Hi [[ session.user.profile.firstName ]]


  • Date
  • Rating
  • Views
  • Cross-Site Scripting: Why It Persists, and What To Do
    Cross-Site Scripting: Why It Persists, and What To Do
    Jim Manico, founder of Manicode Security and Oliver Lavery, VP of Research at IMMUNIO Recorded: Feb 2 2017 43 mins
    In this webinar, Jim Manico and Oliver Lavery address how application security is approached today, and how it can be improved, using the common vulnerability Cross Site Scripting (XSS) as an example. Today, application security is often left to developers with the idea that they will simply write perfect code that follows compliance regulations and has perfect functionality, and therefore there will be no security vulnerabilities or issues. Unfortunately, not only is this idea resource intensive and expensive, it is impossible. There will be errors in the code. XSS, for example, is a known vulnerability, but still afflicts 80% of web apps. Jim explains what a XSS attack is, how it is carried out, and potential effects.

    Oliver Lavery will contend that there is a way for applications to secure themselves from vulnerabilities such as XSS by leveraging the commonality of applications: the frameworks they are built on. Building security measures into the framework at the application layer allows for internal access to the state of the app and requires no code changes or resources. Then demonstrate an HTML XSS attack to show that securing apps via their frameworks allows you to automate the process of learning proper code structure to determine if a change in that structure in future renderings is an attack that can be blocked.

    You will learn:
    What is Cross Site Scripting (XSS)
    How are XSS attacks executed, and what are the ramifications
    How can your app defend itself from and XSS attack
    How building security measures into an apps framework can mitigate code vulnerabilities
    How to secure your app without changing your code or deadline
  • Remediate vs. Mitigate - What's the Best Approach to Manage Your Cyber Risk
    Remediate vs. Mitigate - What's the Best Approach to Manage Your Cyber Risk
    Chris Romeo, CEO and co-founder of Security Journey and Goran Begic VP of Product of IMMUNIO Recorded: Dec 15 2016 41 mins
    When it comes to managing cyber risk, what is the best approach? Fixing application vulnerabilities with strong security process before going into production? Or mitigating vulnerabilities through some other technology in production?

    Security breaches are on the rise, many of which occur due to vulnerabilities in the application layer. New vulnerabilities are discovered daily and the frantic pace of software development shows no signs of slowing down. What chances do we have to turn the tables on Web Application security breaches?

    Join the debate on Remediation vs. Mitigation to learn:
    •How both approaches work to protect your web applications
    •How you can improve your development process
    •How to improve security of applications deployed in production
  • RASP Adoption: A View From The Trenches
    RASP Adoption: A View From The Trenches
    Goran Begic, VP of Product at IMMUNIO Recorded: Oct 27 2016 36 mins
    Runtime Application Self-Protection (RASP) is one of the newest technologies coined by Gartner and it is in early stages of adoption in the industry. It promises dynamic defense and automatic mitigation of vulnerabilities in web applications.

    This webinar will provide an overview of buying criteria and evaluation requirements across different industries and some typical pitfalls that can slow down adoption.
    After the introduction and a brief overview on the technology the audience will be invited to participate in discussion about organizational requirements for adoption and operationalization of RASP. Questions for discussion:
    • My application is under attack. What actions should I take? Who owns the response?
    • Which attacks should I respond to and which ones can I ignore?
    • How to get started with mitigation provided by technology?
    • Does RASP fit with DevOps?
    • Does RASP help with remediation?

    This is an objective discussion about RASP. Evaluation criteria, comparison of RASP with IAST and other security technologies, personal experiences and examples discussed in this talk are generally applicable to all RASP solutions.

    Key takeaways: At the end of the presentation you will:
    • Get a better understanding of requirements for evaluation of RASP and its use cases,
    • If you can pull a successful evaluation alone, or if you will need participation of other groups / teams
    • Learn about critical criteria for success of RASP in production
    • How this criteria different relative to appsec testing tools.
  • Un-Hackable Applications with RASP
    Un-Hackable Applications with RASP
    Mike Milner, CTO and Co-founder of IMMUNIO Recorded: Oct 1 2016 40 mins
    You've done all the right things. Your developers are trained, they've taken all the secure coding courses, you use the best development frameworks, you scan your code before you release, you deploy behind a web app firewall - but your apps are still vulnerable.

    Developers make mistakes, framework authors make mistakes. Security features get put on hold to work on product features. Web app firewalls slow things down, or get dropped into monitor-only mode, or hackers simply bypass them.

    Runtime Application Self Protection (RASP) technology integrates directly with your application to provide strong, automatic protection without any additional effort from developers. Inside the application, the RASP can provide very strong protection that's impossible to bypass.

    This webinar follows two typical attack scenarios facing today's web applications. For each scenario, we'll look at the attack vector in use and how applications are traditionally protected. We'll then compare the same attack with RASP protection to understand how RASP works and how it can enhance your development and operational processes, making many attacks impossible.
  • How To View Real-Time Web Application Security Data in Datadog
    How To View Real-Time Web Application Security Data in Datadog
    Ilan Rabinovitch, Director, Technical Community and Evangelism at Datadog and Mike Milner, CTO and cofounder of IMMUNIO Recorded: Jul 28 2016 34 mins
    With Datadog’s cloud-scale performance monitoring capabilities, users obtain invaluable operational data about their cloud environment and applications. IMMUNIO is the latest addition to the list of more than 100 turnkey Datadog integrations (a group that also includes Amazon Web Services, Docker, and Slack). The IMMUNIO integration makes your existing Datadog monitoring even more powerful. By using IMMUNIO with Datadog, you gain critical insights into how attacks are affecting your system -- and you get the tools you need to stop the attacks immediately.

    The data provided by your IMMUNIO integration with Datadog helps you determine what’s normal for your system and your apps -- so you can quickly zero in on abnormal activity, determine whether it’s malicious, and immediately safeguard your apps.

    Join IMMUNIO and Datadog for this informative webinar and get the scoop on all the benefits of the IMMUNIO integration, including the ability to:

    - Correlate CPU usage spikes with a brute force login attack
    - Diagnose database query latency by matching to a blind SQL Injection attack
    - Use IMMUNIO to stop bots by automatically serving CAPTCHAs, and set a Datadog alert based on number of CAPTCHAs served.
    - Harden your application against Cross-Site Scripting, SQL Injection, Remote Command Execution, and other vulnerabilities -- even many zero-day attacks
  • Understanding Account Takeover Attacks
    Understanding Account Takeover Attacks
    Mike Milner, CTO and Co-founder of IMMUNIO Recorded: Jun 23 2016 52 mins
    Over the last few years, there are a known 620 million user accounts that have been compromised across hundreds of sites. Organized cybercrime have figured out that this is the fastest, most reliable method to infiltrate organizations, as well as achieve financial gain. Since users share passwords across multiple sites, it is easier to find logins that work on a target site than try to bypass firewalls, find software flaws, or even run spearphishing campaigns.

    These types of attacks are collectively coming to be known as “Account Takeover” (ATO). Some are simple, while others are sophisticated. Some can be stopped relatively easily, and others require much more effort.

    ATO attacks (via stolen credentials) were cited as the #1 method of confirmed data breaches in both 2014 and 2015, for web applications, which itself was the #1 vector for data breaches.

    Come learn what these ATO threats are, their impact to your business, how to detect them, and what you can do about it.
  • How to get the most out of AppSec tools
    How to get the most out of AppSec tools
    Justin Collins, Mike Milner, Goran Begic Recorded: Mar 16 2016 46 mins
    "SAST", "DAST", "IAST", "RASP"... In the application security testing space it is very easy to get lost within all the technologies that help find issues in code and dependent libraries.

    While the most effective approach is to use multiple technologies and tools, for many organization this is not a sensible option due to resource and time constraints.

    In this webcast Justin, Mike and Goran will explain the differences and benefits of different application security technologies and provide advice on how to get started.

    No new project, or major code rework should be checked in without a scan with a static analyzer.

    Applications deployed in production, especially those that are known to use outdated frameworks and libraries need to be protected with a runtime protection library.
  • RSA 2016 - Financial Institutions: "Security Directly Relates to Dollars"
    RSA 2016 - Financial Institutions: "Security Directly Relates to Dollars"
    Mike Milner, CTO & Co-Founder, IMMUNIO & Josh Downs, Community Manager, BrightTALK Recorded: Mar 10 2016 5 mins
    - RSA 2016 -

    BrightTALK spoke with IMMUNIO's Mike Milner on the cyber skills shortage, how to defend rapidly-digitalizing financial institutions and what the world can be optimistic about for the next few years in cyberspace.
  • Beyond PCI Compliance: WAF and RASP
    Beyond PCI Compliance: WAF and RASP
    John Stauffacher, Mario Contestable, and Goran Begic Recorded: Feb 10 2016 40 mins
    Application security is hard. Web Application Firewalls (WAFs) have not lived up to their promise of fast protection against attacks. Why? Because they’re easy to bypass and hard to maintain.

    It’s much more effective to find and fix security flaws and follow secure coding guidelines in the apps themselves. This hasn’t been an easy fix either – until now.

    Get this video if you want to:

    - Understand where WAF technology falls short and how this can impact your web apps.

    - Get the inside track on web application security from infosec security experts John Stauffacher and Mario Contestable.

    - Learn how Runtime Application Self-Protection (RASP) can be used to address WAF deficiencies.

Embed in website or blog