Browse communities
Browse communities
Presenting a webinar?

Magic Numbers - Guide to the 5 Key Metrics for Security

Rafal Los
Magic Numbers - An In-Depth Guide to the 5 Key Metrics for Web Application Security
Oct 5 2010
53 mins
Magic Numbers - Guide to the 5 Key Metrics for Security
HP Security
More from this community:

Application Development

  • Live and recorded (1499)
  • Upcoming (16)
  • Date
  • Rating
  • Views
  • Sutter Health is a not-for-profit health system serving more than 100 communities in Northern California. Each year its 5,000 physicians care for more than 10 million outpatient visits and discharge more than 200,000 in-patients.

    As healthcare systems transition from “fee for service” to “fee for value” reimbursement models, there is an increasing focus to drive down 30-day re-admission rates, particularly for high risk patients. To this end, Sutter Health is piloting Project RED (Re-engineered Discharge) which leverages predictive analytics to identify high-risk patients and then prescribes alternative discharge workflows aimed at lowering the risk of re-admission.

    Join us as Kristen Wilson-Jones, Sutter RD&D CTO, shares how Sutter Health has leveraged MuleSoft’s Anypoint Platform in an orchestrated plecosystem of technologies to power Project RED by enabling real-time patient risk scoring, clinical workflow management and bi-directional integration with Epic.

    Topics covered
    -------------------
    + How Sutter Health is lowering 30-day re-admission rates by re-engineeing clinical workflows
    + The need for connectivity to enable workflow re-design
    + Best practice in moving from an application-centric to a data object-centric connectivity approach
  • Modern performance tools and techniques can dramatically improve the user experience, reduce developer and ops frustration, lead to better utilization of infrastructure and allow you to smartly ship products to market faster.

    Working with many companies across all industries, we recognize the pitfalls and barriers to adopting DevOps. The Rackspace DevOps Automation team works with various tools every day to counteract these pitfalls. Join Product Manager @EricBrinkman as he shows you the technologies our DevOps Automation team uses, provide insight as to why they were chosen, and walk through a customer experience demo.

    This webinar will include:
    •Deploying Magento through UI and pushing code
    •A look into the control panel
    •Demo of New Relic and Chef
    •Simulation of Rackspace customer experience
  • Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).

    SaaS has come a long way from “hype” to “norm”. The key to this change is the confidence that has been built by the cloud/SaaS community by providing enterprise class security. Since, SaaS model of delivery has become a defacto standard of delivering products it’s critical for software providers to ensure that their SaaS product meets the required industry security standards. In this webinar, we will address the security aspects related to architecture, deployment and management of SaaS solutions.

    Key Takeaways:
    • Security considerations in each of the architecture layers
    • Data isolation risks and mitigation plans
    • Overview of CWE/SANS and OWASP Security threats
    • Data retention and termination policies
    • Infrastructure and cloud related security risks and solutions
  • Modern software development practices dominated by component-based engineering and short development cycles have largely been a catalyst for rapid advancements in technology. These practices, however, have also resulted in an epidemic of known vulnerabilities baked into third-party software components of IoT applications and devices. These widespread security flaws, many of which are critical in nature, often remain unnoticed or unaddressed throughout the software or device lifecycle, posing significant risks to the people and organizations that rely on them.

    As software continues to permeate the ever-expanding Internet of Things, software vulnerabilities represent a greater and greater threat. IoT devices, like traditional computers, run on software that is susceptible to malicious attacks. As more devices become connected, understanding how to identify and manage security vulnerabilities within widely used third-party software components is critical for all stakeholders, including manufacturers and end-users.

    In this webinar, our diverse panel of security experts will:
    •Propose an expanded definition and understanding of IoT and the stakeholders at risk
    •Present research highlighting the pervasiveness of vulnerabilities in third-party software components of IoT devices
    •Draw some conclusions about the state of software security in IoT today
    •Discuss some simple approaches to addressing these problems
  • The Identity and Access Market (IAM) is undergoing exciting changes. Increased cloud adoption, cyber-threats and the speedy adoption of mobile computing is affecting how enterprises approach access security and authentication.

    Getting insight into these trends can help you prepare your organization for better and more effective Identity and Access policies during the coming year.

    Join us on for a webinar on “IAM and Authentication Trends in 2015”, on March 24, 2015, where you can hear all about Identity and Access trends and developments from an industry expert.
  • L’objectif de ce webcast est de présenter comment la technologie permet d’atteindre les objectifs DevOps en éliminant les contraintes et les goulots d'étranglement qui perturbent la production de valeur pour les clients finaux

    Why DevOps is the answer to Digital Transformation
    The objective of this webcast is to show how technology allows to reach the DevOps objectives by eliminating constraints and bottlenecks that disrupt the production of value for end users
  • A lack of manpower and a dearth of resources are often major obstacles for organizations striving to achieve and maintain HIPAA and/or PCI compliance. Compliance guidelines are complex and difficult to decipher, even for the most experienced IT professionals. Recent headlines regarding unprecedented security and compliance breaches are causing companies to examine compliance-as-a-service (CaaS) solutions offered by cloud providers. But with the myriad of options available, it’s difficult for companies to discern which CaaS best fits their needs.

    Join Johan Hybinette, HOSTING Chief Information Security Officer (CISO), as he discusses the benefits and risks associated with CaaS. Drawing upon his 20+ years’ of experience in information security and compliance, Johan will also offer tips for selecting the right CaaS for your business. Bring your questions and leave with the information you need to confidently invest in a CaaS solution.
  • Greater than 80% of today’s breaches occur with application software, yet many companies continue to invest in ‘over the wire’ solutions that are not solving the problem. Runtime Application Self-Protection, or RASP, is an emerging market that promises to protect applications from the inside. Using the rich context of the application’s logic and associated core libraries, RASP identifies attacks in ‘real-time’ and stops them. Implementation is quick and requires no changes to your application’s code. Join us to learn more about what RASP can do for you.

    Learn:
    •Why context from inside the application matters
    •How easy it can be to use native capabilities of Java and .NET to protect your applications
    •Use cases to get you started.

    Help lead your enterprise to a stronger, more effective security program.
  • Security and Scalability in the Hybrid Cloud: How to get one without losing the other

    Traditionally, you had to design for a focus on scalability or security in the cloud, but not both. Now with services that connect virtual and real computers together, you can achieve cloud scale while satisfying the most stringent security requirements. Join Rackspace’s Matt Shover and Joseph Palumbo Thursday, March 19th to learn:

    •Top reasons why people choose the cloud
    •Top reason why people think the cloud isn’t the best fit for them
    •What is scaling?
    •How do you scale?
    •How does the hybrid cloud help scale your application?
    •How does the hybrid cloud help secure your application?
    •So how do you build a hybrid environment?


    About the Speakers

    Matt Shover:
    Matt Shover is the manager of RackConnect Operations at Rackspace, where he leads a passionate team of Rackers that work to seamlessly connect Rackspace's Dedicated and Cloud offerings -- turning customer challenges into awesome outcomes. He holds an MBA in finance from California State University, Hayward and has been a Racker for over eight years.

    Joseph Palumbo:
    As a founding member and architect of both the Rackspace Cloud’s Managed Operations service level and Launch Team, Joseph has spends half his time teaching customers about the cloud and the other half learning from his customers what the cloud can do. When he’s not writing blog posts, recording podcasts or making videos, he can be found discussing innovation with other Rackers and wishing paper documents had a built-in search function.
  • When a leading bank states that “in online mortgage sales, a simple change in the colour of a Website calculator resulted in a 10% increase in sales”, it is a reminder of the significant impact the smallest updates in a digital presence can have. However, DevOps adoption faces a major barrier in the enterprise in overcoming organisational debt – historical decisions that will constrain transformation and quick release cycles.
    This webinar explores:
    •the value of marginal gains made through incremental improvements
    •the pitfalls of marginal losses that can build into significant organisational debt
    •and highlights ways in which DevOps can overcome challenges to make a positive impact
  • Channel
  • Channel profile
  • Runtime Application Self-Protection Recorded: Mar 19 2015 47 mins
    Cindy Blake & Rob Putman, HPSW Enterprise Security Products
    Greater than 80% of today’s breaches occur with application software, yet many companies continue to invest in ‘over the wire’ solutions that are not solving the problem. Runtime Application Self-Protection, or RASP, is an emerging market that promises to protect applications from the inside. Using the rich context of the application’s logic and associated core libraries, RASP identifies attacks in ‘real-time’ and stops them. Implementation is quick and requires no changes to your application’s code. Join us to learn more about what RASP can do for you.

    Learn:
    •Why context from inside the application matters
    •How easy it can be to use native capabilities of Java and .NET to protect your applications
    •Use cases to get you started.

    Help lead your enterprise to a stronger, more effective security program.
  • HP Cyber Risk Report 2015: The Past is Prologue Recorded: Mar 12 2015 28 mins
    Jewel Timpe, Senior Manager- Threat Research, HP Security Research
    In the world of information security, the past isn’t dead; it isn’t even the past. The 2015 edition of HP’s annual security-research analysis reveals a threat landscape still populated by old problems and known issues, even as the pace of new developments quickens. In 2014, well-known attacks and misconfigurations existed side-by-side with mobile and connected devices (the “Internet of Things”) that remained largely unsecured. As the global economy continues its recovery, enterprises continued to find inexpensive access to capital; unfortunately, network attackers did as well, some of whom launched remarkably determined and formidable attacks over the course of the year.

    The 2015 edition of the HP Cyber Risk Report, drawn from innovative work by HP Security Research (HPSR), examines the nature of currently active vulnerabilities, how adversaries take advantage of them, and how defenders can prepare for what lies ahead. Jewel Timpe, HPSR’s senior manager of threat research, describes the report’s findings and explains how this intelligence can be used to better allocate security funds and personnel resources for enterprises looking toward tomorrow.
  • Who’s watching your home? Internet of Things Security Study Recorded: Mar 4 2015 43 mins
    Craig Smith, Senior Security Researcher
    We all want our families and homes to be safe with the convenience of remote monitoring, but do these smart home security devices really make our families safer or put them at more risk by inviting easier access to our homes electronically via insecure Internet of Things? In a follow-up to HP’s 2014 report on the Internet of (Insecure) Things we explore the security of popular off-the-shelf connected Home Security Systems and discuss various testing techniques we used in our study along with recommendations for manufacturers, developers and consumers.
  • Outthinking the Bad Guys Recorded: Feb 6 2015 22 mins
    Art Gilliland, General Manager of HP Enterprise Security Products
    Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
  • Dynamically Controllable Dynamic Scanning Recorded: Jan 28 2015 41 mins
    Jonathan Griggs, Brandon Spruth, Brooks Garrett, Jeremy Brooks
    Dynamic scanning is a staple of the web application security community. The complex nature of scanning each site and the expertise required in running the tools and interpreting the results often limits the deployment models. Development teams usually do not contain a security expert and must rely on an external team to perform their dynamic audits. This means that dynamic scans are often only performed once or twice throughout the development lifecycle, usually near the end.
    Security teams also wrestle with demand for dynamic scanning. Demand is not always consistent but hardware is expensive to purchase and maintain only to sit idle. What if there were a way to automate dynamic scanning after each build in a continuous build environment while not leaving servers idle during periods of inactivity.
    In this talk we will explain how the new WebInspect API, introduced in the 10.20 release and expanded in the recent 10.30 release, can help security teams integrate dynamic scanning with WebInspect earlier in the Security Development Lifecycle (SDL) and add flexibility and scalability into your company’s Software Security Assurance program.


    Jonathan Griggs – WebInspect Product Manager
    Brandon Spruth – Security Solutions Architect, HP Fortify
    Brooks Garrett – Manager Operations and Architecture, Fortify on Demand
    Jeremy Brooks – Senior Engineer, WebInspect Engineering
  • Adapting Software Security Assurance for Cloud and Mobile Recorded: Nov 18 2014 49 mins
    Michael Farnum, Practice Principal, HP Fortify on Demand, Hewlett-Packard
    Many organizations have been building client-server and web applications for some time, and quite a few have reached a good level of maturity in regards to building security into their SDLC. Yet that traditional model of securing applications can’t fully address the security challenges presented by mobile and cloud infrastructures and the applications built around them. The business benefits of ubiquitous and quick data access (that come with mobile and cloud) are obvious, but the security issues are very real.

    Join this discussion to find out how internal development and security groups can update their software security assurance processes so that they are embracing AND securing mobile and cloud solutions.
  • Measuring and Maturing an AppSec program Recorded: Nov 6 2014 44 mins
    Bruce C. Jenkins, AppSec Program Strategist, HPSW Fortify
    Software Security Assurance (SSA) programs take many forms across various industries. What remains constant across all programs and industries is the challenge of choosing appropriate measurements. We often ask: “Is this the right metric?” “Am I collecting enough data?” “What should be reported to my managers and senior executives?” In this webinar we help you answer those questions, and we also show you how the right metrics mature your SSA program and keep it focused on business priorities.
  • Taking an AppSec Program from 0 to 60 in 30 days Recorded: Oct 16 2014 39 mins
    David Harper, Fortify on Demand Practice Principal, EMEA, HPSW ASC
    Whether a mandate to secure all web and mobile apps comes from a newly enlightened CIO or in response to a major security breach, beginning even a small application security program can be a daunting task. How will you know how many digital assets you have, let alone their risk profile?
    In this webinar we will explore how, using a cloud solution like Fortify on Demand, even the largest organizations can begin to scan apps immediately and rapidly scale an application security program. Identify and risk rank assets, fix critical vulnerabilities, and put in place a process to secure all new and existing applications - without hiring a separate security team.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: APJ Recorded: Oct 10 2014 56 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in Asia Pacific and Japan

    The cost of cyber crime is on the rise in the APJ region, according to the 2014 Cost of Cyber Crime study from the Ponemon Institute. Among 30 companies surveyed in Australia, the reported per-company cost for Internet-driven crime was $4 million, up 8.4% from 2013. In Japan, the per-company average hit $6.9 million in the study, up 5.7% from 2013.

    On the more optimistic side, companies in the region are achieving notable ROI for their investments in cyber security solutions. The average ROI for seven security technologies was 16% in Australia and 17% in Japan. For a close-up view of these and other findings from the institute’s research in Australia and Japan, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our APJ Security webinar.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: Americas Recorded: Oct 9 2014 60 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in the Americas

    In the 2014 Cost of Cyber Crime study, U.S. companies reported an average of $12.7 million in losses to cyber crime. That was the highest national average in the study by the Ponemon Institute. Among the 59 U.S. companies in the survey, the average cost of cyber crime climbed by more than 9% over the course of the year.

    Among other findings, the study noted that the most costly cyber crimes are those caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cyber crime costs. For a fuller look at these and other findings from the institute’s study of U.S. companies, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our AMS Security webinar
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: EMEA Recorded: Oct 8 2014 59 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in Europe

    For its 2014 Cost of Cyber Crime study, the Ponemon Institute expanded its focus in Europe to encompass the Russian Federation, as well as France, Germany, and the United Kingdom. Collectively, the institute surveyed 137 companies in Europe in a study that found broad differences in the reported costs of cyber crime across the region. The per-company average ranged from $3.3 million in the Russian Federation to $8.1 million in Germany.

    The study results indicate that over the course of the year, cyber crime rose 20.5% in France, 17.4% in the U.K., and 7.2% in Germany. For a closer look at these and other findings from the institute’ European research, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our EMEA Security webinar.
  • The Internet of (Insecure) Things Recorded: Aug 14 2014 20 mins
    Craig Smith, Senior Security Researcher
    The Internet of Things (IoT) is a hot topic these days. Smart devices, systems, and services that “talk” to other devices via the internet means we can all be a lot more productive, but also opens us up to added security risk. Gartner says there will be 26 billion of these interconnected devices installed by 2020.

    Until now there had been very little research done on the security of available devices and technologies, HP Fortify Security Research team decided to take this on. This is an overview of their findings.
  • HP Cyber Risk Report Recorded: Jul 23 2014 4 mins
    HP Enterprise Security
    In application vulnerability testing performed by HP, 52 percent of total vulnerabilities found are on the client side, and 48 percent are on the server. That is one of the real-world statistics uncovered by the HP 2013 Cyber Risk Report and summarized in this informative four-minute video.

    The Cyber Risk Report video presents the data you need to separate the hype from the real threats and better plan how to spend your security dollars. View it to learn the most common kinds of attacks and to hear the one lesson learned from the in-depth study of the 2013 attack that took down South Korean Banks.
  • Static Application Security Testing Demystified Recorded: Jun 23 2014 41 mins
    David Harper, Fortify on Demand Practice Principal, EMEA
    Static analysis vs. Binary analysis, binary vs. bytecode, debug vs. obfuscation… Confused about Static Application Security Testing? In this webinar, David Harper, Fortify on Demand Practice Principal will explain all these terms, dispel some of the rumors and clear up any confusion. Afterwards, you will be able to authoritatively select the best approach for your Static Application Security Testing needs that will address your requirements for both comprehensive vulnerability detection and actionable remediation advice.
  • Do You Trust Your Mobile Apps? Recorded: Jun 17 2014 45 mins
    David Anumudu, Software Security Solution Architect, HP Enterprise Security
    While users are more mobile than ever, that flexibility has also come with increased risk. As business managers push for more mobile apps, faster development, newer features and broader distribution of these apps, the businesses’ risk exposure grows exponentially. Organizations are at risk of exposing their corporate data, losing brand equity, and ultimately suffering financial loss through breaches of their mobile applications. IT must ensure these apps are secure, even if they are developed by a third party, so understanding the mobile vulnerability landscape is critical and its tough to keep this expertise in-house.

    HP Security Research leveraged HP Fortify on Demand (FoD) Mobile to scan more than 2,000 mobile applications from more than 600 companies, revealing alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
  • Closing the Book on Heartbleed - and Avoiding Future Sad Stories Recorded: May 14 2014 61 mins
    Joanna Burkey, TippingPoint DVLabs Manager, and Joe Sechman, Manager, Software Security Research for HP
    The Heartbleed vulnerability in OpenSSL forced millions of users to changed passwords and enterprises to rapidly patch thousands of servers.Because of all the publicity there continues to be a lot of CXO-level awareness around cyber security and now is the perfect time to recommend strategies for avoiding or mitigating the next Heartbleed - and there *will* be a next one. There were many lessons learned during Heartbleed than can be used to bolster your plans and your presentations to management to gain funding.
    In this SANS Special webcast, John Pescatore, SANS Director of Emerging Security Trends will present an overview on the details around Heartbleed and an update on the current status, risks and industry efforts around software security. He will then moderate a panel of vendor experts in a discussion around lessons learned from dealing with Heartbleed and best practices for mitigating or shielding the risks due to vulnerabilities in open source and other third party software. Panelists will include Joanna Burkey, TippingPoint DVLabs Manager, and Joe Sechman, Manager, Software Security Research for HP.
  • Software Security Assurance-Developing an Effective Application Security Program Recorded: Apr 25 2014 41 mins
    Bruce C Jenkins, AppSec Program Strategist
    Do you trust your software?
    Software security has never been more important to the success of your business. Using the BSIMM framework, this session covers best practices for application development; why you should put people and process before technology, how to pitch the value of coding standards to CIOs and developers, and how to build security into the software development life cycle as opposed to the all-too-often-seen reactive, bolt-on approach.
  • Introducing a New Level of on Demand Application Security Recorded: Mar 27 2014 58 mins
    Ryan Berg, Chief Security Officer, Sonatype and Ryan English, Director of Fortify on Demand & Mobile Security Services
    According to Gartner, by 2015, ninety-nine percent of mission -critical applications in Global 2000 companies will contain open source. The ease of using open source components speeds development and creates competitive advantage but can introduce security risk into your organization. Do you know what open source components are used in your application landscape?

    Sonatype and HP Fortify are the first to deliver a new level of application security that includes static and dynamic testing coupled with open source component analysis. Join this session to learn how your organization can use Fortify on Demand to gain complete visibility into what components you are using and if there are known vulnerabilities or license obligation that bring risk to your organization and your customers.
  • The Application Blind-spot Recorded: Feb 18 2014 28 mins
    Eric Schou & Rob Putman
    In many organizations, Security Operation Center teams have little to no visibility into application security events. This is a significant challenge because security teams can’t protect the organization If they can't identify threats. With the evolution of threats targeting applications as the weakest link in the security ecosystem, security teams need help closing the security gap that results from improper user access as well as an improper usage of applications. For many organizations it takes up to 270 days to recognize that they have been breached and it’s often a 3rd party such as customer that highlights the issue. Can your organization wait for a breach to happen to react? Attend this webcast to hear from HP security experts, as they articulate specific use case examples.
  • The 6 Deadly Mistakes of Mobile Application Development Recorded: Dec 13 2013 39 mins
    Daniel Miessler
    Everyone's heading to mobile and attackers are following. To stay ahead of the curve you need to think like the enemy. In this talk Fortify on Demand Principal Security Architect, Daniel Miessler, talks about what makes mobile security different, the OWASP (mobile) top ten and deadly mistakes NOT to make during mobile app development.
Proactively Securing Software for the Enterprise.
Listen to experts from HP, partners and customers discuss pressuring issues across application security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Magic Numbers - Guide to the 5 Key Metrics for Security
  • Live at: Oct 5 2010 4:00 pm
  • Presented by: Rafal Los
  • From:
Your email has been sent.
or close
You must be logged in to email this