What Do You REALLY Need to Know About the New OWASP Top Ten?
The OWASP Top Ten is the de-facto web application security standard because it reflects the evolving threat landscape, providing organizations a framework to manage and mitigate application security risk.
This dual-presenter format will examine the critical newcomers and pesky incumbents from both an offensive and defensive perspective. Attend to get our expert insight on how to harden Web applications and align your program towards OWASP compliance.
Topics covered include:
- The newcomers – why they are so tricky and elude traditional test efforts
- XSS and Injection – mistakes organizations keep making that land these preventable threats on every Top Ten list
- Design flaws that cause them and coding errors that expose them
- High impact activities that reduce exploitability, prevalence and impact
Meet the Presenters:
Kevin Poniatowski, Sr. Security Instructor & Engineer at Security Innovation, brings an optimal blend of speaking ability, technical savvy, and an insatiable passion for security to Security Innovation's training customers. Kevin entered the application security field in 2007 with Security Innovation, where he has split time between application security course development and delivering instructor-led courses.
Mark Burnett is a security consultant, author, and researcher who specializes in application security, authentication, and hardening Microsoft Windows-based servers and networks. Since 1999 he has worked in numerous areas of IT security, developing unique strategies and techniques for protecting critical assets. Mark is author and coauthor of a number of security books and publishes security articles for several web sites, newsletters, and magazines.
ITSPmagazine meets up with Richard Greenberg, President LA chapters of OWASP & ISSA and Information Security Officer at LA County Department of Health, during AppSec California to discuss diversity, education, and the Internet of Things. Here are a few points that Richard covers:
- With a severe lacking of women in InfoSec, we need to start at a very young age and speak a universal unbiased language to our youth and to men & women.
- The industry needs to be framed so the manufacturer is set up to bake in security.
- Awareness training needs to be interactive.
Using the OWASP Software Assurance Maturity Model (OpenSAMM) as a framework, this talk covers the major application security controls of a secure development lifecycle program as provided by OWASP. Featured OWASP open source material include: OWASP guidelines and tools such as ESAPI, ZAProxy, as well as educational resources.
About the speaker:
Sebastien started the Belgian OWASP Chapter Leader and is a member of the OWASP Foundation Board. He performed several public presentations on Web Application and Web Services Security and co-organizes the yearly security & hacker BruCON conference and trainings in Belgium.
For the past 10 years has built up extensive experience in Information Security and specialises in Web Application Security. He has performed several successful secure development lifecycle projects in the financial and utility sector, started up software security groups, supported customers in selecting and implementing Web Application Firewalls (WAF), delivered web application security training and closed numerous audit findings regarding application security.
John Wagnon discusses the details of the #2 vulnerability listed in this year's OWASP Top 10 Security Risks: Broken Authentication. Learn about this security risk and how to guard against it.Read more >
John Wagnon discusses the details of the top vulnerability listed in this year's OWASP Top 10 Security Risks: Injection Attacks. Learn what they are and how to guard against them.Read more >
The OWASP Top 10 is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
Watch this on-demand webinar as Jason Taylor, one of our most experienced security experts, takes us through the journey of identifying the tell-tale markers of the OWASP Top Ten and reveals the techniques used to hunt them down.
This session covers:
Vulnerability anatomy – how they present themselves
Analysis of vulnerability root cause and protection schemas
Test procedures to validate susceptibility (or not) for each threat
The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
This on demand webinar presents the OWASP Top Ten in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security.
Web application security is complex, difficult, and costly. These issues are well known, but remain prevalent out in the real world. Most development teams do not have the time or resources to sufficiently protect against the myriad of attacks that are relevant to each vector, while the level of expertise required to address these issues are difficult to come by even if your project has the time and budget for it. The good news is that advanced WAF technology is more accessible and affordable than ever before. With the right tools, comprehensive WAF coverage can not only reduce your exposures and give you better control over your applications but also help optimize your resources and reduce overall operating costs. Join F5 and (ISC)2 for Part 1 of a 3 part Security Briefings Series on February 1, 2018 at 1PM Eastern where we’ll discuss the OWASP Top 10, defenses for everything it addresses and how to use WAF to optimize and filter unwanted traffic to cut costs in the cloud.Read more >
Join an expert panel of OWASP leaders as they discuss new web application threats and give their insights on ways to secure them for your business.Read more >
Web application security is complex, time-consuming to manage, and costly. Most development teams do not have the resources to sufficiently protect apps against the myriad of attacks that are relevant to each vector. This is further compounded by the need to repeatedly address these vulnerabilities in every application that is deployed.
The OWASP Top 10 provides a list of the ten most critical web application security risks. An advanced Web Application Firewall (WAF) can help defend your applications against these threats. In this webinar, you will learn:
• The primary risks to your applications addressed by the OWASP Top 10
• How using a WAF to protect your applications can offload development resources
• How to address additional risk, such as DDoS and bot attacks
• How a WAF can optimise and filter unwanted traffic to help cut costs in the cloud
Bezpieczeństwo aplikacji webowych to proces złożony, czasochłonny oraz kosztowny. Większość zespołów deweloperskich nie posiada wystarczających zasobów do tego, aby chronić aplikacje przed mnóstwem zagrożeń i pochodzących z różnych stron ataków. Sytuację dodatkowo komplikuje potrzeba regularnego reagowania na te zagrożenia w przypadku każdej uruchomionej aplikacji.
OWASP Top 10 to lista najbardziej krytycznych zagrożeń aplikacji webowych. Zaawansowany firewall do aplikacji webowych (WAF) może być pomocny w obronie przeciwko tym zagrożeniom. Na tym webinarium dowiesz się więcej o:
• Podstawowych zagrożeniach dla Twoich aplikacji omówionych w OWASP Top 10.
• Jak użycie firewalla WAF do ochrony aplikacji może uwolnić zasoby programistyczne.
• Jak zabezpieczyć się przed dodatkowymi zagrożeniami, takimi jak ataki DDoS oraz boty.
• Jak firewall WAF może optymalizować i filtrować niepożądany ruch, zmniejszając przy tym koszty korzystania z chmury.
La seguridad de las aplicaciones web es una tarea costosa en tiempo y dinero. La mayoría de desarrolladores no dispone de recursos que aseguren una protección suficiente de las apps frente a los innumerables ataques a cada vector. A ello se añade la necesidad de abordar repetidamente estas vulnerabilidades en cada app.
OWASP Top 10 es una lista de los 10 riesgos de seguridad más críticos para las aplicaciones web. Contar con un avanzado firewall de aplicaciones web (WAF) puede ayudarte a proteger tus apps frente a estas amenazas. En este seminario web abordaremos los siguientes temas:
• Riesgos de seguridad para las aplicaciones de la lista OWASP Top 10
• Cómo usando un WAF para proteger tus apps puede reducir los costes de desarrollo
• Cómo abordar otros riesgos como los ataques DDoS y de bots
• Cómo un WAF puede optimizar y filtrar el tráfico no deseado para ayudarte a reducir costes en la nube
Die Sicherheit von Web-Applikationen ist kompliziert, aufwändig zu verwalten und kostspielig. Die meisten Entwicklungsteams haben nicht die Ressourcen, um Anwendungen adäquat gegen die Unzahl von Attacken zu schützen. Das wird zusätzlich dadurch erschwert, dass diese Schwachstellen in jeder eingesetzten Applikation adressiert werden müssen.
Die OWASP Top 10 ist eine Liste der zehn kritischsten Sicherheitsrisiken für Web-Applikationen. Eine fortschrittliche WAF (Web Application Firewall) kann Ihnen helfen, Ihre Web-Applikationen vor diesen Bedrohungen zu schützen. In diesem Webinar erfahren Sie:
• Welche primären Risiken für Ihre Applikationen die OWASP Top 10 umfassen
• Wie der Einsatz einer WAF zum Schutz Ihrer Applikationen Entwicklungsressourcen schonen kann
•Wie Sie zusätzliche Risiken wie etwa DDoS und Bot-Attacken adressieren können
•Wie eine WAF unerwünschten Traffic optimieren und filtern kann, um so Kosten in der Cloud zu reduzieren
La sécurité des applications Web est complexe, onéreuse et longue à gérer. La plupart des équipes de développement n’ont pas les moyens de protéger suffisamment les applications contre toutes les attaques actuelles. En outre, puisqu’il est nécessaire de résoudre ces vulnérabilités dans chaque application déployée, la situation devient toujours plus inquiétante.
Le Top 10 OWASP dresse une liste des dix risques de sécurité les plus critiques pour les applications Web. Un pare-feu sophistiqué pour les applications Web (WAF) peut aider vos applications à contrer ces menaces. Dans ce webinar, vous découvrirez :
• les principaux risques pour vos applications examinés dans le Top 10 OWASP ;
• comment utiliser un WAF pour protéger vos applications et soulager vos équipes de développement ;
• comment contrer d’autres risques, tels que les attaques DDoS et de bots ;
• comment un WAF peut optimiser et filtrer le trafic indésirable pour vous aider à réduire les coûts liés au cloud.
Many businesses today are harnessing the tools and promise of DevOps or Agile to drive innovation. Everything from new website capabilities to entirely new products are fair game in this revolution. However, the majority of security tools and processes are not inherently designed to be integrated in this new world, which is limiting the results new developments can bring.
In this webinar, Dr. Chenxi Wang, founder of cybersecurity consultancy the Jane Bond Project and Vice Chair of the Board of Directors of OWASP, and CYBRIC CTO Mike D. Kail will discuss:
• How to effectively integrate security into your DevOps process
• How to integrate it at scale
• Real-world examples of business results using this approach
Mike and Chenxi will also cover where to get started with "DevSecOps," what metrics to use and what security at scale can mean for businesses.
Dr. Chenxi Wang is founder of The Jane Bond Project, and a founding partner in 360Velocity, a strategic Cybersecurity consultancy. She is Vice Chair of the Board of Directors of OWASP, a strategic advisor for IT Security Planet and serves on the advisory board of various start-ups. Previously, Chenxi served as the Chief Strategy Officer at Twistlock, responsible for corporate strategy and thought leadership. Chenxi is the 2016 & 2017 program co-chair for Security & Privacy at the Grace Hopper Conference and named by SC Magazine as a 2016 Women of Influence. Prior to Twistlock, Chenxi built an illustrious career at Forrester Research, Intel Security and CipherCloud. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard-hitting research papers. At Intel Security, she led the ubiquity strategy that spans both hardware and software platforms. Chenxi started her career as a faculty member of Computer Engineering at Carnegie Mellon University.
Web application security is complex, difficult, and costly – the problems are well known, but remain prevalent out in the real world. Most development teams do not have the resources to sufficiently protect against the myriad of attacks that are relevant to each vector, and the level of expertise required is difficult to come by even if your project has the time and budget for it. This is further compounded by the need to address these vulnerabilities over and over in every application that goes out the door making it a significant blocker in your path to production.
The good news is that advanced WAF technology is more accessible and affordable than ever before. F5 has teams of researchers and engineers dedicated to this task, and their industry-leading expertise is packaged and available today to defend apps of any size and variety. With the right tools, comprehensive WAF coverage can not only reduce your exposures and give you better control over your applications but also help optimize your resources and reduce overall operating costs. F5 is committed to supporting the OWASP Top 10 and providing defenses for everything it addresses, but that’s just the tip of the iceberg.
In this webinar you will learn:
- About the primary risks to your app, including those addressed by the Top 10.
- How to make the most of development resources by using WAF to do the heavy lifting for you.
- How F5’s unique and flexible deployment options will make WAF remediation for your app a snap.
- How you can go beyond the Top 10 and address additional risk, such as DDoS, bot defense, intellectual property theft, or fraud.
- How WAF can optimize and filter unwanted traffic to help you cut costs in the cloud.
For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community.
During this webinar, Johannes Ullrich, Senior SANS Institute Expert and Chris Eng, VP Security Research at Veracode will explain more about the three new risks in the 2017 top 10, what else has changed since 2013, and provide resources to adopt best practices for preventing these risks.
Whether you are evaluating AWS, or are already hosting your DevTest, disaster recovery or production workloads on AWS, security and compliance are high on your list of priorities.
Application security for apps in the public cloud is the responsibility of you, the customer, and it is critical that you are able to protect your workloads from hackers looking to exploit security gaps to undermine your business.
Register for this live webinar, hosted by James Brown, Director of Public Cloud for Alert Logic, to:
• Receive an overview of the OWASP top 10 most critical web application security risks, such as SQL injections, cross-site scripting and un-validated re-directs
• Discover best practices for protecting your environment from the OWASP Top 10 risks
• Hear how other customers are securing their production workloads on AWS:
o Core security technologies include intrusion detection, vulnerability scanning, log management and web application firewalls, combined with rich security content & analytics, and a 24x7 Security Operations Center
• Learn how to secure your cloud workloads in less than 4 weeks, for as little as £750 per month*
This session also includes a live Q&A, so this is a must-attend event for current or future customers of AWS. Alert Logic is an approved partner of the AWS Technology Partner Program.
*entry level solution
NowSecure continuously monitors millions of mobile apps in third-party apps in the Apple® App Store® and the Google Play™ store for security, compliance and privacy risks.
A comprehensive analysis of iOS and Android apps found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given that the average mobile device has over 89 mobile apps on it, what are the odds your employees have one or more of the apps and what’s the real risk to your business?
During this webinar, renowned mobile security expert and NowSecure founder Andrew Hoog and Chief Mobility Officer Brian Reed will review the massive data set, detail the areas of exposure and review mitigation recommendations.
Mobile apps power productivity in the modern business; don’t let a few bad apps bring it down.
Note: Live attendees will be entered to win a free mobile app security assessment!
ITSPmagazine meets up with Tom Brennan, Director at Intel Security and Board of Directors at OWASP, to discuss diversity, education, and the Internet of Things. Here are a few highlights from the conversation:
- Diversity is important in the organization relevant to having different perspectives. OWASP is a community of doers - if you're able to participate in the discussion from a tech perspective you're welcome, regardless of race, age gender etc.
- If you truly believe in the mission that software security is important then this is one of those communities really focuses on that aspect.
- There are 55,000 OWASP members that all have one thing in common: they understand tech and they understand the risk that impacts safety.