This session will be led by Katy Anton - Senior Application Security Consultant @ Veracode, OWASP Bristol Chapter Leader & Project Co-Leader for OWASP Proactive Controls Project. Katy will take the audience through the ins and outs of the OWASP Top 10.
As software becomes increasingly complex, the difficulty of achieving application security increases. With the rapid pace of modern software development processes, securing the software from the beginning can be challenging.
-How can developers write more secure applications?
-What are the security techniques they could use while writing their software?
These are hard questions, as evidenced by the increased cyber breaches. This session will explore the OWASP Top 10 (2017) and will identify the security controls that can prevent these vulnerabilities in which developers can use in the software development lifecycle. By the end of the webinar, you will have an arsenal of security controls that you can start using and apply them while writing your software applications.
Register to this session to find out how the OWASP Top 10 can secure your DevSecOps Initiative!
What Do You REALLY Need to Know About the New OWASP Top Ten?
The OWASP Top Ten is the de-facto web application security standard because it reflects the evolving threat landscape, providing organizations a framework to manage and mitigate application security risk.
This dual-presenter format will examine the critical newcomers and pesky incumbents from both an offensive and defensive perspective. Attend to get our expert insight on how to harden Web applications and align your program towards OWASP compliance.
Topics covered include:
- The newcomers – why they are so tricky and elude traditional test efforts
- XSS and Injection – mistakes organizations keep making that land these preventable threats on every Top Ten list
- Design flaws that cause them and coding errors that expose them
- High impact activities that reduce exploitability, prevalence and impact
Meet the Presenters:
Kevin Poniatowski, Sr. Security Instructor & Engineer at Security Innovation, brings an optimal blend of speaking ability, technical savvy, and an insatiable passion for security to Security Innovation's training customers. Kevin entered the application security field in 2007 with Security Innovation, where he has split time between application security course development and delivering instructor-led courses.
Mark Burnett is a security consultant, author, and researcher who specializes in application security, authentication, and hardening Microsoft Windows-based servers and networks. Since 1999 he has worked in numerous areas of IT security, developing unique strategies and techniques for protecting critical assets. Mark is author and coauthor of a number of security books and publishes security articles for several web sites, newsletters, and magazines.
ITSPmagazine meets up with Richard Greenberg, President LA chapters of OWASP & ISSA and Information Security Officer at LA County Department of Health, during AppSec California to discuss diversity, education, and the Internet of Things. Here are a few points that Richard covers:
- With a severe lacking of women in InfoSec, we need to start at a very young age and speak a universal unbiased language to our youth and to men & women.
- The industry needs to be framed so the manufacturer is set up to bake in security.
- Awareness training needs to be interactive.
Using the OWASP Software Assurance Maturity Model (OpenSAMM) as a framework, this talk covers the major application security controls of a secure development lifecycle program as provided by OWASP. Featured OWASP open source material include: OWASP guidelines and tools such as ESAPI, ZAProxy, as well as educational resources.
About the speaker:
Sebastien started the Belgian OWASP Chapter Leader and is a member of the OWASP Foundation Board. He performed several public presentations on Web Application and Web Services Security and co-organizes the yearly security & hacker BruCON conference and trainings in Belgium.
For the past 10 years has built up extensive experience in Information Security and specialises in Web Application Security. He has performed several successful secure development lifecycle projects in the financial and utility sector, started up software security groups, supported customers in selecting and implementing Web Application Firewalls (WAF), delivered web application security training and closed numerous audit findings regarding application security.
You’ve probably heard many talks about DevSecOps and continuous security testing but how many provided the tools needed to actually start that testing? This talk does exactly that. It provides an overview of the open source AppSec Pipeline tool which has been used in real-world companies to do real security work. Beyond a stand-alone tool, the OWASP AppSec Pipeline provides numerous docker containers ready to automate, a specification to customize with the ability to create your own implementation and references to get you started.
The talk will also cover how to add an AppSec Pipeline to your team’s arsenal and provide example templates of how best to run the automated tools provided. Finally, we’ll briefly cover using OWASP Defect Dojo to store and curate the issues found by your AppSec Pipeline. The goal of this talk is to share the field-tested methods of Aaron Weaver - If you want to start your DevSecOps journey by continuously testing rather then hear about it, this talk is for you.
How many applications are in your company’s portfolio?
What’s the headcount for your AppSec team?
Whatever your situation is, I am sure the numbers are not in your favor. This talk covers the OWASP AppSec Pipeline project which provides real world examples from AppSec programs at several different companies who have seen increases of 5x in productivity. Companies covered include Rackspace with approximately 4,000+ employees and Pearson with 40,000+. Both have an international presence and far more apps and developers that AppSec staff. The talk will also cover the key principles to speed and scale up AppSec programs using an AppSec Pipeline as well as practical examples of these practices put into use. Start early and begin to buy down the technical security department by leaving the traditional AppSec program thinking behind.
John Wagnon discusses the details of the #2 vulnerability listed in this year's OWASP Top 10 Security Risks: Broken Authentication. Learn about this security risk and how to guard against it.Read more >
John Wagnon discusses the details of the top vulnerability listed in this year's OWASP Top 10 Security Risks: Injection Attacks. Learn what they are and how to guard against them.Read more >
The OWASP Top 10 is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
Watch this on-demand webinar as Jason Taylor, one of our most experienced security experts, takes us through the journey of identifying the tell-tale markers of the OWASP Top Ten and reveals the techniques used to hunt them down.
This session covers:
Vulnerability anatomy – how they present themselves
Analysis of vulnerability root cause and protection schemas
Test procedures to validate susceptibility (or not) for each threat
The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
This on demand webinar presents the OWASP Top Ten in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security.
Web application security is complex, difficult, and costly. These issues are well known, but remain prevalent out in the real world. Most development teams do not have the time or resources to sufficiently protect against the myriad of attacks that are relevant to each vector, while the level of expertise required to address these issues are difficult to come by even if your project has the time and budget for it. The good news is that advanced WAF technology is more accessible and affordable than ever before. With the right tools, comprehensive WAF coverage can not only reduce your exposures and give you better control over your applications but also help optimize your resources and reduce overall operating costs. Join F5 and (ISC)2 for Part 1 of a 3 part Security Briefings Series on February 1, 2018 at 1PM Eastern where we’ll discuss the OWASP Top 10, defenses for everything it addresses and how to use WAF to optimize and filter unwanted traffic to cut costs in the cloud.Read more >
Join an expert panel of OWASP leaders as they discuss new web application threats and give their insights on ways to secure them for your business.Read more >
Bezpieczeństwo aplikacji webowych to proces złożony, czasochłonny oraz kosztowny. Większość zespołów deweloperskich nie posiada wystarczających zasobów do tego, aby chronić aplikacje przed mnóstwem zagrożeń i pochodzących z różnych stron ataków. Sytuację dodatkowo komplikuje potrzeba regularnego reagowania na te zagrożenia w przypadku każdej uruchomionej aplikacji.
OWASP Top 10 to lista najbardziej krytycznych zagrożeń aplikacji webowych. Zaawansowany firewall do aplikacji webowych (WAF) może być pomocny w obronie przeciwko tym zagrożeniom. Na tym webinarium dowiesz się więcej o:
• Podstawowych zagrożeniach dla Twoich aplikacji omówionych w OWASP Top 10.
• Jak użycie firewalla WAF do ochrony aplikacji może uwolnić zasoby programistyczne.
• Jak zabezpieczyć się przed dodatkowymi zagrożeniami, takimi jak ataki DDoS oraz boty.
• Jak firewall WAF może optymalizować i filtrować niepożądany ruch, zmniejszając przy tym koszty korzystania z chmury.
Oglądając webinar wyrażasz zgodę na udostępnienie Twoich danych firmie F5. Dane będą traktowane zgodnie Polityką Prywatności F5 (https://f5.com/about-us/policies/privacy-policy).
Web application security is complex, time-consuming to manage, and costly. Most development teams do not have the resources to sufficiently protect apps against the myriad of attacks that are relevant to each vector. This is further compounded by the need to repeatedly address these vulnerabilities in every application that is deployed.
The OWASP Top 10 provides a list of the ten most critical web application security risks. An advanced Web Application Firewall (WAF) can help defend your applications against these threats. In this webinar, you will learn:
• The primary risks to your applications addressed by the OWASP Top 10
• How using a WAF to protect your applications can offload development resources
• How to address additional risk, such as DDoS and bot attacks
• How a WAF can optimise and filter unwanted traffic to help cut costs in the cloud
By watching this webinar, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://f5.com/about-us/policies/privacy-policy).
Die Sicherheit von Web-Applikationen ist kompliziert, aufwändig zu verwalten und kostspielig. Die meisten Entwicklungsteams haben nicht die Ressourcen, um Anwendungen adäquat gegen die Unzahl von Attacken zu schützen. Das wird zusätzlich dadurch erschwert, dass diese Schwachstellen in jeder eingesetzten Applikation adressiert werden müssen.
Die OWASP Top 10 ist eine Liste der zehn kritischsten Sicherheitsrisiken für Web-Applikationen. Eine fortschrittliche WAF (Web Application Firewall) kann Ihnen helfen, Ihre Web-Applikationen vor diesen Bedrohungen zu schützen. In diesem Webinar erfahren Sie:
• Welche primären Risiken für Ihre Applikationen die OWASP Top 10 umfassen
• Wie der Einsatz einer WAF zum Schutz Ihrer Applikationen Entwicklungsressourcen schonen kann
•Wie Sie zusätzliche Risiken wie etwa DDoS und Bot-Attacken adressieren können
•Wie eine WAF unerwünschten Traffic optimieren und filtern kann, um so Kosten in der Cloud zu reduzieren
Wenn Sie sich dieses Webinar ansehen, werden Ihre persönlichen Daten mit F5 geteilt und in Übereinstimmung mit den F5 Datenschutzrichlinien behandelt (https://f5.com/about-us/policies/privacy-policy).
La seguridad de las aplicaciones web es una tarea costosa en tiempo y dinero. La mayoría de desarrolladores no dispone de recursos que aseguren una protección suficiente de las apps frente a los innumerables ataques a cada vector. A ello se añade la necesidad de abordar repetidamente estas vulnerabilidades en cada app.
OWASP Top 10 es una lista de los 10 riesgos de seguridad más críticos para las aplicaciones web. Contar con un avanzado firewall de aplicaciones web (WAF) puede ayudarte a proteger tus apps frente a estas amenazas. En este seminario web abordaremos los siguientes temas:
• Riesgos de seguridad para las aplicaciones de la lista OWASP Top 10
• Cómo usando un WAF para proteger tus apps puede reducir los costes de desarrollo
• Cómo abordar otros riesgos como los ataques DDoS y de bots
• Cómo un WAF puede optimizar y filtrar el tráfico no deseado para ayudarte a reducir costes en la nube
Al asistir a este webinar, tus datos personales serán compartidos con F5 y tratados de acuerdo con la Política de Privacidad de F5 (https://f5.com/about-us/policies/privacy-policy).
La sécurité des applications Web est complexe, onéreuse et longue à gérer. La plupart des équipes de développement n’ont pas les moyens de protéger suffisamment les applications contre toutes les attaques actuelles. En outre, puisqu’il est nécessaire de résoudre ces vulnérabilités dans chaque application déployée, la situation devient toujours plus inquiétante.
Le Top 10 OWASP dresse une liste des dix risques de sécurité les plus critiques pour les applications Web. Un pare-feu sophistiqué pour les applications Web (WAF) peut aider vos applications à contrer ces menaces. Dans ce webinar, vous découvrirez :
• les principaux risques pour vos applications examinés dans le Top 10 OWASP ;
• comment utiliser un WAF pour protéger vos applications et soulager vos équipes de développement ;
• comment contrer d’autres risques, tels que les attaques DDoS et de bots ;
• comment un WAF peut optimiser et filtrer le trafic indésirable pour vous aider à réduire les coûts liés au cloud.
En suivant ce webinar, vos données personnelles seront partagées avec F5 et seront traitées en accord avec la politique de confidentialité de F5 (https://f5.com/about-us/policies/privacy-policy).
Many businesses today are harnessing the tools and promise of DevOps or Agile to drive innovation. Everything from new website capabilities to entirely new products are fair game in this revolution. However, the majority of security tools and processes are not inherently designed to be integrated in this new world, which is limiting the results new developments can bring.
In this webinar, Dr. Chenxi Wang, founder of cybersecurity consultancy the Jane Bond Project and Vice Chair of the Board of Directors of OWASP, and CYBRIC will discuss:
• How to effectively integrate security into your DevOps process
• How to integrate it at scale
• Real-world examples of business results using this approach
CYBRIC and Chenxi will also cover where to get started with "DevSecOps," what metrics to use and what security at scale can mean for businesses.
Dr. Chenxi Wang is founder of The Jane Bond Project, and a founding partner in 360Velocity, a strategic Cybersecurity consultancy. She is Vice Chair of the Board of Directors of OWASP, a strategic advisor for IT Security Planet and serves on the advisory board of various start-ups. Previously, Chenxi served as the Chief Strategy Officer at Twistlock, responsible for corporate strategy and thought leadership. Chenxi is the 2016 & 2017 program co-chair for Security & Privacy at the Grace Hopper Conference and named by SC Magazine as a 2016 Women of Influence. Prior to Twistlock, Chenxi built an illustrious career at Forrester Research, Intel Security and CipherCloud. At Forrester, Chenxi covered mobile, cloud, and enterprise security, and wrote many hard-hitting research papers. At Intel Security, she led the ubiquity strategy that spans both hardware and software platforms. Chenxi started her career as a faculty member of Computer Engineering at Carnegie Mellon University.
Web application security is complex, difficult, and costly – the problems are well known, but remain prevalent out in the real world. Most development teams do not have the resources to sufficiently protect against the myriad of attacks that are relevant to each vector, and the level of expertise required is difficult to come by even if your project has the time and budget for it. This is further compounded by the need to address these vulnerabilities over and over in every application that goes out the door making it a significant blocker in your path to production.
The good news is that advanced WAF technology is more accessible and affordable than ever before. F5 has teams of researchers and engineers dedicated to this task, and their industry-leading expertise is packaged and available today to defend apps of any size and variety. With the right tools, comprehensive WAF coverage can not only reduce your exposures and give you better control over your applications but also help optimize your resources and reduce overall operating costs. F5 is committed to supporting the OWASP Top 10 and providing defenses for everything it addresses, but that’s just the tip of the iceberg.
In this webinar you will learn:
- About the primary risks to your app, including those addressed by the Top 10.
- How to make the most of development resources by using WAF to do the heavy lifting for you.
- How F5’s unique and flexible deployment options will make WAF remediation for your app a snap.
- How you can go beyond the Top 10 and address additional risk, such as DDoS, bot defense, intellectual property theft, or fraud.
- How WAF can optimize and filter unwanted traffic to help you cut costs in the cloud.