Web Application Attack Trends

Manage webcast
Ryan C. Barnett
Profit and ideology are the two biggest motivations driving cyber attacks against Web applications – with all business types and governments as potential targets. The best way to combat attacks of this nature through awareness and analysis of Web application security threats.

During this webinar, Ryan C. Barnett, senior security researcher for Trustwave SpiderLabs and leader of the Web Application Security Consortium's (WASC) Web Hacking Incidents Database (WHID), will:

•Review current attack trends and stats
•Highlight analysis from the WHID and honeypot data
•Identify top Web application security practices

This event is ideal for businesses that have Web applications and need to protect the data flowing through those applications.
Apr 26 2012
63 mins
Web Application Attack Trends
More from this community:

IT Service Management

  • Live and recorded (2598)
  • Upcoming (52)
  • Date
  • Rating
  • Views
  • This live demo will show you how you can seamlessly blend business communications into your cloud work environment, creating an enterprise-grade communications hub with an easy-to-use interface that is very simple for end-users to deploy and IT to manage.

    Make it easy for employees to initiate PSTN calls and SMS, view screen pops with relevant information, automatically log the calls, and more -- without ever leaving their favorite apps. You’ll also see how easy it is to add new users and make changes as your business evolves with RingCentral’s cloud based communications system.

    Our expert presenter will walk you through how it works and answer your questions. You’ll see:

    •How to place calls with one click from within your business apps
    •Views of customer profile and communications history
    •Automated ticket creation from calls
    •And more!
  • Number porting is a meticulous process. You want to do the right thing at the right time, or you could throw off your transition schedule. We’ll take you through the timeline and point out the pitfalls so that you can transition to your new cloud phone system without a hitch.
  • Für die intelligente IT von morgen – Highlights und Features von FNT Command 10

    Die tiefgreifenden Entwicklungen der Trends wie „Big Data“, „Cloud“ und „Internet of Things“ ebnen bereits heute den Weg für die IT der Zukunft. Aufgrund der steigenden Komplexität der zu verwaltenden Infrastrukturen besteht für Verantwortliche in IT, Telekommunikation und Rechenzentren die größte Herausforderung darin, die benötigten Informationen zum richtigen Zeitpunkt abrufen zu können.

    Aus diesem Grund wurden die neuen Funktionalitäten von FNT Command 10 mit dem Fokus entwickelt, jeden Anwender in seinem individuellen Aufgabenbereich optimal zu unterstützen. Claudia Lehmann, Product Marketing Manager, stellt Ihnen die neuen Highlights vor, mit denen Sie einen völlig neuen Einblick in Ihre Daten erhalten können.
  • Over 90% of targeted attacks start with email. Criminals create very convincing emails to trick your users into clicking on a link, opening an attachment, or replying with their credentials. The attack methods criminals employ with phishing emails are constantly changing and so must your email security to block these attacks before damage occurs. Learn about the newest trends in phishing email attacks and how to protect your organization.
  • Employee self-service is often viewed by IT as a 'knight in shining armor' since it can provide quicker employee access to both help and new services, while taking some of the pressure off overworked corporate IT service desks. However, for many organizations, their initial attempts to introduce self-service have been more white elephant than white knight – with low employee adoption and utilization rates – often due to an overemphasis on the technology.

    Thankfully now, after many hard lessons have been learned, some organizations are finally getting self-service right. In this webinar, we’ll share how they’ve succeeded, by:

    * Exploring the variety of challenges and potential pitfalls with self-service – including technology, management, and end-user perspectives
    * Offering practical advice and good practice on how to design, launch, manage, and encourage the use of an employee self-service facility for IT (or any other corporate service provider)
    * Providing sensible actions that will help you to either get started with, or to improve upon, self-service within your organization
  • The economic significance of application management is often underrated. Did you know that about 40% of IT budgets is spent on keeping applications up and running, up to date and under control? But are you getting enough value out of your investments?

    This webinar explores application support, maintenance/renewal and strategy.
    Takeaways:
    - overview of the whole Application Management domain and its relationships with the business and other IT disciplines and external service providers
    - better understanding of the costs and benefits of Application Management and how to influence them
    - frameworks, standards and trends and how to benefits from them
  • Do any of these comments sound familiar?

    - “Only the new people find value in our knowledge base.”
    - “Once our teams learn how to resolve something, they don’t need to use the knowledge base.”
    - “It takes longer to find it in the knowledge base than it does to figure it out.”
    - “Our knowledge base is out dated and cumbersome to use.”
    - "I’ll ask (insert name here), he / she will know the answer.”
    If so, you may be stuck in the knowledge-engineering rut. The Knowledge-centered-support methodology is a proven best practice that overcomes these challenges. Attend this session to learn about the KCS methodology and how you can use it to:

    -reduce the time to resolution
    -standardize answers to your customers
    -lower support costs
    -increase customer satisfaction
    -increase employee job satisfaction

    KCS becomes the way you resolve incidents, answer questions, share your knowledge with peer staff, and in short get people back to work. Because it is part of the Incident process, it is always current and accurate and enables your teams to continually support an expanding breadth of services.

    Additionally, you will hear about the journey of the University of Phoenix, and parent company Apollo Education Group, in moving out of old-school knowledge engineering, “ivory tower” knowledge approaches, and into the realm of real-time knowledge management – using KCS to empower front-line staff content administration, and manage knowledge by positive peer-to-peer relationships. We will discuss the use of the Knowledge-Centered Support (KCS) methodology in a highly-regulated business environment, to capture, structure, and reuse knowledge as new incidents occur and the business environment changes. Our chat will discuss the methods utilized, uncover the “ditches” to avoid, and present the metrics used to measure and prove success.
  • With all the advantages public and private clouds provide today, do you have the comprehensive cloud analytics that goes with it?
    • Are you able to coordinate the overall performance of your cloud today, to truly gauge service health and operational efficiencies?
    • Have you been able to compare costs of different providers with ease, to rapidly determine trends in quality and reliability?

    If these topics are important to you, then join us for this hybrid cloud management session on cloud analytics.

    Register for this webinar and learn how to gain full visibility into your organization and make the informed decisions and adjustments in investments that will meet your profitability targets and increase user satisfaction.
  • Flash is one of the biggest trends taking over the IT infrastructure world. It’s applicable everywhere, not just for large enterprises, so find out what makes Flash Storage so compelling and how to position it within the SMB segment.
  • Channel
  • Channel profile
  • Dangers to Web App Security: 4 Ways to Control Complexity and Cost Aug 5 2015 3:00 pm UTC 60 mins
    Victor Bonic, Global Security Architect, and Thomas Savage, Product Marketing Manager
    Web application security is threatened not just by hackers but also by the complexity (and related cost) of keeping up with security challenges. Due to the ever-increasing strategic and financial importance of e-commerce and other web services, web application security is of paramount importance for nearly every organization. The difficulties of web application security are compounded by the growing complexity of web applications, the nearly constant changes in site content and the increasing sophistication of web application attacks. Add in migration to cloud-based and hosted environments and the cost of application security can start to become unmanageable.

    Join this webinar as Trustwave discusses 4 approaches to reduce cost and complexity. Trustwave has helped hundreds of organizations adopt these approaches and secure their web applications with a solution offering advanced capabilities (continuous learning mode, bi-directional analysis, etc.), flexible architecture, and multiple delivery options to simplify your operations.
  • The Internet of Things revolution-what lurks in the shadows? Recorded: Jul 22 2015 43 mins
    Sam Bakken, Product Marketing Manager at Trustwave
    Beyond the novelty, the Internet of Things (IoT) will improve our standard of living and revolutionize industry—but at what cost to security and privacy?

    In an ideal world, manufacturers and providers of IoT products and services take responsibility for protecting their users. But, at present, businesses adopting the technology and consumers inviting it into their homes need to take precautions.

    Join us for a primer on deploying IoT technology safely in your home or business and discover:

    • How the IoT will transform business
    • Risks in both consumer and business/industrial use cases
    • Five crucial security and privacy considerations.
  • How to Win at SIEM: 6 Strategies to Successfully Contain Breaches Recorded: Jul 8 2015 56 mins
    Thomas Savage, product marketing manager at Trustwave and Andy Millican, senior product manager at Trustwave
    Holding off on getting a SIEM, or frustrated with the one you’ve got?

    Security information and event management (SIEM) solutions have been deployed for over a decade but the vision offered by vendors and analysts is rarely realized by customers. Roughly one-third of new SIEM sales today are replacements for “failed” SIEM deployments. Listen in as our experts highlight the major challenges to selecting, deploying and more importantly, operating a SIEM. Then the conversation will shift to focus on six strategies to augment your resources using Trustwave managed services so that you can realize the full vision of a SIEM solution.

    Join this informative webinar where you will learn how to:

    •Fund, deploy and operate a SIEM that sets you up for success
    •Optimize automatic log collection and threat correlation
    •Efficiently identify, stop, and resolve breaches.
  • PCI 101: Getting Started with Trustwave TrustKeeper PCI Manager Recorded: Jun 18 2015 49 mins
    James Zou, Trustwave Systems Engineer
    The Payment Card Industry Data Security Standards (PCI DSS) were created to help prevent credit card fraud. Any business that processes, stores or transmits payment card data must be PCI DSS compliant.

    This live demo will walk you through the basics of getting started with the Trustwave TrustKeeper PCI Manager and help you better understand the PCI DSS and the necessary steps to secure your business.
  • The State of Cybercrime: Breaking down the 2015 Trustwave Global Security Report Recorded: Jun 11 2015 62 mins
    John Yeo, VP of Trustwave SpiderLabs and Karl Sigler, Threat Intelligence Manager at Trustwave SpiderLabs
    Are you ready for a front-row seat to the cybercrime battleground? The 2015 Trustwave Global Security Report (GSR) has just been released and presents an open window into the skilled and frenetic attack landscape. Join this webinar as we highlight our major findings and offer you a chance to:

    • Get a condensed overview of the history of the GSR
    • Hear about our 2014 investigations while we discuss some of the insight gleaned from our threat intelligence and research
    • Get a bird’s eye view at aggregated data from our network and application penetration testing in 2014.
  • The State of Cybercrime: Breaking down the 2015 Trustwave Global Security Report Recorded: Jun 11 2015 57 mins
    John Yeo, VP of Trustwave SpiderLabs and Lawrence Munro, Director of SpiderLabs EMEA at Trustwave
    Are you ready for a front-row seat to the cybercrime battleground? The 2015 Trustwave Global Security Report (GSR) has just been released and presents an open window into the skilled and frenetic attack landscape. Join this webinar as we highlight our major findings and offer you a chance to:

    • Get a condensed overview of the history of the GSR
    • Hear about our 2014 investigations while we discuss some of the insight gleaned from our threat intelligence and research
    • Get a bird’s eye view at aggregated data from our network and application penetration testing in 2014.
  • 7 Strategies to Cover Expanding IT Threats - Despite a Limited Staff Recorded: May 27 2015 62 mins
    Chris Harget, senior product marketing manager at Trustwave
    Increasing data and network complexity give hackers more to steal and more ways to steal it. Most organizations cannot hire enough skilled IT security personnel to keep up.

    Join us for this informative and timely webinar, in which our experts will offer you seven golden strategies to mitigate IT risk and help you:

    • Reduce the greatest risks first
    • Stretch your team for optimal results
    • Creatively augment budget, skills and headcount.
  • Application security threats Recorded: May 7 2015 61 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager at Trustwave and Tanya Secker, Managing Consultant, SpiderLabs
    Today's fastest-growing risk category is web application vulnerabilities.

    Join this live web event to better understand some of the common misconceptions around application security and hear some war stories from the field that demonstrate today's application security weaknesses.

    The presentation will take a look at:
    • How hackers are evolving to attack your applications
    • The most common application vulnerabilities
    • Remediation actions you can take to help limit your attack surface area
    • Considerations for designing security into your application.
  • How to stop malware the first time. 5 strategies that work. Recorded: Apr 16 2015 61 mins
    Stephen Brunetto, director of product management at Trustwave and Chris Harget, senior product marketing manager at Trustwave
    Targeted malware, zero-day vulnerabilities and advanced persistent threats are increasingly responsible for data breaches. Why? Because they work. Most security products have a hard time protecting from advanced malware. This problem is compounded because attackers can easily mass produce new malware variants. What’s an IT person to do?

    Join us to learn key techniques to stop modern malware the first time. We will discuss:
    •What tactics work
    •Where to apply them
    •How to optimize cost, staffing and security.
  • PCI 101: Getting Started with the Payment Card Industry Data Security Standard Recorded: Mar 18 2015 59 mins
    Greg Rosenberg, QSA, CISA Trustwave Security Engineer
    The Payment Card Industry Data Security Standard (PCI DSS) was created to help prevent credit card fraud. Any business that process, stores or transmits payment card data must be PCI DSS compliant.

    This webcast will help you understand the basics of PCI, the steps to become compliant, and how compliance can help you protect your business against a security breach.
  • Ask an Analyst: Evolving your security strategy to overcome business challenges Recorded: Mar 4 2015 61 mins
    Ed Ferrara, Forrester Analyst; Dan Kaplan, Trustwave Editor
    Organizations are having to cover more ground than ever when it comes to security. Yet businesses often lack the in-house skills and resources, so security leaders are turning to MSSPs to help bear the burden to ensure every area of risk is adequately attended to.

    Join us for an interactive discussion with guest speaker, Forrester Research VP and Principal Analyst, Ed Ferrara, to learn how MSS is changing the conversation for businesses to achieve security goals. Help drive the conversation by submitting a question for Ed in advance so we can tackle your biggest security concerns such as:

    • Overcoming the skills shortage
    • Where to focus the budget – spending trends across industries
    • The value of security – pitching it as an investment not a cost to business leaders
    • Improving business outcomes – leveraging MSSPs as a tactical arm to optimize IT security, efficiency and value
  • Database Security Threats: Risks to Your Data Recorded: Feb 26 2015 55 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager at Trustwave
    Today, businesses leverage confidential and mission critical data that is often stored in traditional, relational databases or more modern, big data platforms. Understanding the key threats to database security and how attackers use vulnerabilities to gain access to your sensitive information is critical to deterring a database attack.

    Join this webinar to learn about the latest threats and how to remediate them.
  • Future proof yourself with SpiderLabs forensic key indicators Recorded: Nov 27 2014 63 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager at Trustwave and Solomon Bhala, Senior Consultant at SpiderLabs
    During this event we will look back at Trustwave SpiderLabs forensic cases in order to identify trends that will help you prepare for the future.

    You will also get an inside view of how hackers have ransacked customer networks, giving you insight on how to protect your business from future attacks.

    During this webinar, we will discuss:
    •How to get into the mindset of the attacker
    •How to identify weak points in your network based on real cases
    •Lessons learned from the mistakes of others to get better at detecting compromise
    •How to limit your exposure in the future.
  • PCI 3.0 Is knocking on your door - are you ready? Recorded: Oct 16 2014 53 mins
    Mark Belgrove, Managing Consultant at Trustwave
    With the PCI DSS version 3.0 implementation deadline around the corner, organisations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.

    During this webinar, we’ll discuss:

    • Why PCI is so important in protecting your customers sensitive data and your business

    • How to secure your business and prepare for PCI 3.0

    • Tactics that will ensure compliance and security are always top-of-mind for you and your employees
  • Trustwave on Shellshock: What You Need to Know Recorded: Oct 1 2014 70 mins
    Karl Sigler, Threat Intelligence Manager, Trustwave
    Shellshock has made waves through the security community by earning a maximum CVSS score of 10 for overall criticality. As a security practitioner it is important for you to know what Shellshock is, how it works and how to protect your organization from being exploited by it. This Wednesday, October 1st Trustwave will host a webinar featuring Karl Sigler, Threat Intelligence Manager at Trustwave to get you the information you need to mitigate this new vulnerability. During this webinar, Karl Sigler will:

    · Communicate what the Shellshock vulnerability is and how it works
    · Identify the potential impact of Shellshock to your organization
    · Discuss how to detect if your systems are vulnerable to Shellshock
    · Explain best practices for securing your organization from Shellshock and other vulnerabilities
    · Answer your questions regarding this topic
  • Breaking Down the 2014 Trustwave Global Security Report Recorded: Sep 25 2014 56 mins
    John Yeo, Global Director at Trustwave SpiderLabs
    You’re invited to this live webcast where you’ll hear unique insights from the 2014 Trustwave Global Security Report – the data is as compelling as ever.

    This webcast will help you connect the insight and actionable advice to your organization’s data security challenges. Amid the key data points, you’ll hear the story behind the average breach and the state of the industry:

    •The volume is getting loud: cybercriminals continue to find new ways to steal data – and new types of data to steal
    •Passwords still plague business of all types: we’ll show you how and why
    •Self-detection shortens the time to detecting breaches, but self-detection isn't easy, find out why
  • PCI 3.0 is Knocking on Your Door: Are you Ready? Presented by Trustwave and ETA Recorded: Sep 23 2014 60 mins
    Greg Rosenberg, QSA, CISA Trustwave Security Engineer
    With the PCI DSS version 3.0 implementation deadline around the corner, organizations should be thinking about ways to prepare for the new requirements. With an evolving threat landscape, targeted attacks on sensitive data like yours and new technology platforms it may seem overwhelming to think about protecting your business.

    During this webinar, we’ll discuss:
    • Why PCI is so important in protecting your customers sensitive data and your business
    • How to secure your business and prepare for PCI 3.0
    • Tactics that will ensure compliance and security are always top-of-mind for you and your employees
  • The cost Implications of POPI aligned to Security Technologies Recorded: Sep 18 2014 63 mins
    Oliver Pinson-Roxburgh, EMEA Systems Engineering Manager, Trustwave
    In this webinar we will review the technical challenges that arise from the POPI bill and synergies with other standards in order to help align your approach to support compliance. We will take a look at the technologies that help meet compliance with the bill and their impact on organisations as well as how we can learn from other standards when building a technology roadmap to achieve compliance with POPI.
  • Malware Symposium: How to Defeat the Modern Cyber Enemy Recorded: Sep 17 2014 62 mins
    Michael Osterman, Osterman Research Analyst; Dan Kaplan, Trustwave Editor; Steve Brunetto, Trustwave Product Director
    In conjunction with Osterman Research, Trustwave will present a live panel discussion on the challenges of modern malware and how to effectively combat it.

    Trustwave editor Dan Kaplan will facilitate this discussion with Analyst Michael Osterman of Osterman Research, and Steve Brunetto, Director of Anti-Malware Product Management for Trustwave. This deep-dive session will investigate techniques modern malware uses to evade even “zero-day” detection methods, debunk misconceptions, and discuss what the next generation of malware prevention looks like.

    Following the discussion, audience members will be able to ask the panelists questions. Please join us for this interview-format webcast.
  • Recent Threat Discoveries Recorded: Sep 11 2014 63 mins
    Ziv Mador, VP of Security Research and Andy Crail, Senior Security Engineer
    Recent Threat Discoveries: New Point of Sale Malware and Insights about Exploit Kits and Weak Passwords

    In this presentation we will discuss:

    * Backoff, a new family of Point of Sale Malware

    * Magnitude, an Exploit Kit that became prevalent after the arrest of “Paunch”, the creator of Blackhole

    * And a recent study that shows that 54% of passwords can be cracked in minutes

    Join Ziv Mador, VP of Security Research and Andy Crail, Senior Security Engineer as they walk through some of the latest finds and intel coming from the elite hacking and research team within Trustwave, SpiderLabs.
Smart security on demand
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Web Application Attack Trends
  • Live at: Apr 26 2012 3:00 pm
  • Presented by: Ryan C. Barnett
  • From:
Your email has been sent.
or close
You must be logged in to email this