Web Application Attack Trends

Ryan C. Barnett
Profit and ideology are the two biggest motivations driving cyber attacks against Web applications – with all business types and governments as potential targets. The best way to combat attacks of this nature through awareness and analysis of Web application security threats.

During this webinar, Ryan C. Barnett, senior security researcher for Trustwave SpiderLabs and leader of the Web Application Security Consortium's (WASC) Web Hacking Incidents Database (WHID), will:

•Review current attack trends and stats
•Highlight analysis from the WHID and honeypot data
•Identify top Web application security practices

This event is ideal for businesses that have Web applications and need to protect the data flowing through those applications.
Apr 26 2012
63 mins
Web Application Attack Trends
More from this community:

IT Governance, Risk and Compliance

  • Live and recorded (3296)
  • Upcoming (63)
  • Date
  • Rating
  • Views
  • A recent analyst study found that 88% of organizations are “doing Project and Portfolio Management (PPM).” This finding could lead many to believe all is well with this critical business process so essential to strategic success. This is hardly the case as studies also show PPM is still generally immature in enterprises today. The lack of maturity is largely due to the fact that most organizations are addressing only a subset of PPM capabilities. So though almost every organization can lay claim to doing PPM, few are actually doing PPM for all its worth. Many of these organizations will continue to miss out on the incredible possibility and promise of this essential business capability until they grasp and appreciate the full scope and potential of PPM.

    One of the greatest barriers to realizing the full potential of PPM is an enterprise-wide awareness of the span of PPM and the likely gap that must be overcome to achieve it. There is a plethora of great PPM insight contained in the numerous books, methodologies, and frameworks available today, but using this volume of information to get everyone on the same page is a daunting challenge. The key is to use a simple approach and model to quickly establish a common understanding of this critical business discipline and to easily foster the conversations and discussions to drive the endeavor to raise PPM proficiency.

    This brief webcast will present a PPM model that is easy to remember, easy to communicate, and proven to quickly illuminate the gap between existing immature PPM processes and the full scope and potential of comprehensive Project and Portfolio Management.
  • Portfolio planning activities have struggled to gain respect in most businesses. Lack of enterprise-wide orchestration arises from a lack of effective involvement and intimate business knowledge – not simply of operations and processes, but of business imperatives, obstacles and desired outcomes. And the information systems aspects continue to be planned in splendid isolation from the business, causing IT people to mistakenly celebrate victory when a new IT system goes live. However a project only really starts when the IT goes live, and so the planning needs to be fully integrated. This can only be accomplished first by building strong relationships with business peers that will result in measurable value creation. The next step is to implement a sophisticated PPM system that can handle the extreme complexity of orchestrating all the business and related technology portfolio of initiatives, capable of optimizing the plans (and the outcomes) as the business environment changes.

    To achieve this, a new PPM model needs to be created to look at portfolio management in a holistic way, enterprise-wide. Planners need a capability that will generate multiple scenarios and real-time decision support. This dimensionality and complexity is well beyond the capacity of the human brain. By implementing such a tool, IT would be positioned as a critical partner with the business – not just in implementing mainstream information systems, but also in helping the business with a much better way to plan and manage all of its key initiatives effectively

    This session focuses on how enterprise leaders and divisional leaders and IT leaders should be working in harmony to orchestrate great business outcomes, rather than looking after their parochial interests.
  • The development of a solid product innovation strategy is undoubtledly a collaborative effort, and company cultures that support an open and robust dialog will be more able to evolve their strategies to address their changing business environments.

    Attend this webcast featuring Michelle Jones from Stage-Gate International as she discusses how these companies are better equipped to address risk and derive more value from their product innovation efforts. Also hear why aligning your product innovation strategy is an important precursor to making continuous strategic assessments and project prioritization decisions.

    All attendees will gain insight into the 5 key elements that comprise a consensus based innovation strategy, the importance of clearly communicating that strategy to drive strategic portfolio management, and the metrics to measure performance.

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • Wall Street expects it and customer demand it – accountability from Sr. Executives for the future direction of their organizations. How can executives ensure their strategic plans are in action and on track? How can they shift and pivot to changing market conditions along with the risks and impacts to the long-term vision and goals? How do you thread accountability from planning to execution to results?

    Join this session, where David Werner, Senior Principal Product Marketing Manager, CA Technologies, speaks with Rick Morris, published Author and Owner/President of R2 Consulting about ways to bring more accountability through your strategic plan.
  • A recent analyst study found that 88% of organizations are “doing Project and Portfolio Management (PPM).” This finding could lead many to believe all is well with this critical business process so essential to strategic success. This is hardly the case as studies also show PPM is still generally immature in enterprises today. The lack of maturity is largely due to the fact that most organizations are addressing only a subset of PPM capabilities. So though almost every organization can lay claim to doing PPM, few are actually doing PPM for all its worth. Many of these organizations will continue to miss out on the incredible possibility and promise of this essential business capability until they grasp and appreciate the full scope and potential of PPM.

    One of the greatest barriers to realizing the full potential of PPM is an enterprise-wide awareness of the span of PPM and the likely gap that must be overcome to achieve it. There is a plethora of great PPM insight contained in the numerous books, methodologies, and frameworks available today, but using this volume of information to get everyone on the same page is a daunting challenge. The key is to use a simple approach and model to quickly establish a common understanding of this critical business discipline and to easily foster the conversations and discussions to drive the endeavor to raise PPM proficiency.

    This brief webcast will present a PPM model that is easy to remember, easy to communicate, and proven to quickly illuminate the gap between existing immature PPM processes and the full scope and potential of comprehensive Project and Portfolio Management.
  • At its most basic level, communication is the transfer of information and ideas between two or more entities. In the context of organizational project and program management, communication is a core competency that, when properly executed, connects every member of a project team to a common set of strategies, goals and actions. Unless these components are effectively shared by project leads and understood by stakeholders, project outcomes are jeopardized and budgets incur unnecessary risk. Effective communications leads to more successful projects, allowing organizations to become high performers and risk 14 times fewer dollars than their low-performing counterparts.

    This webinar reveals the communications challenges that prevent organizations from accomplishing more successful projects, and identifies key initiatives enable organizations to improve their communication as they face their own unique challenges in an ever-changing complex and risky environment.

    This session is approved for 1 Professional Development Unit (PDU) credit.
  • A recent comprehensive survey commissioned by CA revealed some very clear trends in portfolio management and provided evidence of what distinguishes a strong portfolio performer from a weak one.

    In this engaging presentation report author, Andy Jordan will explore these indicators and provide recommendations for how your organization can become more adaptable, agile and responsive to portfolio changes.

    Learn how you can build improved effectiveness into your portfolio execution approach, and how communication can contribute to your success.

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • The C-level suite agrees that aligning business and technology objectives are an essential element in achieving what’s necessary to win, retain and serve their customers, however, are they putting their money where their mouths are? The data tells a different story. According to Forrester Research, while two thirds of CIOs and CMOs agree that the CMO is an active participant in strategic planning, the perception of CIO involvement varies significantly between the two roles. Moreover, half of surveyed PMO leaders feel they have all the tools in place to competently manage the portfolio pipeline. Companies are routinely adopting practices to deliver faster and better; it’s time for executives to do the same. Effectively managing a portfolio that enables business leaders to achieve their strategic objectives requires tooling that supports pragmatic practices in order to gather data at the right level and at the right time.

    This presentation examines portfolio management trends and best practices that high achieving organizations have applied to turbo charge their planning process.

    Forrester Research, Inc., The State Of Strategic Execution In 2015, January 27, 2015

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • At a time when digital transformation is driving significant change across all industry sectors, it is critical that organizations are able to align functional and cross-functional project activities to their strategic objectives. In the digital economy, the lines between technology, new product development, applications, service delivery and change management are increasingly blurred, and it's vital for the business to have an integrated view, not only to support strategic planning and investment prioritization, but also to effectively manage these initiatives through execution. The project portfolio management process must also evolve to handle both fast-moving digital initiatives and longer-term projects, with a shortened feedback loop that engages project teams and business stakeholders, and provides visibility at all levels. This session will address topics including:

    ·How to align projects to business goals in planning AND execution
    ·Why PPM is vital for a digital project portfolio
    ·How PPM can unify cross-functional initiatives
    ·When to consider changes to PPM processes
    ·Why project visibility is critical to successful business change

    This event is approved for 1 Professional Development Unit (PDU) credit.
  • Connecting buyer & supplier: Das Zusammenspiel von Lieferanten und Einkäufern im B2B stellt von je her die Anforderung an noch mehr Geschwindigkeit aber auch an verlässliche und korrekte Informationen über Produkte und Dienstleistungen.

    In diesem Webinar erfahren Einkäufer und B2B Lieferanten alles über die neue Version von Informatica Procurement 8.0 und ...

    - Informatica Procurement im Überblick

    - Catalog Stream the B2B Commerce Machine: für bessere Integration und Datenqualität von Lieferanten durch die direkte Anbindung von PIM-Systemen.

    - Simple Order: Einfache Bestell- und Freigabeprozesse mit erweiterter ERP-Integration und E-Mail

    - Always Auto Content: Automatisches Katalog-Refresh für stets validen Content, perfekte Suchergebnisse bei neuen Katalogen – auch für Anwenderbasierte Sichten

    - Catalog Information Everywhere: Einfache Integration mit verbundenen Anwendungen auf Basis der Service API z.B. für mobile Apps.

    - Live-Demo & mehr…
  • Channel
  • Channel profile
  • PCI 101: Getting Started with the Payment Card Industry Data Security Standard Mar 18 2015 3:00 pm UTC 60 mins
    The Payment Card Industry Data Security Standard (PCI DSS) was created to help prevent credit card fraud. Any business that process, stores or transmits payment card data must be PCI DSS compliant.

    This webcast will help you understand the basics of PCI, the steps to become compliant, and how compliance can help you protect your business against a security breach.
  • Ask an Analyst: Evolving your security strategy to overcome business challenges Mar 4 2015 4:30 pm UTC 60 mins
    Organizations are having to cover more ground than ever when it comes to security. Yet businesses often lack the in-house skills and resources, so security leaders are turning to MSSPs to help bear the burden to ensure every area of risk is adequately attended to.

    Join us for an interactive discussion with guest speaker, Forrester Research VP and Principal Analyst, Ed Ferrara, to learn how MSS is changing the conversation for businesses to achieve security goals. Help drive the conversation by submitting a question for Ed in advance so we can tackle your biggest security concerns such as:

    • Overcoming the skills shortage
    • Where to focus the budget – spending trends across industries
    • The value of security – pitching it as an investment not a cost to business leaders
    • Improving business outcomes – leveraging MSSPs as a tactical arm to optimize IT security, efficiency and value
  • Database Security Threats: Risks to Your Data Recorded: Feb 26 2015 55 mins
    Today, businesses leverage confidential and mission critical data that is often stored in traditional, relational databases or more modern, big data platforms. Understanding the key threats to database security and how attackers use vulnerabilities to gain access to your sensitive information is critical to deterring a database attack.

    Join this webinar to learn about the latest threats and how to remediate them.
  • Future proof yourself with SpiderLabs forensic key indicators Recorded: Nov 27 2014 63 mins
    During this event we will look back at Trustwave SpiderLabs forensic cases in order to identify trends that will help you prepare for the future.

    You will also get an inside view of how hackers have ransacked customer networks, giving you insight on how to protect your business from future attacks.

    During this webinar, we will discuss:
    •How to get into the mindset of the attacker
    •How to identify weak points in your network based on real cases
    •Lessons learned from the mistakes of others to get better at detecting compromise
    •How to limit your exposure in the future.
  • PCI 3.0 Is knocking on your door - are you ready? Recorded: Oct 16 2014 53 mins
    With the PCI DSS version 3.0 implementation deadline around the corner, organisations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.

    During this webinar, we’ll discuss:

    • Why PCI is so important in protecting your customers sensitive data and your business

    • How to secure your business and prepare for PCI 3.0

    • Tactics that will ensure compliance and security are always top-of-mind for you and your employees
  • Trustwave on Shellshock: What You Need to Know Recorded: Oct 1 2014 70 mins
    Shellshock has made waves through the security community by earning a maximum CVSS score of 10 for overall criticality. As a security practitioner it is important for you to know what Shellshock is, how it works and how to protect your organization from being exploited by it. This Wednesday, October 1st Trustwave will host a webinar featuring Karl Sigler, Threat Intelligence Manager at Trustwave to get you the information you need to mitigate this new vulnerability. During this webinar, Karl Sigler will:

    · Communicate what the Shellshock vulnerability is and how it works
    · Identify the potential impact of Shellshock to your organization
    · Discuss how to detect if your systems are vulnerable to Shellshock
    · Explain best practices for securing your organization from Shellshock and other vulnerabilities
    · Answer your questions regarding this topic
  • Breaking Down the 2014 Trustwave Global Security Report Recorded: Sep 25 2014 56 mins
    You’re invited to this live webcast where you’ll hear unique insights from the 2014 Trustwave Global Security Report – the data is as compelling as ever.

    This webcast will help you connect the insight and actionable advice to your organization’s data security challenges. Amid the key data points, you’ll hear the story behind the average breach and the state of the industry:

    •The volume is getting loud: cybercriminals continue to find new ways to steal data – and new types of data to steal
    •Passwords still plague business of all types: we’ll show you how and why
    •Self-detection shortens the time to detecting breaches, but self-detection isn't easy, find out why
  • PCI 3.0 is Knocking on Your Door: Are you Ready? Presented by Trustwave and ETA Recorded: Sep 23 2014 60 mins
    With the PCI DSS version 3.0 implementation deadline around the corner, organizations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.

    During this webinar, we’ll discuss:
    • Why PCI is so important in protecting your customers sensitive data and your business
    • How to secure your business and prepare for PCI 3.0
    • Tactics that will ensure compliance and security are always top-of-mind for you and your employees
  • The cost Implications of POPI aligned to Security Technologies Recorded: Sep 18 2014 63 mins
    In this webinar we will review the technical challenges that arise from the POPI bill and synergies with other standards in order to help align your approach to support compliance. We will take a look at the technologies that help meet compliance with the bill and their impact on organisations as well as how we can learn from other standards when building a technology roadmap to achieve compliance with POPI.
  • Malware Symposium: How to Defeat the Modern Cyber Enemy Recorded: Sep 17 2014 62 mins
    In conjunction with Osterman Research, Trustwave will present a live panel discussion on the challenges of modern malware and how to effectively combat it.

    Trustwave editor Dan Kaplan will facilitate this discussion with Analyst Michael Osterman of Osterman Research, and Steve Brunetto, Director of Anti-Malware Product Management for Trustwave. This deep-dive session will investigate techniques modern malware uses to evade even “zero-day” detection methods, debunk misconceptions, and discuss what the next generation of malware prevention looks like.

    Following the discussion, audience members will be able to ask the panelists questions. Please join us for this interview-format webcast.
  • Recent Threat Discoveries Recorded: Sep 11 2014 63 mins
    Recent Threat Discoveries: New Point of Sale Malware and Insights about Exploit Kits and Weak Passwords

    In this presentation we will discuss:

    * Backoff, a new family of Point of Sale Malware

    * Magnitude, an Exploit Kit that became prevalent after the arrest of “Paunch”, the creator of Blackhole

    * And a recent study that shows that 54% of passwords can be cracked in minutes

    Join Ziv Mador, VP of Security Research and Andy Crail, Senior Security Engineer as they walk through some of the latest finds and intel coming from the elite hacking and research team within Trustwave, SpiderLabs.
  • Stocking up on Data Security: Protecting Retail Grocers from Hackers Recorded: Sep 9 2014 59 mins
    Data breaches are happening every day, and the grocery industry has become a prime target. This Trustwave webinar details how hackers are lining up at the checkout lane to steal valuable data (like credit card information) and what steps you need to take to ward off this threat. What you’ll learn:

    • Why grocery stores are a lucrative target for hackers
    • Think you’ve been breached? The key steps to take
    • How to comply with the PCI standard – and special considerations for grocers

    Trustwave’s senior security engineer Don Brooks will be presenting. We hope to see you there.
  • Data Compliance, Now POPI Recorded: Sep 4 2014 42 mins
    Wondering how the Protection of Personal Information (POPI) Act will affect your organisation? During this webinar Trustwave will provide an overview of POPI, the implications of processing personally identifiable Information (PII) and how to protect your organisation. What will we cover?

    •POPI overview;
    •Roles and responsibilities;
    •Trustwave methodology and approach;
    •Security and privacy overlap;
    •Condition 7, Security Safeguards;
    •Compliance pitfalls to avoid;
    •Compliance quick wins;
    •Privacy enhancing technologies;
    •Next steps to start your POPI program.

    To learn how Trustwave can help your organisation with POPI compliance, register now.
  • Financial Services at Risk: Adapting to new threats and a changing landscape Recorded: Aug 14 2014 54 mins
    Hackers are after the money, and financial services firms certainly have plenty of it. Although these businesses have some of the most mature information security practices of any industry, criminals are evolving their tactics and targeting this vertical with new-found gusto.

    Join Don Brooks, senior enterprise engineer at Trustwave, as he discusses this shifting threat landscape and how you can defend your most prized assets.

    He will cover:

    - Am I really a target?
    - Going mobile: What this means to your security
    - Malware is everywhere: What can you do about it?
    - Top actions to take to reduce your risk

    There will be ample time for your questions at the end of his presentation, so join us, and seek Don’s help in solving your biggest security challenges.
  • Health Care Data Security and HIPAA Compliance: Live Panel Discussion Recorded: Jul 23 2014 64 mins
    This live webcast will take you through the basics of healthcare data security, complying with HIPAA and guidelines for taking action quickly. Our expert panel will cover the basic landscape, and then take your questions in a live Q&A. The session agenda includes:

    - Business considerations for health care data security and compliance
    - Getting ahead of the curve - key activities for compliance with HIPAA
    - Where to get started and how to accelerate your security program

    Please join us!
  • Web Application Security Trends for 2014 Recorded: Jun 26 2014 58 mins
    In this webinar we will take you through the web security attack trends for 2014 and provide some remediation advice and tips for better security.
  • Breaking Down the 2014 Trustwave Global Security Report Recorded: Jun 25 2014 53 mins
    The 2014 Trustwave Global Security Report has just been released – and the findings are more important than ever for your organization. While businesses have improved their time to detection of breaches substantially, cybercriminals continue to find new ways to steal data – and new types of data to steal. A sample of what you'll hear:

    • The volume of data breach investigations increased 54% over 2012
    • Weak passwords open the door in 31% of data compromises
    • We saw a 33% increase in the theft of non-payment card
    • Self-detection can significantly shorten the timeline from detection to containment

    Join us for this live webcast!
  • Breaking Down the 2014 Trustwave Global Security Report Recorded: Jun 25 2014 65 mins
    The 2014 Trustwave Global Security Report has just been released – and the findings are more important than ever for your organization. While businesses have improved their time to detection of breaches substantially, cybercriminals continue to find new ways to steal data – and new types of data to steal. A sample of what you'll hear:

    • The volume of data breach investigations increased 54% over 2012
    • Weak passwords open the door in 31% of data compromises
    • We saw a 33% increase in the theft of non-payment card
    • Self-detection can significantly shorten the timeline from detection to containment

    Join us for this live webcast!
  • Trustwave and ETA Present: Breaking Down the 2014 Global Security Report Recorded: Jun 19 2014 58 mins
    The 2014 Trustwave Global Security Report has just been released - and the findings are more important than ever for your organization. While businesses have improved their time to detection of breaches substantially, cybercriminals continue to find new ways to steal data. A sample of what you'll hear:

    * The volume of data breach investigations increased 54% over 2012
    * Weak passwords open the door in 31% OF DATA COMPROMISES
    * Self-detection can significantly shorten the timeline from detection to containment

    Join us for this live webcast for the Payments Industry!
  • Getting ahead of the EU Data Protection Reform Recorded: Jun 18 2014 63 mins
    The European Commission announced that progress on 'EU Data Protection reform (is) now irreversible' - but what will this mean for the millions of organisations that reside in and do business within the European Union?

    •This webinar will provide some insights on the much debated regulation and what you should be doing to protect personally identifiable information that you are the custodian of.

    •We will highlight potential pain points as well as show you how you can better prepare, using real world data breaches from our own investigations and by providing practical guidance for you on how to store, process or transmit personally identifiable information.
Smart security on demand
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Web Application Attack Trends
  • Live at: Apr 26 2012 3:00 pm
  • Presented by: Ryan C. Barnett
  • From:
Your email has been sent.
or close
You must be logged in to email this