Web Application Security: Intelligent Choices
BrightTALK is delighted to be powering this online event hosted by ISACA. Join us to hear the live presentations and submit real-time questions to the speakers. All presentations are being recorded so you can download the on-demand archive as well (check out the recorded events tab). This conference series will now be run using Flash. Please make sure you have the latest version of Flash installed. Make sure you click the 'confirm attendance' button once you have registered or logged in on the ISACA e-Symposium site.
Visit sponsor booth
Gone are the days when installing the latest security patches and avoiding questionable web sites meant a safe web browsing experience. Today, attacks regularly require no client side vulnerabilities whatsoever and leverage reputable web properties to attack unsuspecting visitors. Modern attacks combine social engineering with intended browser functionality to develop frighteningly effective attacks. This presentation will study a variety of recent attacks that succeeded against fully patched browsers. We will also discuss what can be expected from attackers going forward and what enterprises should be doing to protect against such attacks.
While there is a plethora of different tools and techniques to secure web applications, all too often we focus on the minutia without looking at the big picture. In this session we'll show how to put the pieces together and build a web application security program. We'll review the major phases and where all the specific technologies and services fit in. You will learn why web applications are different from traditional applications, what are the three phases of web application security and when and how to use technologies and services from secure development and source code scanners, to vulnerability assessment and Web Application Firewalls.
Creating a secure web application presents many challenges. Some vulnerabilities, like SQL injection, can expose the web site's data. Other vulnerabilities, like cross-site scripting and cross-site request forgery, can be used to target visitors of the web site. In all cases, a clear understanding of how the vulnerabilities occur is necessary to develop secure code. This presentation describes some of the most common web application vulnerabilities, how they are commonly exploited, and some of the security tools and techniques available to developers and site owners. Whether a web application has been established for years or is currently in development, security threats continually evolve. It's important to know the current threats to web sites and just as important to know where tools can help the development process.
In today's enterprise, Web Application Security has come front and center for security managers as well as the business. However, many well-funded, well-backed programs fail, because they miss the fundamental rule of problem solving -- understand the problem. The secret to success is simple -- understand your business context and build a program around that. How can you develop an actionable, business risk-driven program? Understanding your role is key, followed by successful identification of a cornerstone upon which to base the program. This presentation will teach you how to evaluate data value, application visibility and business exposure one step at-a-time and assign real, measurable risk. Participants will be given a strong foundation to succeed, so they don't end up solving problems the business doesn't have.
This e-Symposium qualifies for 3 CPE points. To obtain CPE credit, members must download and listen to all event presentations and successfully complete a CPE quiz. To access the quiz, click the CPE button at the top of this page or click the Play button below.
