Hi [[ session.user.profile.firstName ]]
Sort by:
    • Setting up a Secure Development Life Cycle with OWASP
      Setting up a Secure Development Life Cycle with OWASP Sebastien Deleersnyder, OWASP board member Recorded: Nov 14 2012 9:00 am UTC 37 mins
    • Synopsis:
      Using the OWASP Software Assurance Maturity Model (OpenSAMM) as a framework, this talk covers the major application security controls of a secure development lifecycle program as provided by OWASP. Featured OWASP open source material include: OWASP guidelines and tools such as ESAPI, ZAProxy, as well as educational resources.

      About the speaker:
      Sebastien started the Belgian OWASP Chapter Leader and is a member of the OWASP Foundation Board. He performed several public presentations on Web Application and Web Services Security and co-organizes the yearly security & hacker BruCON conference and trainings in Belgium.

      For the past 10 years has built up extensive experience in Information Security and specialises in Web Application Security. He has performed several successful secure development lifecycle projects in the financial and utility sector, started up software security groups, supported customers in selecting and implementing Web Application Firewalls (WAF), delivered web application security training and closed numerous audit findings regarding application security.

      Read more >
    • Don't Get Stung by the OWASP Top 10 - Getting the Most from Advanced WAF
      Don't Get Stung by the OWASP Top 10 - Getting the Most from Advanced WAF Nathan McKay, Security Solutions Manager, F5 Networks; Danny Luedke, Product Marketing Manager, F5 Networks Recorded: Nov 16 2017 9:00 pm UTC 65 mins
    • Web application security is complex, difficult, and costly – the problems are well known, but remain prevalent out in the real world. Most development teams do not have the resources to sufficiently protect against the myriad of attacks that are relevant to each vector, and the level of expertise required is difficult to come by even if your project has the time and budget for it. This is further compounded by the need to address these vulnerabilities over and over in every application that goes out the door making it a significant blocker in your path to production.

      The good news is that advanced WAF technology is more accessible and affordable than ever before. F5 has teams of researchers and engineers dedicated to this task, and their industry-leading expertise is packaged and available today to defend apps of any size and variety. With the right tools, comprehensive WAF coverage can not only reduce your exposures and give you better control over your applications but also help optimize your resources and reduce overall operating costs. F5 is committed to supporting the OWASP Top 10 and providing defenses for everything it addresses, but that’s just the tip of the iceberg.

      In this webinar you will learn:
      - About the primary risks to your app, including those addressed by the Top 10.
      - How to make the most of development resources by using WAF to do the heavy lifting for you.
      - How F5’s unique and flexible deployment options will make WAF remediation for your app a snap.
      - How you can go beyond the Top 10 and address additional risk, such as DDoS, bot defense, intellectual property theft, or fraud.
      - How WAF can optimize and filter unwanted traffic to help you cut costs in the cloud.

      Read more >
    • OWASP Top 10 Security Risks: Are your AWS web applications secure?
      OWASP Top 10 Security Risks: Are your AWS web applications secure? James Brown - Director of Public Cloud EMEA Recorded: Dec 11 2014 3:00 pm UTC 48 mins
    • Whether you are evaluating AWS, or are already hosting your DevTest, disaster recovery or production workloads on AWS, security and compliance are high on your list of priorities.

      Application security for apps in the public cloud is the responsibility of you, the customer, and it is critical that you are able to protect your workloads from hackers looking to exploit security gaps to undermine your business.

      Register for this live webinar, hosted by James Brown, Director of Public Cloud for Alert Logic, to:
      • Receive an overview of the OWASP top 10 most critical web application security risks, such as SQL injections, cross-site scripting and un-validated re-directs
      • Discover best practices for protecting your environment from the OWASP Top 10 risks
      • Hear how other customers are securing their production workloads on AWS:
      o Core security technologies include intrusion detection, vulnerability scanning, log management and web application firewalls, combined with rich security content & analytics, and a 24x7 Security Operations Center
      • Learn how to secure your cloud workloads in less than 4 weeks, for as little as £750 per month*

      This session also includes a live Q&A, so this is a must-attend event for current or future customers of AWS. Alert Logic is an approved partner of the AWS Technology Partner Program.

      *entry level solution

      Read more >
    • ITSPmagazine chats with Tom Brennan, Board of Directors at OWASP
      ITSPmagazine chats with Tom Brennan, Board of Directors at OWASP Tom Brennan, Director at Intel Security and Board of Dir Recorded: Feb 11 2017 4:45 pm UTC 4 mins
    • ITSPmagazine meets up with Tom Brennan, Director at Intel Security and Board of Directors at OWASP, to discuss diversity, education, and the Internet of Things. Here are a few highlights from the conversation:

      - Diversity is important in the organization relevant to having different perspectives. OWASP is a community of doers - if you're able to participate in the discussion from a tech perspective you're welcome, regardless of race, age gender etc.

      - If you truly believe in the mission that software security is important then this is one of those communities really focuses on that aspect.

      - There are 55,000 OWASP members that all have one thing in common: they understand tech and they understand the risk that impacts safety.

      Read more >
    • Everything We Know and Do to Secure Web Applications is Wrong
      Everything We Know and Do to Secure Web Applications is Wrong Eoin Keary, OWASP Global Board. CTO BCC Risk Advisory Ltd Recorded: Apr 17 2013 10:00 am UTC 45 mins
    • Synopsis:
      The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing.
      We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? How can we expect developers to listen to security consultants when the consultant has never written a line of code? Why are we still happy with “Testing security out” rather than the more superior “building security in”?
      This talk is sure to challenge the status quo of web security today.

      About the speaker:
      Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org). During his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, y and the OWASP Cheat Sheet Series.

      Eoin Keary is the CTO and founder of BCC Risk Advisory Ltd. (www.bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training.

      Eoin has led global security engagements for some of the world’s largest financial services and consumer products companies. He is a well-known technical leader in industry in the area of software security and penetration testing.

      Read more >
    • The Impact of Cloud on the Future of Web Application Security
      The Impact of Cloud on the Future of Web Application Security Ron Condon; TechTarget; Dennis Groves, Founder, OWASP; Sukanta Chakravorty, Cloud Researcher, RHUL; Justin Clarke, OWASP Recorded: Sep 9 2010 2:00 pm UTC 48 mins
    • As a live attendee, you will take part in 4 compelling votes, giving you the ability to shape the direction of this expert discussion. Does the cloud change web application security? Does the CSA, Jericho, ENISA provide sufficient guidelines? Does the cloud make compliance more difficult? View live to take part and hear the results of the audeince vote.

      Ron Condon
      Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine

      Dennis Groves is the co-founder of OWASP and a member of WASC. His contributions to OWASP include the "OWASP Guide" downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web applications.

      Justin Clarke is an information security consultant years of experience in assessing the security of networks, web applications, and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand.

      Sukanta Chakravorty is currently a Cloud Researcher at ISG & RHUL and has previously held senior executive roles in Incident Response Management and IT at Wipro.

      Read more >
    • Top 10 Risks in Application Security
      Top 10 Risks in Application Security Sebastien Gioria, French Chapter Leader, OWASP Recorded: Jun 22 2010 12:00 pm UTC 34 mins
    • The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2010 version are underway and they will be posted as they become available.
      We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

      Read more >
    • Emergent Standards in Secure Software Development
      Emergent Standards in Secure Software Development Justin Clarke, UK Chapter Leader, OWASP Recorded: Jun 3 2010 8:00 am UTC 37 mins
    • One of the core difficulties in ensuring your organisation’s software development process (whether in-house or outsourced) builds in an appropriate level of security is a lack of research, standards and accepted practice in this area. A multitude of approaches have been put forward by visionaries in this area, however these lack the body of empirical study needed to weed out the approaches that don't work in real practice.

      All is not lost though - this session discusses the emergence of two new standards in this area – OpenSAMM (Software Assurance Maturity Model), and BSI-MM (Building Security In Maturity Model), how these can be used as a framework for evaluating the current state of an organisation’s development process, planning a future state, and as sources of leading practice in this area. Examples will be drawn from work Justin has performed in this area at several large UK financial services organisations, and the lessons learnt in applying these approaches.

      Justin Clarke is an information security consultant years of experience in assessing the security of networks, web applications, and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand.

      Justin is the the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP as well as a member of the OWASP Global Connections Committee.

      Read more >
    • Exploits and Defenses for a Web 2.0 World
      Exploits and Defenses for a Web 2.0 World David W. Campbell; Leader; OWASP Recorded: Aug 13 2009 7:00 pm UTC 32 mins
    • The World Wide Web is a dangerous place. As companies and government agencies have become more competent at traditional vulnerability management, politically and financially motivated attackers have refocused their efforts on softer targets such as web applications and end-user web browsers. These attacks are surprisingly simple, yet have potentially devastating impact.

      This presentation will focus on an emerging class of attacks which target end users rather than web applications directly. We will present clear, concise explanations of cross site scripting and man in the middle attacks, and show how they can be used to perform client-side exploitation. We will then discuss practical, vendor-neutral defenses against these attacks.

      CISO's and Infosec managers interested in evolving their security programs to meet the challenge posed by these new threats will find this session engaging and informative.

      OWASP is a non-profit organization dedicated to improving software security. As such, this presentation will be completely free of vendor bias. For more information please visit http://www.owasp.org

      Speaker: David W. Campbell
      David is a veteran security consultant who has been involved in OWASP since 2004 and has been leading the Denver chapter since 2007.

      Read more >