Name: The Future of Attacker Automation and AI
Start: 2023-06-08T11:00:00Z
End: 2023-06-08T11:00:44.000Z
Location: BrightTALK
Rating: 5

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to secure and optimize every app and API anywhere—on premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats.

SSRF flaws occur when a web app fetches a remote resource without validating the user-supplied URL. Attackers can coerce the app to send a request to an unexpected destination—even if it’s secured by a firewall, VPN, or other network access control list (ACL). 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 

Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.

OWASP Top 10: Server Side Request Forger - Ep10

The rise of multi-cloud and edge architectures is resulting in applications becoming more distributed and interconnected across different environments. Managing and securing these connections between applications and the associated APIs across different cloud networks is extremely complex.

Multi-cloud networking aims to address and simplify these challenges.

In this session, we will share case studies of how multi-cloud networking has solved critical business problems for our customers:

- Interconnecting applications and securing APIs across private data centres and public clouds
- Connecting cloud-native applications across a set of distributed Kubernetes clusters
- Enriching traditional MPLS- and SD-WAN-based services with multi-cloud networking to simplify and secure application interconnectivity between clouds


By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 3 - Multi-Cloud Networking in Action: Real-World Success Stories

Without properly logging and monitoring app activities, breaches cannot be detected. Not doing so directly impacts visibility, incident alerting, and forensics. The longer an attacker goes undetected, the more likely the system will be compromised. 
  
Protect Your Web Apps from New and Critical Risks 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open-source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn:
 
 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
  
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Security Logging and Monitoring Failures - Ep9

The pace of the adoption of generative AI is set to eclipse nearly every other major technology introduction in the past two decades. As an inherently democratised technology usable by technical and non-technical users alike, security professionals are being challenged to leverage it as a tool – and view it as a threat.

In this session, we will examine the defensive and offensive uses of generative AI, and attempt to predict what the future holds for the cyber security industry as we adjust to the rapidly growing "new normal". You will learn about:

- The emerging threat surface created and embodied by generative AI technologies
- Ways that adversaries use and abuse generative AI, and possible defences
- A simple way to classify AI workloads that you can easily apply
- What the future holds for AI-backed security



By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 2 - Generative AI in Cyber Security: A Double-Edged Sword

This new risk category focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. The SolarWinds supply-chain attack is one of the most damaging we've seen. 
  

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn:
 
 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 
 
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
  
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Software and Data Integrity Failures - Ep8

In a work-from-anywhere and multi-cloud world, keeping your organisation safe has become incredibly complex. Adding more and more security vendors and products isn't necessarily solving the problem as attacks are getting more sophisticated.

The industry is realising that customers need fewer but more effective solutions that can be easily integrated into one coherent security architecture.

In this session, our Field CTO in EMEA will share his perspectives on the security solutions landscape and help you navigate the myriad of architectural approaches. He will cover:

- Key trends in the security industry
- Consolidation and evolution through cyber security mesh architectures
- How multi-cloud and work-from-anywhere have transformed the security industry
- What WAAP, CNAPP, SSE, SASE, CSMA, and other trending security acronyms are all about and how they fit together
- How customers can strengthen and simplify their security posture in this new reality




By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 1 - Comparing and Positioning Security Architectures

It is critical to confirm identity and use strong authentication and session management to protect against business logic abuse. Most authentication attacks trace to the continued use of passwords. Compromised credentials, botnets, and sophisticated tools provide an attractive ROI for automated attacks like credential stuffing. 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Watch the other episodes of the series below.

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Identification and Authentication Failures - Ep7

The pace of the adoption of generative AI is set to eclipse nearly every other major technology introduction in the past two decades. As an inherently democratised technology usable by technical and non-technical users alike, security professionals are being challenged to leverage it as a tool – and view it as a threat. 
 
In this session, we will examine the defensive and offensive uses of generative AI, and attempt to predict what the future holds for the cybersecurity industry as we adjust to the rapidly growing "new normal". You will learn about: 
 
 • The emerging threat surface created and embodied by generative AI technologies
 • Ways that adversaries use and abuse generative AI, and possible defences
 • A simple way to classify AI workloads that you can easily apply
 • What the future holds for AI-backed security

Generative AI in Cyber Security: A Double-Edged Sword

Most organizations today have apps and APIs deployed across multiple different architectures as choosing the right environment for each application —a specific public cloud, edge location, and/or on-premises data center— is important to best serve the needs of the business. However, that flexibility comes at a high price: managing complex, disparate environments, significantly increased operational complexity and cost, loss of end-to-end visibility into the health and performance of digital services, and an exponentially expanding surface area for potential cyberattacks. These distributed environments represent a new normal, so it’s critical to mitigate the operational complexity that accompanies them.

Join the conversation to hear answers to hard-hitting questions about making distributed environments easier to connect, manage and secure.

Keys to Making Distributed Multi-Cloud App Environments Easier to Manage

APIs have become one of cybercriminals’ favorite vectors for account takeover attacks. Credential stuffing, business logic abuse, and DDoS attacks are just some of the malicious automated bot attacks deployed to take over accounts and perpetrate identity theft and fraud.

Readily available scripts and tools make orchestrating API attacks easier than ever, and legacy bot defense techniques struggle to detect these potentially devastating incursions. Thus, it’s no surprise that, according to recent Google Cloud research, 50% of organizations experienced an API security incident in the past 12 months.*

With such a dire threat via APIs negatively impacting user data and the bottom line, F5 and Google Cloud are hosting a panel discussion to answer your pressing questions about API security and tactics.

Thwart the Account Takeover Menace – Join the API Security Conversation

As organizations increasingly adopt hybrid architectures and microservices, the number of APIs utilized within their ecosystems continues to grow at an exponential rate. This phenomenon, known as API sprawl, poses significant challenges in terms of security, governance, and efficiency. But of them all, API security might require the most urgent response.

For organizations trying to secure their APIs, multi-cloud complexity and difficulty enforcing consistent security top the list of challenges according to F5’s State of Application Strategy Report (2023). To address API sprawl, organizations need to adopt a more holistic app and API security strategy for their organization including components that deliver runtime protection, posture management, and help integrate security and code testing earlier in the software development lifecycle.

Join the conversation to hear Joshua Haslett, Ian Dinno, and David Remington's answers to hard-hitting questions about API sprawl, management and security.

Untangling APIs: Addressing Sprawl and Securing Your Digital Ecosystem

Attackers will repackage mobile apps, inject malware, hooking frameworks, and perform overlay attacks to cause security breaches, data leaks, and gain privileged access. Once a mobile app is controlled or hijacked, attackers can attack your server-side applications using automated attacks. They will also steal sensitive data that resides in your mobile apps, such as customer credentials, API keys, and intellectual property. You are on the hook for rigorous compliance standards for privacy (ex: GDPR, CCPA), payments (ex: EMVCo SBMP, PCI, & PSD2), and health records (HIPAA).

Part of picking the right infrastructure is knowing you can extend secure experiences to mobile applications. With intellectual property and sensitive information flowing through these mobile apps, it’s important to understand the risk and what you can do to make this a safe channel for your business.

You’ll also learn more about F5’s new mobile app security solution which can help you reduce security risk and meet compliance. Join the conversation and see how mobile application security can be a bigger part of your secure application vision.

Stop Bad Actors From Attacking Your Mobile Apps

While security and operations teams care deeply about their ability to deliver the best experience possible for their customers while enhancing operational efficiencies, there is plenty left for the board and the executive staff to consider when it comes to bots and automated attacks.

F5 Distributed Cloud Bot Defense for Google Cloud enables frictionless security that complements performance, automation, and insight to deliver and scale the application experience.

Join the conversation to determine the economic impact of bots on your business so you can demonstrate to the board that the top and bottom lines are safe from bot-generated compromise.

By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Bots to Board Room: The Often-Missed Economic Impact of Bots

Open Source software exploits are behind many of the biggest security incidents. The recent Log4j2 vulnerability is perhaps the most serious risk in this category to date. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Watch the other episodes of the series below.

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Vulnerable and Outdated Components - Ep 6

Security Misconfiguration is a major source of cloud breaches. Learn what to do and avoid—as modern app development, software re-use, and architectural sprawl across clouds increases this risk. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Watch the other episodes of the series below.

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Security Misconfiguration - Ep 5

Security needs to be inherent to applications. A secure design can still have implementation defects leading to vulnerabilities. An insecure design can’t be fixed by perfect implementation. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Watch the other episodes of the series below.

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Insecure Design - Ep 4

Injection is a broad class of attack vectors where untrusted input alters app program execution. This can lead to data theft, loss of data integrity, denial of service, and full system compromise. Injection is no longer the top risk, but still formidable. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Watch the other episodes of the series below.

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Injection - Ep 3

Cryptographic failures, previously known as "Sensitive Data Exposure", lead to sensitive data exposure and hijacked user sessions. Despite widespread TLS 1.3 adoption, old and vulnerable protocols are still being enabled. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
•  Recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Watch the other episodes of the series below.

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Cryptographic Failures - Ep 2

Optimizing cloud application security through relevant ISO standards

The Human and Machine Identity Problem in SaaS Environments

How to Prioritize Critical Vulnerabilities to Protect Your Cloud Applications

Enhancing Mobile App Security: Strategies for Conquering Business Obstacles

Top 10 Azure security tips from 10 years of securing Azure applications

Protect Your Apps and APIs to Thrive in a Multi-Cloud World

Prioritizing SSE to Protect the Modern Digital Business

Considerations in application tooling

Security and the DevSecOps Platform: Approaches, Methods, and Tools

Explore application security tools and testing to strengthen software defenses

Web Application Security is Broken. What Comes Next?

Understanding Growing AppSec Concerns Around API Security

How the New Web Application Architecture is Changing Web Application Security

Ensure security with DevSecOps

Key Findings from the 2023 Thales Data Threat Report

A CXO's guide to application security in the age of digital transformation

Effective Application Security

Automation is a growing security problem that most organisations don’t recognise as many have no way of identifying which “users” are real humans and which are bots. Taking advantage of this blind spot, hackers can easily automate or scale attacks, imitate human mouse usage, or leverage AI tools like ChatGPT to assist in malicious coding and phishing campaigns.
 
And, because moderate and advanced bots can easily evade your defences by posing as human users, MFA, WAFs, and CAPTCHAs are no longer enough to mitigate this threat.

Watch this Fireside Chat featuring David Warburton, Director at F5 Labs, the threat research division of F5, and Editor in Chief at ComputerWeekly Bryan Glick to access an in-depth discussion on the state of attacker automation and learn how to shore up your app vulnerabilities against emerging threats.
 
Additional agenda items include:
 
• The type of attacks bots and automation are capable of
• Future trend predictions for AI-based attacks
• Why cloud migration complicates the bot defence process

The Future of Attacker Automation and AI

Automation

Application Security

Application Monitoring

Phishing

Enterprise Architecture

Enterprise Applications

Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Future of Attacker Automation and AI

Presented by

About this talk

More from this channel