The Impact of Cloud on the Future of Web Application Security

As a live attendee, you will take part in 4 compelling votes, giving you the ability to shape the direction of this expert discussion. Does the cloud change web application security? Does the CSA, Jericho, ENISA provide sufficient guidelines? Does the cloud make compliance more difficult? View live to take part and hear the results of the audeince vote.

Ron Condon
Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine

Dennis Groves is the co-founder of OWASP and a member of WASC. His contributions to OWASP include the "OWASP Guide" downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web applications.

Justin Clarke is an information security consultant years of experience in assessing the security of networks, web applications, and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand.

Sukanta Chakravorty is currently a Cloud Researcher at ISG & RHUL and has previously held senior executive roles in Incident Response Management and IT at Wipro.

Recorded Sep 9 2010 48 mins

Your place is confirmed,
we'll send you email reminders

Watch for free

Presented by
Ron Condon; TechTarget; Dennis Groves, Founder, OWASP; Sukanta Chakravorty, Cloud Researcher, RHUL; Justin Clarke, OWASP

Presentation preview: The Impact of Cloud on the Future of Web Application Security

Network with like-minded attendees

Add a photo
- [[ session.user.profile.displayName ]]
- [[ session.user.profile.jobTitle ]]
- [[ session.user.profile.companyName ]]
- [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
- [[ card.displayName ]]
- [[ card.jobTitle ]]
- [[ card.companyName ]]
- [[ userProfileTemplateHelper.getLocation(card) ]]

Channel
Channel profile

Information Security

Solving the dilemma of securing private data in the cloud Oct 12 2016 10:00 am UTC 45 mins

Sunil Choudrie, Global Solutions Marketing Mngr - Symantec & Robert Arandjelovic, Security Strategy Director EMEA - Bluecoat

The cloud allows open sharing of data, allowing people to access information at home, in the office or on the move. This openness has come at a price, putting security and data privacy at risk.

Research shows that on average, organisations are aware of less than 10% of all cloud applications used by their staff, providing a massive blind spot. If you don’t know where your sensitive data is, how do you secure it? In this 45 minute webinar we will outline the Symantec three-part framework for managing the Information Protection lifecycle and show how this applies to securing the cloud. The webinar will address:
· The opportunities and risks of moving data to the cloud
· Security and privacy implications
· The Symantec three-part framework
o How to ensure only trusted users and devices can access data
o How to classify and discover sensitive data, and gain full visibility into the cloud
o How to protect data through the application of encryption technology
· Future direction and recommendations

So if you are struggling with the dilemma of providing open access to sensitive data, register for this webinar today.

Save your seat
Privacy vs. Security in a Big Data World Oct 11 2016 8:00 pm UTC 45 mins

Tamara Dull, Director of Emerging Technologies for SAS Best Practices

Regardless of the scarlet letter we want to hang around his neck, we should thank him for helping bring the discussion of big data privacy and security to the public square. It’s not just for the privacy freaks and security geeks in the back room anymore. In this session, we’ll take a look at these issues in context of the six-stage (big) data lifecycle: create, store, use, share, archive, and destroy. We each have a role to play in this privacy/security theater. What’s yours going to be?

Save your seat
Privacy vs Security: A False Trade-Off? Oct 11 2016 7:00 pm UTC 45 mins

Kelly Shortbridge, Co-Founder of IperLane

Recent controversies such as Apple vs FBI have highlighted that often strong security is a prerequisite for privacy, and that upholding privacy can ensure stronger security is built into software. As consumers become more aware of privacy issues, can the argument still be made that security must be sacrificed in place of privacy? How do new technologies confirm or deny this notion?

Save your seat
The Web Browser: A Security & Privacy Train Wreck Oct 11 2016 6:00 pm UTC 45 mins

Brian Zaugg, Director Information Security at Authentic8

The web browser is arguably the most utilized software on any given endpoint. The browser has evolved into a feature-rich tool used to consume & create content of all kinds, conduct financial transactions, access sensitive health care information -- you name an application and data type and someone has a browser based solution.

Browsers are also the least managed software in the enterprise. Most IT shops have abdicated control of the browser. Bolt-on browser security solutions, like proxies and application firewalls, rest on the enterprise perimeter and, in our mobile BYOD world, ultimately still leave the endpoint, the user, and the user's data exposed.

There is a natural tension between the browser, enterprise IT security, and privacy. The browser exposes the user and the user's data to both security and privacy risks. Security and privacy objectives may overlap; but, they are just as often at odds. For example, most enterprises conduct content inspection and blocking of user browsing activity; few enterprises encourage or allow a user to take advantage of TOR and other anonymization and privacy technologies. Meanwhile, enterprise and user confidential data is the treasure that bad guys are hunting.

Save your seat
Your Credentials Are Compromised, So Now What? Oct 11 2016 5:00 pm UTC 45 mins

Lee Godby, Director of Business Development at Centrify

Today, more and more security breaches are being reported - Home Depot, Target, Sony, Anthem, and Office of Personnel Management (OPM) to name a few. There are numerous attack vectors, but the most prevalent vector is compromised credentials. So how can corporations or entities protect themselves from these types of attacks, while ensuring the privacy of employees and customers? In this discussion, understand how to empower your employees through multi-factor authentication (MFA), while significantly reducing the chances of having a “Strategic Corporal” bring down your operation.

Save your seat
20 Months to a New Global Data Privacy Law – What You Need To Do Oct 11 2016 5:00 pm UTC 60 mins

Nigel Hawthorn of Skyhigh

The GDPR Covers Anyone with Data on European Residents

In May 2018, a new data privacy law comes into effect and any organisation with data on the 500+ million citizens of the European Union (EU) has to comply. Fines can be up to 4% of revenue, mandatory data loss notification to regulators and users comes into force, and class action lawsuits will land on the desk of anyone unfortunate enough to lose data. As with any data loss incident, these costs may be dwarfed by the loss of brand image and customers choosing not to do business with you again.

Unmanaged cloud could be your weakest link, so what do you need to do?

Join us for this webinar where the author of “GDPR – An Action Guide for IT” will speak and you will learn:

· The top ten points of the new regulation
· Which departments in your organisation need to be part of the GDPR-Readiness Team
· What you need to do today, what you can leave until tomorrow
· Policies for collecting, processing, transferring and deleting data
· 25 questions to ask yourselves to ensure you are ready

Save your seat
PCI DSS 3.2 – What’s New? What are the Best Tools to Prevent Data Loss? Oct 11 2016 4:00 pm UTC 45 mins

Ulf Mattsson, CTO, Compliance Engineering

PCI DSS v3.2 provides an important and unique update on data discovery (A3.2.5, A3.2.5.1, A3.2.6) for service providers. Join this webinar and learn about the new requirements, and how implementing data discovery solutions can make it easier to validate PCI compliance.

It is becoming widely recognized that “unknown” data leakage of PCI data, and more broadly other Personally Identifiable Information, within enterprises is the highest value target for the “bad guys”. While current market Data Loss Prevention tools are valuable, they do not provide for expansive and prescriptive data discovery. We urgently need more intelligent data discovery tools to dynamically limited our attack surface.

This presentation will highlight some of these tools.

Save your seat
Understanding the Risks from DDoS Attacks Oct 11 2016 3:00 pm UTC 45 mins

Rohit Kinra, Director - Product Technology, Verisign

Recent DDoS attacks trends indicate that DDoS attacks are becoming more sophisticated and persistent. During Q2 2016, Verisign observed that 23 percent of customers were attacked five times or more. What do these DDoS trends mean for your organization, especially during the upcoming holiday season?
Join Rohit Kinra, Director, Product Technology, Verisign, on October 11, 2016 at 11am ET, as he discusses the behavioral shifts observed by Verisign in recent DDoS attacks and what should concern you. Rohit will also share recommendations on how your organization can prepare and defend against DDoS attacks.

Save your seat
Leaky Mobile Apps: Stemming the Flood of Private Data Oct 11 2016 3:00 pm UTC 45 mins

Andrew Hoog, CEO and Co-founder, NowSecure

The amount of data generated, stored and transmitted by mobile devices and apps is startling. Information leakage in mobile apps and devices exposes personal and corporate data that can be used for illicit purposes. IT security professionals need visibility into the risk introduced into the corporate environment by apps installed on employees’ dual-use devices. Mobile security expert and NowSecure CEO and Co-founder Andrew Hoog will provide an overview of privacy and security risks in mobile apps and present a checklist for managing those risks in the enterprise.

Save your seat
Privacy vs. Security Oct 11 2016 1:00 pm UTC 45 mins

Steve Durbin, Managing Director, ISF Ltd

In May 2018 the EU’s General Data Protection Regulation (GDPR) will take effect. The GDPR upholds the protection of personal data and increases the accountability of organisations processing any personal details belonging to EU citizens- with severe penalties for those who do not comply.

In this webinar Steve Durbin, Managing Director at the ISF, discusses why it is important for the security and data privacy teams to work together to run risk assessments on their most critical information assets and to develop checklists, policies and procedures that can be implemented internally and with third party suppliers. Only by taking this approach will organisations be able to remain agile, maintain customer confidence and demonstrate that they are ‘GDPR ready.’

Save your seat
The role of Threat Intelligence Feeds in the Battle Against Evolving Cybercrime Oct 11 2016 2:00 am UTC 45 mins

Nahim Fazal, Head of Cybersecurity Development at ‎Blueliv

Today, advanced cyber threats form part of the risk landscape we encounter every day in our increasingly digital lives. Cybercrime is known for its complex, chameleon characteristics – it’s a highly lucrative industry with fast-paced innovation at its core. The evolution of cybercriminal techniques enables it to thrive, and we need to sprint to keep up. Organizations must respond with security solutions nimble enough to compete with the bad guys. Sounds like a job for MRTI, and we think we’ve got just the ticket.

This webinar intends to be an educational piece for any Security team in need of having a better understanding of the value provided by Threat Intelligence feed in order to complement traditional security real estate. This is not intended for those who already have a strong expertise and understanding of the fundamentals of threat intelligence delivered via a feed.

Save your seat
Smartphone Encryption Is Getting Stronger. Is It Enough To Keep You Safe? Oct 6 2016 4:00 pm UTC 45 mins

Heather Mahalik, Principal Forensic Scientist at ManTech CARD

As smartphones become more secure, what has changed for us forensically? What are the different types of security measures being deployed and how do these affect our processes? Which acquisition methods are best for secured devices? If you get an image of the device, can your current forensic methods provide you access for analysis? And most of all, will these security mechanisms keep your private data safe?

This presentation will go into detail on each of these topics and dive into ways around some of these security features on smartphones. White papers, tools (including open source) and methods written and developed by those in our community will be discussed. Don't let a smartphone "out smart" you - take the reigns of your investigation.

Save your seat
Cyber Crime – Why Are You a Target Oct 4 2016 2:00 pm UTC 60 mins

Richard Cassidy, UK Cyber Security Evangelist

According to cyber security experts, the frequency and severity of cyber attacks are on the rise, causing alarm to businesses and customers across a variety of industries. Taking a proactive, strategic approach to evaluating your cyber security strategy is critical, it starts with understanding who your organisations adversaries are and what the impact would be on your business if you were the victim of a cyber attack.

Register for this impactful webinar presented by Richard Cassidy, UK Cyber Security Evangelist at Alert Logic as he examines the latest methods and exploits used by cyber criminals providing an overview of the most current ways they target businesses. You’ll get an insight on how the most sophisticated attackers choose their targets, what they are looking for, and how they extract valuable data.

In this webinar, we will take a look at:
• The ever-changing threat landscape, and how it affects your business
• Tactics, techniques and procedures (TTPs) used by cyber criminal actors
• Strategies and tools for mitigating the risk of cyber attack
• Insight into Real-life case studies

Save your seat
LIVE Interactive Q&A: Steve Durbin on the Yahoo Data Breach Sep 30 2016 10:00 am UTC 45 mins

Steve Durbin, Managing Director, ISF Ltd

Last week Yahoo was hit with the biggest data breach of all time; with an estimated 500 million customer accounts compromised by hackers. The attack will have significant rippling effects on consumer trust, data protection standards and information security practices. The legal battle is now also only just beginning, with two key cases being heard in California, as Yahoo is sued for data-protection negligence.

But what will does all this mean to your business? Do you feel compromised professionally or personally? Were key mistakes made that you can avoid? How can you best prepare (in terms of incident response) to such a breach? Will the attack have lasting effects or will it disappear into the annuls of history alongside the Ashley Maddison, Target and Linkedin hacks. All these questions and more will be answered live, over webcam by Security expert and Managing Director of the ISF Steve Durbin.

Tune in, ask your burning questions and join the conversation on BrightTALK.

Save your seat
What You Need To Know about the Yahoo! Breach: Steps To Take Today Sep 28 2016 7:00 am UTC 45 mins

John Bambenek, Manager, Threat Systems at Fidelis Cybersecurity

With the news Yahoo! was breached in 2014 and 500 million user accounts were potentially compromised, this breach became the biggest in history to date. However, the damage extends far beyond Yahoo! properties where the digital identities of users could be compromised on other sites, business documents leaked and other harm could come for users who don’t take immediate steps.

This talk will cover not only the breach, but the aftermath in what users and enterprises should do to protect themselves over breaches affecting other companies.

Save your seat
Are you ready for the notification requirements of upcoming EU Legislation? Recorded: Sep 23 2016 49 mins

Danielle Kriz, Sr Director, Global Policy at Palo Alto Networks and Emily Tabatabai, Privacy Counsel at Orrick

Doing business in the European Union is changing. By May 2018, companies must comply with the new General Data Protection Regulation’s (GDPR) data breach notification requirements and the Network and Information Security (NIS) Directive’s security incident notification requirements.

Notification requirements make it imperative to prevent incidents before they happen. To help you prepare for these new requirements, Palo Alto Networks is hosting a webinar with cybersecurity and data privacy lawyers from Orrick Herrington & Sutcliffe to discuss:

· What are the requirements and the deadlines under each law?
· What are the thresholds for notification, and who needs to be notified?
· How should companies prepare for their oncoming obligations? What strategies should be in place? What have other international companies done to prepare and communicate?
· What might be the legal consequences of non-compliance?

Watch now
HPE ART - Protect your Business now Recorded: Sep 22 2016 48 mins

Pedro Miguel Jeronimo Mendes, Datasmart

In this session, you will gain understanding on how data is growing faster and is shared every day across the business world. It looks that company’s today won’t survive without their Data, and it’s not only a matter of lose everything, could be a matter of unavailability and you are out of Business. This session will cover how to protect your data and secure it for sharing

Watch now
State-of-the-Art Security Framework for Breach Prevention Response Strategy Recorded: Sep 22 2016 49 mins

Gregory Albertyn, Sr Director Cybersecurity & Privacy at PwC, Simon Mullis, Global Technical Lead GSIs at Palo Alto Networks

Traditional approaches of detecting and remediating threats are becoming increasingly inadequate to effectively manage risk in today’s increasingly regulated, cyber threat landscape.

Join a live webinar and Q&A to learn how PwC and Palo Alto Networks have formed a strategic partnership to help more customers achieve cyber resilience.

The webinar will introduce

•The emerging regulatory landscape that is driving the need for organizations to redesign their incident response and data compliance programs
•A state-of-the-art security framework that serves as a guide for organizations to assess, develop, and implement a breach prevention security posture.
•Recommended security architectures, organizational structures, and computing processes that enable breach prevention.
•Live Q&A with cybersecurity experts from PwC and Palo Alto Networks, for practical insights and real world experiences.

Watch now
Are you secure against threats with cyberinsurance? Recorded: Sep 22 2016 15 mins

Fred Streefland, Leaseweb Global and Dharminder Debisarun, Palo Alto Networks

The cynical would suggest that cyber insurance is growing as some look for a cheaper route to manage risk. However many see the cyber insurance industry as potentially the new enforcer of good security practices.

Palo Alto Networks customer Leaseweb is an organization that recently purchased cyber insurance. We invite you to join us on Thursday September 22 for an interview with Fred Streefland, IT Security Manager at Leaseweb Global. Palo Alto Network’s Dharminder Debisarun interviews him to learn more their decision to purchase cyberinsurance. You will hear what is generally covered and how it can be part of a prevention strategy. There will also be a chance to answer questions at the end of the session.

Watch now
Threat Prevention on Your Terms Recorded: Sep 22 2016 38 mins

Joerg Sieber, Director, Product Marketing, Palo Alto Networks

A cloud-based community-driven approach for advanced threat detection and prevention is paramount to successfully combatting attackers. The scale, speed of enhancements, community leverage, and automated prevention that WildFire provides is unparalleled. At the same time, some organizations are concerned about data privacy and protection when dealing with cloud-based threat analysis.

Palo Alto Networks is proud to introduce the WildFire EU cloud. Customers now have the option to submit unknown files and e-links to the WildFire EU cloud for analysis, where data is fully analyzed without ever leaving European borders. This is of particular interest to companies within the European Union and international organizations looking for localized clouds combined with the power of global cloud threat analytics.

At this valuable and information webinar we will explore how WildFire EU cloud helps you:

1. Address data privacy needs – Data analyzed by WildFire EU cloud remains within the boundaries of the EU. This alleviates data transfer concerns shared by some of our customers and addresses the needs of many international organizations.

2. Leverage global threat intelligence – WildFire EU cloud leverages access to the largest threat analysis tool in the World used by more than 10,000 customers as part of the Palo Alto Networks next generation security platform, providing complete prevention capabilities.

3. Take advantage of groundbreaking Threat Analytics and Correlation – Security teams can accelerate threat hunting, analytics and response efforts with globally correlated intelligence from the entire WildFire community, made directly accessible through the AutoFocus service.

Watch now

The latest trends and best practice advice from the leading experts

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.