Suche senden
Hochladen
Web Application Security: Connecting the Dots
•
1 gefällt mir
•
1,258 views
InnoTech
Folgen
Presented on May 3, 2012 for InnoTech Oregon. All rights reserved.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 34
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
GFI Software
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
Hybrid Technology
Hybrid Technology
GFI Software
Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know
Enterprise Management Associates
Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow
Enterprise Management Associates
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
Jeremiah Grossman
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
aakash malhotra
Empfohlen
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
GFI Software
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
Hybrid Technology
Hybrid Technology
GFI Software
Avoiding Data Breaches in 2016: What You Need to Know
Avoiding Data Breaches in 2016: What You Need to Know
Enterprise Management Associates
Avoiding Data Breaches in 2016: What You Need to Kow
Avoiding Data Breaches in 2016: What You Need to Kow
Enterprise Management Associates
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
11th Website Security Statistics -- Presentation Slides (Q1 2011)
11th Website Security Statistics -- Presentation Slides (Q1 2011)
Jeremiah Grossman
Cybersecurity through the Deloitte lens
Cybersecurity through the Deloitte lens
aakash malhotra
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
- Mark - Fullbright
Security Threats for SMBs
Security Threats for SMBs
GFI Software
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
whmillerjr
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
Niren Thanky
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
Andris Soroka
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Citrix Online
Comodo SOC service provider
Comodo SOC service provider
paulharry03
SecurityBSides London - Jedi mind tricks for building application security pr...
SecurityBSides London - Jedi mind tricks for building application security pr...
Security Ninja
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Skybox Security
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
Julian Samuels
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
Julian Samuels
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
InnoTech
The value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
GFI Software
College Presentation
College Presentation
scottfrost
Security Feature Cover Story
Security Feature Cover Story
Torrid Networks Private Limited
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
Why You Need A Web Application Firewall
Why You Need A Web Application Firewall
Port80 Software
Weitere ähnliche Inhalte
Was ist angesagt?
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
- Mark - Fullbright
Security Threats for SMBs
Security Threats for SMBs
GFI Software
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
whmillerjr
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
Niren Thanky
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
Andris Soroka
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Citrix Online
Comodo SOC service provider
Comodo SOC service provider
paulharry03
SecurityBSides London - Jedi mind tricks for building application security pr...
SecurityBSides London - Jedi mind tricks for building application security pr...
Security Ninja
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Skybox Security
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
Julian Samuels
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
Julian Samuels
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
Arun Chinnaraju MBA, PMP, CSM, CSPO, SA
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
InnoTech
The value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
GFI Software
College Presentation
College Presentation
scottfrost
Security Feature Cover Story
Security Feature Cover Story
Torrid Networks Private Limited
Was ist angesagt?
(20)
DATA PROTECTION & BREACH READINESS GUIDE 2014
DATA PROTECTION & BREACH READINESS GUIDE 2014
Security Threats for SMBs
Security Threats for SMBs
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Business Continuity And Disaster Recovery Are Top IT Priorities For 2010 And ...
Comodo SOC service provider
Comodo SOC service provider
SecurityBSides London - Jedi mind tricks for building application security pr...
SecurityBSides London - Jedi mind tricks for building application security pr...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
BCP Expo Presentation and company overview final ver. 1.0
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
Building Bridges: Security Metrics to Narrow the Chasm Between Perception and...
The value of our data
The value of our data
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
College Presentation
College Presentation
Security Feature Cover Story
Security Feature Cover Story
Andere mochten auch
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
Cenzic
Why You Need A Web Application Firewall
Why You Need A Web Application Firewall
Port80 Software
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Prathan Phongthiproek
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
Dmitry Evteev
IDS and IPS
IDS and IPS
Santosh Khadsare
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
Savvius, Inc
Andere mochten auch
(6)
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
Why You Need A Web Application Firewall
Why You Need A Web Application Firewall
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
IDS and IPS
IDS and IPS
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
Ähnlich wie Web Application Security: Connecting the Dots
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
Jeremiah Grossman
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Gabriel Dusil
Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...
SolarWinds
Presentation security build for v mware
Presentation security build for v mware
solarisyourep
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics Report
Jeremiah Grossman
Advanced Web Security Deployment
Advanced Web Security Deployment
Cisco Canada
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
Lumension
kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
Presentation gdl
Presentation gdl
Juan Carlos Carrillo
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
Rochester Security Event
Rochester Security Event
calebbarlow
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
TechSoup
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
Info sec for startups
Info sec for startups
Kesava Reddy
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
IBM Security
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
Check Point Consolidation
Check Point Consolidation
Group of company MUK
Ähnlich wie Web Application Security: Connecting the Dots
(20)
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...
Presentation security build for v mware
Presentation security build for v mware
WhiteHat Security 8th Website Security Statistics Report
WhiteHat Security 8th Website Security Statistics Report
Advanced Web Security Deployment
Advanced Web Security Deployment
Stopping the Adobe, Apple and Java Software Updater Insanity
Stopping the Adobe, Apple and Java Software Updater Insanity
kill-chain-presentation-v3
kill-chain-presentation-v3
Presentation gdl
Presentation gdl
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
Rochester Security Event
Rochester Security Event
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Info sec for startups
Info sec for startups
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Check Point Consolidation
Check Point Consolidation
Mehr von InnoTech
"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
InnoTech
Artificial Intelligence is Maturing
Artificial Intelligence is Maturing
InnoTech
What is AI without Data?
What is AI without Data?
InnoTech
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
InnoTech
The Gathering Storm
The Gathering Storm
InnoTech
Sql Server tips from the field
Sql Server tips from the field
InnoTech
Quantum Computing and its security implications
Quantum Computing and its security implications
InnoTech
Converged Infrastructure
Converged Infrastructure
InnoTech
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
InnoTech
Blockchain use cases and case studies
Blockchain use cases and case studies
InnoTech
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
InnoTech
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
InnoTech
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
InnoTech
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
InnoTech
User requirements is a fallacy
User requirements is a fallacy
InnoTech
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
InnoTech
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
InnoTech
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
InnoTech
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
InnoTech
Power apps presentation
Power apps presentation
InnoTech
Mehr von InnoTech
(20)
"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
Artificial Intelligence is Maturing
Artificial Intelligence is Maturing
What is AI without Data?
What is AI without Data?
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
The Gathering Storm
The Gathering Storm
Sql Server tips from the field
Sql Server tips from the field
Quantum Computing and its security implications
Quantum Computing and its security implications
Converged Infrastructure
Converged Infrastructure
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
Blockchain use cases and case studies
Blockchain use cases and case studies
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
User requirements is a fallacy
User requirements is a fallacy
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
Power apps presentation
Power apps presentation
Kürzlich hochgeladen
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Evaluating the top large language models.pdf
Evaluating the top large language models.pdf
ChristopherTHyatt
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Kürzlich hochgeladen
(20)
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Evaluating the top large language models.pdf
Evaluating the top large language models.pdf
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Web Application Security: Connecting the Dots
1.
Web Application Security: Connecting
the Dots Jeremiah Grossman Founder & Chief Technology Officer Innotech 2012 (Portland, Oregon) 05.20.2012 © 2012 WhiteHat Security, Inc. 1
2.
Jeremiah Grossman ØFounder &
CTO of WhiteHat Security Ø6-Continent Public Speaker ØTED Alumni ØAn InfoWorld Top 25 CTO ØCo-founder of the Web Application Security Consortium ØCo-author: Cross-Site Scripting Attacks ØFormer Yahoo! information security officer ØBrazilian Jiu-Jitsu Black Belt © 2012 WhiteHat Security, Inc. 2
3.
WhiteHat Security :
Company Overview ØHeadquartered in Santa Clara, CA ØWhiteHat Sentinel – SaaS end-to-end website risk management platform ØEmployees: 170+ ØCustomers: 500+ Cool Vendor The FutureNow List © 2012 WhiteHat Security, Inc.
4.
We shop, bank,
pay bills, file taxes, share photos, keep in touch with friends & family, watch movies, play games, and more. Cyber-war Cyber-crime Hacktivism PwC Survey: “Cybercrime is now the second biggest cause of economic crime experienced by the Financial Services sector.” © 2012 WhiteHat Security, Inc. 4
5.
8 out of
10 websites have serious* vulnerabilities Average annual amount of new serious* vulnerabilities introduced per website by year 1111 795 480 230 79 2007 2008 2009 2010 2011 * Serious Vulnerability: A security weakness that if exploited may lead to breach or data loss of a system, its data, or users. (PCI-‐DSS severity HIGH, CRITICAL, or URGENT) Vulnerabili*es are counted by unique Web applica*on and vulnerability class. If three of the five parameters of a single Web applica*on (/foo/webapp.cgi) are vulnerable to SQL Injec*on, this is counted as 3 individual vulnerabili*es (e.g. aGack vectors). © 2012 WhiteHat Security, Inc. 5
6.
Website Hacked
© 2012 WhiteHat Security, Inc. 6
7.
Verizon Data Breach
Investigations Report: 2010 DBIR: “The majority of breaches and almost all of the data stolen in 2009 (95%) were perpetrated by remote organized criminal groups hacking "servers and applications." 2011 DBIR: “The number of Web application breaches increased last year and made up nearly 40% of the overall attacks.“ “Web applications abound in many larger companies, and remain a popular (54% of breaches) and successful (39% of records) attack vector.” © 2012 WhiteHat Security, Inc. 7
8.
855 incidents, 174
million compromised records © 2012 WhiteHat Security, Inc. 8
9.
© 2012 WhiteHat
Security, Inc. 9
10.
Attacker Profiles Random
Opportunistic • Fully automated scripts • Unauthenticated scans • Targets chosen indiscriminately Directed Opportunistic • Commercial and Open Source Tools • Authentication scans • Multi-step processes (forms) Fully Targeted • Customize their own tools • Focused on business logic • Clever and profit driven ($$$) © 2012 WhiteHat Security, Inc. 10
11.
WhiteHat Sentinel –
Assessment Platform • SaaS (Annual Subscription) - Unlimited Assessments / Users • Unique Methodology - Proprietary scanning technology - Expert website security analysis (TRC) - Satisfies PCI 6.6 requirements • Vulnerability Verification and prioritization – virtually eliminating false positives • XML API links other security solutions • Easy to get started – - Need URL and Credentials - No Management of Hardware or Software - No Additional Training
12.
WhiteHat Sentinel
500+ enterprises from start-ups to fortune 500 1,000,000 vulnerabilities processed per day 6 Terabytes data stored per day 7,000+ websites receiving ~weekly assessments 940,000,000 http(s) requests per month © 2012 WhiteHat Security, Inc. 12
13.
© 2012 WhiteHat
Security, Inc. 13
14.
WhiteHat Security Top
Ten (2011) Percentage likelihood of a website having at least one vulnerability sorted by class © 2012 WhiteHat Security, Inc. 14
15.
Top Seven by
Industry (2011) Percentage likelihood of a website having at least one vulnerability sorted by class © 2012 WhiteHat Security, Inc. 15
16.
Top Seven by
Industry (2011) Percentage likelihood of a website having at least one vulnerability sorted by class © 2012 WhiteHat Security, Inc. 16
17.
Window of Exposure
(2011) Number of days [in a year] a website is exposed to at least one serious* reported vulnerability. © 2012 WhiteHat Security, Inc. 17
18.
© 2012 WhiteHat
Security, Inc. 18
19.
Time-to-Fix in Days Cumulative
Website Percentage Average Time-to-Fix (Days) © 2012 WhiteHat Security, Inc. 19
20.
Remediation Rates by
Industry (Trend) A steady improvement in the percentage of reported vulnerabilities that have been resolved during each of the last three years, which now resides at 53%. Progress! © 2012 WhiteHat Security, Inc. 20
21.
Publish Scorecards Internally
& Regularly -- For All To See Avg. High Severity RemediaAon Window of Exposure Group Time-‐to-‐Fix VulnerabiliAes Rate (Days) (Days) 2012 Corporate Goal 20 30 75% 100 Industry Average 55 32 63% 223 Business Unit 1 17 45 74% 195 Business Unit 2 53 30 46% 161 Business Unit 3 67 66 63% 237 Business Unit 4 48 35 69% 232 © 2012 WhiteHat Security, Inc. 21
22.
Overall Vulnerability Population
(2011) Percentage breakdown of all the serious* vulnerabilities discovered Web Application Firewalls are best at mitigating vulnerabilities such as Cross-Site Scripting, Content Spoofing, SQL Injection, Response Splitting, etc. By summing all these percentages up we might safely say: A WAF could feasible help mitigate the risk of at least 71% of all custom Web application vulnerabilities. © 2012 WhiteHat Security, Inc. 22
23.
Why do vulnerabilities
go unfixed? • No one at the organization understands or is responsible for maintaining the code. • Development group does not understand or respect the vulnerability. • Lack of budget to fix the issues. • Affected code is owned by an unresponsive third-party vendor. • Website will be decommissioned or replaced “soon.” • Risk of exploitation is accepted. • Solution conflicts with business use case. • Compliance does not require fixing the issue. • Feature enhancements are prioritized ahead of security fixes. © 2012 WhiteHat Security, Inc. 23
24.
Testing Speed &
Frequency Matters © 2012 WhiteHat Security, Inc. 24
25.
Why Do Breaches (and
vulnerabilities) Continue to Happen? © 2012 WhiteHat Security, Inc. 25
26.
Typical IT Budget
Allocation Applications Host Network Software, development, Servers, desktops, laptops, Routers, switches, network CRM, ERP, etc. etc. admins, etc. © 2012 WhiteHat Security, Inc. 26
27.
Typical IT Security
Budget Applications Host Network Vulnerability management, Firewalls, Network IDS, SSL, Software architecture, system config,patching, monitoring, etc. trainings,testing, etc. etc. © 2012 WhiteHat Security, Inc. 27
28.
Budget Prioritization The biggest
line item in [non-security] spending SHOULD match the biggest line item in security. IT IT Security 1 3 Applications 2 2 Host 3 1 Network © 2012 WhiteHat Security, Inc. 28
29.
Survey [2010] of
IT pros and C-level executives from 450 Fortune 1000 companies (FishNet Security)... “Nearly 70% [of those surveyed] say mobile computing is the biggest threat to security today, closely followed by social networks (68%), and cloud computing platforms (35%). Around 65% rank mobile computing the top threat in the next two years, and 62% say cloud computing will be the biggest threat, bumping social networks." The report goes on to say... “45% say firewalls are their priority security purchase, followed by antivirus (39%), and authentication (31%) and anti-malware tools (31%)." http://www.darkreading.com/security-services/167801101/security/perimeter-security/227300116/index.html © 2012 WhiteHat Security, Inc. 29
30.
Big Picture “Market-sizing estimates
for network security range anywhere from $5-8bn, whereas our calculation for the aggregate application security market is about $444m. Despite the spending boost on application security mandated by the Payment Card Industry Data Security Standards (PCI-DSS), it’s still not commensurate with the demonstrated level of risk.” The Application Security Spectrum (The 451 Group) “...we expect this revenue will grow at a CAGR of 23% to reach $1bn by 2014.” © 2012 WhiteHat Security, Inc. 30
31.
How to develop secure-(enough)
software? © 2012 WhiteHat Security, Inc. 31
32.
Little-to-No Supporting Data.
© 2012 WhiteHat Security, Inc. 32
33.
Connect the Dots...
(SDL) Production Attack Security Breaches Vulnerabilities Traffic Controls BSIMM WhiteHat Security Akamai Verizon DBIR IBM Trustwave Then we’ll start getting some real answers about how to product secure-enough. © 2012 WhiteHat Security, Inc. 33
34.
Thank You! Blog: http://blog.whitehatsec.com/ Twitter:
http://twitter.com/jeremiahg Email: jeremiah@whitehatsec.com © 2012 WhiteHat Security, Inc. 34
Jetzt herunterladen