Web Application Security is a priority for several organizations all over the world. Organizations hosting mission critical Web Applications look into Web Application Security is a key priority. One of the most important aspects of a strong Web Application Security program in an organization is the security testing of the web application.
Organizations primarily use Vulnerability Assessments and Penetration Tests (VAPT) as tests of security against the web application. VAPTs are widely recognized as effective security tests against an enterprise IT infrastructure. However, Web Application VAPT is radically different from Network or OS Level VAPT. Several organizations are unaware of the various intricacies of Web Application VAPTs, resulting in a situation where they accept poor quality tests from external vendors and internal security teams, lulling them into a false (and dangerous) sense of security.
This talk will provide a practical view of Web Application VAPTs and will explore the some of the key factors that organizational decision-makers should evaluate when evaluating Web Application VAPTs. I will discuss some of the metrics that organizations can use to analyze and interpret results of VAPTs and devise suitable remediation measures. I will also be exploring some of the benefits and limitations of a Web Application VAPT and how these factors are very different from a Network or OS level VAPT. This will be helpful to set expectations and have the ability to analyze the VAPT and its results from a better perspective.
I will also be briefly touching upon certain VAPT essentials for Internal Security teams and how they can add a great deal of value in an internal Web Application VAPT.
This talk is ideally meant for CIO/CTOs/CISOs, Information Security and Risk Professionals, Internal Penetration testers and any other professionals who would like to understand the subtleties of strong Web Application Security Testing for their organization.