Hi [[ session.user.profile.firstName ]]

Security Automation on AWS

How can we prevent data breaches that are caused by very simple processes like closing an AWS bucket?

The crown jewel of DevSecOps is not only identifying vulnerabilities and analyzing them, but being able to resolve them before there is a breach. Automating this last step solves several problems:

*Less exposure time means less chance of breach
*Saves time fixing the violation or learning how to fix it
*Developers need not get involved with every security incident

In this session, we will show you an example of a customer that had an unauthenticated queue on AWS, how it was resolved, and how these failed attacks extend their cloud security posture.
Recorded Mar 19 2020 19 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Felicia Haggarty and James Galt, Data Theorem
Presentation preview: Security Automation on AWS

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How An Unsecured Server Led To A Microsoft Data Breach Recorded: Jan 13 2021 31 mins
    Himanshu Dwivedi, CEO at Data Theorem
    Join Data Theorem's CEO, Himanshu Dwivedi, as he analyzes how a cloud resource within the iOS Bing mobile app was left open on the internet, which is another recent example of a full stack application attack.

    You will learn:
    *How a full stack AppSec solution can prevent similar attacks
    *How web or mobile clients and end up leaking millions of records from backend cloud resources
  • How modern data breaches attack every layer of the application stack Recorded: Jan 6 2021 15 mins
    Doug Dooley, Chief Operating Officer, Data Theorem
    Review key findings from Verizon's 2020 Data Breach Incident Report (DBIR), which details how modern attacks target multiple layers in the application stack from web to APIs to the cloud. Examine real-world examples such as Capital One, 63Red, BHIM. Learn how to prevent similar attacks.
  • How attackers are taking advantage of Covid and Mobile Phishing Recorded: Dec 30 2020 24 mins
    Nick Palaszewski, Corporate Systems Engineer, Data Theorem
    In this session we'll discuss how cyber security companies are seeing a huge uptick in mobile phishing due to recent reports of vaccines coming out to improve the pandemic.

    Join Nick Palaszewski as he demonstrates how counterfeit apps are created daily. Not only can attackers utilize rogue mobile applications, but they can also use many other channels such as SMS, iMessage, 3rd party messaging platforms, and social media platforms. If Data Theorem's apps are not secured by taking all the proper precautions, your customers can be subject to these attacks especially while using unsecured wifi at an airport, coffee shop, hotel, etc.

    Find out the status of your current application security posture: www.datatheorem.com/demo/
  • 5 Web Security Considerations for GraphQL Recorded: Dec 7 2020 28 mins
    Alban Diquet, Director of Engineering
    Learn about the importance of visibility and security for GraphQL.

    GraphQL is a popular data query language that makes it easier to get data from a server to a client via an API call. It is commonly deployed as a piece of the technology stack for modern web and mobile applications. However, the complex nature of GraphQL makes it easier for hackers to exploit if embedded APIs and cloud resources are not secure. Learn about the right way to protect your AppSec stack that traditional approaches do not yet offer.

    In this webinar, we’ll discuss the 5 most common GraphQL security vulnerabilities and how to leverage full stack security to overcome security gaps:

    *Inconsistent authorization checks (similar to REST Auth)
    *Failure to appropriately rate-limit
    *Introspection may help attackers
    *Introspection reveals non-public information
    *Cost of high depth queries
  • Security and Privacy Changes in iOS 14 Recorded: Nov 16 2020 56 mins
    Phillip Tennen, iOS Software Engineer, Data Theorem
    Key considerations for mobile and web app security.

    This briefing from Phillip Tennen, iOS Software Engineer, summarizes the annual platform security updates and features from Apple, as well as what app developers need to do to stay compliant and secure user data on iOS 14. There are key considerations for mobile and web app security that Data Theorem will be adding to the analyzer engine.
  • Security and Privacy Changes in Android 11 Recorded: Nov 11 2020 30 mins
    Umang Mathur, Android Software Engineer
    A summary for app developers on Android 11 and what they need to do to stay compliant and secure user data.

    Key considerations for mobile and web app security.
    This briefing from Umang Mathur, Android Software Engineer, summarizes the annual platform security updates and features from Google, as well as what app developers need to do to stay compliant and secure user data on Android 11. There are key considerations for mobile and web app security that Data Theorem will be adding to the analyzer engine.
  • How to Protect Application Attack Surfaces Recorded: Sep 22 2020 27 mins
    Himanshu Dwivedi, CEO, Data Theorem
    Learn how to build a comprehensive security program that will automate key security policies across your entire data environment to receive critical alerts before your data is exposed. Using a recent example of a data leak caused by a basic misconfiguration, we discuss how it can be avoided.
    You will learn:
    *What is a comprehensive AppSec program
    *Example of how a misconfigured cloud setting led to a mobile app data breach
    *Example of how a Microsoft ELS certificate led to a collaboration platform data breach
    *How mobile, web, API and cloud apps all need to be secured together
  • Managing AppSec Compliance at Provident Credit Union Recorded: Sep 22 2020 24 mins
    Richard Smith (Data Theorem) & John Haggarty (Provident Credit Union)
    Data Theorem customer, Provident Credit Union, discusses how they use Data Theorem to enforce their security policies for their banking app managed by their 3rd party vendor. They share how they remain compliant, protect customer data, and have 24/7 access to security reporting for audits.

    You will learn:
    *How to approach setting security policies with a 3rd party app vendor
    *How to partner with your security vendor to streamline operations and get expert advice
    *Making compliance a priority while building engaging customer app experiences


    Speakers:
    Richard Smith, Field Director, Data Theorem
    John Haggarty, VP of Marketing and Digital Experience, Provident Credit Union
  • Identify Third Party Trackers in Apps Recorded: Sep 22 2020 32 mins
    Himanshu Dwivedi, CEO, Data Theorem
    Learn how third party trackers are hurting respectable brands by inadvertently sharing data about their customers with third parties without proper consent. Explore a technical deep dive on the security implications of this with regard to open source libraries and SDKs and how this can lead to serious data compliance violations. Then learn how to discover potential trackers in your apps and how to remediate potential vulnerabilities.
  • Protect web apps from XSS exploits Recorded: Sep 22 2020 23 mins
    Himanshu Dwivedi, CEO, Data Theorem
    Learn how implementing a few simple headers across sensitive cookies will help prevent XSS attacks from being exploited. We'll also cover how you can do this across hundreds of web apps to make sure vulnerabilities aren't exploited at scale.

    You will learn:
    *How to identify vulnerabilities that can leave you vulnerable to XSS attacks
    *How to prevent XSS attacks
    *How security automation can protect you from multiple web attacks
  • The Future of FinTech AppSec Is Brighter Than You Think Recorded: Sep 22 2020 37 mins
    Himanshu Dwived (Data Theorem), Erick Lee (Intuit), Jeremiah Kung (East West Bank) & Karthik Rangarajan (Robinhood)
    Data Theorem CEO, Himanshu Dwivedi, interviews customers from RobinHood, Intuit, and East West Bank to discuss what is working with their AppSec programs, how to manage agile teams and how to maintain a proactive security approach.

    You will learn:
    *How to hire software engineers into your AppSec team
    *How to approach compliance as an engineering problem
    *How to be proactive about security

    Speakers:
    Himanshu Dwivedi, CEO, Data Theorem
    Erick Lee, Director of Security, Intuit
    Jeremiah Kung, Global Head of Digital Cybersecurity, East West Bank
    Karthik Rangarajan, Security Lead, Robinhood
  • How to Prevent Data Loss With Full Stack Analysis Recorded: Sep 22 2020 23 mins
    Karen Horovitz, Senior Product Marketing Manager, Data Theorem
    In this session we cover how a popular mobile payments app recently exposed 7 million private banking records & is now facing fines and brand damage, as well as the security risks associated with using cloud provider building blocks for running client-facing apps.

    You will learn:
    *How to leverage a preventative hacking toolkit
    *How each AppSec layer must be secured
    *How a recent breach from a payment app could have been avoided
  • How modern data breaches attack every layer of the application stack Recorded: Sep 22 2020 16 mins
    Doug Dooley, Chief Operating Officer, Data Theorem
    Review key findings from Verizon's 2020 Data Breach Incident Report (DBIR), which details how modern attacks target multiple layers in the application stack from web to APIs to the cloud. Examine real-world examples such as Capital One, 63Red, BHIM. Learn how to prevent similar attacks.
  • Contact Tracing 101 Recorded: May 4 2020 13 mins
    Alban Diquet, Head of Engineering at Data Theorem
    How does contact tracing work?

    The current health crisis has forced countries to consider the use of mobile contact-tracing to track and control the spread of the virus. This video provides an introduction to this strategy, the proposed use, and initial implications on privacy and mobile security.

    -What is contact tracing?
    -Technical Implementation in China and South Korea
    -Technical Implementation in the Apple/Google proposal
    -Alternative options to protect data while saving lives
  • Security Automation on AWS Recorded: Mar 19 2020 19 mins
    Felicia Haggarty and James Galt, Data Theorem
    How can we prevent data breaches that are caused by very simple processes like closing an AWS bucket?

    The crown jewel of DevSecOps is not only identifying vulnerabilities and analyzing them, but being able to resolve them before there is a breach. Automating this last step solves several problems:

    *Less exposure time means less chance of breach
    *Saves time fixing the violation or learning how to fix it
    *Developers need not get involved with every security incident

    In this session, we will show you an example of a customer that had an unauthenticated queue on AWS, how it was resolved, and how these failed attacks extend their cloud security posture.
  • How to Automate Mobile AppSec without the Staff Recorded: Feb 11 2020 33 mins
    Richard Smith, Director at Data Theorem
    Overcoming the challenges of manual mobile AppSec with automation.

    The demand for mobile apps has caused a need for developers to improve and release features at an unprecedented rate to stay ahead of the competition. Consequently, developers have introduced new models to develop mobile apps quicker and easier.

    In these fast-paced development cycles, the risk of data security vulnerabilities and breach of regulatory requirements becomes more important than ever. With such an industry trend comes an imperative need to innovate the approach to mobile AppSec.

    Join us to learn about the:

    *Top challenges and problems facing security teams for mobile AppSec.
    *Limitations of traditional mobile AppSec approaches and why a manual processes will not scale with DevOps.
    *Ways to automate your mobile AppSec program to meet the fast pace demands of modern SDLCs without the staff.
  • How Hackers Hack Your APIs in 15 Minutes or Less Recorded: Jan 31 2020 19 mins
    Himanshu Dwivedi, CEO at Data Theorem
    It is very hard, if not impossible, to secure something you don’t know exist. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day with little to reviews. For example, a “dated trend” by effective yet lazy hackers is to search for API unknown by security teams, coined “Shadow APIs”, connect to these APIs, and extract data. While SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean “pay dirt” or “move on to the next target”, the same can be said for Shadow API….Find, Connect, Extract. This talk will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button (lines of code in python code :). Attendees will learn about a very basic yet non-so-obvious problem in securing data, and how hackers are using creative methods to steal large volumes of data.
  • Automated Security for DevOps Recorded: Jan 15 2020 2 mins
    Data Theorem
    Data Theorem delivers automated security for DevOps, ushering in a new era of DevSecOps. This helps teams grow faster with fewer application security exposures.
  • Did You Know CCPA Has Already Begun? Recorded: Dec 10 2019 26 mins
    Richard Smith, Director, Data Theorem
    How to prepare your data, mobile apps, web apps, and APIs

    On January 1, 2020, the California Consumer Privacy Act (CCPA) will go into effect. This new privacy law emphasizes the growing importance for companies to revisit their approach on how they handle consumer data. Recent GDPR violations have shown that exposure via poor mobile app security and leaky APIs can result in multi-million dollar fines. But security leaders may not be aware that consumers will be able to make requests to in-scope business for the 2019 calendar year. Learn how to prepare for this legislation, security audits, and future data privacy laws without the staff.

    In this webinar we will cover :

    *How this legislation affects your company and customer data
    *How it impacts your mobile and modern web app strategy
    *How you can start preparing your current data, apps, and API’s before the law goes into effect
  • How to Leverage iOS 13 for App Security Recorded: Nov 19 2019 27 mins
    Phillip Tennen, iOS Software Engineer, Data Theorem
    Get briefed quickly on the latest security changes on iOS 13.

    Led by Phillip Tennen of Data Theorem, the webinar explores some important changes landing with iOS 13 this fall. The webinar will discuss new encryption APIs that make it easier to securely and correctly encrypt data, new requirements for data collection, system-level changes into the availability and visibility of user tracking, and so much more. The webinar will close with the the new services Apple is bringing forward that can be leveraged in your applications to deliver a smooth and more secure experience to your users.

    In this webinar you will learn about:

    *New APIs for securing data and changes to existing frameworks in iOS 13
    *New limits placed on data collection
    *New options for visualizing the data collected by apps
    *New system services that enhance user security
    *Changing requirements for an app's security posture
Prevent AppSec Data Breaches
Data Theorem is a leading provider of modern application security. Its core mission is to prevent AppSec data breaches. The Data Theorem Analyzer Engine continuously scans mobile and web applications, APIs, and cloud resources in search of security flaws and data privacy gaps. Our security products provide automated hacking and full application stack discovery that protects your data.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security Automation on AWS
  • Live at: Mar 19 2020 4:30 pm
  • Presented by: Felicia Haggarty and James Galt, Data Theorem
  • From:
Your email has been sent.
or close