Name: How an Attacker "Audits" Your Software Applications
Start: 2019-11-19T19:00:00Z
End: 2019-11-19T20:02:44.000Z
Location: BrightTALK
Rating: 4.6

Security Innovation is an authority on software security and helps organizations build and deploy more secure software.  Global technology vendors and enterprise IT organizations such as Microsoft, IBM, FedEx, ING, Symantec, Coca-Cola and GE rely on our expertise to understand the security risks in their software systems and facilitate the software and process change necessary to mitigate them. 

Security Innovation specializes in software security, an area where traditional “information security” and “business” consultants tend to struggle. We have been analyzing application vulnerabilities and risk for almost a decade and were one of the first providers of software risk solutions to Fortune 500 firms. Our unrivaled proficiency in technical analysis, coupled with sound knowledge of business processes, results in world-class solutions that bridge the gap between application security holes and risk management optimization.

Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Standards Council is the authority on protecting cardholder data with specific methods for compliance with its standards. Join this webinar to better understand these methods for PCI compliance. You'll learn how to make data theft more difficult for attackers and how to render stolen data unusable.

Topics covered:

• Properly protecting stored cardholder data  - encryption, hashing, masking and truncation 

• Securing data during transmission -  using strong cipher suites, valid certificates, and strong TLS security

• How to identify and mitigate missing encryption

Protect Sensitive Data (and be PCI Compliant, too!)

Data security is always top-of-mind for cybersecurity executives; however, emerging technology and attack developments will pose new risk to the data we try to secure.

Come hear how 3 leaders approach dynamic threats of the 20's, including:

• Tech Temperature – Hot or cold? 
- Artificial Intelligence 
- 5G: too dense and fast for its own good? 
- Applied Crypto: Blockchain, NFTs, and de-centralized trust
- Quantum computing

• Intrinsic Dependencies
- Cloud: expansion or evaporation?
- Passwords, authentication, biometrics 

• Changing Attack Landscape

Ed TALKS: Keeping Secrets – The Future Threats to Data are Here

Regulatory compliance mandates have historically focused on IT & endpoint security as the primary means to protect data.  However, as our digital economy has increasingly become software dependent, standards bodies have dutifully added requirements as they relate to development and deployment practices. Enterprise applications and cloud-based services constantly store and transmit data; yet, they are often difficult to understand and assess for compliance. 

This webcast will present a practical approach towards mapping application security practices to common compliance frameworks. It will discuss how to define and enact a secure, repeatable software development lifecycle (SDLC) and highlight activities that can be leveraged across multiple compliance controls.  Topics include:

* Consolidating security and compliance controls 
* Creating application security standards for development and operations teams
* Identifying and remediating gaps between current practices and industry accepted "best practices”

Aligning Application Security & Compliance

While traditional assessment techniques like pen testing and scanning are effective at catching issues before software is deployed, they are simply not scalable given today’s accelerated releases. To release software with confidence, organizations need to address their core issue – people & process gaps.   

This webcast will demonstrate how implementing core security activities into your SDLC and augmenting with role-specific training will yield more self-defending software. Topics include:

- Today’s software security landscape and challenges
- Breaking the Find & Fix hamster wheel
- Fusing activities (the what) and skills (the how) to amplify risk reduction

People & Processes: The Yin and the Yang of Software Security

Join Mathieu Gorge, CEO of Vigitrust, and three esteemed co-authors for an Ed Talks to discuss the best-selling book "The Cyber Elephant in the Boardroom" - a real-world playbook for Cyber Security approaches and accountability. This dynamic panel will explore how businesses have adapted to an increasingly digital landscape, why cloud security is critical for application safety today, tips for incorporating robust protection into any coding process and delve into the implications of potential cyber risk at boardroom levels.

The Panelists:

Mathieu Gorge, an internationally acclaimed cybersecurity expert, is the founder and CEO of VigiTrust, a risk management company. With his prolific work in this field recognized by Forbes - authoring 'The Cyber Elephant In The Boardroom' - he's set to release his second book due out summer of 2023!

Cathy C. Smith is a leading authority in the DX space, pushing boundaries and driving innovation through her experience with major global organizations such as Deutsche Bank and Dell. She is the founder of Women in Tech NJ & NY. Her book "How to Become a Digital Leader" provides insights on leading organizations into emerging technologies that remain future-proofed for success.

Nick Vigier is a highly esteemed cybersecurity expert with extensive knowledge and experience in the field. He has been a CIO or CISO at many successful companies, including Talend, Sony, and Gemini. His vast knowledge makes him the go-to expert for media outlets looking to understand the ever-changing security landscape.

Ed Adams is a leading software quality and security authority, offering over two decades of expertise. As President & CEO of Security Innovation, creator & host of 'Ed TALKS' and board member for Cyversity – he's established himself as an industry thought leader with invaluable insights to share.

Ed TALKS: The Cyber Elephant in the Boardroom

The modern enterprise is highly dependent on the cloud and software-driven systems. To protect them, teams need relatable training that reflects the technologies they work with. Otherwise, they’ll tune it out.  

Recent Ponemon Institute research shows that realistic simulation training tied to a specific job function is the most effective way to prepare teams for the battles they’ll face. By utilizing hands-on training in a familiar environment, teams can enumerate security risks in a native context. 

Come learn the strategies of three security & technology leaders to up level skills of various  audiences, create engagement, and drive lasting behavior change.

Ed TALKS: How to Train IT Teams for Security

Modern application design and the continued adoption of DevOps expand the scope of automated security testing and push tools to the limit. Simultaneously, complex platforms like IoT and Blockchain require more specialized tools and skills.

With software applications being more assembled than coded, and cloud CI/CD accelerating release, it’s time to sunset some legacy tools and consider new ones.

Come hear how product and application security professionals plan to scale software securely in 2022.

• The traditionalists: SAST, DAST, IAST
• Replacement players: SCA, API & container security, etc.
• New Kids on the Block: IaC, cloud native, fuzz
• Limitations, pitfalls, and best practices

Ed TALKS: Scaling AppSec – Getting Tools to Perform

Many organizations are “shifting left” to introduce security earlier in the software development lifecycle (SDLC). The benefits are more secure software, lower risk, and more efficient software delivery. This means training developers and other roles in the process on the skills and knowledge they need to shift left. This webinar will discuss what training is needed and how to deliver it.

Shifting Software Security Training Left

Addressing software security requires more than just the ‘secure code training’ approach that many organizations use and vendors sell. This webinar will help you understand why you need to go beyond the code to keep your organization’s software secure, and how to do it.

Creating A Complete Software Security Training Program: Going Beyond the Code

Culminating over 20 years of proven, industry-leading software security expertise, we've introduced the Security Innovation Cyber Skills Competency (SI-CSC) certification program. This program is designed to recognize and distinguish employees as having demonstrated high-level software security competencies that are modern and relevant to today's security-minded software creators.

In this webinar, Senior Director of Product Marketing Fred Pinkett will explain some of the existing certification programs (and their limitations), who should get certified (and why), and how the SI-CSC certification fits into a more comprehensive application security training program.

Introducing: Security Innovation Cyber Skills Competency (SI-CSC) Certifications

While traditional assessment techniques like pen testing and scanning are effective at catching issues before software is deployed, they are simply not scalable given today’s accelerated releases. To release software with confidence, organizations need to address their core issue – people & process gaps.   

This webinar will demonstrate how implementing core security activities into your SDLC and augmenting with role-specific training will yield more self-defending software. Topics include:

- Today’s software security landscape and challenges
- Breaking the Find & Fix hamster wheel
- Fusing activities (the what) and skills (the how) to amplify risk reduction

Your team's first exposure to new threats should happen on OUR platform - not yours. With new CMD+CTRL Labs, your teams will build skills through hands-on exposure to modern threats. They'll learn to identify and mitigate vulnerabilities, gain new techniques to defend against attacks, and learn to write safer code - all on a single, easy-to-use training platform. 

Please join us to learn:

• Why first exposure is important to you
• How Labs transform new concepts into tangible skills
• How Labs help to modernize and up-skill your teams
• You'll also see a demonstration of two new lab types – Skill Labs and Learn Labs

CMD+CTRL Labs: A Bridge to Better, More Secure Software

How ‘Secure Code Training’ Leaves Organizations Vulnerable & What To Do About It

Software runs today’s business;  however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams.

Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers.  To reduce risk, you’ve got to audit your system in the same way an attacker would.   

This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised.  

Topics include:

- The modern technology stack
- Easy pickings – hacking demonstrations!!
- Auditing software-based systems:
   o   Standards and policies
   o   System updates and patching
   o   Data leakage/exfiltration
   o   Identity & access management
   o   System logs and tracking
   o   Tamper protections and detection
   o   Authentication and access controls

How an Attacker "Audits" Your Software Applications

Application Security

Cyber Security

Attack Vectors

Vulnerabilities

Vulnerability Intelligence

Risk Assessment

Risk Management

Risk Mitigation

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How an Attacker "Audits" Your Software Applications

Presented by

About this talk

More from this channel