mode Settings
IBM MaaS360 Kiosk Mode Settings Configuration Settings for Kiosk Mode Operation IBM Security September 2017 Android Kiosk Mode IBM MaaS360 provides a range of Android device management including Samsung
More informationIBM Future of Work Forum
IBM Cognitive IBM Future of Work Forum The Engaged Enterprise Comes Alive Improving Organizational Collaboration and Efficiency While Enhancing Security on Mobile and Cloud Apps Chris Hockings IBM Master
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationSECURITY TRAINING SECURITY TRAINING
SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationWhat s New in the IBM Lotus Notes Client. Kevin O Connell, Consulting Manager, IBM Asia Pacific
Technical Track What s New in the IBM Lotus Notes Client Kevin O Connell, Consulting Manager, IBM Asia Pacific ID101 What's New in the IBM Lotus Notes Client Kevin O'Connell Asia Pacific Consulting Manager
More information200 IT Security Job Interview Questions The Questions IT Leaders Ask
200 IT Security Job Interview Questions The Questions IT Leaders Ask IT security professionals with the right skills are in high demand. In 2015, the unemployment rate for information security managers
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationContinuously Discover and Eliminate Security Risk in Production Apps
White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationWe b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)
We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationWeb 2.0, Consumerization, and Application Security
Web 2.0, Consumerization, and Application Security Chenxi Wang, Ph.D. Principal Analyst Forrester Research OWASP, New York City September 25, 2008 Today s enterprises face multitude of challenges Business-driven
More informationUnderstanding scan coverage in AppScan Standard
IBM Security AppScan Standard Open Mic Webcast January 27, 2015 Understanding scan coverage in AppScan Standard Panelists Shahar Sperling Software Architect at Application Security AppScan Tal Rabinovitch
More informationEnterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE
Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of
More informationCICS Product Update. Danny Mace Director, CICS Products IBM Software. August 2012 Session Number 11417
CICS Product Update Danny Mace Director, CICS Products IBM Software August 2012 Session Number 11417 IBM Presentation Template Full Version Agenda Solved: A brief history of CICS A reflection on some revolutionary
More informationBEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION
GUIDE BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION CONTINUOUS SECURITY With attackers getting more sophisticated every day, manual methods of locating and testing web-based apps
More informationSecurity Support Open Mic Build Your Own POC Setup
IBM Security Access Manager 08/25/2015 Security Support Open Mic Build Your Own POC Setup Panelists Reagan Knowles Level II Engineer Nick Lloyd Level II Support Engineer Kathy Hansen Level II Support Manager
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationGetting Started with Rational Team Concert
Getting Started with Rational Team Concert or RTC in 16 Steps Kai-Uwe Maetzel IBM Rational Software kai-uwe_maetzel@us.ibm.com SDP 20 2009 IBM Corporation This Presentation is Good for You if You know
More informationSecure Access & SWIFT Customer Security Controls Framework
Secure Access & SWIFT Customer Security Controls Framework SWIFT Financial Messaging Services SWIFT is the world s leading provider of secure financial messaging services. Their services are used and trusted
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationSecurity Update PCI Compliance
Security Update PCI Compliance (Payment Card Industry) Jeff Uehling IBM i Security Development uehling@us.ibm.com 2012 IBM Corporation PCI Requirements An Information only Presentation NOTE: These Slides
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationOptimize Your Heterogeneous SOA Infrastructure
Optimize Your Heterogeneous SOA Infrastructure SHARE Boston 2010 Walter Falk IBM, Executive Director Cloud Business Development wfalk@us.ibm.com The world is getting smarter more instrumented, interconnected,
More informationIntegrigy Consulting Overview
Integrigy Consulting Overview Database and Application Security Assessment, Compliance, and Design Services March 2016 mission critical applications mission critical security About Integrigy ERP Applications
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationHello, and welcome to a searchsecurity.com. podcast: How Security is Well Suited for Agile Development.
[ MUSIC ] Hello, and welcome to a searchsecurity.com podcast: How Security is Well Suited for Agile Development. My name is Kyle Leroy, and I'll be moderating this podcast. I'd like to start by introducing
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationMay the (IBM) X-Force Be With You
Ann Arbor, Michigan July 23-25 May the (IBM) X-Force Be With You A QUICK PEEK INTO ONE OF THE MOST RENOWNED SECURITY TEAMS IN THE WORLD Marlon Machado Worldwide Standardization Leader, Application Security
More information