Application Security

As more applications have moved to the cloud, the industry has seen a proliferation of application security issues. In 2012, several cloud service providers were breached as a direct result of application security vulnerabilities. Before you choose a cloud service provider, make sure that it answers the series of security questions created by the Cloud Security Alliance (CSA). CSA has created a checklist of industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings – creating more transparency for enterprises. The speakers will walk attendees through this blueprint, helping them to become more adept at identifying service provider security readiness. They'll also discuss some of the most common application vulnerabilities, including unencrypted passwords, SQL Injection, and those that impact poorly architected mobile apps.

Mobile devices are a hot trend amongst security topics this year. While most cover the angle of the device management, only few go into testing the applications. Since the mobile application vulnerability landscape is still young, there is a need to classify these vulnerabilities so that development teams can focus and root them out of their codebases. Join us as we explore the OWASP Mobile Top 10 classification system and metrics from a large case study of a real enterprise facing the deployment and assessment of a large number of mobile applications. Developers, Managers, and team leads will leave with resources and guidelines to start mobile security both at the process level and code level, including how to handle external mobile development teams they might contract. Get ahead of upcoming PCI compliance by addressing your mobile software early!

Join us to explore the mobile application threat landscape and identify ways to prepare for reverse engineering and tampering attacks.

The mobile App Economy is growing explosively as businesses are seeking to embrace innovation to provide new products and services to consumers, partners, and employees. However, malicious hackers and criminal organizations are now targeting these applications with a growing number of sophisticated attacks. Security of mobile apps, rather than devices, has become the new focal point as well as a top level concern for all stakeholders.

In this webinar, mobile security experts, James Lynn, Practice Principal of HP Fortify and Vince Arneja, VP of Product Management of Arxan Technologies will explore the mobile application threat landscape to identify a wide range of threats from vulnerability based attacks to reverse engineering and tampering attacks. The presenters will also address how to achieve comprehensive mobile application security within the SDLC to manage risk and exposure for B2C, B2E and B2B applications and protect today’s App Economy from theft, fraud, malware invasion, and tampering. You will gain insights how to develop and launch vulnerability-free, self-defending, and tamper-proofed applications that can withstand the new attacks.

HP Fortify is the leader in Software Security Assurance with solutions that contain, remove, and prevent software vulnerabilities. Arxan Technologies is the leader in protecting the App Economy with application protection solutions that are deployed on over one hundred million devices by Fortune 500 and global financial services.

In the wake of Wikileaks breaches in recent years, resulting from insider threat breaches, organizations began looking not only at perimeter defense but also at solutions that serve as a “Single Pane of Glass” in order to monitor and thwart insider threat and data loss activities. Specifically, organizations want to incorporate disparate applications, processes and mobile devices into the Single Pane of Glass view. In this webinar, you will learn how HP Enterprise Security solved these types of customer challenges to ensure that their “Wiki doesn’t leak.”

Speaker: Ray Patterson, Vice President of Global Services, HP Enterprise Security Products

About Ray Patterson
Ray is a veteran information security executive, having held leadership roles at VeriSign, Oracle, ArcSight, and currently at HP Enterprise Security Products (ESP). In his present role, Ray leads the Global Government Services business where his organization solves critical cyber security challenges for customers through the ESP portfolio of security solutions such as ArcSight, Fortify and Tipping Point. He also frequently presents and speaks on emerging cyber security issues impacting business and government. Ray is a retired Lieutenant Colonel, U.S Army, and is a graduate of George Washington University (MBA), George Mason University (BS), Virginia Tech (BA), and is a Certified Public Accountant.

Social networking for most of us is becoming wrapped into our DNA. This is especially important for the next generation workforce. Additionally, the employees today and those of tomorrow will expect the capability to blog and social network with corporate assets and corporate bandwidth. Additionally, these technologies are being widely used for corporate marketing and communication. That is why it's important to look at all aspects of securing your infrastructure and more importantly, the people that drive your organization today. This involves educating people, corporate process and the right security technologies. The following session will cover the benefits and the security risks inherit with social networking across all business verticals. Additionally, the author will provide a use case analysis of information that is gathered via web beacons that harvest information unknowing to the user.

Join us to explore the mobile application threat landscape and identify ways to prepare for reverse engineering and tampering attacks.

The mobile App Economy is growing explosively as businesses are seeking to embrace innovation to provide new products and services to consumers, partners, and employees. However, malicious hackers and criminal organizations are now targeting these applications with a growing number of sophisticated attacks. Security of mobile apps, rather than devices, has become the new focal point as well as a top level concern for all stakeholders.

In this webinar, mobile security experts, Jason Schmitt, Director of Product Management of HP Fortify and Vince Arneja, VP of Product Management of Arxan Technologies will explore the mobile application threat landscape to identify a wide range of threats from vulnerability based attacks to reverse engineering and tampering attacks. The presenters will also address how to achieve comprehensive mobile application security within the SDLC to manage risk and exposure for B2C, B2E and B2B applications and protect today’s App Economy from theft, fraud, malware invasion, and tampering. You will gain insights how to develop and launch vulnerability-free, self-defending, and tamper-proofed applications that can withstand the new attacks.

HP Fortify is the leader in Software Security Assurance with solutions that contain, remove, and prevent software vulnerabilities. Arxan Technologies is the leader in protecting the App Economy with application protection solutions that are deployed on over one hundred million devices by Fortune 500 and global financial services.

The business benefits of moving to the cloud are quite compelling, however, with those benefits come concerns. The most significant challenge facing companies that are either moving to the cloud as a consumer or as a service provider is ensuring the security of the services that are provided. The Cloud Security Alliance (CSA) was formed to help ease this challenge. The CSA’s guidance is adopted as the defacto standard for accessing the security of cloud providers across the software security market.

While this guidance has helped greatly, there is still the very challenging question of creating a standard set of questions for organizations to ask a provider in order to understand how they have implemented the CSA guidance. This is where the Consensus Assessments Initiative Questionnaire (CAI) comes into play. The questionnaire is a CSA-developed tool for both consumers and providers of cloud services to use as common criteria for determining cloud security.

This hands-on and prescriptive web seminar will review both the CSA guidance and how the CAI can be used in day-to-day business to help companies assess cloud providers. Attendees will walk away with a firm grasp on the questions to ask or to be prepared to answer- whichever side of the cloud equation they are on.

For individuals tasked with ensuring their organizations are PCI complaint, challenges are ever present. The delicate balance of achieving PCI Compliance while ensuring there is no disturbance in day to day operations of a security program is what separates experts from practitioners. This web seminar will give attendees the expert’s guide to reviewing PCI requirements for secure application development and will detail how HP helps partners not only meet these requirements but to also solidify the future of a security program by securing applications from the inside out.

There’s only one surefire way to prevent SQL injection, the #1 most frequent and damaging application security attack: verify that your code does not have SQL injection vulnerabilities. SQL injection allows hackers to steal or modify everything in your database. Code review is the most effective analysis technique for finding SQL injection flaws, and it also pinpoints exactly where the flaw is located, making it much easier and faster to remediate. If your organization is still solely focused on application penetration testing, you are wasting your time and putting your organization at risk.

Join Dave Wichers and learn about the simple genius of performing application code review to efficiently identify vulnerabilities in your applications.

Historically, software security vendors and enterprise teams have been divided into two camps: The Crusaders, who embrace the 'true religion' of source code analysis as the holy grail and believe that they can achieve nirvana with solving problems completely at the code level; and the Pragmatists, who believe that the Crusaders are unrealistic idealists, and that dynamic analysis of staged web applications is the only practical way of addressing real, attackable vulnerabilities.

The reality is that both camps are correct when placed within an overarching Software Security Assurance (SSA) framework. SSA creates a programmatic enterprise application security approach that incorporates both the source code Crusaders and the dynamic Pragmatists. This presentation will describe how the Crusaders and Pragmatists, placed within the SSA discipline, can work together to reinforce each other and bolster the entire security program’s ultimate goal – securing the enterprise.