Name: The Capital One breach: AWS SSRF is a feature not a bug
Start: 2019-08-30T17:40:00Z
End: 2019-08-30T17:50:57.000Z
Location: BrightTALK
Rating: 0

Instart cloud-based application security products fight current and emerging attacks so you don't need to keep up with today's evolving threats.

Instart services help our customers stay ahead, while supporting their critical business initiatives:
1) Modernizing their applications by moving to public cloud
2) Protecting against third-party threats, such as Magecart and bot attacks
3) Providing advanced diagnosis, detection, and defense against bots
4) Ensuring the performance and integrity of web applications
5) Migrating to cloud-based security and availability solutions

 Learn more at www.instart.com or follow us on Twitter at @Instart.

Magecart attacks are poised to be a major attack trend in 2020. Why? Because Magecart and other online data skimming attacks are hard to detect and are responsible for millions of dollars in data privacy-related fines each year.

In this webinar, see a live demo of a real Magecart attack and how that attack can be stopped with Instart Web Skimming Protection.

In this webinar, you will learn about:
How a real Magecart attack works
Why Magecart attacks are so successful
How Instart can prevent Magecart attacks with Instart Web Skimming Protection

Simulating and stopping a real Magecart attack

At the start of 2020, California’s privacy law went into effect to ensure that organizations put procedures in place to protect the personal information of their customers. Unlike other privacy regulations, CCPA specifically highlights that an organization is now liable for data loss resulting from inadequate protection — consumers can demand up to $750 per data loss incident. Now is the time for organizations to reassess their security solutions to ensure they address the latest threats, such as web skimming, to remain CCPA compliant.

Join Instart’s Security Technologist, Jon Wallace, to learn about CCPA and how you can avoid falling victim to a multi-million dollar fine for data loss violations resulting from a web skimming attack, such as Magecart.

In this webinar, you will learn:
-What CCPA is and who it applies to
-What a web skimming attack is and how it relates to CCPA
-Why web application firewalls will not protect against web skimming
-How Instart helps protect organizations from the data loss fines associated with CCPA

CCPA is here: Protect your customer data with Instart Web Skimming Protection

CSP and SRI are fantastic security measures you can add to your web application to extend your layers of security, but these technologies were never intended to prevent web skimming attacks. 

Join Instart's Sr. Technologist, Andy Wyatt, to learn about the benefits and shortcomings of relying on CSP and SRI for preventing Magecart-style attacks.

In this webinar, you will learn:
What CSP and SRI are and how they help protect your web app
Costs and risks of relying on CSP and SRI for web skimming protection
How Instart can prevent web skimming attacks

Understanding the risks of relying on CSP and SRI for web skimming defense

Magecart attacks, named after common vulnerabilities in the Magento platform, continue to be a thorn in the side of retailers all over the world. These attacks rely on secretly loading a small blurb of JavaScript that skims customer information when they checkout. Recently, attackers have found new ways to add this JS blurb not only on Magento sites but also on larger platforms like Salesforce Commerce Cloud.

As web skimming attacks like Magecart continue to grow in popularity for hackers, businesses need to take responsibility for customer information they obtain in their web apps and take the appropriate steps to ensure their customers' data is safe. Today Instart is happy to announce our Web Skimming Protection for Salesforce Commerce Cloud to help prevent these types of attacks from impacting Salesforce Commerce Cloud clients.

In this webinar, you will learn about:
- Magecart attacks and how they infect your site
- Why Instart can make a difference in helping you prevent a breach like this
- How to get started with Instart Web Skimming Protection for Salesforce Commerce Cloud

Instart Web Skimming Protection for Salesforce Commerce Cloud

In October 2019, Macy's found unauthorized suspicious third-party code on their own website. Little did they know a few weeks prior, hackers had managed to insert malicious code into the checkout pages on Macys.com, which then proceeded to collect personal information of customers who used their site. Unfortunately for Macy’s and their customers, this Magecart attack compromised data of every person who purchased something on Macys.com from October 7th to October 15th. 

As web skimming attacks like Magecart continue to grow in popularity for hackers, businesses need to take responsibility for customer information they obtain in their web apps and take the appropriate steps to ensure their customers' data is safe. 

In this webinar, you will learn about:
- What happened during the Macy's breach
- The key takeaways your business can learn from this breach
- Why Instart can make a difference in helping you prevent a breach like this

The Macy’s Magecart madness: highly specific unauthorized code

As we approach the holiday season, it is important to think about the attacks and threats that our web apps will face during this peak season. For most online businesses, these next few months generate a disproportionate amount of traffic and revenue, but they also are correlated with a rise in the number of attacks and fraud attempts. 

With peak season lockdowns already started, or quickly approaching, take a minute to assess your web app against the top threats seen over 2019 and where we think the emerging threats will be in 2020 and beyond. 

In this webinar, you will learn about:
-Recent attack trends and data for 2019
-Common types of online attacks and fraud prevalent this holiday season
-How Instart can protect your web application from current and emerging threats

Update Your Security To Get Ready for Peak Season

“IT leaders love when their customer’s credit card details get skimmed”
— Said no one ever

Online data and credit card skimming attacks, like the Magecart attack that impacted British Airways, are becoming increasingly common on eCommerce websites and web applications around the world. Why? Because Magecart and other web skimming attacks are hard to detect and are successful at gaining access to customer information. Every attack is different, but there are common trends these hackers are exploiting.

Join Instart’s Sr. Technologist, Andy Wyatt, to discuss how web skimming attacks infect your website in three short steps.

In this webinar, you will learn:
-Why Magecart and other web skimming attacks are hard to defend
-Why existing security tools are not sufficient
-The best defense against web skimming attacks
-How Instart helps protect against web skimming attacks

3 steps: How Web Skimming Attacks Infect Your Website

According to ZK Research, 58% of security professionals turn off security features in order to maintain web performance. 

With customer expectations as high as ever, it is important to architect your security tools in a way that can improve security and performance. Cloud application security solutions are one approach, but not all cloud security services are equal.

Join Andy Wyatt, Sr. Technologist at Instart in the 3rd episode of our Web App Security Expert Webinar Series, and learn about:

- The unique security and performance demands of cloud-based web apps
- How cyberattacks are increasingly sophisticated and harder to detect
- Why security should never be sacrificed for performance
- How Instart helps improve web application security without sacrificing performance

Don’t Let Your Security Tools Hinder Web Performance

Today, companies are moving web app workloads to the cloud to decrease costs and increase agility and scalability. 

However, web application security is often overlooked as existing security measures and technologies, such as appliances that focus on on-premises applications, are no longer sufficient in a hybrid or cloud environments. As you migrate to Microsoft Azure, you must rethink how you secure your web apps, as well as all of the third-party services used in those apps, to ensure your site is protected from the latest threats.

Join Instart's, Mitch Parker, and Microsoft Azure's, Srikanth Matcha, to discuss the three things you need to know about securing web apps as they are migrated to Microsoft Azure.

In this webinar, you will learn:
-Digital transformation strategies for web apps
-What to consider when moving your web apps to Microsoft Azure
-Why your traditional appliance-based security solutions are not enough
-What emerging threats web apps face and how to prevent them
-How Instart will protect your Microsoft Azure-based web apps and deliver the best web experience

How to Transform and Secure Web Apps in the Cloud

IT leaders know that protecting their visitors and their website is only getting harder. Every online customer touchpoint is under attack by automated bots — disrupting traffic, stealing sensitive information, and ruining web experiences. But how do you detect automated bots? These days it is extremely common to see globally distributed botnets that look and act human, but are they actually conducting fraud or attacks against your web app without you knowing?

Join Instart’s VP of Technology, Peter Blum, in the second episode of our Web App Security Expert Webinar Series to discuss bot detection and mitigation.

In this webinar you will learn:
-The true threat of bad bots
-How bots impact your web performance and security
-How to detect and mitigate malicious bot attacks
-How Instart helps protect against bad bots

3 reasons to protect your website against bad bots

Join Instart’s Sr. Technologist, Andy Wyatt, and Director of Customer Success, Bob Fornesi, to discuss how formjacking and data skimming can introduce vulnerabilities to your web app.

In this webinar, you will learn:
-The most common problems associated with formjacking and data skimming
-Supply chain attack vectors and how to prevent them
-Why your existing security tools don’t help
-How Instart protects websites from attacks to third-party JavaScript

How to prevent formjacking and data skimming from compromising security

Join Instart’s Technologist, Jon Wallace, in the first episode of our Web App Security Expert webinar series to discuss the five steps you can take to secure your web apps against today’s top security threats.

You’ll learn about the:
-Top four key recent web application attack trends
-State of the modern web application
-Five steps to secure your web apps
-How Instart protects your web apps from the origin to the browser

5 steps to secure your web apps against top web security attacks

Join Instart’s VP of Technology, Peter Blum, in a fireside chat where we will discuss the latest threat “Magecart” and answer all your questions about what you can do to prevent it.

In this webinar, you will learn:
- What a Magecart attack is
- How it works
- What IT departments should do to address the threat
- What you can do to prevent it

Magecart: What it is, how it works, and how to prevent it

Join Instart Technologist, Jon Wallace, to learn about the seven most common website and web application attacks and how you can prevent them with the right preparation.

Anyone who operates a website should be concerned about security, especially the security of your sensitive customer information. However, unless you keep an ear to the ground about security news, it is often only the most high profile or sophisticated attacks that you actually hear about. The reality is that common, low level attacks are executed every single day against websites and web applications. There is a reason the OWASP top 10 hasn’t changed in years. The good news is these types of attacks are preventable with the right preparation.


In this webinar, you will learn:

-What motivates hackers
-What makes an application a target
-What are the seven most common website and web application attacks
-How you should protect your web apps

7 common web application security attacks & what you can do to prevent them

Recently, the first GDPR fine was imposed against British Airways for the Magecart breach of its website. Shocking news to the world, this huge hit cost British Airways 1.5% of their 2017 revenues. As one of the most common web threats, it's come time for organizations to develop a strategy for dealing with web skimming attacks like Magecart. 

Join our security expert, Andy Wyatt, and learn:
-What is a web skimming attack
-What is your responsibility as a website owner
-How to avoid GDPR fines related to web skimming

What British Airways teaches us about web skimming attacks & avoiding GDPR fines

It was only last year when British Airways failed to prevent a data breach leading to a $230 million fine. And now, news has broken that over 900 eCommerce sites were recently compromised by a Magecart attack in a digital skimming campaign. As hackers continue to exploit vulnerabilities exposed in eCommerce platforms and third party tools that allows Magecart access to a site, organizations need to take the next step to ensure their customers' data is secure. 

Join Andy Wyatt, Sr. Technologist, to learn:

-Why Magecart is so dangerous
-Why companies need a prevention plan for Magecart
-How to prevent Magecart from stealing your customers' data

Why security teams need a Magecart plan

Join VP, Research Director at Forrester Research, Amy DeMartine and Chief Customer Officer at Instart, Mitch Parker, to learn how you should be thinking about web app security as the web continues to evolve. 

In this webinar, you will learn:
-About the changing threat landscape of modern web apps based on analyst provided data
-Where your security teams should be spending their time
-How attacks are becoming more sophisticated and harder to differentiate from real human traffic
-How existing CDN and edge architectures fall short of protecting your web applications
-Why going beyond the edge, and into the browser, is the only way to prevent sophisticated attacks
-How Instart is the only platform to combine an intelligent cloud service with a browser virtualization layer for complete visibility and protection against both application threats as well as emerging threats

Common web security challenges and the data behind them

In July 2019, Paige Thompson, a former Amazon employee, was arrested for the Capital One breach that affected over 100 million customers who had applied for a credit card with Capital One.

While the focus of the breach was initially on Capital One, investigations are now being undertaken by numerous other organizations following evidence of data exfiltration. As investigations continue, businesses need to understand what happened to Capital One, so they can ensure an attack like theirs doesn’t happen to them.

Join Instart's Sr. Technologist, Andy Wyatt, to discuss:

-What happened during the Capital One breach
-The key takeaways your business can learn from this breach
-Why Instart's web application firewall can make a difference in preventing a breach like this

The Capital One breach: AWS SSRF is a feature not a bug

Cyber Attacks

Cyber Crime

Cyber Security

IT Security

Cloud Security

Cloud

Cloud Applications

Security

Security Awareness

Get powerful marketing insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on which marketing strategies and techniques are driving customer and revenue growth.

Marketing

Get powerful e-commerce insights to grow your online transaction volume. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the e-commerce strategies and techniques that drive growth.

E-commerce

The marketing community on BrightTALK is made up of thousands of engaged marketing professionals. Find relevant webinars and videos on marketing strategy, branding and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights on how to best serve today's customers. If you want to create a successful customer experience today, you will have to appeal to the need for “alone together” time. Millennials, Gen X, Boomers or Silent Generation all look for shared but individual experiences.

Customer Experience

The sales community on BrightTALK brings together thousands of engaged sales professionals. Learn about careers in IT sales and marketing, sales techniques and selling strategies. Join the discussion by participating in on-demand and live sales webinars and summits with leaders in the sales industry.

The Capital One breach: AWS SSRF is a feature not a bug

Presented by

About this talk

More from this channel