Hi [[ session.user.profile.firstName ]]

OWASP Top 10: Broken Authentication

Lightboard Lessons (Episode 3): 11 mins
The OWASP Top 10 is a list of the most common security risks on the Internet today. Broken Authentication comes in at the #2 spot in the latest edition of the OWASP Top 10. In this video, our security specialist discusses broken authentication and outlines some mitigation steps to make sure your web application doesn't give access to the wrong users.
Recorded Aug 20 2021 11 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Wagnon, DevCentral, F5
Presentation preview: OWASP Top 10: Broken Authentication

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Avoid Costly Human Errors in Financial Services Using Ansible Automation and F5 Dec 14 2021 6:00 pm UTC 61 mins
    James LEE, F5 | Cameron Skidmore, Red Hat|
    With pressure to move quickly while also accounting for vulnerabilities and avoiding human error, securing applications can be challenging for financial institutions. Instead of using automation to simplify tasks and reduce overhead, financial services are forced to complete those tasks manually. A mounting challenge for SecOps teams is keeping up with the sheer volume and sophistication of attacks, often requiring investigation, diagnoses, and remediation of security threats.

    In this session will review how automation, combined with telemetry, can aid security teams to mitigate most common layer 7 attacks enabling SecOps teams to investigate and resolve more sophisticated threats.

    Join this webinar to:
    - Better understand the true cost of human error in the development cycle.
    - Learn how automation of security aids is protecting financial customer assets against multiple threat vectors.
    - See a live demo showing how F5, Elastic, Red Hat Ansible Automation Platform, and Red Hat OpenShift integrate to automate certain remediation tasks in your IT environment.
  • Fundamentals of Microservices Dec 8 2021 6:00 pm UTC 60 mins
    Owen Garrett Sr. Director, Product Management, NGINX
    Despite powering some of the most popular apps on the planet, microservices – including containers and Kubernetes – are still a mystery to many. Microservices is both an approach to software architecture that builds a large, complex apps from multiple small components and the term for the small components themselves. In this “Microservices 101” webinar, you’ll get an introduction to microservices that will give you a working understanding of the technologies:

    - Monolithic, microservices, and hybrid architectures
    - Containers and Kubernetes
    - Ingress controllers and service meshes
  • Balancing App Innovation in Financial Services Dec 2 2021 6:00 pm UTC 38 mins
    Gee Chow, DevOps Specialist, F5 | Roy Muermann,Solutions Architect, F5
    Attackers are becoming increasingly sophisticated in banking and financial services. Bad actors are now exploiting new vulnerabilities associated with innovative apps aimed to improve customer convenience. Indeed, only 43% of consumers believe companies are doing enough to protect their personal information.

    In this webinar, discover how financial services institutions can balance customer convenience with evolving cybersecurity threats. You’ll learn:

    - A best-fit approach for balancing app innovation with cybersecurity risks
    - Analysis around available app innovation models in financial services
    - The steps needed to implement an evolved enterprise app methodology

    Register Today
  • Down the Rabbit Hole of the Dark Web Nov 17 2021 6:00 pm UTC 28 mins
    John Cianfarani, F5
    The term "dark web" is used so frequently but what is it and what does it really mean? This session aims to help you understand what you can find on the dark web, interesting stats and trends, how to safely access it, and how to protect your web and mobile applications.
  • Stop Fraud Without Friction: How to stay ahead of motivated attackers Nov 11 2021 6:00 pm UTC 61 mins
    Dan Woods, VP Threat Intelligence Center, Shape Security Part of F5
    Competing for customer loyalty in a digital world is hard. To add to this challenge, leaders must defend the business from motivated adversaries who have evolved their tactics to bypass security defenses and evade detection. Any business that operates e-commerce applications or manages user accounts of value is a potential target and the consequences are significant - account takeover (ATO), fraud losses, and damaged brand to name a few.

    Join us for this webinar as Dan Woods, VP Shape Threat Intelligence Center and former FBI Agent, discusses:

    - Attacker economics and the attractive ROI of cyber crime
    - Where attacks originate – automation
    - How attackers adapt – imitation and human fraud
    - How to defeat your adversaries and protect your business from online fraud

    Register Today
  • Defeating Application Fraud in a Multi Cloud World Nov 9 2021 6:00 pm UTC 42 mins
    Shuman Ghosemajumder, Global Head of AI, Shape/F5
    Get the new blueprint for keeping your financial services institution secure

    Online fraud losses from application attacks are estimated to exceed $48 billion per year by 2023, making applications the single most lucrative targets for cybercriminals. Financial services institutions are naturally at risk, especially those currently maintaining open-banking platforms, migrating cloud applications or struggling to rapidly develop and deploy applications.

    Join F5 Global Head of AI, former CTO Shape Security Shuman Ghosemajumder to explore:

    •New and emerging fraud and cyber threats for financial services institutions
    •How to maintain top security through outcome-based methodologies
    ●The role AI plays to proactively secure financial institutionsBillions of dollars, reputation and critical online services are at stake.

    To remain secure, financial services institutions need to hold their partners and technology accountable for outcomes rather than only relying on them for functionality that cybercriminals render ineffective.
  • Leveraging AI in Next Generation Cybersecurity Nov 2 2021 6:00 pm UTC 46 mins
    Shuman Ghosemajumder, VP, Global Head of AI, F5
    Over the course of the last decade, the nature of cybersecurity has changed, evolving past the idea of cybersecurity being a system of logical controls to fully prevent attackers from infiltrating systems, to becoming a data analytics problem based on behavioral analysis of attack patterns to detect them when they do. In addition, the key attack surface has changed from internal systems to publicly facing applications which hold the world’s user data. As such, fraud and abuse have become the primary focus areas for organizations’ defensive efforts, and the use of artificial intelligence, particularly machine learning, has become one of the principal tools.

    This talk will review how cybersecurity challenges have changed, examine the emergence of credential stuffing as the #1 cybersecurity problem in the world, with real data from major corporations, and demonstrate next generation uses of machine learning in defending organizations and millions of users around the world.
  • Securing Your Apps Like a Vegas Casino with F5 NGINX Oct 28 2021 5:00 pm UTC 38 mins
    Zach Westall, Product Marketing Manager, F5| Rajiv Kapoor, Manager of Product Marketing, F5
    Security at casinos is robust and multi-layered—the stakes are too high for it not to be. That’s why high-end Las Vegas casinos deploy complementary, multi-layered, and context-appropriate security controls. And they put those controls in place for their facilities’ different needs and functions.

    Other modern enterprises can adopt a similar mixed environment for their enterprise application security posture. These mixed environments, consisting of monolithic, cloud-native, and microservices-based apps, must strike a balance between free movement of traffic and data and a Zero Trust security posture.

    In this webinar you’ll learn:
    - The advantages of a layered and context-appropriate approach to application security
    - The challenges of relying on rigid, inflexible app security
    - The solutions offered by F5 NGINX to outsmart bad actors
  • Improve Security Across the F5 WAF Engine with Better Visibility and Correlation Oct 27 2021 5:00 pm UTC 23 mins
    F5 and Stellar Cyber
    With F5 and Stellar Cyber, enterprises gain 360-degree visibility across their IT operations and can more easily remediate any security vulnerabilities that do arise. Stellar Cyber provides a leading open security operations platform providing high-speed, high-fidelity threat detection across the entire attack surface, and F5 is the industry leader in protecting apps. By consolidating visibility and analytics across F5’s WAF products through Stellar Cyber, this joint solution delivers best-of-breed protection, 360-degree visibility, high-fidelity detection, and fast remediation—all easily accessed through a single, intuitive user interface.
  • Preventing Fraud and Abuse: Tips from a former FBI Agent Oct 21 2021 5:00 pm UTC 54 mins
    Dan Woods, VP Shape Intelligence Center and former FBI Agent, F5
    Fraudsters and thieves are doing everything in their power to exploit loopholes in organizations digital optimization efforts to drive fraud and abuse that results in billions of dollars in losses each year.

    In our upcoming webinar, Dan Woods, VP Shape Intelligence Center and former FBI Agent, explores how you can reduce user friction, manage load on infrastructure, and improve conversion rates without leaving you open to attacks.

    In this webinar you will learn:
    - How to be “cyber smart” by using Shape’s AI and ML to accurately classify web traffic and protect mobile app sessions in real time
    - The ins and outs of detecting and mitigating business logic abuse attacks
    - Practical, actionable ways to reduce losses due to fraud and abuse
  • Choosing the Right WAF Deployment Model Recorded: Oct 19 2021 62 mins
    Peter Scheffler, Sr. Solutions Architect, F5 | Joe Martin, Security Solution Architect, F5 | Gee Chow,Devops Specialist, F5
    Applications are architected in many ways, but all need protection from threats. Despite the industry’s best efforts to strengthen secure application development practices, decentralised and complex application deployments are difficult to protect.

    The good news is that there are tools to help you bolster your apps against breaches by mitigating vulnerabilities and stopping attacks: Web Application Firewalls (WAFs)

    Are you planning to refresh your current WAF solution? Are you moving your apps to modern environments? Join this webinar to help you choose the right WAF deployment model for your business – Self-managed, Cloud-delivered (SaaS), or Managed service.

    We will cover:
    • Pros and cons of different WAF deployment options
    • Advanced protections
    • Behavioural analytics
    • Proactive bot protection
    • API security
    • Integration into app dev lifecycle (CI/CD pipeline)
  • The State of the State of Application Exploits in Security Incidents Recorded: Oct 14 2021 61 mins
    Ray Pompon, F5 | Peter Scheffler, F5
    The F5 Labs team recently collaborated with the Cyentia Institute, industry leaders in security data science, to publish a new report: The State of the State of Application Exploits in Security Incidents

    No, that title isn’t a typo—this webinar, based on a new report by the same name, is a meta-analysis of several prominent industry reports, each of which covers the state of application security, hence the name, ‘the state of the state of.’ The goal was to find consensus and clarity within the world of application security research to discover the common exploits and attack vectors.

    In this webinar, we’ll cover key findings from the report, including:

    - The most prevalent web application exploits and how to avoid them
    - The damaging, long term effects of weak passwords
    - What threat groups are responsible for most amount of impact in web application attacks
    - Why the average-time-to-discovery for web app incidents is so much longer than other extreme loss events
  • Upgrading BIG-IP: 4 Tips that Matter Most Recorded: Sep 30 2021 58 mins
    Jon Calalang, Solutions Architect, F5 | Sebastian Maniak, CEO and Co-founder, S144 inc
    Lifecycle management of BIG-IP platforms is a continuous task. Wondering where to start, where to go, and how to get there? Come along on the journey of an upgrade and hear examples of successful solutions to help you navigate.

    In this webinar, an F5 architect and a DevCentral MVP evangelist will explore steps taken to maintain BIG-IP. They'll be sharing real-world best practices and automation examples.

    In this webinar we'll cover:

    - The current BIG-IP recommended version, and why

    - Using automation for easier BIG-IP upgrades

    - F5 community solutions available for testing

    - Best practices on navigating support and real-world steps
  • Discover How to Manage F5 deployments in Azure with HashiCorp Terraform Cloud Recorded: Sep 28 2021 54 mins
    Mark Menger, F5 | Justin Linn, HashiCorp
    The rate at which new applications are being deployed is continuing to increase, with organizations often employing 10 or more application services to power them. This drives the need for organizational visibility and enhanced collaboration among network, security, ops teams, and even developers to build and roll out applications securely and at speed.

    To deploy platform independent application services—that scale on demand without hindering deployment speeds—organizations need to implement a consistent way to both provision critical infrastructure and manage critical services while adhering to organizational policies. This is where F5 and HashiCorp comes in.

    In this webinar, we’ll cover:
    - Deploying and configuring F5 in Azure
    - Leveraging HashiCorp Sentinel policies for compliance and governance
    - Managing and versioning F5 configurations in Terraform Cloud
  • Real Attack Stories: Tales from the Front Lines Recorded: Sep 16 2021 61 mins
    Peter Silva, F5 | John Wagnon, F5 | Edgar Ojeda, F5
    F5’s Security Operations Center (SOC) analysts work 24x7 with customers to thwart attacks and add protections to keep their businesses up and running. Oftentimes, these attacks are easily mitigated. But occasionally, even we have to take a step back. Join our webinar to hear real attack stories, told by the analysts that stopped them.

    In this webinar, we’ll cover:
    - How, just a few weeks ago, one financial institution was the victim of the largest DDoS attack in Silverline history at 1.2 TB per second
    - How a state agency dealt with a widespread credential stuffing attack affecting unemployment benefits at the beginning of the COVID-19 pandemic
    - What happened when a relatively small bank was the focus of an extremely persistent account takeover attack
  • Introducing the Edge 2.0 Architecture Recorded: Sep 16 2021 65 mins
    Bart Salaets, Sr Director Solutions Engineering, F5 | Nico Cartron, Sr. Solutions Engineer, Volterra (Now Part of F5)
    Delivering rich digital experiences to your clients requires a combination of multiple networks, clouds, CDNs, and edges that are manually stitched together. This creates a lot of operational complexity as each platform has a unique set of tools and services.

    In addition, having your applications distributed over a multitude of different platforms exposes new ways for attackers to exploit vulnerabilities. Current edge solutions do not provide the level of functionality or defence required by today’s digital enterprises.

    The market is ready for a shift – the shift to Edge 2.0.

    Join us for this session to learn how new platforms will allow you to build the edge architecture of the future. We will cover the following key aspects:

    • Security-first: Security must be a fundamental aspect of an edge platform, not just an add-on

    • App-driven: The needs of the apps must define the edge, rather than the apps fitting the constraints of the edge

    • Unlimited scalability: The edge must be software-defined and able to expand outside the boundaries of the edge provider, including public clouds and private data centers
  • 10 Questions to Ask a Bot Mitigation Manager Recorded: Sep 15 2021 62 mins
    Byron McNaught, F5 | Rob Roj, Shape Security (Part of F5)
    Businesses need to consider the broader implications of bots and automated attacks in order to reduce fraud and operational complexity while improving customer conversion and revenue. See how bot mitigation can provide a critical component of a comprehensive strategy to stop automated fraud, prevent account takeover (ATO), and preserve the customer experience to maximize revenue potential—and what questions you should ask prospective bot mitigation vendors to ensure your business succeeds in the new digital world.


    Key Learning Objectives:

    - Learn why bot mitigation vendors should be evaluated on strategic business outcomes beyond security efficacy, including the ability to reduce fraud losses and improve the customer experience

    - Understand how motivated cybercriminals evolve their attacks from simple credential stuffing to more advanced automation using Browser Automation Studio

    - See how F5 Shape solutions maintain resilience and efficacy no matter how attackers retool to bypass security countermeasures
  • Defend your financial services organization against sophisticated fraud Recorded: Sep 14 2021 62 mins
    Shehzad Shahbuddin Sales Engineer, F5 and Carl Mosby III Manager of the West Region Solutions Engineering, F5
    In financial services, keeping gross fraud loss in check is critical to the brand and the bottom line. Unfortunately, financial services institutions are lucrative targets for organized crime rings and the tools that enable cybercriminals are becoming more sophisticated and less expensive. You need the latest intelligence if you want to protect your organization.

    Join this session to learn:
    • New threats from organized crime rings related to the credential marketplace landscape.
    • Insights and evidence around how criminal organizations are increasingly reverting to manual (i.e., human-driven) fraud methods, and how to stop them.
    • The latest machine learning algorithms trained by attack profile, risk surface, and historical fraud records that specifically protect banks, credit unions, and other financial institutions.

    Register Today
  • Episode 2: Shape Defense in Action - Think Like an Attacker Series Recorded: Sep 8 2021 42 mins
    Gates Lamb, Solutions Engineer, F5
    Shape Security (Part of F5), protects web and mobile applications from fraud and abuse by answering 3 fundamental questions about the user:



    Are you human?
    Are you good or bad?
    Are you who you say you are?
    By answering these questions, Shape makes it possible to stop malicious automated attacks, identify fraudulent human activity, and reward legitimate users all in real time. Interested in seeing Shape’s defense in action? Join us for an upcoming session.



    This interactive series will cover:

    - How an attacker thinks through constructing an automated attack.
    - The tools used by attackers and how quickly an attack can be launched.
    - Things to look for to detect if there is automation present in your environment.
    - How Shape’s understanding of the user protects and enables online web and mobile applications.
  • Avoid Costly Human Errors in Financial Services Using Ansible Automation and F5 Recorded: Aug 26 2021 61 mins
    James Lee, F5 | Cameron Skidmore, Red Hat
    With pressure to move quickly while also accounting for vulnerabilities and avoiding human error, securing applications can be challenging for financial institutions. Instead of using automation to simplify tasks and reduce overhead, financial services are forced to complete those tasks manually. A mounting challenge for SecOps teams is keeping up with the sheer volume and sophistication of attacks, often requiring investigation, diagnoses, and remediation of security threats.

    In this session will review how automation, combined with telemetry, can aid security teams to mitigate most common layer 7 attacks enabling SecOps teams to investigate and resolve more sophisticated threats.

    Join this webinar to:
    - Better understand the true cost of human error in the development cycle.
    - Learn how automation of security aids is protecting financial customer assets against multiple threat vectors.
    - See a live demo showing how F5, Elastic, Red Hat Ansible Automation Platform, and Red Hat OpenShift integrate to automate certain remediation tasks in your IT environment.
Your apps—fast, available and secure—in any cloud.
At F5, our mission is based on the fact that businesses depend on apps.
Our long-standing belief that applications are the most valuable assets of any organization in the digital age has been the foundation of our strategy to become the leader in multi-cloud application services. When you combine F5 and NGINX's expertise powering over half of the world's applications across all types of environments, with Shape's insight from mitigating 1 billion application attacks per day, you have a company that knows how to deliver and secure more applications, and more value, than any company in the industry.
This means that we are able to deliver and protect applications—revenue generating, brand-anchoring applications—from the point at which they are created through to the point where consumers interact with them. In other words, from "code to customer." This makes the combined forces of F5, NGINX, and Shape absolutely essential to every digital organization in the world, including the world's largest enterprises, service providers, financial and educational institutions, government entities, and consumer brands.

Visit F5 at: https://www.f5.com/company

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: OWASP Top 10: Broken Authentication
  • Live at: Aug 20 2021 10:26 pm
  • Presented by: John Wagnon, DevCentral, F5
  • From:
Your email has been sent.
or close