Browse communities
Presenting a webinar?
Share this content

Application Hackers Have a Handbook. Why Shouldn’t You?

Chenxi Wang, Forrester Research; Wyman Lewis, GSI Commerce, an eBay Company; Marc Shinbrood, Trustwave
Your Web applications are at the heart of your business – they hold your intellectual property, drive your sales, and keep the trust of your customers. But here’s the problem – they’re fast becoming the preferred attack vector of hackers.

In this upcoming webinar, you’ll get expert coaching and actionable advice that will help you protect your applications -- from design to production.

Our presenters will cover:
•A real-world view of the application lifecycle with expert guidance at each stage - Presented by Chenxi Wang, PhD, VP and Principal Analyst, Forrester Research
•How a global leader in e-commerce built an actionable strategy for trusted applications - Presented by Wyman Lewis, MBA, CISSP, Information Security Director, GSI Commerce, an eBay Company
•How a solution provider’s 360° approach helps secure thousands of mission critical apps - Presented by Marc Shinbrood, VP, WAF Business Unit, Trustwave

You’ll walk away with actionable information that you can deploy immediately, to strengthen the security of your critical applications. You’ll also be armed with expert knowledge and peer advice that will guide your longer-term strategies around full lifecycle application design, testing, planning and production.
Sep 12 2012
60 mins
Application Hackers Have a Handbook. Why Shouldn’t You?
application security
More from this community:

IT Security

Webinars and videos

  • Live and recorded (2820)
  • Upcoming (125)
  • Date
  • Rating
  • Views
  • Enterprise Mobility Management is evolving as quickly as the devices and apps it means to control. Mobile security is constantly having to adapt to innovations in mobility. Organizations need to approach mobility management as an integral part of their mobile strategy. Security should be intrinsic but not inhibitive. Come learn where mobility is going, mobility management questions your organization should be asking, and what you can do to assure that your end-users and data are protected.
    Read more >
  • IT Security Experts discuss key findings from 2013 IT Security Survey results with CTO of Ceasar's Entertainment
    Read more >
  • "You look at how you're going to let this operate within your network. So you start with the policy, then you look at the technology that you need to deploy on these devices. Then you actually look at who has access to what." Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, discusses the steps to progress through when preparing for BYOD in your business.
    Read more >
  • In the last 10 years, hacking has become big business with a well organised infrastructure, defined roles and responsibilities, and sophisticated attack vector automation that generates large-scale attacks of unprecedented size, speed and devastation. Advanced protection is needed in order to successfully stand up to the ‘industrialisation of hacking’. In this webinar, Andy will talk about:

    - How to prevent web attacks like SQL injection, cross-site scripting, app DDoS or site scraping.

    - The limitations and vulnerabilities associated with IPS solutions and other traditional security solutions.

    - Attack-mitigation techniques for combating malware including bots and other automated attacks common in industrialised hacking.

    - How to protect networks from the ‘compromised insider’ threat.

    About the speaker:
    Mark has 18 years’ experience in the IT industry, and has specialised in Internet security systems for more than 16 years. Mark is a passionate evangelist for technology and is multi-skilled across a broad range of security solutions including Firewalls, VPNs, IPS, WAF, web and email content filtering, SIM/SIEM, load balancing, DLP, risk assessment, monitoring tools, DB security and consultancy. Mark joined Imperva in 2007 and held previous technical roles at Nokia and contracted as a security specialist where he has held senior roles designing and implementing firewall, IDP and VPN solutions in mission critical environments.
    Read more >
  • In the last 10 years, hacking has become big business with a well organised infrastructure, defined roles and responsibilities, and sophisticated attack vector automation that generates large-scale attacks of unprecedented size, speed and devastation. Advanced protection is needed in order to successfully stand up to the ‘industrialisation of hacking’. In this webinar, Andy will talk about:

    - How to prevent web attacks like SQL injection, cross-site scripting, app DDoS or site scraping.

    - The limitations and vulnerabilities associated with IPS solutions and other traditional security solutions.

    - Attack-mitigation techniques for combating malware including bots and other automated attacks common in industrialised hacking.

    - How to protect networks from the ‘compromised insider’ threat.

    About the speaker:
    Mark has 18 years’ experience in the IT industry, and has specialised in Internet security systems for more than 16 years. Mark is a passionate evangelist for technology and is multi-skilled across a broad range of security solutions including Firewalls, VPNs, IPS, WAF, web and email content filtering, SIM/SIEM, load balancing, DLP, risk assessment, monitoring tools, DB security and consultancy. Mark joined Imperva in 2007 and held previous technical roles at Nokia and contracted as a security specialist where he has held senior roles designing and implementing firewall, IDP and VPN solutions in mission critical environments.
    Read more >
  • Come avvengono gli attacchi? 5 STAGES OF A DATA BREACH
    Per proteggere le aziende da attacchi informatici, è importante capire come operano gli attacanti. Questo webcast descrive l’anatomia di un attacco nelle sue 5 fasi: Reconnaissance, Incursion, Discovery, Capture ed Exfiltration
    Verranno inoltre analizzate le principali tecniche impiegate e le soluzioni per prevenirle e/o contrastarle oltre al relativo impatto sul business (rilevato dalla ricerca “Cost of a Data Breach 2013”)
    Partecipa a questo webcast per vedere come si sono evolute le cyber minacce e come stanno influenzando le realtà produttive.
    Read more >
  • Join Gavin Millard, EMEA Technical Systems Director of Tripwire, to get an overview of the technology Tripwire recently acquired through the purchase of nCircle.

    Hear why hardware and software discovery is the foundational control to understanding your attack surface and how nCircle's market leading Vulnerability management solutions can help reduce the risk of breach within your infrastructure.

    This 30 minute presentation will include an overview of the extended product portfolio, key advantages to the technology and why the nCircle acquisition complements Tripwire’s portfolio.
    Read more >
  • Cosa sta DAVVERO succedendo? Il Security Threat Report
    Il Security Threat Report fornisce una panoramica e un'analisi di attività delle minacce a livello mondiale nel 2012. Dai dati della Global Intelligence Network, esperti di Symantec analizzano le tendenze emergenti negli attacchi, nelle vulnerabilità e negli obiettivi.
    Inoltre, l’ultima ricerca “Cost of a Data Breach Report 2013” traccerà gli impatti economici per le organizzazioni nel caso di attacchi informatici
    Partecipa a questo webcast per avere un aggiornamento sul panorama delle minacce e della sicurezza nel 2013 e sulle conseguenze nel business.
    Read more >
  • Pour limiter les risques d’une cyber-attaque, la politique de sécurité doit comprendre la mise en place d’une politique de supervision incluant la surveillance des vulnérabilités, la corrélation des événements de sécurité, les procédures de réponse en cas d’attaque… Lors de ce webcast, nous vous invitons à faire le point sur les solutions de SOC, SSIEM, Services Managés et leurs bénéfices.
    Read more >
  • In response to the increasing frequency and variety of cyber-attacks, businesses are looking to harness their volumes of security-relevant information to gain actionable and easy-to-understand information about threats and their potential and actual impact upon an organization. Many recent analyst studies reveal that senior executives are paying more attention to security than ever before and there is an increased shift towards risk management, which is driving organizations to become more proactive than reactive. Despite this, organizations continue to struggle with the technology, people and process aspects of harnessing such solutions. Join this webinar to learn how you can leverage security intelligence from your SIEM deployment for threat protection, forensics and network visibility.
    Read more >
  • Channel
  • Channel profile

Trustwave

Up Down
  • Securing Mobile Apps: Old School Know How For the New World Order Recorded: Jun 13 2013 58 mins
    Mobile devices and applications are redefining business, revolutionizing productivity and driving competitive advantage. But as the volume of mobile applications increases, so too are mobile exploits. In the rush to enter the mobile software market, are we taking shortcuts that force us to repeat sins of the past? Like caching sensitive data, incomplete encryption and simple mistakes in coding? Don't let old-school vulnerabilities allow hackers to resurrect previously obsolete malware and exploits. With the experience of more than 1,400 incident response investigations, thousands of penetration tests and hundreds of application security tests, Trustwave SpiderLabs' Charles Henderson will show IT, security and development teams how to make sure they're not leaving sound security practices and due diligence behind as they develop new mobile applications.
  • 2013 Trustwave Global Security Report: Threat Trends Webinar Recorded: Mar 19 2013 64 mins
    Listen Up. Lock Down.

    •The average time from breach to detection is 210 days.
    •Mobile malware samples increased by 400%.
    •E-commerce applications account for 48% of breach investigations.

    Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

    Hosted by Trustwave’s SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.
  • 2013 Trustwave Global Security Report: Threat Trends Webinar Recorded: Mar 19 2013 63 mins
    Listen Up. Lock Down.

    •The average time from breach to detection is 210 days.
    •Mobile malware samples increased by 400%.
    •E-commerce applications account for 48% of breach investigations.

    Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

    Hosted by Trustwave SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.
  • 2013 Trustwave Global Security Report: Threat Trends Webinar Recorded: Mar 19 2013 55 mins
    Listen Up. Lock Down.

    •The average time from breach to detection is 210 days.
    •Mobile malware samples increased by 400%.
    •E-commerce applications account for 48% of breach investigations.

    Do you want the inside track on the threats you’ll be facing this year? Then sign up for this expert webcast covering the highlights of the 2013 Trustwave Global Security Report.

    Hosted by Trustwave SpiderLabs elite research and threat intelligence team, what you see and hear in this session will help prepare your business and your teams for what’s ahead in 2013 and beyond.
  • Emerging Threats: Trends in Malware Design - Research from Trustwave SpiderLabs Recorded: Dec 6 2012 46 mins
    Malware comes in all shapes and sizes. Some malware is mass-distributed while other malicious software is purpose-built to target specific data or businesses.

    And malware developers are continually “improving” their product - through propagation complexity, control channels, anti-forensic techniques and data exporting properties.

    Presented by John Miller, research manager for Trustwave SpiderLabs, this talk covers the evolution of malware as it adapts to today’s computing environments. Learn about:

    •How attackers are adapting malware
    •Common and targeted malware trends
    •Key methods to prevent attacks

    You’ll gain detailed insight into today’s leading malware research and information on how to build a better overall security posture.
  • The Honeymoon’s Over: Living with Your Application Pen Test Results Recorded: Nov 15 2012 52 mins
    Like everyone else, you know that application penetration tests are a critical part of any reasonable security program. So you setup a bake-off and find a qualified security company to test your applications. Things are going well and you start to see results show up in the reporting portal (or, if it’s still 2005, you get PDF reports).

    But identifying vulnerabilities is only half the battle. Once you know where your problems are, what do you do next? Schedule fixes for the next code deployment? Create virtual patches? What about long-term solutions?

    Find out what you can expect from an application penetration test, and what to do with the results in this hour-long session led by Trustwave SpiderLabs experts Charles Henderson, Director of Application Security Services, and Ryan Barnett, Lead Security Researcher.

    You’ll gain insight into:
    •Common and serious vulnerabilities uncovered by testing
    •Immediate tactical responses to remediation
    •Long-term strategic initiatives to improve application security

    You’ll walk away with actionable information on how to take full advantage of an application penetration test to strengthen application security throughout your organization.
  • Application Hackers Have a Handbook. Why Shouldn’t You? Recorded: Sep 12 2012 60 mins
    Your Web applications are at the heart of your business – they hold your intellectual property, drive your sales, and keep the trust of your customers. But here’s the problem – they’re fast becoming the preferred attack vector of hackers.

    In this upcoming webinar, you’ll get expert coaching and actionable advice that will help you protect your applications -- from design to production.

    Our presenters will cover:
    •A real-world view of the application lifecycle with expert guidance at each stage - Presented by Chenxi Wang, PhD, VP and Principal Analyst, Forrester Research
    •How a global leader in e-commerce built an actionable strategy for trusted applications - Presented by Wyman Lewis, MBA, CISSP, Information Security Director, GSI Commerce, an eBay Company
    •How a solution provider’s 360° approach helps secure thousands of mission critical apps - Presented by Marc Shinbrood, VP, WAF Business Unit, Trustwave

    You’ll walk away with actionable information that you can deploy immediately, to strengthen the security of your critical applications. You’ll also be armed with expert knowledge and peer advice that will guide your longer-term strategies around full lifecycle application design, testing, planning and production.
  • Why Hackers Love Hotels, Restaurants, Retail and Other Businesses Recorded: Aug 22 2012 54 mins
    In 2011 investigations, more than 85% of data breaches took place in restaurants, diners, retail stores and hotels.

    Hackers are experts when it comes to stealing your data...including the credit card numbers of your customers.

    Learn how to easily and quickly protect your business. View Why Hackers Love Your Business and find out:

    - Why hackers are targeting your multi-site business
    - What data they steal and why they don't get caught
    - What you can do to protect all your sites
  • My Scan Found What? Top 5 Weaknesses Uncovered with Vulnerability Scanning Recorded: Jun 26 2012 64 mins
    Vulnerability scanning is a necessary tool for validating compliance with the Payment Card Industry Data Security Standards (PCI DSS), but more importantly this process can help to identify where weaknesses exist across your network, computers and applications. When treated as a "snapshot" of a network from the outside (think attacker's) point-of-view, this technology can become much more valuable.

    To help organizations better manage vulnerabilities and pass scans for compliance, this webinar highlights the top 5 weaknesses that vulnerability scanning most often finds.

    During this presentation, we'll cover:
    •Benefits of enterprise vulnerability management
    •The types of vulnerabilities seen most often
    •How to fix serious issues and get the most value from scans
    •Remediation do's and don'ts for items that crop up

    Join us for this live webinar and gain expert guidance based on experience gathered from thousands of tests.
  • Take Action: Best Practices to Protect Against Targeted Malware Attacks Recorded: Jun 7 2012 56 mins
    Based on investigations conducted by Trustwave SpiderLabs, only 12% of targeted malware was detected by traditional anti-virus solutions in 2011. Targeted attacks are highly successful because they focus on specific organizations and are crafted to elude traditional point product security controls, including anti-virus. Protecting against such targeted attacks – on top of everything else – requires you to be as innovative as the hackers.

    Get insights on how to innovate your security from Wendy Nather, analyst with 451 Research, and Manu Namboodiri, vice president of product marketing, Trustwave. Learn:

    - Where you may be vulnerable to targeted attacks and persistent threats from malware
    - Best practices based on preventing intrusion, propagation, vulnerabilities and data exfiltration
    - How Trustwave unifies Web, email and network security solutions to detect, block, isolate and prevent targeted attacks
  • Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests Recorded: May 22 2012 58 mins
    True Stories of Real Pen Tests - Featuring demos of complex hacks and how business systems can be used against an organization.

    Earth vs. the Giant Spider: Amazingly True Stories of Real Pen-Tests brings the audience the most massive collection of weird, downright freaky, and altogether unlikely hacks ever seen in the wild. Through stories and demonstrations, we will take the audience into a bizarre world where odd business logic flaws get you almost free food (including home shipping), sourcing traffic from port 0 allows ownership of the finances a nation, and security systems are used to hack organizations.

    This talk will focus on:
    •Complex hacks found in real environments
    •Showing effective attacks not found with automated methods
    •Types of victim organizations and data accessed

    By the end of this presentation we hope to have the audience thinking differently about systems and applications that organizations use every day, and how they may be used against them.
  • Web Application Attack Trends Recorded: Apr 26 2012 63 mins
    Profit and ideology are the two biggest motivations driving cyber attacks against Web applications – with all business types and governments as potential targets. The best way to combat attacks of this nature through awareness and analysis of Web application security threats.

    During this webinar, Ryan C. Barnett, senior security researcher for Trustwave SpiderLabs and leader of the Web Application Security Consortium's (WASC) Web Hacking Incidents Database (WHID), will:

    •Review current attack trends and stats
    •Highlight analysis from the WHID and honeypot data
    •Identify top Web application security practices

    This event is ideal for businesses that have Web applications and need to protect the data flowing through those applications.
  • Getting Started with PCI DSS Recorded: Apr 5 2012 43 mins
    Find out what you need to know about PCI DSS compliance.

    The Payment Card Industry Data Security Standard (PCI DSS) was created to help prevent credit card fraud and security vulnerabilities and threats. Any business that process, stores or transmits payment card data must validate compliance with the PCI DSS.

    Led by a Trustwave expert, this webinar will help you:
    •Understand the 12 requirements of PCI DSS
    •Identify your responsibilities as a merchant
    •Know how to get started

    This webinar will be useful for anyone beginning the compliance process or looking to better understand the PCI DSS.
  • Speaking with Cryptographic Oracles Recorded: Mar 27 2012 60 mins
    Cryptography is often used to secure data, but few people have a solid understanding of it. Even for cryptographers, it is still easy to make mistakes. The algorithms might be peer-reviewed and unbroken for years, but if used incorrectly, they can still leak information.

    Cryptographic oracles are systems which take user-controlled input and leak part or all of the output, generally leading to an attacker being able to defeat the cryptography, in part or in whole. This lecture will:
    • Define encryption, decryption, and padding oracles
    • Explain why an unbroken algorithm doesn’t matter
    • Describe how to find cryptographic oracles
    • Explore the ways in which oracles can be used to mount attacks
  • 2012 Global Security Threats and Trends Recorded: Feb 9 2012 63 mins
    If the thought of a breach is keeping you up at night, this presentation will give you tangible recommendations on strengthening your information security strategy. Based on the Trustwave 2012 Global Security Report, the presentation will feature data from more than 300 investigations and 2,000 penetration tests conducted in the previous 12 months.

    Presented by Nicholas J. Percoco, Trustwave SVP and Head of SpiderLabs, this 60-minute session will:

    - Highlight the threats targeting your organization's valuable assets
    - Explain state-of the art-attack methods uncovered in our data breaches investigations
    - Use real-world security research to put the most common weaknesses under the microscope

    In today's cyber world, it's no longer a matter of 'if' a data breach will occur, but 'when." Attend this presentation to gain insight into the vulnerabilities that are affecting businesses today, and the strategic initiatives you can take to better secure data within your organization.
  • Unified Security: Respond and Prevent to Manage Risk Recorded: Feb 6 2012 59 mins
    Unified Security: Respond and Prevent to Manage Risk
  • Unified Security: Respond and Prevent to Manage Risk Recorded: Feb 6 2012 59 mins
    Unified Security: Respond and Prevent to Manage Risk
  • Customers Like My Business…Hackers Will Too: Current Risk Trends Recorded: Jul 19 2011 61 mins
    Hackers frequently target small merchants, as many such businesses are not adequately protecting the systems and devices on which payment card data is stored or processed. Research conducted by Trustwave identifies the current risks and vulnerabilities faced by smaller businesses, and especially for those merchants that have not validated compliance with the Payment Card Industry Data Security Standard (PCI DSS).

    Led by expert Gregory Rosenberg, this webinar will cover:
    •Payment card risks for small merchants
    •How to take action for PCI DSS validation
    •How to prioritize payment card security
Smart security on demand
Trustwave is the leading provider of on-demand data security and payment card industry compliance management solutions to businesses and organizations throughout the world. Trustwave has helped thousands of organizations — ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets.
  • Upcoming webinars (0)
  • Recorded webinars (18)
  • Subscribers (3,564)
Channel RSS feed
Up Down

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Application Hackers Have a Handbook. Why Shouldn’t You?
  • Live at: Sep 12 2012 6:00 pm
  • Presented by: Chenxi Wang, Forrester Research; Wyman Lewis, GSI Commerce, an eBay Company; Marc Shinbrood, Trustwave
  • From:
Your email has been sent.
or close
You must be logged in to email this
OK