Hi [[ session.user.profile.firstName ]]

Avoid the Breach with Effective Application Security Testing

Security is a top priority for e-commerce giant Shopify, with over 800,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Join Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne as they discuss best practices for testing and securing your cloud-based web applications. The session will also cover how you can scale application security for high-growth DevOps organizations and the tools and programs Shopify relies on to reduce security risk.

In this webinar, you’ll learn to:
- Develop and improve your application security strategy
- Discover and manage critical vulnerabilities effectively
- Scale security for high-growth organizations—with a DevOps methodology
- Identify systematic issues and root causes to reduce long-term risk
Recorded Feb 13 2019 41 mins
Your place is confirmed,
we'll send you email reminders
Watch for free
Presented by
Andrew Dunbar, VP of Security Engineering and IT at Shopify and Luke Tucker, Senior Director of Marketing at HackerOne
Presentation preview: Avoid the Breach with Effective Application Security Testing
Related topics:
  • Channel
  • Channel profile

Cloud Security Alliance: CloudBytes

  • Welcome Address & Opening Keynote - Making Cognitive Wellbeing a Reality Sep 8 2020 4:00 am UTC 45 mins
    Dr. Sak SEGKHOONTHOD, Chairman CSA Thailand Chapter | Dr. Giovanni RUSELLO, Professor, University of Auckland
    Opening Keynote - Making Cognitive Wellbeing a Reality
    Notifications on our devices and self-interruptions redirect our attention thousands of times every day. Multitasking is correlated with worse cognition and wellbeing (for example, the effects of multitasking have been quantified as losing 10 IQ points). This plays an important role on how alert and vital the digital workers are against social engineering attacks.
    In this presentation, we introduce the concept of Cognitive Wellbeing and ways in which it can be captured and managed in a privacy-preserving way.
    Save your seat
  • Hybrid Clouds - Challenges Sep 7 2020 6:00 am UTC 45 mins
    Narudom ROONGSIRIWONG, Head, IT Security, Kiatnakin Public Bank
    As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.

    This presentation will provide an overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.
    Save your seat
  • FedRAMP - How Did we get here and where are we now? Sep 7 2020 5:00 am UTC 45 mins
    Katie Lewin, Federal Director, CSA
    Brief overview of the history of the FedRAMP program including successfactors and lessons learned. Concentration on the improvements to the FedRAMP program that are designed to address to dominant criticism of the program - costs too much, takes too much time. Covers risk based evaluation profiles, agency liaison program and FedSTAR.
    Save your seat
  • Welcome Remarks & Opening Address Sep 7 2020 4:00 am UTC 45 mins
    Jim Reavis, CEO, CSA & Representative from Ministry of Digital Economy & Society
    Thailand Security Landscape
    Save your seat
  • Accelerate and Optimize Your Third Party Risk Management Program Sep 3 2020 5:00 pm UTC 60 mins
    Pete Kandybowicz, Director - Customer Success, SecurityScorecard
    Third-Party Risk Management has become a critical component of protecting and securing your organization. However, many companies still need to find a way to operate at scale in order to be efficient, gain insights, and improve cybersecurity resilience.

    In this webinar, we will walk through the necessary people, process, and technology to help you mitigate the cyber risks introduced by your vendors, partners, suppliers, or any third party.
    We will discuss:
    ● How to employ a risk-based assessment process
    ● Best practices when communicating with third parties
    ● How to utilize meaningful insights from tools
    ● And much more!
    Save your seat
  • Securing Containers with NIST SP 800-190 Sep 1 2020 5:00 pm UTC 35 mins
    John Morello, VP | Aqsa Taylor, Product Manager | Paul Fox - Sr Product Manager R&D | Keith Mokris (moderator) - Prisma Cloud
    NIST SP 800-190: The Container Security Guide is a special publication from The National Institute of Standards and Technology that outlines a set of guidelines for securing container applications and infrastructure.

    This panel webinar, hosted by NIST SP 800-190 co-author, John Morello (Product VP, Prisma Cloud), Aqsa Taylor, Paul Fox and Keith Mokris will unpack:

    - Why NIST SP 800-190 was created, the open process used to develop it and how all organizations can benefit from it
    - Several of the specific container risks identified in the paper
    - Top recommended countermeasures for each risk
    - Implementation guidance and best practices

    In addition, the session will highlight how organizations can leverage functionality provided by container-focused orchestration and security platforms to automate compliance across the development lifecycle - reducing overall attack surface and delivering comprehensive threat protection.
    Save your seat
  • Zero Trust Access: From industry buzzword to a corporate reality Aug 27 2020 4:00 pm UTC 60 mins
    Ashur Kanoon, Sr. Director, Portfolio Solutions at Pulse Secure
    Operationalizing industry buzzwords isn’t always possible. Sometimes these buzzwords are aspirational but the technology behind isn’t understood. In the case of Zero Trust, working with the right vendor means quickly deploying applications securely to enhance productivity and reduce your organizations attack surface. Join us to learn more about Zero Trust Access solutions and the key business and technical considerations when trying to find what’s best for your organization.
    Save your seat
  • Introducing Stringlifier – an Open Source String Detector Aug 25 2020 5:00 pm UTC 60 mins
    Andrei Cotaie, Sr. Security Engineer|Tiberiu Boros, Data Scientist & ML Engineer|Kumar Vikramjeet, Security Engineer at Adobe
    “1e32jnd9312”, “32189321-DEF3123-9898312”, “ADEFi382819312.” Do these strings seem familiar? They could be hashes, randomly generated passwords, API keys, or other useful information. They can be found in logs, command lines, configuration files, and source code. Whether you are analyzing logs or hunting for accidentally exposed credentials, they are not exactly easy to find because building a search pattern for something so random is a particularly hard task. To help solve this problem, we developed Stringlifier - an open-source application that allows you to detect these types of strings in any plain text. It leverages machine learning to distinguish between normal and random character sequences and can also be adapted for more fine-grained classifications.

    Join Andrei Cotaie, Sr. Security Engineer, Tiberiu Boros, Data Scientist & Machine Learning Engineer, and Kumar Vikramjeet, Security Engineer, as they introduce you to Stringlifier and how it can help you automate some common cloud security tasks. You will see examples of how to use it and also get information on how you can download and use it in your own environment.
    Save your seat
  • Cloud Security in a Distributed World Aug 20 2020 4:00 pm UTC 61 mins
    Ashley Ward, CTO - Prisma Cloud, Palo Alto Networks
    COVID-19 is driving the demand for cloud based remote access tools. However, while the majority of IT and Security leaders are now focused on remote access, an equally challenging issue looms: the resurgence of cloud transformation projects. Attackers are taking advantage of the current situation and security professionals must adapt and arm themselves. Join Ashley Ward, CTO - Prisma Cloud at Palo Alto Networks from the trenches to learn about 3 SOC focused initiatives you can work on today to strengthen cloud security during the COVID-19 crisis and beyond.
    - Optimize your SOC for cloud-based developer environments
    - Use your SOC to make data-driven risk management decisions
    - Tailor how your SOC delivers security services to specific business needs
    Save your seat
  • Security Automation Simplified with Open Security Controls Assessment Language Aug 19 2020 5:00 pm UTC 75 mins
    Dr. Michaela Iorga Senior Security Technical Lead for Cloud Computing National Institute of Standards and Technology (NIST)
    Security Automation Simplified with Open Security Controls Assessment Language
    Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of containers and service mesh technologies employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.
    Save your seat
  • Storm Clouds Ahead: Assessing AWS Environments Aug 18 2020 5:00 pm UTC 60 mins
    Jon Ehret of RiskRecon | Trevor Hawthorn of Stratum Security | Jared Perry of Stratum Security
    Achieving good third-party risk outcomes requires that your vendors operate secure cloud environments. Many security teams have assumed that if a third-party is using Amazon Web Services that they are operating securely, when in fact, the sheer breadth of an AWS deployment leaves plenty of room for error.  

    During our webinar, experts from Stratum Security and RiskRecon will take you through the expanse of a proper AWS deployment, diving into real-world examples of what can go right - and wrong - when securing AWS operations. We will discuss the core security criteria that every practitioner should be familiar with to properly assess the operations of any third-party AWS environment and will provide you will the knowledge you need to begin securing your cloud environments today. 

    Join this session to learn about:
    - Real-world use cases where AWS environments were exploited due to missteps in configuration
    - Core security criteria necessary for assessing the security of an AWS environment
    - A new playbook and questionnaire that will provide you with a step-by-step guide to secure AWS operations
    Save your seat
  • Is that Anomaly an Enemy? Understanding the Importance of Security Analytics Recorded: Aug 13 2020 46 mins
    Ted Kietzman, Product Manager, Duo Security
    With the rise in identity-based attacks due to the very distributed and remote workforce of 2020, how can your organization identify whether or not it’s the actual user who is attempting the authentication, or an attacker?

    Security analytics can provide crucial data to help identify potential issues that require investigation. In a large or distributed environment, however, these logs of novel IPs and devices, unusual logins, and access attempts by high-risk users can quickly become too much of a good thing. Swimming through this ocean of data is like looking for treasure on the Great Pacific garbage patch. But what if you had a historical profile of user and device behavior that would allow you to surface unusual activities and create a baseline for action?

    This idea isn’t new -- adaptive authentication and user behavioral analytics have become more popular, because understanding the story behind an anomaly can help inform and prioritize your response. Identifying anomalous logins that could indicate account takeover attempts before they’re breached based on unusual activity around the user, cohort, and the organization’s behavioral norms allows you to respond, adjust your policies, and protect users in real-time.

    Join Duo’s Ted Kietzman on August 13 at 1:00 p.m. ET for a dive into how collecting security analytics data is an important first step that will shape your ability to effectively handle potential attacks.
    Watch now
  • CSA's Executive Series - Advancing Cloud SIEM: A Hunter's Experience Recorded: Aug 12 2020 40 mins
    Gunter Ollman, CSO - Cloud and AI Security, Microsoft
    Join Gunter Ollman, CSO - Cloud and AI Security, Microsoft in this webinar, where he will discuss how cloud SIEM is advancing, how this is changing the role of the threat hunter and SecOps teams, & what is to come.
    Watch now
  • Dark Web Demystified Recorded: Aug 6 2020 57 mins
    Charity Wright, Cyber Threat Intelligence Advisor, IntSights
    Come to the dark side! Charity Wright, a former NSA analyst and current Cyber Threat Intelligence Advisor at IntSights will take you on a tour of the dark web and explain how you can collect and analyze pertinent intelligence from the dark web to neutralize threats outside the wire at the earliest stages of the cyber kill chain. This session will take you on a guided tour of some of the hottest markets and forums for cyber threat intelligence collection in the dark web. See the most popular use cases for intelligence to protect your companies: credential leakage, attack indication, bank cards for sale, PII and PHI for sale, and much more!
    Watch now
  • Tackling Security in the World of Containers and Hybrid Cloud Recorded: Aug 4 2020 42 mins
    Lucy Kerner, Global Senior Principal Security Technical Evangelist, Red Hat
    Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity?

    Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored across the entire application lifecycle, infrastructure lifecycle, and supply chain.

    In this keynote, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud.
    Watch now
  • Transitioning, Enhancing, and Innovating in the Cloud Recorded: Jul 29 2020 28 mins
    John Yeoh, Global VP of Research, CSA
    Wherever you are in your cloud journey, CSA research is available to help organizations transition to the cloud, enhance security in the cloud, and innovate from the cloud through their consensus-driven research and initiatives. In this session, John Yeoh connects the latest industry research for guidance and insight that is applicable to organizations across multiple cloud security positions from the private and the public sectors. Learn how to utilize resources that leverage cloud security controls frameworks, top threats reports, and more
    Watch now
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Recorded: Jul 29 2020 30 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
    Watch now
  • Visibility & Security Challenges Across Multicloud, Hybrid, & Remote Deployments Recorded: Jul 23 2020 53 mins
    Fernando Montenegro, Principal Analyst, 451 Research & Dan Frey, Sr. Cloud Security Manager, ExtraHop
    Migration to the cloud continues, now with even greater urgency as organizations around the world transition to remote workforces and shift operations off-premises. But cloud environments can expand the attack surface and erase visibility into critical infrastructure and applications, introducing complexity—especially in the case of multi-cloud and hybrid cloud.

    So where are organizations migrating workloads to, and how are they doing it? Are they lifting and shifting legacy applications to IaaS and PaaS, repackaging them using containers, or refactoring for serverless? And what’s happening after migration? Do IT and security operations think they have sufficient monitoring and security for applications running in the cloud, and if not, what are they doing to regain control? And what about hybrid organizations? Do new cloud deployments expose their on-premises infrastructure to new threats, and are their legacy security tools able to detect and respond to novel and fast moving attacks?

    Join us for this webinar to learn how cloud deployments are affecting security and operations teams, and how they are responding to the myriad challenges associated with enabling and securing growing businesses and remote workforces.
    Watch now
  • The Resurgence of Cloud Recorded: Jul 22 2020 22 mins
    David Cass, Vice President Cyber & IT Risk, Federal Reserve Bank of New York
    TBDCloud has seen the typical technology pendulum swing experienced by most innovative technologies.
    Organizations started with the all in cloud first model only to have to later step back and take a more
    moderate approach. Yet cloud continues to thrive. I will discuss:
     Why do organizations struggle with cloud?
     The importance of strategy
     The impact on security, risk and compliance programs
     The impact on business process and operations
    Watch now
  • CSA STAR Town Hall – Everything you’ve wanted to know Recorded: Jul 22 2020 59 mins
    John Yeoh of CSA, JR of CSA, John DiMaria of CSA, and Brianna Hogan of Booz Allen Hamilton
    CSA STAR is being recognized as the international harmonized solution, leading the way of trust for cloud providers, users, and their stakeholders, by providing an integrated cost-effective solution that decreases complexity and increases trust and transparency.

    The STAR Registry holds close to 1000 top Cloud Service Providers that apply to STAR Level 1 and or 2 Self-assessment or certification. Close to 20,000 people each month visit the STAR Registry to view vendor analysis.

    Join CSA’s John Yeoh, Global Vice President of Research; Luciano (J.R.) Santos, Chief Customer Officer; and John DiMaria, Assurance Investigatory Fellow; as they team up with one of the top cloud security consultants from Booz Allen Hamilton to answer your questions in this special CSA Town Hall.
    Watch now
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa
  • Upcoming webinars (31)
  • Recorded webinars (309)
  • Subscribers (31,730)
Channel RSS feed

Register for Free

 

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Avoid the Breach with Effective Application Security Testing
  • Live at: Feb 13 2019 6:00 pm
  • Presented by: Andrew Dunbar, VP of Security Engineering and IT at Shopify and Luke Tucker, Senior Director of Marketing at HackerOne
  • From:
Your email has been sent.
or close