Hi [[ session.user.profile.firstName ]]

Internet and the Insecurity of Things | RSAC Live Panel

The Internet of Things (IoT) is rapidly changing the way we look at everything. The advantages we gain with smart devices are driving us to new levels of convenience in healthcare, manufacturing and automation, but IoT also presents many security challenges. So how do we efficiently manage thousands of devices? How do we effectively deal with mutual authentication? How do we know what is trustworthy and what is not? And most of all, how do we do this at a massive scale? This panel will explore the IoT challenges that we face and the solutions that we can implement today for a more secure future.

The audience will learn:
- How and why IoT is different than our classic, traditional IT environments
- The current state of security and privacy in IoT and how it will impact individuals, homes, buildings, cities, states, and nations
- What the future holds for security and privacy in our ever-evolving IoT world
- The need for standards
- Medical devices
- Home automation
- Connected cars
- Smart cities

Chenxi Wang

Ryan O'Leary, VP Threat Research Center at White Hat Security
Josh Corman, Director, Cyber Statecraft Initiative at Atlantic Council
Rich Mason, President & Chief Security Officer, Critical Infrastructure
Billy Rios, Founder of WhiteScope LLC
Recorded Feb 14 2017 37 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chenxi Wang(Twistlock) Ryan O'Leary(WhiteHat) Josh Corman(AtlanticCouncil) Rich Mason(Critical Infra) Billy Rios(Whitescope)
Presentation preview: Internet and the Insecurity of Things | RSAC Live Panel

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Women Building Careers in Cybersecurity Recorded: Oct 22 2020 60 mins
    Judy Sunblade, VP Revenue Growth & Enablement, WhiteHat Security
    Women make up only 24% of the security workforce. While this number has increased over the last three years, we are still not where we should be. The solution to filling the cybersecurity workforce gap seems simple – hire more women. Over the next several years the percentage of women in cybersecurity must take a bigger leap.

    Across the industry, there is a workforce shortage of skilled cybersecurity staff. Over the next five years, cybercrime will prompt more than triple the number of job openings. In fact, Cybersecurity Ventures predicts there “will be 3.5 million cybersecurity job openings by 2021."

    Join us as our panelists talk about how each found their way into the field of security, from technical perspectives to management and leadership, without necessarily coming from a pure computer science background.

    During this panel we’ll discuss:
    1.Our first security jobs – how we were recruited or interviewed for this field
    2.The non-security skills that have helped us build a security career
    3.What would have helped an entry into security earlier in our careers

    Whether you’re a manager looking to find new sources of talent, an IT worker looking at security career options, or just trying to figure out what to do about the gender gap in your organization, we invite you to the table to talk.

    Moderator: Judy Sunblade, VP Revenue Growth & Enablement, WhiteHat Security
    •Lindsey O’Donnell, Senior Editor at Threatpost
    •Cassandra Morton, VP, Customer Success and Service Delivery, WhiteHat Security
    •Samantha Singh, Executive Vice President, Partner, Lumina Communications
    •Katherine Haworth, Application Security Engineer, Engineering WhiteHat Security
  • The DevSecOps Journey: How to Transform AppSec and Move Toward Secure DevOps Recorded: Oct 7 2020 38 mins
    Joseph Feiman, Chief Strategy Officer, WhiteHat Security
    Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot remain the end all be all. The majority of data breaches have to do with web application security vulnerabilities; and therefore, security must become part of the software development equation.

    The problem is that most organizations approach security at the end of the software development lifecycle, when it’s often too late or too complicated to fix vulnerabilities. To be effective, security must be integrated throughout each stage of the entire software development lifecycle.

    DevSecOps – application security built into DevOps – is popular in theory, but overall, to date, it has been poorly adopted. This poor adoption of DevSecOps often stems from the fact that software testing technologies are not customized for each of the different software development and operations roles.

    Register for this webinar to learn:
    -Why DevOps is not DevSecOps – yet..
    -Steps you can take now, to start proactively protecting your applications
    -A breakdown of the AppSec technologies – SCA, SAST, and DAST, and where each fit into the SDLC
  • Reduce API Security Risks with Automated and Continuous API Scanning Recorded: Jul 15 2020 21 mins
    Jeff Lawson, Director, Product Management, WhiteHat Security
    Digital businesses have widespread API usage that makes it easier for organizations to share data and integrate with customer applications. However, since APIs expose application logic and sensitive data such as Personally Identifiable Information (PII), APIs have increasingly become a target for attackers leading to many serious data breaches in recent past. Gartner estimates that by 2022, API abuse will become the most-frequent attack vector, resulting in data breaches for many organizations.

    How do we reduce the security risks associated with APIs?
    Test early. Test often. Test everything.

    Join this session to learn about:

    -Understand how the impact of sheer proliferation of APIs has changed a number of applications, the exposure of applications, and the constant change to your applications.
    -Types of API vulnerabilities that are the leading causes of API related data breaches.
    -How Sentinel Auto API is changing the game for dynamic testing of APIs by making it extremely easy to configure and integrate.
  • Detecting and Defending Against Server-Side Request Forgery Recorded: Mar 10 2020 25 mins
    Oscar Tovar, DAST Research and Development, WhiteHat Security
    Today’s web applications help us stay connected and are more than likely dependent on other services. This means that most web applications will utilize a server that sends off HTTP requests in order to receive the information that drives its content and features.

    Server sent requests happen so often that we may not even notice that they are utilized. From chat clients that pull metadata when a user posts a video link, to webhooks that are fired after a repository change happens, servers are constantly requesting information from other resources. While these features may be useful, it is important to take extra care when crafting the server sent requests using user input.

    This presentation covers characteristics found in functionalities that are commonly susceptible to SSRF attacks. Furthermore, it demonstrates how it can be used to escalate privileges, and how it can breach user information confidentiality.

    Attend this webinar to examine these scenarios and discuss in-depth safe input handling techniques that defend against Server-Side Request Forgery.
  • Mobile Security App-titude: Best Practices for Secure App Design and Data Privac Recorded: Feb 25 2020 35 mins
    Eduardo Cervantes, Manager of Mobile Application Security Testing (MAST), WhiteHat Security
    Join us on a journey to secure the personally-identifiable information (PII) data you collect in your mobile applications.

    -Consider which points of data you are collecting and why?
    -Does your app really need all that data?
    -Is the gathered data secure?
    -What would be the implications of an application security breach and are you prepared to take that risk?

    Malicious attacks on mobile applications are on the rise, presenting significant security and privacy risk to consumer data. Each data storage touchpoint is an additional attack surface. With CCPA data privacy regulations kicking in this year, companies need to be more aware of what data they keep and where it’s stored. Maintaining a zero-trust mentality and incorporating security by design is essential for keeping your mobile environment secure.

    Attend this webinar to learn how to prevent mobile app security intrusions and address data privacy challenges. Mobile app developers will also learn how to leverage best practices on building secure mobile apps by closing any privacy gaps that are found throughout the mobile app development life cycle.
  • Jump Start your Application Security in the Cloud Recorded: Oct 23 2019 31 mins
    Bryan Becker, DAST Product Manager, WhiteHat Security; Kashif Hafeez, Senior Director, Product Marketing, WhiteHat Security
    New threats emerge as the landscape of the cloud application evolves from more traditional environments. With technology becoming pervasive and new concepts revolutionizing the nature and reach of IT, applications have become central to business strategy for many organizations. Keeping applications secure has long been a priority.

    Join Bryan Becker, DAST Product Manager at WhiteHat Security, and Kashif Hafeez, Senior Director of Product Marketing at WhiteHat Security, as they cover what's involved in cloud security, and what the difference in challenges are.
  • Unbreakable API’s: Best Practices for Application Security Testing Recorded: Sep 25 2019 38 mins
    Eric Sheridan, Chief Scientist, WhiteHat Security
    APIs are doors into your data and applications, so pausing to include security is just as important as securing web applications. In this presentation we will discuss best practices to ensure that APIs have full security coverage, and how teams can find and fix vulnerabilities before problems arise.

    We’ll also cover the inflection points for security assessment in the software development life cycle (SDLC) as they may vary depending on whether the development team is enabling APIs for legacy applications or building new API-first applications. Join us to learn best practices on when to:

    -Perform DAST of APIs for dynamic scanning, and create a plan for remediating/mitigating discovered vulnerabilities
    -Perform SCA & SAST analysis for the API implementation code within the DevOps process
    -Use secure design patterns within the enterprise application architecture
    -Implement a robust feedback loop within the SDLC to act on the findings of various scans
  • Top 10 Application Security Vulnerabilities for Developers Recorded: Aug 8 2019 32 mins
    Mark Rogan, DAST Manager, WhiteHat Security & Calvin Nguyen, Director of Product Management, WhiteHat Security
    Today’s applications touch millions if not billions of people on a daily basis. With virtually every business using applications to grow, they are critical to companies’ success—yet the vulnerabilities and risks associated with them continue to increase exponentially.

    To help educate the market on avoiding breaches of this nature, the experts at the WhiteHat Security Threat Research Center (TRC) have compiled a Top 10 Application Security Vulnerabilities for Developers, detailing the most common web exploits used by malicious attackers during the past 12 months.

    Join Mark Rogan from the WhiteHat Security Threat Research Center and Calvin Nguyen, Director of Product Management, as they discuss the top vulnerabilities and give valuable prevention tips for enterprises to implement.
  • Deep-Dive into the DevSecOps Framework Recorded: Jul 31 2019 48 mins
    Eric Sheridan, Chief Scientist, WhiteHat Security
    Finely-tuned DevOps provides many benefits to an enterprise, including speed of development, improved deployment frequency, better collaboration between Development and Operations teams, lower failure rates of new releases, and faster times to market. But DevOps software development also presents a fundamental challenge to traditional software security practices. Application security often runs at the end of the software life cycle (SLC), and isn’t in DevOps’ hands. The issue then becomes: how to secure DevOps and make it DevSecOps?

    As application development within Agile environments has increased, the need to bring security into the DevOps equation and enable developers has also grown. Software development is much quicker in an Agile environment. Without proper security or software composition analysis, the breadth of undetected security vulnerabilities can grow farther and faster.

    With more entryways vulnerable to attack (due to more functionality being introduced in applications), the frequency of attacks has also increased. Thus, the term DevSecOps looks to integrate and open cross-functional organizational structures / communications to include application security throughout the SLC and post-release lifespan. Just as DevOps sought to lower the failure rate of the product, DevSecOps seeks to lower the number of vulnerabilities and increase efficiency for detection of the time-to-fix rate.

    Join WhiteHat Security’s Chief Scientist, Eric Sheridan, as he discusses the DevSecOps framework from development, build, to deployment.
  • Mitigating the Risk of IoT with Application Security Testing Recorded: Jul 25 2019 24 mins
    Jeannie Warner, Security Manager, WhiteHat Security
    IoT is made up of Microservices and APIs, making them quick to implement and churn out into production. But are they secure? We will look at the challenges a user of the IoT should be aware of, and what checklists can a programmer use for best practices in IoT development.
  • The Evolution of the Secure Software Lifecycle Recorded: Jul 11 2019 52 mins
    Setu Kulkarni, Vice President Strategy and Business Development, WhiteHat Security
    Findings from the 2018 Application Security Statistics Report on the evolution of the secure software lifecycle. WhiteHat partnered with Coalfire and NowSecure to produce the report.

    -How to measure the effectiveness of your application security investment to help mitigate overall business risk
    -How to defend your applications by evaluating how your vulnerability levels and remediation times compare with industry benchmarks
    -How to develop software more securely by partnering with the security team to adopt tools and methodologies compliant with your software development lifecycle (SDLC)

    Presented by Setu Kulkarni, Vice President Strategy and Business Development, WhiteHat Security
  • Microservices Security: It Will Get Worse Before it Gets Better Recorded: Jul 9 2019 31 mins
    Eric Sheridan, Chief Scientist, WhiteHat Security
    For every 100KLOC, a monolithic application will have an average of 39 vulnerabilities whereas a microservice application will have an average of 180 vulnerabilities. You read that right. According to the data gathered from WhiteHat Security’s 2018 Stats Report, the transition of enterprise monolithic applications to distributed microservices architectures is actually increasing the overall average of total vulnerabilities. But why? Why is it that we seemingly continue to make the same mistakes again and again? And what does this say about the security of microservices architectures, or the developers that build them? The journey to a microservices architecture generally involves the decomposition of an already existing monolith application, wherein previous security assumptions and considerations are often questioned and sometimes invalidated.
    Join Eric Sheridan, Chief Scientist at WhiteHat Security, for a dive into the security trends of microservice architectures. Participants of this talk will learn…
    •Why we are seeing an increase in the number of vulnerabilities with the migration to microservices
    •The most common vulnerability classes facing applications of microservices architectures
    •Strategies that can be used to more readily find and fix vulnerabilities earlier in the development lifecycle
  • 451 Research & WhiteHat Security: A Brave New World for Application Security Recorded: Jun 25 2019 56 mins
    Scott Crawford, Research Director, 451 Research
    A New Year, A Brave New World for Application Security. Are you ready?

    With technology becoming pervasive and new concepts revolutionizing the nature and reach of IT, applications have become central to business strategy for many organizations. Keeping applications secure has long been a priority. The new year brings fundamental changes to the application security battleground – and with them, new questions that organizations must answer:

    • As the nature of application development and operations changes, application security must change with it. How mature is your organization’s approach to new concepts such as continuous integration and deployment? Application containerization? Emerging DevOps toolsets and automation?

    • In addition to tackling the challenges of internal development, applications are exposed to external interaction in a variety of new ways. From APIs to “serverless” concepts, applications face a wider range of exposures than in the past. Are yours secured?

    • External application risks go beyond exposure. Today’s applications frequently leverage third party components - from open source to payment processing and other services. Recently, gaps in securing these components have been implicated in breaches and high-profile vulnerabilities. How will your organization address these risks?

    • Taking on these new challenges will require the best in both technology – making the most of emerging analytics to address scale and complexity – as well as expertise.

    Is your application security strategy ready for these challenges? Join Scott Crawford, Director of Information Security with 451 Research, and Setu Kulkarni, VP Strategy & Business Development with WhiteHat Security, as they seek to raise awareness of these emerging issues and help organizations chart their course ahead.
  • [Panel] Harnessing Knowledge: The State of Enterprise Application Security Recorded: Apr 25 2019 61 mins
    Daniel Blander, Virtual Clarity (Moderator), Joseph Feiman, CSO, WhiteHat Security & Paul Farrington, CTO, Veracode EMEA
    As organizations strive to transform themselves for the digital economy, application development is moving further into the spotlight - and right behind it is application security.

    So in 2019, AppSec can make or break a business. Instead of being overwhelmed by this pressure, there are tools and processes on the market that can help your application both meet and exceed business and security demands.

    From infrastructure-as-code models to API security and DevOps, learn from this panel of global experts how to harness knowledge and accelerate application release cycles, improve security and transform your business.

    Moderator: Daniel Blander, Virtual Clarity
    Joseph Feiman, Chief Strategy Officer, WhiteHat Security
    Paul Farrington, CTO, Veracode EMEA
  • Applications are Our Crown Jewels, Will They Ever Be Secure? Recorded: Sep 25 2018 49 mins
    Joseph Feiman, PhD, Chief Strategy Officer and Setu Kulkarni, Vice President, Product & Corporate Strategy
    Applications are our crown jewels. They run our businesses, power grid, military defenses, personal & business banking, social networks, hospitals, and entertainment, and yet are they secure? No, they are most vulnerable, and tend to remain so!

    In this session, we’ll take a look at data which provides an analysis of tens of thousands of applications from 2017-2018 from approximately 900 companies both enterprise and SMB. The analysis includes global brands and local businesses, hundreds of thousands of application security tests and checks, along with an examination of code and behavior.

    Joseph Feiman, PhD, Chief Strategy Officer
    Joseph Feiman is the chief strategy officer at WhiteHat Security, a leading application security provider. Feiman is responsible for WhiteHat’s overarching business strategy and vision, to further its success in empowering secure development and operations. Previously, Feiman worked for 18 years at Gartner, where he was a Gartner research vice president and fellow.

    Setu Kulkarni, Vice President, Product & Corporate Strategy
    As the Vice President of Product & Corporate Strategy, Setu is responsible for product vision, strategy, and direction at WhiteHat Security. Setu joined the WhiteHat leadership team in early 2016 after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio.
  • Mining AppSec Analytics to Manage Your Biggest Cyber Threat Vector Recorded: Jul 19 2018 45 mins
    Setu Kulkarni, VP, Strategy & Business Development
    From development to DevOps to SecOps, and from day to day management to the Board of Directors, application security analytics are a necessity to drive action across your organization. We’ll discuss a crawl, walk, run approach including basic reporting, vulnerability management, CI/CD integration, and using analytics tools. You’ll learn how to mine your application security data to manage your biggest cybersecurity threat vector.

    About the Presenter:
    Setu Kulkarni is the VP, Strategy & Business Development for WhiteHat Security. Setu joined the WhiteHat leadership team in early 2016 after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio. During his many years at TIBCO, he led a variety of strategic and operational initiatives – building the SOA platform for the Integration and BPM businesses, building the business launch platform for TIBCO’s cloud business, mainstreaming the LogLogic acquisition, and developing the next-gen ITOA offering. He earned an engineering degree in computer science and engineering from Visvesvaraya Technological University, India.
  • Mitigating the Risk of IoT with Application Security Testing Recorded: Jun 13 2018 25 mins
    Jeannie Warner, Security Manager, WhiteHat Security
    IoT is made up of Microservices and APIs, making them quick to implement and churn out into production. But are they secure? We will look at the challenges a user of the IoT should be aware of, and what checklists can a programmer use for best practices in IoT development.
  • The Rise of Ransomware: Will the Trend Continue? Recorded: Mar 20 2018 37 mins
    Jessica Marie, Security Evangelist, WhiteHat Security
    In the past year, we’ve seen a litany of ransomware attacks – Petya, WannaCry, Bad Rabbit and many others. Everything from small businesses to large scale cyber-attacks against large financial and healthcare companies have been impacted.

    The issue with Ransomware isn’t new. This type of exploit has existed for some time, leaving systems across the world inaccessible with messages that no one wants to see: ‘pay me or else’. Ransomware is an issue but one that can be avoided if companies take the right approach.

    Will this trend continue in 2018? Join Jessica Marie, Security Evangelist at WhiteHat Security to learn the ways you can protect your organization against ransomware.

    Register for this webinar to learn:
    • What to look for in ransomware attacks
    • Training recommendations for both development and security organizations
    • The importance of system backups
    • How to test your web applications for vulnerabilities that would allow outsiders to upload malicious files
  • Mapping and Securing Data Flows Across Your Ecosystem Recorded: Jan 16 2018 30 mins
    Jeannie Warner, Security Manager, WhiteHat Security and Kurt Risley, Security Architect
    GDPR is coming and anyone doing business with the EU will need a Data Officer to determine their data strategy.

    With a third of all attacks coming in against web applications, mapping the data flows through those applications is required to satisfy due diligence in securing your customer data, EU citizen data, and is a good exercise in general to protect your own intellectual property.

    In this talk, Jeannie Warner, Security Manager and Kurt Risley, Security Architect at WhiteHat Security will offer best application security practices for data in the following categories:

    - Data Classification - how secure does it need to be?
    - Data Categorization - which regulations will apply?
    - Data Rules - what kinds of repeatable policies should be applied?
    - Data Mapping - identify the flow from database to applications to client apps via APIs
    - Data Securing - showing the best practices for securing the applications by use cases
  • Web Application Authorization and Authentication Explained Recorded: Nov 15 2017 60 mins
    Mike King, Technical Escalations Engineer, WhiteHat Security
    Join us to understand what happens when someone logs into a web application. Mike King, Technical Escalations Engineer for WhiteHat Security, will guide you through common access scenarios and vulnerabilities.

    By the end of this educational webinar, you’ll understand:
    -How web applications authenticate and authorize users
    -What can go wrong in the process
    -How to determine if you have a problem on your hands
Securing Your Digital Business
WhiteHat Security has honed its 17 years of experience in the application security space to provide developers with the tools and services they need to write and deliver the most secure software at the speed of business. The award-winning WhiteHat Application Security Platform, which has been featured on the Gartner Magic Quadrant for Application Security Testing for the last five years, is empowering true DevSecOps by continuously assessing the risk for organizations’ software assets and helping them to embed security throughout–and beyond– the software life cycle (SLC). The company is based in San Jose, California, with regional offices across the U.S. and Europe. For more information on WhiteHat Security, please visit www.whitehatsec.com, and follow us on Twitter, LinkedInand Facebook.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Internet and the Insecurity of Things | RSAC Live Panel
  • Live at: Feb 14 2017 6:00 pm
  • Presented by: Chenxi Wang(Twistlock) Ryan O'Leary(WhiteHat) Josh Corman(AtlanticCouncil) Rich Mason(Critical Infra) Billy Rios(Whitescope)
  • From:
Your email has been sent.
or close