Name: Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten
Start: 2021-10-26T17:00:00Z
End: 2021-10-26T17:01:08.000Z
Location: BrightTALK
Rating: 5

Static scans and firewalls leave AppSec blindspots. Contrast delivers real-time and always-on security INSIDE your apps and APIs. Prevent, detect and respond to application and API attacks with the Contrast Runtime Security Platform.



Financial services organizations such as banks have been and will continue to be major targets of cyber attacks. 

But attackers aren’t just going after financial assets and data anymore. Now, they are targeting infrastructure to go after an institution’s customers and partners. This phenomenon, also known as island hopping, is about more than extracting ransomware payments and hacktivism, as a brand’s reputation is on the line.

And as the research shows, the application layer is increasingly being exploited.
There was a 50% increase in zero-days being exploited year-over-year, according to Google Threat Analysis and Mandiant
The number of data breaches caused by an exploited vulnerability rose 180% year-over-year, according to the latest Verizon Data Breach Investigations Report (DBIR)
55 days after a patch release, half of vulnerabilities remain unaddressed, according to the DBIR

Tom Kellermann, Senior VP of Cyber Strategy, recently chatted with Eric Baran, Principal Segment Leader – DevOps – Global Financial Services at AWS, all about the current threat landscape facing financial services organizations today and what they can do to more effectively safeguard against modern application-layer attacks.

What to expect from the 30-minute conversation:
What the current threat landscape looks like in the financial services industry.
What financial services businesses currently are doing to safeguard their applications and cloud environments, and the issues with these approaches.
The benefits of Runtime Security for financial institutions.
What financial services organizations can do today to improve their application and cloud security.

The value of Runtime Security for the financial sector: Why current Application Security approaches too often fall flat

Simply pushing traditional security practices “left” without adaptation to the way developers want to work won’t cut it. Finding vulnerabilities is not the problem; resolving vulnerabilities is the real bottleneck.

Luckily, a better way exists: Runtime Security. 

As Larry Maccherone, Dev(Sec)Ops Transformation Architect at Contrast Security, has noted before, he believes that the biggest transformation in Application Security (AppSec) and application programming interface (API) security over the next few years will be that more and more of it will occur in production as opposed to pre-production. 

During RSA earlier this year, Larry sat down with Alan Shimel from TechStrong to talk about how DevSecOps is evolving and why app and API security testing in production will eventually become the norm. Check out the 13-minute interview.

Strategic evolution of DevSecOps: Interview with Larry Maccherone at RSA Conference 2024

In the future, application and API security testing will be done in production as opposed to in pre-prod. We are on the cusp of a revolution in app and API security testing like the one that occurred for load and performance testing, where it shifts to production.

The way we do AppSec is fundamentally broken today. There's an assumption that there is a time that security gets with the product before it gets to production, which is an old way of thinking.

In this on-demand TechStrong webinar, Larry Maccherone, Dev(Sec)Ops Transformation Architect at Contrast Security, discussed why current approaches to application security fall flat and how to apply the principles of DevOps to improve application security practices.

Key Takeaways:

Why is it cheaper, more effective, and even safer to do application and API security testing in production?
What are the technology, practices, and mindsets necessary to pull this off?
What are the risks to this approach and how do you address them?

The radical future of application and API security testing

The average enterprise uses 765 web applications to run their business, and many of these have serious vulnerabilities. 

Organizations around the world evaluate their application risk using the OWASP Top Ten. On September 24, the OWASP Foundation released the OWASP Top 10 2021. It’s been four years since the last release, and there are some notable additions, changes, and combinations.

Organizations are recalibrating how they measure application risk and reevaluate strategies based on these changes. The co-founders of OWASP address the latest changes to the Top Ten and provide their perspectives on each one. Topics covered during the moderated webinar include:

● New entrants, deletions, and combinations to the Top Ten
● Risks—in terms of prevalence and likelihood to exploit—posed by each of the Top Ten
● How to use the OWASP Top Ten to evaluate risk and existing application security programs
● Potential application security gaps not covered by the OWASP Top Ten
● How to assess application security coverage based on the OWASP Top Ten
● Future trajectories for application cyber threats

Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten

Application Security

AppSec

Developers

DevOps

SecOps

DevSecOps

CISO

Security

Security Awareness

Best Practice

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Co-founders Discuss Key Takeaways from the 2021 OWASP Top Ten

Presented by

About this talk

More from this channel