Name: Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten
Start: 2021-10-26T17:00:00Z
End: 2021-10-26T17:01:08.000Z
Location: BrightTALK
Rating: 5

Stop attacks in your applications and APIs from development to production. Novel attacks can appear harmless without visibility into the grey areas of your application layer. Make sure you can see zero-day attacks so you can stop exploits instantly. It's never black and white: Reveal your application layer in full contrast with the Contrast Security Runtime Platform. 


Discover how Application Detection and Response (ADR) enhances your security posture by providing critical application-layer visibility that Endpoint Detection and Response (EDR) often misses. Learn why, with the rise of application-focused attacks, relying solely on EDR is insufficient and how ADR complements existing EDR and WAF investments to provide comprehensive protection.

How ADR supplements your existing security investments

Why do our applications and APIs keep getting breached? Learn more about what Security Operations teams can do now to have more effectively defenses against application attacks.

What you can expect from this webinar:
- What SOC teams need to know about the evolution of software development
- How to better protect applications and APIs
- How ADR benefits SecOps

What SOC teams need to better protect applications and APIs

Check out this short demo to learn more about the integration between Splunk and Contrast ADR.

Overview of the Contrast ADR-Splunk integration

This webinar will focus on how tech companies can improve their application security posture by streamlining collaboration across teams. Speakers David Lindner and Naomi Buckwalter will discuss the current state of collaboration between SecOps, product security, supply chain security, and CISOs. They will share real-world examples and anecdotes to illustrate the challenges and benefits of cross-functional communication and collaboration.

Key topics covered in the webinar include:
- The challenges of communication and collaboration between security teams and other business units
- Strategies for building relationships with peers and developers
- The importance of threat modeling, application infrastructure, and security controls in improving application security
- The unique challenges of security in tech companies compared to other industries

From silos to synergy: How tech companies can streamline collaboration and improve application security

Companies that sell software to anyone living in the EU will now face consumer lawsuits for any software defects that lead to breaches, even zero-days. 

There’s a new change to the EU Product Liability Directive that took effect in December of 2024 that “upsets the apple cart.” Instead of needing to prove a company was negligent in creating vulnerabilities, the consumer can just prove they were harmed, and the company is liable. 

To better understand why this is such a massive change in liability law and to see how companies that make software should respond, check out this six-minute video featuring Jeff Williams, CTO and Founder of Contrast Security.

Understanding the EU Product Liability Directive

In this video, Naomi Buckwalter, Senior Director of Product Security at Contrast Security, highlights the many benefits of Application Detection and Response, especially for SOC analysts and operations teams. Naomi discusses why ADR is so critical for safeguarding applications and APIs in production.

The benefits of application detection and response

In this video, Jeff Williams, Founder and CTO of Contrast Security, chats with Chris Hughes, CEO of cybersecurity consulting firm Aquia and a former Cyber Innovation Fellow (CIF) at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), about Contrast Application Detection and Response (ADR).

What you can expect in this 11-minute video:

- Overview of Contrast’s ADR solution
- How instrumenting applications in runtime improves application security
- The downsides to using eBPF technology to safeguard applications
- Best practices for incorporating ADR technology into existing tech stacks

Understanding Contrast ADR

How do you protect against applications in your SOC environment today? People invest in a lot of different tools when it comes to the vast threat landscape they have to defend against, but the application layer itself has very few options if you really look at what your defenses are. They largely center around maybe a web application firewall and, some CDN solutions as well.

But the problem with these types of defenses is that they're very static in nature, and more importantly, they sit at a layer that just don't give you detailed visibility into the application.

That is the problem that Contrast Security tries to solve.

Overview of Contrast ADR Block Mode

This panel was originally from the DevOps Connect: DevSecOps 2024 virtual event

https://techstronggroup.com/

Disclaimer: Techstrong is a trademark of its respective owner. 
Please note:  This video(s) is provided as a courtesy by Techstrong Group. Techstrong Group retains ownership and copyright to the video(s), giving the addressee a license to use and display the video on your company website. All branding, logos and copyright must remain intact. You may not post/replay this material on any other video hosting platform or media service. No alteration or editing of the material is allowed without the express written permission of Techstrong Group. Techstrong Group reserves its rights to enforce any breach of this license.

In this session, industry experts will delve into the specifics of how Artificial Intelligence, particularly generative AI, is reshaping DevOps and DevSecOps by automating complex workflows, generating code and infrastructure as code (IaC), and enhancing security protocols. Attendees will learn about the specific applications of AI in streamlining deployment pipelines, improving accuracy in continuous integration/continuous deployment (CI/CD) processes, and fortifying security postures with adaptive, AI-driven safeguards. The discussion will also address the nuanced challenges of integrating AI into DevOps and DevSecOps, providing valuable insights for organizations to navigate the evolving landscape and harness the full potential of AI to optimize development and security operations.

AI's Impact on DevOps and DevSecOps

There is a large amount of recent buzz around API security which is surprising considering how long APIs have been at the center of web applications. Is API security a bunch of new things or is it merely a repackaging of something familiar? The answer is somewhere in the middle. This talk discusses the new practices and tools around API security, but it will also rank them by risk-addressed in context with less buzz-worthy practices and tools from web application security.

The Top 5 Risks to Prioritize for API Security

For DevOps teams, security is regularly seen as a stumbling block on the path to the promised land of production. Too often, developers view Security as a barrier to their objectives and project goals. It's "us" versus "them."

It’s time for a marriage counseling session between DevOps and Security.

In this webinar, the panelists discussed the common (and specific) developer pain points that arise from traditional AppSec practices, and what security professionals should know when addressing these pain points – providing practical tips and advice on how to improve developer trust in security. The webinar also explored the synergies between highly trusted runtime results and establishing developer champions. 

Benefits of listening in:
Why DevOps teams so often don’t prioritize security, and what security teams can do today to help improve trust and get secure code shipped.
Get practical tips and advice on how to improve developer trust in security, including through the use of security champions and better tooling.

Turning security from a disabler to an enabler for developers

On this episode of And Security For All, host Kim Hakim speaks with Tom Kellermann, Senior VP of Cyber Strategy at Contrast Security, and Derek Booth, Supervisory Special Agent at the U.S. Secret Service ATSAIC, on the show. They discussed the evolution of cybercrime cartels and cybersecurity conspiracies. Insight was also provided around trends in e-fraud and novel cyberattacks, as well as shoxing, destructive attacks, cloud jacking, AI’s dark passenger, chronos attacks and more.

New episodes of And Security For All appear on VoiceAmerica every Friday at 12pm Pacific.

The evolution of cybercrime cartels

Financial services organizations such as banks have been and will continue to be major targets of cyber attacks. 

But attackers aren’t just going after financial assets and data anymore. Now, they are targeting infrastructure to go after an institution’s customers and partners. This phenomenon, also known as island hopping, is about more than extracting ransomware payments and hacktivism, as a brand’s reputation is on the line.

And as the research shows, the application layer is increasingly being exploited.
There was a 50% increase in zero-days being exploited year-over-year, according to Google Threat Analysis and Mandiant
The number of data breaches caused by an exploited vulnerability rose 180% year-over-year, according to the latest Verizon Data Breach Investigations Report (DBIR)
55 days after a patch release, half of vulnerabilities remain unaddressed, according to the DBIR

Tom Kellermann, Senior VP of Cyber Strategy, recently chatted with Eric Baran, Principal Segment Leader – DevOps – Global Financial Services at AWS, all about the current threat landscape facing financial services organizations today and what they can do to more effectively safeguard against modern application-layer attacks.

What to expect from the 30-minute conversation:
What the current threat landscape looks like in the financial services industry.
What financial services businesses currently are doing to safeguard their applications and cloud environments, and the issues with these approaches.
The benefits of Runtime Security for financial institutions.
What financial services organizations can do today to improve their application and cloud security.

The value of Runtime Security for the financial sector: Why current Application Security approaches too often fall flat

Simply pushing traditional security practices “left” without adaptation to the way developers want to work won’t cut it. Finding vulnerabilities is not the problem; resolving vulnerabilities is the real bottleneck.

Luckily, a better way exists: Runtime Security. 

As Larry Maccherone, Dev(Sec)Ops Transformation Architect at Contrast Security, has noted before, he believes that the biggest transformation in Application Security (AppSec) and application programming interface (API) security over the next few years will be that more and more of it will occur in production as opposed to pre-production. 

During RSA earlier this year, Larry sat down with Alan Shimel from TechStrong to talk about how DevSecOps is evolving and why app and API security testing in production will eventually become the norm. Check out the 13-minute interview.

Strategic evolution of DevSecOps: Interview with Larry Maccherone at RSA Conference 2024

In the future, application and API security testing will be done in production as opposed to in pre-prod. We are on the cusp of a revolution in app and API security testing like the one that occurred for load and performance testing, where it shifts to production.

The way we do AppSec is fundamentally broken today. There's an assumption that there is a time that security gets with the product before it gets to production, which is an old way of thinking.

In this on-demand TechStrong webinar, Larry Maccherone, Dev(Sec)Ops Transformation Architect at Contrast Security, discussed why current approaches to application security fall flat and how to apply the principles of DevOps to improve application security practices.

Key Takeaways:

Why is it cheaper, more effective, and even safer to do application and API security testing in production?
What are the technology, practices, and mindsets necessary to pull this off?
What are the risks to this approach and how do you address them?

The radical future of application and API security testing

The average enterprise uses 765 web applications to run their business, and many of these have serious vulnerabilities. 

Organizations around the world evaluate their application risk using the OWASP Top Ten. On September 24, the OWASP Foundation released the OWASP Top 10 2021. It’s been four years since the last release, and there are some notable additions, changes, and combinations.

Organizations are recalibrating how they measure application risk and reevaluate strategies based on these changes. The co-founders of OWASP address the latest changes to the Top Ten and provide their perspectives on each one. Topics covered during the moderated webinar include:

● New entrants, deletions, and combinations to the Top Ten
● Risks—in terms of prevalence and likelihood to exploit—posed by each of the Top Ten
● How to use the OWASP Top Ten to evaluate risk and existing application security programs
● Potential application security gaps not covered by the OWASP Top Ten
● How to assess application security coverage based on the OWASP Top Ten
● Future trajectories for application cyber threats

Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten

Application Security

AppSec

Developers

DevOps

SecOps

DevSecOps

CISO

Security

Security Awareness

Best Practice

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten

Presented by

About this talk

More from this channel