Hi [[ session.user.profile.firstName ]]

Insufficient Authorization: The Basics

Join us as Austin Brinkman of WhiteHat Security's Threat Research Center (TRC) provides an overview of a common and highly exploitable vulnerability that has found its way into the WASC Threat Classification list and OWASP Top 10.

In the webinar, it will cover:
- Vertical vs. horizontal privileges
- How to exploit through cookies and parameters
- Consequences
- Prevention methods
Recorded Jan 21 2016 36 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Austin Brinkman, Application Security Researcher, WhiteHat Security
Presentation preview: Insufficient Authorization: The Basics

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Web Application Authorization and Authentication Explained Nov 15 2017 7:00 pm UTC 60 mins
    Mike King, Technical Escalations Engineer, WhiteHat Security
    Join us to understand what happens when someone logs into a web application. Mike King, Technical Escalations Engineer for WhiteHat Security, will guide you through common access scenarios and vulnerabilities.

    By the end of this educational webinar, you’ll understand:
    -How web applications authenticate and authorize users
    -What can go wrong in the process
    -How to determine if you have a problem on your hands
  • Secure Coding Practices: Avoiding SQL Injection Attacks Recorded: Jul 25 2017 57 mins
    Zach Jones, Sr. Manager - TRC Static Code Analysis, WhiteHat Security
    SQL injection attacks enable attackers to tamper with, delete or steal sensitive data from corporate databases. In this webinar, Zach Jones, senior manager for static code analysis from WhiteHat Security’s Threat Research Center, will discuss SQL injection attacks and how to best defend against them.

    In this webinar, we will:
    - Provide examples of vulnerable code
    - Discuss data boundary concepts between input and target interpreters
    - Explain the differences and advantages of using parameterized queries versus custom stored procedures
    - Discuss the pitfalls of using selective parameterization or trying to sanitize inputs by escaping or encoding them manually

    WhiteHat Security has extensive experience working with customers to identify and fix the latest web application vulnerabilities. Join us to gain a deeper understanding of common web application vulnerabilities, get expert technical advice on defensive tactics, and learn best practices to safeguard your apps from being exploited.
  • To IoT Security and Beyond! Recorded: Jun 21 2017 48 mins
    Setu Kulkarni, VP Product Management, WhiteHat Security
    The Internet of Things (IoT) is a strategic direction for 56% of the enterprises in the next two to three years*. For most people, the term IoT conjures up a wealth of opportunities and a vision of a hyper-connected world, but with great innovation comes a greater risk.

    - How do you keep ahead of the cyber threats surrounding these connected devices?
    - What are some of the biggest security challenges and how to address them?
    - How do you ensure the security of the sensitive data generated by your IoT devices?

    Join us in this webinar to learn about how you can combine IoT innovation with security strategies to protect the core and surrounding systems of IoT devices, including the web and mobile applications, servers, databases, and their integrations with other systems.
    * IDC Global 2016 Survey

    Presenter Bio
    As the Vice President of Product Management, Setu is responsible for product vision, strategy, and direction at WhiteHat Security. Setu joins the WhiteHat leadership team after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio.
  • Thwarting Cybercrime in the Financial Services Sector Recorded: May 16 2017 45 mins
    Ryan O'Leary, VP of Threat Reseach Center & Technical Support, WhiteHat Security
    Financial services industry has always had to deal with security risks and expensive data breaches because of regulatory fines and higher than average rate of lost business and customers. But with today’s continuously evolving cyber threat landscape, keeping up with regulatory compliance alone is not enough. Per the 2016 Verizon Data Breach Investigations Report, web application attacks are the Achilles heel for security, responsible for 82% of data breaches in the financial services sector. Join this session to learn more about cybercrime trends in financial services, and how a continuous application security assessment program can help financial service organizations improve their security posture and mitigate risk.
    In this webinar, we will discuss:
    • Current threat landscape for financial services organizations
    • Vulnerability statistics for financial services sector
    • How continuous application security testing can help your security and risk posture

    About the Presenter:
    Ryan O’Leary is Vice President of the Threat Research Center and Technical Support at WhiteHat Security, the specialized team of web application security experts. Ryan joined WhiteHat Security as an ethical hacker in 2007 and has since developed a breadth of experience finding and exploiting web application vulnerabilities and configuring automated tools for testing. Ryan swiftly rose through the ranks to become the Vice President of WhiteHat Security’s Threat Research Center in 2016. Reporting directly to CEO Craig Hinkley, Ryan now manages a team of over 150 security engineers. Under Ryan’s leadership, the team has built a one-of-a-kind database that combines details of more than 26 million vulnerability patterns with proprietary algorithms to assess the threat level.
  • Secure Your Leaky Mobile Apps: Discovery & Remediation Recorded: Apr 25 2017 55 mins
    Andrew Hoog, CEO of NowSecure & Setu Kulkarni, VP Product Management at WhiteHat Security
    Mobile devices are everywhere throughout the workplace, and outside the workplace, but mobile phone security as a discipline has been focused on parts of the solution such as WiFi connections, anti-virus and spyware. Mobile security apps are everywhere - but what are they securing? What is the actual security impact to your organization of insecure mobile app usage? For meaningful risk management, you need to understand both the qualitative and quantitative values of mobile security risk.

    Join WhiteHat Security and our technology partner NowSecure for a discussion on leaky apps, and how they can expose private and sensitive data - but more, what kind of data can be exposed.

    We’ll review how insecure mobile applications can create incidents, and how they impact the enterprise or organization. Finally, we will introduce you to the different ways WhiteHat can help you build mobile security into your larger DevSecOps and vulnerability management programs.

    About the Presenters:
    Andrew is the Co-founder and CEO of NowSecure. As a former CIO, Andrew has unique insight into solving enterprise mobile security problems and is driven by NowSecure’s mission to advance mobile security worldwide. He is responsible for the vision, strategy and growth of the company.

    Setu Kulkarni is the VP of Product Management at WhiteHat Security. Setu is responsible for product vision, strategy, and direction at WhiteHat Security. Setu joins the WhiteHat leadership team after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio.
  • Applying Attacker Profile Knowledge to Vulnerability Management Recorded: Mar 14 2017 49 mins
    Ryan O'Leary, VP Threat Research Center & Technical Support, WhiteHat Security
    With cyber attacks on the rise, how can we apply our knowledge about attackers into better protecting our organizations? There are some key personas when it comes to who is attacking web sites. Everyone from teenagers to national agencies are hacking organizations via their websites now – 40% of the time. Each attacker has their own motivation and unique skills that they use to pull off quite different attacks. The type of persona most likely to attack your organization gives insight into the methods and suggested remedies.

    Join this session to learn:
    - How to identify your cyber attacker
    - How the identity of the attacker can guide crafting a security policy geared towards that threat
    - Best practices & use cases

    About the Presenter:
    Ryan O’Leary is VP of the Threat Research Center and Technical Support at WhiteHat Security, the specialized team of web application security experts. Ryan joined WhiteHat Security as an ethical hacker in 2007. Reporting directly to CEO Craig Hinkley, Ryan now manages a team of over 150 security engineers, based in three locations over two continents. He is also responsible for overseeing the delivery of WhiteHat Sentinel, which services over 10,000 customer websites. Under Ryan’s leadership, the team has built a one-of-a-kind database that combines details of more than 26 million vulnerability patterns with proprietary algorithms to assess the threat level.
  • Scaling Security at DevOps Speed Recorded: Feb 21 2017 43 mins
    Mike Goldgof, VP of Marketing at WhiteHat Security
    Seamlessly integrating AppSec testing into CI processes earlier in the SDLC has become the holy grail of DevOps and security teams. Achieving this means apps are not only more secure and can be deployed more quickly, but companies are also able to reap substantial cost and resource savings.

    Join Mike Goldgof, WhiteHat Security’s VP of Marketing, to learn about best practices and what’s needed to fit security testing into highly-automated Agile DevOps processes, that are transforming the development world and speed of delivery dictated by businesses today.
  • Internet and the Insecurity of Things | RSAC Live Panel Recorded: Feb 14 2017 37 mins
    Chenxi Wang(Twistlock) Ryan O'Leary(WhiteHat) Josh Corman(AtlanticCouncil) Rich Mason(Critical Infra) Billy Rios(Whitescope)
    The Internet of Things (IoT) is rapidly changing the way we look at everything. The advantages we gain with smart devices are driving us to new levels of convenience in healthcare, manufacturing and automation, but IoT also presents many security challenges. So how do we efficiently manage thousands of devices? How do we effectively deal with mutual authentication? How do we know what is trustworthy and what is not? And most of all, how do we do this at a massive scale? This panel will explore the IoT challenges that we face and the solutions that we can implement today for a more secure future.

    The audience will learn:
    - How and why IoT is different than our classic, traditional IT environments
    - The current state of security and privacy in IoT and how it will impact individuals, homes, buildings, cities, states, and nations
    - What the future holds for security and privacy in our ever-evolving IoT world
    - The need for standards
    - Medical devices
    - Home automation
    - Connected cars
    - Smart cities

    Chenxi Wang

    Ryan O'Leary, VP Threat Research Center at White Hat Security
    Josh Corman, Director, Cyber Statecraft Initiative at Atlantic Council
    Rich Mason, President & Chief Security Officer, Critical Infrastructure
    Billy Rios, Founder of WhiteScope LLC
  • Getting the Sec into DevSecOps Recorded: Jan 24 2017 45 mins
    Scott Crawford and Anna Chiang
    Getting app development, DevOps and security teams all on the same page when it comes to implementing AppSec testing in development workflows is often a difficult task. Developers need to do frequent code releases to meet continuous integration (CI) process requirements. Adding security testing into this process is often met with resistance and poor adoption, unless it’s done correctly with the right security training, developer and CI tools integrations, and corporate security buy in by all involved.

    Join us as 451’s Scott Crawford and WhiteHat Security’s Anna Chiang discuss what’s needed to truly integrate security into a DevOps environment.
  • The Latest in Compliance: PCI DSS 3.2 Decoded Recorded: Dec 13 2016 48 mins
    Asma Zubair, WhiteHat Security; Ruchika Mishra, WhiteHat Security
    If your organization deals with credit card information, you must take steps to protect the information. Organizations that suffer a breach and have not taken steps to ensure compliance can be penalized, and in some cases may even be prohibited from working with specific payment brands. PCI DSS regulations offer best practices and methodologies for compliance. This webinar lays it all out for you and makes it easy to understand what you need to do.
  • Reducing Risks by Mitigating Vulnerabilities Recorded: Nov 16 2016 50 mins
    Craig Hinkley, WhiteHat Security; Preston Hogue, F5 Networks
    Build an Active Application Defense System
    Web applications accounted for an astounding 40% of last year’s security breaches. The challenges of securing legacy systems, third-party apps, and the extensive shadow IT landscape can be challenging, to put it mildly.

    But here’s the good news: The combined F5 and WhiteHat Security approach to web application security represents a powerful new way for organizations to defend against application-level attacks.

    Companies are constantly developing new applications, and it’s expensive to stop and patch as soon as a new vulnerability is found. Additionally, it may not be practical to remediate every finding due to issues with legacy code, third-party integrations, or other inherited limitations.

    But the integration of F5 Networks and WhiteHat Security technology helps you more quickly identify and remediate vulnerabilities in your web applications. By automating updates to the web application firewall, you can ease the burden of management and reduce costs, while ensuring that your security posture remains strong.
  • Software Security Resurgent: Preventing the Unthinkable Recorded: Oct 11 2016 55 mins
    Scott Crawford, 451 Research; Demetrios (Laz) Lazarikos vArmour; Mike Goldgof, WhiteHat Security
    Think you understand software security? Think again. If you thought the growth of mobile was explosive, wait until you wade into the brave new world of IoT endpoints, where the security of the software running everything from industries, utilities and transportation to your own home will be the front line of defense.

    Join us as 451’s Scott Crawford, vArmour's CISO Demetrios (Laz) Lazarikos, and WhiteHat Security’s Mike Goldgof discuss the new dynamics shaping software security, and the advantages of integrating security throughout the Software Development Life Cycle (SDLC). You’ll learn:

    · How software security takes on today’s threat landscape

    · What the evolution of DevOps and Continuous Integration mean for security

    · Software security’s pivotal role in securing the emerging universe of IoT

    · The benefits of security throughout the SDLC (in both dollars and productivity) from secure source to operations, and what to look for in shaping an enterprise strategy
  • Defeating Cybercrime: Continuous Application Security for Financial Services Recorded: Sep 15 2016 55 mins
    Bill Fearnley, Research Director, IDC Research Inc., Mike Goldgof, Vice President, Product Marketing, WhiteHat Security
    In this session, we discuss cybercrime trends in financial services, and how a continuous application security assessment program can help financial service organizations improve their security posture and mitigate risk.
  • Thwarting Cybercrime in Healthcare with Continuous AppSec Testing Recorded: Aug 17 2016 55 mins
    Lynne Dunbrack, IDC Health Insights; Michael Goldgof, WhiteHat Security
    Healthcare organizations are increasingly vulnerable to devastating cybercrime attacks on a daily basis. Web applications in healthcare are particularly exposed to such attacks. This webcast will explore how continuous application security assessment-as-a-service which combines machine and human intelligence can help healthcare organizations improve their security and risk posture.

    Please join us as IDC’s Lynne Dunbrack and WhiteHat Security’s Mike Goldgof discuss the role of application security in healthcare. You will learn:

    - Today’s cyberthreat landscape in the healthcare industry
    - Relevant security regulations for healthcare: HIPAA, Breach Notification IFR, HITECH Act, and more
    - Vulnerability statistics for healthcare organizations
    - How continuous application security testing can help your security and risk posture
  • WhiteHat Security's 2016 Web Applications Security Stats Report Explained Recorded: Jul 19 2016 50 mins
    Ryan O'Leary, VP Threat Research Center & Technical Support, and Tamir Hardof, CMO, WhiteHat Security
    In this insightful and data-rich one-hour webinar Ryan O'Leary, Vice President of WhiteHat Security's Threat Research Center and Technical Support, and Tamir Hardof, Chief Marketing Officer, will present findings from our 2016 Web Applications Security Statistics Report.

    The Report, compiled using data collected from tens of thousands of websites, reveals that on average the majority of web applications exhibit two or more serious vulnerabilities per application for every industry at any given point in time. We will provide unique perspectives on the state of website security. Data by industry will be presented and accompanied by expert analysis and recommendations.

    Why Attend

    - Learn which industries declined, improved, or greatly improved their remediation rates
    - Learn how many vulnerabilities are typically remediated and the average time to resolve
    - Learn why knowing your risk rating can help you prioritize which vulns to fix first
    - Discover the 3 most common web application vulnerabilities
  • Top 10 Web Hacking Techniques of 2015 Recorded: Jun 15 2016 41 mins
    Johnathan Kuskos
    The Top 10 Web Hacks Webinar, now in its tenth year, represents exhaustive research conducted by a panel of experienced security industry professionals. Johnathan Kuskos, TRC Manager for WhiteHat Security will discuss the latest and most insidious web-based attacks of the year.

    In this webinar, you will learn:
    - The top web hacks, ranked by your peers and a panel of industry experts
    - How to protect your organization against these attacks
    - Industry wide research on new advanced attack techniques
  • 15 Years of Web Security: The Rebellious Teenage Years Recorded: May 18 2016 52 mins
    Ryan O'Leary, VP Threat Research Center, WhiteHat Security
    Fifteen years ago, WhiteHat Security was founded to help secure the web by enabling organizations to find and fix application vulnerabilities before the bad guys could exploit them. With the knowledge and perspective that comes from being an application security leader, Ryan O'Leary, VP of WhiteHat's Threat Research Center, will provide perspectives on:

    - How the types of threat actors have changed and what they now target
    - The intersection of security guarantees and cyber-insurance
    - Easing the burden of vulnerability remediation
    - Measuring the impact of SDLC security controls
    - Addressing the application security skill shortage
  • Hack the Attack: Web App Defense Crash Course Recorded: Apr 14 2016 58 mins
    Kimberly Chung
    Participate in this comprehensive; one-hour Crash Course webinar to get an in-depth understanding of the most common vulnerabilities targeted by hackers and critical defense tactics necessary to safeguard your apps from being exploited.

    Topics Covered

    - Preparing for an attack: Information Leakage / Fingerprinting, Insufficient Transport Layer Protection

    - Abusing a user’s trust for a site: Cross Site Scripting, Content Spoofing

    - Abusing an applications trust for its users and its own browsers: Cross Site Request Forgery

    WhiteHat Security is the pioneer in application and web site security, and a security expert from our Threat Research Center (TRC) will lead this course.
  • Vulnerability Discovery: Booking Zero Dollar Travel Via a Site Recorded: Mar 24 2016 19 mins
    Andrew Tieu, Application Security Engineer
    This presentation will demonstrate the value of manual business logic assessments and provide an example of an abuse of functionality vulnerability identified on a travel booking website. The speaker will provide a real life instance that allowed a user to book zero dollar or negative values for reservations for hotel rooms, entertainment, and restaurants. He will also cover best practices on how to protect your website against abuse of functionality vulnerabilities.

    The speaker will cover the business impact of the Abuse of Functionality vulnerability including:

    - How users were being given full control over the amount they paid for events.

    - Resulting event costs

    - How this vulnerability created a significant loss for the business
  • PCI DSS 3.1 Crash Course - Part II Recorded: Feb 17 2016 27 mins
    Asma Zubair, Director Product Management
    The Payment Card Industry Data Security Standard (PCI DSS) is continuously changing to protect user data from exposure. The most recent version, 3.1 will remain active until December 31, 2017. 
    WhiteHat Security recently held a webinar on the top 11 changes in 3.1 that would affect your application security program and the recommended activities to achieve and maintain compliance. There was a great turn out and even better level of engagement. As such, this webinar will be addressing the great questions raised in Part I to provide a deeper understanding of PCI DSS and its requirements.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Insufficient Authorization: The Basics
  • Live at: Jan 21 2016 4:00 pm
  • Presented by: Austin Brinkman, Application Security Researcher, WhiteHat Security
  • From:
Your email has been sent.
or close