Hi [[ session.user.profile.firstName ]]

Crash Course 2.0 - Cross-Site Scripting (XSS)

The Crash Course webinar series is back! NTT Application Security is proud to present Crash Course 2.0, the latest offering of our how-to-hack series of instructional videos.

In this webinar-on-demand, we will dive into everyone's favorite vuln: Cross-Site Scripting! Topics covered include:

A closer look at how XSS works from a request/response perspective
What kind of attacks are possible
How malicious actors execute attacks
What steps you can take to prevent this kind of attack.
Recorded Sep 24 2021 32 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Cody Beers, Technical Training Manager
Presentation preview: Crash Course 2.0 - Cross-Site Scripting (XSS)

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Making It All Work: Operationalizing the Modern AppSec Framework Dec 15 2021 5:00 pm UTC 64 mins
    Jeff Lawson Director, Product Management; Matt Lantinga VP, Enterprise Sales; Pete Monahan Director, Global Solutions
    You need to modernize your application security program and you know how you are going to do it – by adopting the Modern AppSec Framework and utilizing a DAST First approach. The next questions is, “How do I put it into practice?”

    When implementing any application security process between DevOps and SecOps, there are many technical elements and considerations. As you adopt the Modern AppSec Framework you need to ensure that your development and security processes don’t bring each other to a screeching halt and leave your applications vulnerable. So where should you begin? At the beginning!
  • A Modern Approach to Application Security Nov 16 2021 5:00 pm UTC 61 mins
    Jeff Lawson Director, Product Management; Matt Lantinga VP, Enterprise Sales; Pete Monahan Director, Global Solutions
    You need to deliver new applications and API’s, fast. Unfortunately, this “need for speed” can lead to vulnerabilities in software code. Once discovered in production, so begins the process by which SecOps and DevOps work to fix the vulnerabilities in runtime applications. Unfortunately, SecOps and DevOps teams have historically operated independently, establishing their own processes, tools and KPI’s which can create roadblocks.

    For an organization to truly develop and deploy secure applications, they need to move beyond traditional methodologies and adopt a new approach – one that bridges the gap between security operations and development.

    Join NTT Application Security in this webinar on demand, A Modern Approach to Application Security: Securing Today’s Applications Requires a New Approach.
  • DAST TO THE FUTURE: Shifting the Modern Application Security Paradigm Oct 28 2021 4:00 pm UTC 57 mins
    Jeff Lawson Director, Product Management; Matt Lantinga VP, Enterprise Sales; Pete Monahan Director, Global Solutions
    The emphasis on securing applications in development has not resulted in the reduction of breaches that was once expected. In fact, breaches are becoming even more common and more dangerous. Testing solely in development is a DAST-backwards approach that cannot protect applications from being breached in production.

    That's why WhiteHat Security is hosting this webinar on demand, DAST to the Future: Shifting the Modern Application Security Paradigm.

    If the ultimate goal of application security testing is a digital future that is free from breaches, we must now embrace a DAST-forward approach that accounts for the entire attack surface, incorporates continuous dynamic application testing and integrates DAST insights to increase the efficacy of SAST and software composition analysis.
  • Blueprint for Governance: Integrating API Security Testing within Postman Recorded: Oct 8 2021 45 mins
    Eric Sheridan, Chief Scientist, NTT Application Security; Kin Lane, Chief Evangelist, Postman
    API security testing is a critical – yet often missed – step when adopting a blueprint for API Governance. When there is a flaw in an API, it affects every application that relies on that API.

    While inadequate solutions have left many APIs untested and vulnerable, new technologies are emerging that deliver fast, automated and accurate API security testing, with direct integration with platforms like Postman. Are you ready to take your API Governance to the next level?

    Join Eric Sheridan (Chief Scientist at WhiteHat Security) and Kin Lane (Chief Evangelist at Postman) in this webinar on-demand to learn the “must-haves” of API security testing within your overall governance strategy. In addition, we will put theory into practice with a demonstration of how to achieve fast, easy, accurate and scalable security testing of your APIs.
  • Top 3 Reasons Applications are Still Getting Hacked Recorded: Sep 24 2021 59 mins
    Join Chris Leffel, CPO of NTT Application Security, and Jeremiah Grossman, CEO of Bit Discovery
    Securing today's applications is no easy task. Should you use DAST or SAST to secure your applications? What even constitutes an application in 2021? Are API's going to open your business up to more attacks? How do you get a handle on what you own while at the same time trying to launch new applications at breakneck speed?

    Unfortunately, the "move left" has not stopped application breaches from occurring. According to NTT Application Security data, 50% of applications in all major industries have at least one open, serious, exploitable vulnerability.

    With all of the opinions and suggestions out there, how do you know what's right for your program?

    Join Chris Leffel, CPO of NTT Application Security, and Jeremiah Grossman, CEO of Bit Discovery, for a straight-talking webinar on demand where they will share three top reasons why applications are still getting hacked and the best approach to keep your applications secure and your organization out of the news.
  • Top 10 Maintenance Application Security Program Checkpoints Recorded: Sep 24 2021 31 mins
    Ray Kelly, Principal Security Engineer
    The end of the year is quickly approaching and it’s time to schedule your service check. Is your application security program race-ready for 2021 or is it time for an engine overhaul?

    Regular auto maintenance checks help uncover any looming issues to ensure that your vehicle runs well and doesn’t leave you stranded. Why not do the same for your organization’s application security? The end of the year is a good time for a look under the hood to assess risk across your application portfolio. It is more critical than ever to keep your organization’s security in top-notch condition and to be well protected against ever-present cyberattacks.

    Watch a short webinar now to see how your current program scores and determine whether you need any repairs or enhancements to race securely and confidently into the New Year!

    Key topics:

    Know your assets, know your vulnerabilities
    Understand the gaps in your application security program
    Garner more clarity on how to address the gaps in your overall application security posture
    Secure your digital future
  • Crash Course 2.0 - Cross-Site Scripting (XSS) Recorded: Sep 24 2021 32 mins
    Cody Beers, Technical Training Manager
    The Crash Course webinar series is back! NTT Application Security is proud to present Crash Course 2.0, the latest offering of our how-to-hack series of instructional videos.

    In this webinar-on-demand, we will dive into everyone's favorite vuln: Cross-Site Scripting! Topics covered include:

    A closer look at how XSS works from a request/response perspective
    What kind of attacks are possible
    How malicious actors execute attacks
    What steps you can take to prevent this kind of attack.
  • Women Building Careers in Cybersecurity Recorded: Oct 22 2020 60 mins
    Judy Sunblade, VP Revenue Growth & Enablement, WhiteHat Security
    Women make up only 24% of the security workforce. While this number has increased over the last three years, we are still not where we should be. The solution to filling the cybersecurity workforce gap seems simple – hire more women. Over the next several years the percentage of women in cybersecurity must take a bigger leap.

    Across the industry, there is a workforce shortage of skilled cybersecurity staff. Over the next five years, cybercrime will prompt more than triple the number of job openings. In fact, Cybersecurity Ventures predicts there “will be 3.5 million cybersecurity job openings by 2021."

    Join us as our panelists talk about how each found their way into the field of security, from technical perspectives to management and leadership, without necessarily coming from a pure computer science background.

    During this panel we’ll discuss:
    1.Our first security jobs – how we were recruited or interviewed for this field
    2.The non-security skills that have helped us build a security career
    3.What would have helped an entry into security earlier in our careers

    Whether you’re a manager looking to find new sources of talent, an IT worker looking at security career options, or just trying to figure out what to do about the gender gap in your organization, we invite you to the table to talk.

    Moderator: Judy Sunblade, VP Revenue Growth & Enablement, WhiteHat Security
    •Lindsey O’Donnell, Senior Editor at Threatpost
    •Cassandra Morton, VP, Customer Success and Service Delivery, WhiteHat Security
    •Samantha Singh, Executive Vice President, Partner, Lumina Communications
    •Katherine Haworth, Application Security Engineer, Engineering WhiteHat Security
  • The DevSecOps Journey: How to Transform AppSec and Move Toward Secure DevOps Recorded: Oct 7 2020 38 mins
    Joseph Feiman, Chief Strategy Officer, WhiteHat Security
    Speed to market has been everything in the software development world. But over time we’ve discovered that speed alone cannot remain the end all be all. The majority of data breaches have to do with web application security vulnerabilities; and therefore, security must become part of the software development equation.

    The problem is that most organizations approach security at the end of the software development lifecycle, when it’s often too late or too complicated to fix vulnerabilities. To be effective, security must be integrated throughout each stage of the entire software development lifecycle.

    DevSecOps – application security built into DevOps – is popular in theory, but overall, to date, it has been poorly adopted. This poor adoption of DevSecOps often stems from the fact that software testing technologies are not customized for each of the different software development and operations roles.

    Register for this webinar to learn:
    -Why DevOps is not DevSecOps – yet..
    -Steps you can take now, to start proactively protecting your applications
    -A breakdown of the AppSec technologies – SCA, SAST, and DAST, and where each fit into the SDLC
  • Reduce API Security Risks with Automated and Continuous API Scanning Recorded: Jul 15 2020 21 mins
    Jeff Lawson, Director, Product Management, WhiteHat Security
    Digital businesses have widespread API usage that makes it easier for organizations to share data and integrate with customer applications. However, since APIs expose application logic and sensitive data such as Personally Identifiable Information (PII), APIs have increasingly become a target for attackers leading to many serious data breaches in recent past. Gartner estimates that by 2022, API abuse will become the most-frequent attack vector, resulting in data breaches for many organizations.

    How do we reduce the security risks associated with APIs?
    Test early. Test often. Test everything.

    Join this session to learn about:

    -Understand how the impact of sheer proliferation of APIs has changed a number of applications, the exposure of applications, and the constant change to your applications.
    -Types of API vulnerabilities that are the leading causes of API related data breaches.
    -How Sentinel Auto API is changing the game for dynamic testing of APIs by making it extremely easy to configure and integrate.
  • Detecting and Defending Against Server-Side Request Forgery Recorded: Mar 10 2020 25 mins
    Oscar Tovar, DAST Research and Development, WhiteHat Security
    Today’s web applications help us stay connected and are more than likely dependent on other services. This means that most web applications will utilize a server that sends off HTTP requests in order to receive the information that drives its content and features.

    Server sent requests happen so often that we may not even notice that they are utilized. From chat clients that pull metadata when a user posts a video link, to webhooks that are fired after a repository change happens, servers are constantly requesting information from other resources. While these features may be useful, it is important to take extra care when crafting the server sent requests using user input.

    This presentation covers characteristics found in functionalities that are commonly susceptible to SSRF attacks. Furthermore, it demonstrates how it can be used to escalate privileges, and how it can breach user information confidentiality.

    Attend this webinar to examine these scenarios and discuss in-depth safe input handling techniques that defend against Server-Side Request Forgery.
  • Mobile Security App-titude: Best Practices for Secure App Design and Data Privac Recorded: Feb 25 2020 35 mins
    Eduardo Cervantes, Manager of Mobile Application Security Testing (MAST), WhiteHat Security
    Join us on a journey to secure the personally-identifiable information (PII) data you collect in your mobile applications.

    -Consider which points of data you are collecting and why?
    -Does your app really need all that data?
    -Is the gathered data secure?
    -What would be the implications of an application security breach and are you prepared to take that risk?

    Malicious attacks on mobile applications are on the rise, presenting significant security and privacy risk to consumer data. Each data storage touchpoint is an additional attack surface. With CCPA data privacy regulations kicking in this year, companies need to be more aware of what data they keep and where it’s stored. Maintaining a zero-trust mentality and incorporating security by design is essential for keeping your mobile environment secure.

    Attend this webinar to learn how to prevent mobile app security intrusions and address data privacy challenges. Mobile app developers will also learn how to leverage best practices on building secure mobile apps by closing any privacy gaps that are found throughout the mobile app development life cycle.
  • Jump Start your Application Security in the Cloud Recorded: Oct 23 2019 31 mins
    Bryan Becker, DAST Product Manager, WhiteHat Security; Kashif Hafeez, Senior Director, Product Marketing, WhiteHat Security
    New threats emerge as the landscape of the cloud application evolves from more traditional environments. With technology becoming pervasive and new concepts revolutionizing the nature and reach of IT, applications have become central to business strategy for many organizations. Keeping applications secure has long been a priority.

    Join Bryan Becker, DAST Product Manager at WhiteHat Security, and Kashif Hafeez, Senior Director of Product Marketing at WhiteHat Security, as they cover what's involved in cloud security, and what the difference in challenges are.
  • Unbreakable API’s: Best Practices for Application Security Testing Recorded: Sep 25 2019 38 mins
    Eric Sheridan, Chief Scientist, WhiteHat Security
    APIs are doors into your data and applications, so pausing to include security is just as important as securing web applications. In this presentation we will discuss best practices to ensure that APIs have full security coverage, and how teams can find and fix vulnerabilities before problems arise.

    We’ll also cover the inflection points for security assessment in the software development life cycle (SDLC) as they may vary depending on whether the development team is enabling APIs for legacy applications or building new API-first applications. Join us to learn best practices on when to:

    -Perform DAST of APIs for dynamic scanning, and create a plan for remediating/mitigating discovered vulnerabilities
    -Perform SCA & SAST analysis for the API implementation code within the DevOps process
    -Use secure design patterns within the enterprise application architecture
    -Implement a robust feedback loop within the SDLC to act on the findings of various scans
  • Top 10 Application Security Vulnerabilities for Developers Recorded: Aug 8 2019 32 mins
    Mark Rogan, DAST Manager, WhiteHat Security & Calvin Nguyen, Director of Product Management, WhiteHat Security
    Today’s applications touch millions if not billions of people on a daily basis. With virtually every business using applications to grow, they are critical to companies’ success—yet the vulnerabilities and risks associated with them continue to increase exponentially.

    To help educate the market on avoiding breaches of this nature, the experts at the WhiteHat Security Threat Research Center (TRC) have compiled a Top 10 Application Security Vulnerabilities for Developers, detailing the most common web exploits used by malicious attackers during the past 12 months.

    Join Mark Rogan from the WhiteHat Security Threat Research Center and Calvin Nguyen, Director of Product Management, as they discuss the top vulnerabilities and give valuable prevention tips for enterprises to implement.
  • Deep-Dive into the DevSecOps Framework Recorded: Jul 31 2019 48 mins
    Eric Sheridan, Chief Scientist, WhiteHat Security
    Finely-tuned DevOps provides many benefits to an enterprise, including speed of development, improved deployment frequency, better collaboration between Development and Operations teams, lower failure rates of new releases, and faster times to market. But DevOps software development also presents a fundamental challenge to traditional software security practices. Application security often runs at the end of the software life cycle (SLC), and isn’t in DevOps’ hands. The issue then becomes: how to secure DevOps and make it DevSecOps?

    As application development within Agile environments has increased, the need to bring security into the DevOps equation and enable developers has also grown. Software development is much quicker in an Agile environment. Without proper security or software composition analysis, the breadth of undetected security vulnerabilities can grow farther and faster.

    With more entryways vulnerable to attack (due to more functionality being introduced in applications), the frequency of attacks has also increased. Thus, the term DevSecOps looks to integrate and open cross-functional organizational structures / communications to include application security throughout the SLC and post-release lifespan. Just as DevOps sought to lower the failure rate of the product, DevSecOps seeks to lower the number of vulnerabilities and increase efficiency for detection of the time-to-fix rate.

    Join WhiteHat Security’s Chief Scientist, Eric Sheridan, as he discusses the DevSecOps framework from development, build, to deployment.
  • Mitigating the Risk of IoT with Application Security Testing Recorded: Jul 25 2019 24 mins
    Jeannie Warner, Security Manager, WhiteHat Security
    IoT is made up of Microservices and APIs, making them quick to implement and churn out into production. But are they secure? We will look at the challenges a user of the IoT should be aware of, and what checklists can a programmer use for best practices in IoT development.
  • The Evolution of the Secure Software Lifecycle Recorded: Jul 11 2019 52 mins
    Setu Kulkarni, Vice President Strategy and Business Development, WhiteHat Security
    Findings from the 2018 Application Security Statistics Report on the evolution of the secure software lifecycle. WhiteHat partnered with Coalfire and NowSecure to produce the report.

    -How to measure the effectiveness of your application security investment to help mitigate overall business risk
    -How to defend your applications by evaluating how your vulnerability levels and remediation times compare with industry benchmarks
    -How to develop software more securely by partnering with the security team to adopt tools and methodologies compliant with your software development lifecycle (SDLC)

    Presented by Setu Kulkarni, Vice President Strategy and Business Development, WhiteHat Security
  • Microservices Security: It Will Get Worse Before it Gets Better Recorded: Jul 9 2019 31 mins
    Eric Sheridan, Chief Scientist, WhiteHat Security
    For every 100KLOC, a monolithic application will have an average of 39 vulnerabilities whereas a microservice application will have an average of 180 vulnerabilities. You read that right. According to the data gathered from WhiteHat Security’s 2018 Stats Report, the transition of enterprise monolithic applications to distributed microservices architectures is actually increasing the overall average of total vulnerabilities. But why? Why is it that we seemingly continue to make the same mistakes again and again? And what does this say about the security of microservices architectures, or the developers that build them? The journey to a microservices architecture generally involves the decomposition of an already existing monolith application, wherein previous security assumptions and considerations are often questioned and sometimes invalidated.
    Join Eric Sheridan, Chief Scientist at WhiteHat Security, for a dive into the security trends of microservice architectures. Participants of this talk will learn…
    •Why we are seeing an increase in the number of vulnerabilities with the migration to microservices
    •The most common vulnerability classes facing applications of microservices architectures
    •Strategies that can be used to more readily find and fix vulnerabilities earlier in the development lifecycle
  • 451 Research & WhiteHat Security: A Brave New World for Application Security Recorded: Jun 25 2019 56 mins
    Scott Crawford, Research Director, 451 Research
    A New Year, A Brave New World for Application Security. Are you ready?

    With technology becoming pervasive and new concepts revolutionizing the nature and reach of IT, applications have become central to business strategy for many organizations. Keeping applications secure has long been a priority. The new year brings fundamental changes to the application security battleground – and with them, new questions that organizations must answer:

    • As the nature of application development and operations changes, application security must change with it. How mature is your organization’s approach to new concepts such as continuous integration and deployment? Application containerization? Emerging DevOps toolsets and automation?

    • In addition to tackling the challenges of internal development, applications are exposed to external interaction in a variety of new ways. From APIs to “serverless” concepts, applications face a wider range of exposures than in the past. Are yours secured?

    • External application risks go beyond exposure. Today’s applications frequently leverage third party components - from open source to payment processing and other services. Recently, gaps in securing these components have been implicated in breaches and high-profile vulnerabilities. How will your organization address these risks?

    • Taking on these new challenges will require the best in both technology – making the most of emerging analytics to address scale and complexity – as well as expertise.

    Is your application security strategy ready for these challenges? Join Scott Crawford, Director of Information Security with 451 Research, and Setu Kulkarni, VP Strategy & Business Development with WhiteHat Security, as they seek to raise awareness of these emerging issues and help organizations chart their course ahead.
WhiteHat Security is now the Application Security division of NTT
NTT Application Security is driving the future of application security. For nearly 20 years, organizations around the globe have relied on NTT Application Security to secure their business’ digital footprint in an increasingly application-driven world. Bolstered by its award-winning, cloud-based application security testing platform, NTT Application Security delivers industry-leading accuracy by combining artificial and human intelligence to help security teams quickly identify and remediate potential vulnerabilities.

Formerly WhiteHat Security, the company is an independent, wholly-owned subsidiary of NTT Ltd. and is part of NTT’s security services portfolio. NTT Application Security is headquartered in San Jose, Calif., with regional offices in Houston and Belfast. For more information, visit www.whitehatsec.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Crash Course 2.0 - Cross-Site Scripting (XSS)
  • Live at: Sep 24 2021 8:12 pm
  • Presented by: Cody Beers, Technical Training Manager
  • From:
Your email has been sent.
or close