Name: Vulnerability Discovery: Booking Zero Dollar Travel Via a Site
Start: 2016-03-24T15:00:00Z
End: 2016-03-24T15:18:54.000Z
Location: BrightTALK
Rating: 3.89

WhiteHat™ DAST is a software-as-a-service (SaaS) dynamic application security testing (DAST) solution that allows your business to quickly deploy a scalable web security program. No matter how many websites you have or how often they change, WhiteHat DAST can scale to meet any demand. Synopsys acquired White Hat Security (NTT Application Security) in June of 2022. 

Shifting the Modern Application Security Paradigm

The emphasis on securing applications in development has not resulted in the reduction of breaches that was once expected. In fact, breaches are becoming even more common and more dangerous. Testing solely in development is a DAST-backwards approach that cannot protect applications from being breached in production.

If the ultimate goal of application security testing is a digital future that is free from breaches, we must now embrace a DAST-forward approach that accounts for the entire attack surface, incorporates continuous dynamic application testing and integrates DAST insights to increase the efficacy of SAST and software composition analysis.

Register now to learn how a modern paradigm can take your application security DAST to the future.

DAST to the Future

If your APIs are vulnerable, then so is your business.

Application Programming Interfaces (APIs) have evolved into business-critical services with a unique set of application security needs. The evolution of the Business Logic Layer was accelerated in part by the popularity of the Postman API Platforms; however, traditional security testing products have struggled to adapt. This next generation of business logic API collections require a fundamentally new technology and native testing experience that empowers organizations to overcome modern security challenges. 

As a modern solution, NTT Application Security’s Vantage Prevent enables organizations get ahead and stay ahead of the security curve. 

Join NTT Application Security Chief Scientist Eric Sheridan and Product Market Analyst Sarah Perkins in this webinar on demand for a breakdown of the current challenges in API testing and how organizations can establish both a robust API security strategy and a true DevSecOps process.

Attendees will see a demo of the Vantage Prevent product’s revolutionary Intelligence-Directed DAST technology.

API Security Through the Lens of Modern DevSecOps

Join NTT Application Security Fellow Ray Kelly and Senior Product Manager Rod Musser in this webinar on demand for a practical approach to integrating application security across the SDLC, from developers to QA to pipelines.

Intelligence-Directed DAST: A Practical Approach to Security Across the SDLC

Today’s organizations need to deliver applications, fast. Unfortunately, traditional security programs are reactive and can’t keep up with the velocity of current software development lifecycles. What if there were a better way? What if your organization could accelerate application security to the speed of your development cycles?

Join Chief Revenue Officer Dave Gerry and Vice President of Products Jeff Lawson for a visionary perspective on how NTT Application Security is once again redefining application security, just as we did 20 years ago as WhiteHat Security.

In this webinar on demand, Dave and Jeff will introduce our WhiteHat Vantage Platform and how it strategically layers three lightning-fast, purpose-built testing solutions at the most critical inflection points of your SDLC, allowing your developers and security teams to focus on priority items.

Accelerating Application Security to the Speed of Modern Development

You need to modernize your application security program and you know how you are going to do it – by adopting the Modern AppSec Framework and utilizing a DAST First approach. The next questions is, “How do I put it into practice?”

When implementing any application security process between DevOps and SecOps, there are many technical elements and considerations. As you adopt the Modern AppSec Framework you need to ensure that your development and security processes don’t bring each other to a screeching halt and leave your applications vulnerable. So where should you begin? At the beginning!

Making It All Work: Operationalizing the Modern AppSec Framework

You need to deliver new applications and API’s, fast. Unfortunately, this “need for speed” can lead to vulnerabilities in software code. Once discovered in production, so begins the process by which SecOps and DevOps work to fix the vulnerabilities in runtime applications.  Unfortunately, SecOps and DevOps teams have historically operated independently, establishing their own processes, tools and KPI’s which can create roadblocks.

For an organization to truly develop and deploy secure applications, they need to move beyond traditional methodologies and adopt a new approach – one that bridges the gap between security operations and development.

Join NTT Application Security in this webinar on demand, A Modern Approach to Application Security: Securing Today’s Applications Requires a New Approach.

A Modern Approach to Application Security

2021 was a roller coaster of a year in the security world, with the workforce embracing a hybrid model, the COVID pandemic continuously evolving and the world of business and technology perpetually in flux. 

As the calendar year wraps up, now is a great time to take a closer look at the Top Breaches of 2021 to learn how the current business climate has affected organizations like yours and what lessons and best practices we can take away from these breaches.

Join the cybersecurity experts at NTT Application Security for this webinar on demand for a comprehensive look at the Top Breaches of 2021, with deep insights into factors like:

    What happened and what it means for teams like yours
    How to prevent breaches like these in your organization
    How to mitigate and recover from similar breaches

Top Breaches of 2021

The emphasis on securing applications in development has not resulted in the reduction of breaches that was once expected. In fact, breaches are becoming even more common and more dangerous. Testing solely in development is a DAST-backwards approach that cannot protect applications from being breached in production.

That's why WhiteHat Security is hosting this webinar on demand, DAST to the Future: Shifting the Modern Application Security Paradigm. 

If the ultimate goal of application security testing is a digital future that is free from breaches, we must now embrace a DAST-forward approach that accounts for the entire attack surface, incorporates continuous dynamic application testing and integrates DAST insights to increase the efficacy of SAST and software composition analysis.

DAST TO THE FUTURE: Shifting the Modern Application Security Paradigm

API security testing is a critical – yet often missed – step when adopting a blueprint for API Governance. When there is a flaw in an API, it affects every application that relies on that API.

While inadequate solutions have left many APIs untested and vulnerable, new technologies are emerging that deliver fast, automated and accurate API security testing, with direct integration with platforms like Postman. Are you ready to take your API Governance to the next level?

Join Eric Sheridan (Chief Scientist at WhiteHat Security) and Kin Lane (Chief Evangelist at Postman) in this webinar on-demand to learn the “must-haves” of API security testing within your overall governance strategy. In addition, we will put theory into practice with a demonstration of how to achieve fast, easy, accurate and scalable security testing of your APIs.

Blueprint for Governance: Integrating API Security Testing within Postman

Securing today's applications is no easy task. Should you use DAST or SAST to secure your applications? What even constitutes an application in 2021? Are API's going to open your business up to more attacks? How do you get a handle on what you own while at the same time trying to launch new applications at breakneck speed?

Unfortunately, the "move left" has not stopped application breaches from occurring. According to NTT Application Security data, 50% of applications in all major industries have at least one open, serious, exploitable vulnerability.

With all of the opinions and suggestions out there, how do you know what's right for your program?

Join Chris Leffel, CPO of NTT Application Security, and Jeremiah Grossman, CEO of Bit Discovery, for a straight-talking webinar on demand where they will share three top reasons why applications are still getting hacked and the best approach to keep your applications secure and your organization out of the news.

Top 3 Reasons Applications are Still Getting Hacked

The end of the year is quickly approaching and it’s time to schedule your service check. Is your application security program race-ready for 2021 or is it time for an engine overhaul?

Regular auto maintenance checks help uncover any looming issues to ensure that your vehicle runs well and doesn’t leave you stranded. Why not do the same for your organization’s application security? The end of the year is a good time for a look under the hood to assess risk across your application portfolio. It is more critical than ever to keep your organization’s security in top-notch condition and to be well protected against ever-present cyberattacks.

Watch a short webinar now to see how your current program scores and determine whether you need any repairs or enhancements to race securely and confidently into the New Year!

Key topics:

    Know your assets, know your vulnerabilities
    Understand the gaps in your application security program
    Garner more clarity on how to address the gaps in your overall application security posture
    Secure your digital future

Top 10 Maintenance Application Security Program Checkpoints

The Crash Course webinar series is back! NTT Application Security is proud to present Crash Course 2.0, the latest offering of our how-to-hack series of instructional videos.

In this webinar-on-demand, we will dive into everyone's favorite vuln: Cross-Site Scripting! Topics covered include:

    A closer look at how XSS works from a request/response perspective
    What kind of attacks are possible
    How malicious actors execute attacks
    What steps you can take to prevent this kind of attack.

Crash Course 2.0 - Cross-Site Scripting (XSS)

Women make up only 24% of the security workforce.  While this number has increased over the last three years, we are still not where we should be. The solution to filling the cybersecurity workforce gap seems simple – hire more women. Over the next several years the percentage of women in cybersecurity must take a bigger leap.

Across the industry, there is a workforce shortage of skilled cybersecurity staff. Over the next five years, cybercrime will prompt more than triple the number of job openings. In fact, Cybersecurity Ventures predicts there “will be 3.5 million cybersecurity job openings by 2021."

Join us as our panelists talk about how each found their way into the field of security, from technical perspectives to management and leadership, without necessarily coming from a pure computer science background.

During this panel we’ll discuss:
1.Our first security jobs – how we were recruited or interviewed for this field
2.The non-security skills that have helped us build a security career
3.What would have helped an entry into security earlier in our careers

Whether you’re a manager looking to find new sources of talent, an IT worker looking at security career options, or just trying to figure out what to do about the gender gap in your organization, we invite you to the table to talk.

Moderator: Judy Sunblade, VP Revenue Growth & Enablement, WhiteHat Security
Panelists:
•Lindsey O’Donnell, Senior Editor at Threatpost
•Cassandra Morton, VP, Customer Success and Service Delivery, WhiteHat Security
•Samantha Singh, Executive Vice President, Partner, Lumina Communications
•Katherine Haworth, Application Security Engineer, Engineering WhiteHat Security

Women Building Careers in Cybersecurity

Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot remain the end all be all. The majority of data breaches have to do with web application security vulnerabilities; and therefore, security must become part of the software development equation.

The problem is that most organizations approach security at the end of the software development lifecycle, when it’s often too late or too complicated to fix vulnerabilities. To be effective, security must be integrated throughout each stage of the entire software development lifecycle.

DevSecOps – application security built into DevOps – is popular in theory, but overall, to date, it has been poorly adopted. This poor adoption of DevSecOps often stems from the fact that software testing technologies are not customized for each of the different software development and operations roles.


Register for this webinar to learn:
-Why DevOps is not DevSecOps – yet..
-Steps you can take now, to start proactively protecting your applications
-A breakdown of the AppSec technologies – SCA, SAST, and DAST, and where each fit into the SDLC

The DevSecOps Journey: How to Transform AppSec and Move Toward Secure DevOps

Digital businesses have widespread API usage that makes it easier for organizations to share data and integrate with customer applications. However, since APIs expose application logic and sensitive data such as Personally Identifiable Information (PII), APIs have increasingly become a target for attackers leading to many serious data breaches in recent past. Gartner estimates that by 2022, API abuse will become the most-frequent attack vector, resulting in data breaches for many organizations.

How do we reduce the security risks associated with APIs?
Test early. Test often. Test everything.

Join this session to learn about:

-Understand how the impact of sheer proliferation of APIs has changed a number of applications, the exposure of applications, and the constant change to your applications.
-Types of API vulnerabilities that are the leading causes of API related data breaches.
-How Sentinel Auto API is changing the game for dynamic testing of APIs by making it extremely easy to configure and integrate.

Reduce API Security Risks with Automated and Continuous API Scanning

Today’s web applications help us stay connected and are more than likely dependent on other services. This means that most web applications will utilize a server that sends off HTTP requests in order to receive the information that drives its content and features.

Server sent requests happen so often that we may not even notice that they are utilized. From chat clients that pull metadata when a user posts a video link, to webhooks that are fired after a repository change happens, servers are constantly requesting information from other resources. While these features may be useful, it is important to take extra care when crafting the server sent requests using user input.

This presentation covers characteristics found in functionalities that are commonly susceptible to SSRF attacks. Furthermore, it demonstrates how it can be used to escalate privileges, and how it can breach user information confidentiality.

Attend this webinar to examine these scenarios and discuss in-depth safe input handling techniques that defend against Server-Side Request Forgery.

Detecting and Defending Against Server-Side Request Forgery

Join us on a journey to secure the personally-identifiable information (PII) data you collect in your mobile applications.

-Consider which points of data you are collecting and why?
-Does your app really need all that data?
-Is the gathered data secure?
-What would be the implications of an application security breach and are you prepared to take that risk?

Malicious attacks on mobile applications are on the rise, presenting significant security and privacy risk to consumer data. Each data storage touchpoint is an additional attack surface. With CCPA data privacy regulations kicking in this year, companies need to be more aware of what data they keep and where it’s stored. Maintaining a zero-trust mentality and incorporating security by design is essential for keeping your mobile environment secure.

Attend this webinar to learn how to prevent mobile app security intrusions and address data privacy challenges. Mobile app developers will also learn how to leverage best practices on building secure mobile apps by closing any privacy gaps that are found throughout the mobile app development life cycle.

Mobile Security App-titude: Best Practices for Secure App Design and Data Privac

New threats emerge as the landscape of the cloud application evolves from more traditional environments. With technology becoming pervasive and new concepts revolutionizing the nature and reach of IT, applications have become central to business strategy for many organizations. Keeping applications secure has long been a priority.

Join Bryan Becker, DAST Product Manager at WhiteHat Security, and Kashif Hafeez, Senior Director of Product Marketing at WhiteHat Security, as they cover what's involved in cloud security, and what the difference in challenges are.

Jump Start your Application Security in the Cloud

Building an Adaptive Security Approach with Targeted Intelligence

Protecting Your Business from the Ransomware Threat

Lessons Not Learned: Cybersecurity's Habitual Mistakes

Phishing, Malware and Incidents – Oh my! How to handle the daily deluge.

The Anatomy of a Cloud Data Breach

Implementing a Risk Migration Plan for PCI DSS 3.1

Security that counts: What’s in your Data Center?

Data loss due to human error - Stop the zombie apocalypse

Today’s Threats and What They Mean for Tomorrow - 2016 Webroot Threat Brief

Risk Management and Project Planning

Best Practices to Stop Data Breaches in 2016

P2P File-sharing Crowd Sourced Malware Distribution

Been breached - how do you protect your data?

Prevent, Detect & Correct Cyber Threats

Not “If” but “When”: Protecting Your Data with a Cyber Resiliency Plan

Data Masking at Speed & Scale

Data Breaches are Inevitable: Reduce your Risk with Cloud-Friendly Segmentation

Data Protection and Incident Response

Deep Threat: Security Lessons from the Online Adult Entertainment Industry

Surviving the Data Storms: Steering around Sunk Safe Harbors

Data Protection & Incident Response Summit

This presentation will demonstrate the value of manual business logic assessments and provide an example of an abuse of functionality vulnerability identified on a travel booking website. The speaker will provide a real life instance that allowed a user to book zero dollar or negative values for reservations for hotel rooms, entertainment, and restaurants. He will also cover best practices on how to protect your website against abuse of functionality vulnerabilities.

The speaker will cover the business impact of the Abuse of Functionality vulnerability including:

- How users were being given full control over the amount they paid for events.

- Resulting event costs

- How this vulnerability created a significant loss for the business

Vulnerability Discovery: Booking Zero Dollar Travel Via a Site

Application

Security

Vulnerability

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Vulnerability Discovery: Booking Zero Dollar Travel Via a Site

Presented by

About this talk

More from this channel