Name: 2021 TLS Report: How Not to Configure HTTPS
Start: 2022-03-15T14:00:00Z
End: 2022-03-15T14:00:53.000Z
Location: BrightTALK
Rating: 0

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to secure and optimize every app and API anywhere—on premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats.

SSRF flaws occur when a web app fetches a remote resource without validating the user-supplied URL. Attackers can coerce the app to send a request to an unexpected destination—even if it’s secured by a firewall, VPN, or other network access control list (ACL). 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 

Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.

OWASP Top 10: Server Side Request Forger - Ep10

Without properly logging and monitoring app activities, breaches cannot be detected. Not doing so directly impacts visibility, incident alerting, and forensics. The longer an attacker goes undetected, the more likely the system will be compromised. 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
 
 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

 Follow the link to sign up and tune into the next episode. 
  
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Security Logging and Monitoring Failures - Ep9

This new risk category focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. The SolarWinds supply-chain attack is one of the most damaging we've seen. 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
 
 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 
 
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

Follow the link to sign up and tune into the next episode. 
  
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Software and Data Integrity Failures - Ep8

It is critical to confirm identity and use strong authentication and session management to protect against business logic abuse. Most authentication attacks trace to the continued use of passwords. Compromised credentials, botnets, and sophisticated tools provide an attractive ROI for automated attacks like credential stuffing. 
  
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The 2021 update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 
 
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.

 Follow the link to sign up and tune into the next episode. 
 
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Identification and Authentication Failures - Ep7

Open Source software exploits are behind many of the biggest security incidents. The recent Log4j2 vulnerability is perhaps the most serious risk in this category to date. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

Follow the link to sign up and tune into the next episode. 

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Vulnerable and Outdated Components - Ep 6

Security Misconfiguration is a major source of cloud breaches. Learn what to do and avoid—as modern app development, software re-use, and architectural sprawl across clouds increases this risk. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

 Follow the link to sign up and tune into the next episode. 

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Security Misconfiguration - Ep 5

Security needs to be inherent to applications. A secure design can still have implementation defects leading to vulnerabilities. An insecure design can’t be fixed by perfect implementation. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
 Follow the link to sign up and tune into the next episode. 

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Insecure Design - Ep 4

Injection is a broad class of attack vectors where untrusted input alters app program execution. This can lead to data theft, loss of data integrity, denial of service, and full system compromise. Injection is no longer the top risk, but still formidable. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
 Follow the link to sign up and tune into the next episode. 

 By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Injection - Ep 3

2021 OWASP Top 10: Cryptographic Failures - 02 

Cryptographic failures, previously known as "Sensitive Data Exposure", lead to sensitive data exposure and hijacked user sessions. Despite widespread TLS 1.3 adoption, old and vulnerable protocols are still being enabled. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes for 2021, including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Follow the link to sign up and tune into the next episode.

OWASP Top 10: Cryptographic Failures - Ep 2

With cloud architectures, protecting both the application business logic and the underlying infrastructure is paramount. With the F5 Distributed Cloud platform, your business logic is secured by comprehensive WAAP functions, providing WAF, DDoS, bot defence, and API security capabilities, while your cloud workloads are kept safe with Application Infrastructure Protection.

In this track, you will learn how easily you can:

• Protect your applications with state-of-the-art WAAP capabilities
• Combine WAAP with cloud workload protection to secure the cloud-native infrastructure
• Enhance application performance, availability, and user experience with advanced DNS and CDN capabilities


By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Session 2: Protect Your Apps and APIs across a Distributed Cloud

94% of tested apps showed some form of broken access control. Failures can result in unauthorized disclosure, modification or destruction of data, privilege escalation and lead to account takeover (ATO), data breach, fines, and brand damage. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes and including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
  
Follow the link to sign up and tune into the next episode. 
 
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Broken Access Control - Ep 1

With cloud architectures, protecting both the application business logic and the underlying application infrastructure is paramount. With the F5 Distributed Cloud platform, your business logic is secured by comprehensive Web Application and API Protection (WAAP) functions, providing WAF, DDoS, bot defence, and API security capabilities, while your cloud workloads are kept safe with the Application Infrastructure Protection components of the platform.

In this track, you will learn how easily you can:

• Protect your applications with state-of-the-art WAAP capabilities
• Combine WAAP with cloud workload protection to secure the cloud-native infrastructure
• Enhance application performance, availability, and user experience with advanced DNS and CDN capabilities

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Session 1: Protect Your Apps and APIs across a Distributed Cloud

John starts out by explaining what the OWASP Top 10 is. He highlights themes like risk re-orientation around symptoms and root causes, new risk categories, and modern application architectures. Follow along for a video on each of the Top 10 risks. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Follow the link to sign up and tune into the next episode. 

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Overview

Learn how you can deploy and consume F5 Distributed Cloud Services closer to your apps, either on premises or in private and public clouds, by leveraging the Customer Edge concept. While the operational model is identical to the one explained in the previous sessions, the deployment model is different. 

F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data center, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Decentralising WAAPaaS with Customer Edge - Ep 6

Get insights into how F5 Distributed Cloud Services can help simplify bot and automated threat protection. We will demonstrate how our embedded AI engine makes detection and protection highly accurate. 

F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data centre, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

 By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Blocking Automated Threats and Smart Bots - Ep 5

Get an understanding of application-layer DDoS protection in F5 Distributed Cloud Services and learn about its attack detection capabilities. We will demonstrate how to configure the solution to mitigate attack traffic. 

F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data center, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Protecting Applications against DDoS Attacks - Ep 4

Gain insights into how F5 Distributed Cloud Services can help you integrate security into the API development lifecycle, ensuring your SecOps-governed API security policies stay in sync with the latest API changes by the DevOps teams. 

 F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data center, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Applying the Easy Button for API Security - Ep 3

The rise of multi-cloud and edge architectures is resulting in applications becoming more distributed and interconnected across different environments. Managing and securing these connections between applications and the associated APIs across different cloud networks is extremely complex.

Multi-cloud networking aims to address and simplify these challenges.

In this session, we will share case studies of how multi-cloud networking has solved critical business problems for our customers:

- Interconnecting applications and securing APIs across private data centres and public clouds
- Connecting cloud-native applications across a set of distributed Kubernetes clusters
- Enriching traditional MPLS- and SD-WAN-based services with multi-cloud networking to simplify and secure application interconnectivity between clouds

Ep 3 - Multi-Cloud Networking in Action: Real-World Success Stories

Encryption plays an essential role in securing our online lives. Yet with web server misconfigurations, new vulnerabilities, and governments attempting to weaken encryption, it’s never been more difficult to get HTTPS right. In fact, it’s such a problem that the OWASP Top 10 list now has “cryptographic failures” as the second most critical risk to securing web applications.

In the newly released F5 Labs 2021 TLS Telemetry Report, encryption experts dive into the results of their open-source HTTPS scanner, Cryptonice, that shows us how some websites are making progress while others are leaving themselves open to abuse with their TLS configurations. Through TLS fingerprinting they also reveal how the world’s most popular sites may be hiding malicious command and control servers.
Join this webinar to find out why strong HTTPS configurations are so critical to your online security posture. We’ll also explain some of the more important events over the past 18 months, including a look at TLS 1.3, some newly discovered vulnerabilities, and how you can use the Cryptonice tool to evaluate the security of your own HTTPS websites.

In this webinar you'll learn:
- How the world’s most popular sites configure HTTPS
- The pitfalls of HTTPS and the vulnerabilities that many websites still leave themselves open to
- How to use Cryptonice to scan your internal and public facing websites
- The current TLS/HTTPS best practices and recommendations

By watching this episode, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

2021 TLS Report: How Not to Configure HTTPS

Application Security

HTTPS

Application Delivery

Security

DevOps

Cyber Defence

Cyber Attacks

Data Analytics

Encryption

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

2021 TLS Report: How Not to Configure HTTPS

Presented by

About this talk

More from this channel