Browse communities
Presenting a webinar?
Share this content

The Impact of Cloud on the Future of Web Application Security

Ron Condon; TechTarget; Dennis Groves, Founder, OWASP; Sukanta Chakravorty, Cloud Researcher, RHUL; Justin Clarke, OWASP
As a live attendee, you will take part in 4 compelling votes, giving you the ability to shape the direction of this expert discussion. Does the cloud change web application security? Does the CSA, Jericho, ENISA provide sufficient guidelines? Does the cloud make compliance more difficult? View live to take part and hear the results of the audeince vote.

Ron Condon
Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine

Dennis Groves is the co-founder of OWASP and a member of WASC. His contributions to OWASP include the "OWASP Guide" downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web applications.

Justin Clarke is an information security consultant years of experience in assessing the security of networks, web applications, and wireless infrastructures for large financial, retail, technology and government clients in the United Kingdom, the United States and New Zealand.

Sukanta Chakravorty is currently a Cloud Researcher at ISG & RHUL and has previously held senior executive roles in Incident Response Management and IT at Wipro.
Sep 9 2010
48 mins
The Impact of Cloud on the Future of Web Application Security
cloud security Application Security OWASP
Join us for this summit:
Advanced Threat Protection
March 2014 View summit
More from this community:

IT Security

Webinars and videos

  • Live 5 and recorded (4261)
  • Upcoming (148)
  • Date
  • Rating
  • Views
  • BAYAS (Swahili word for 'badness' aka. malware of any kind, shape or form) continue to grow in number as script kiddies, hacktivists, organised crime and nation-state actors use them to deface websites, steal money, engage on cyber-warfare or "simply" to disrupt large businesses or nation-critical infrastructure.

    However, malicious software don't exist in a vacuum; any piece of malware is designed to call-back home sooner or later: to download additional malware, to report back to a C&C server or to exfiltrate data. How can Incident Responders detect hidden malware on the network using open-source tools and what patterns do they need to look for? In my webinar, I will share lessons learnt from practical traffic analysis in the field (i.e. predominate communication protocols, current trends, etc.) and present some effective techniques used to filter suspicious connections and investigate network data for traces of malware using tools like Wireshark, Snort and Bro.

    About the speaker:
    Ismael Valenzuela 13 years years experience in IT security and currently works as Principal Architect at McAfee Foundstone Services in EMEA. Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also has experience teaching at BlackHat, serves on the GIAC Advisory Board and is a Community SANS Instructor for the Computer Forensics and Intrusion Detection tracks.

    He holds a bachelor's degree in computer science from the University of Malaga (Spain), is certified in Business Administration, and holds several professional certifications including. He is Lead Auditor from Bureau Veritas UK.

    Some of his articles are freely available at http://blog.ismaelvalenzuela.com.
    Mr. Valenzuela can be followed on twitter at @aboutsecurity
    Read more >
    Enter
  • BAYAS (Swahili word for 'badness' aka. malware of any kind, shape or form) continue to grow in number as script kiddies, hacktivists, organised crime and nation-state actors use them to deface websites, steal money, engage on cyber-warfare or "simply" to disrupt large businesses or nation-critical infrastructure.

    However, malicious software don't exist in a vacuum; any piece of malware is designed to call-back home sooner or later: to download additional malware, to report back to a C&C server or to exfiltrate data. How can Incident Responders detect hidden malware on the network using open-source tools and what patterns do they need to look for? In my webinar, I will share lessons learnt from practical traffic analysis in the field (i.e. predominate communication protocols, current trends, etc.) and present some effective techniques used to filter suspicious connections and investigate network data for traces of malware using tools like Wireshark, Snort and Bro.

    About the speaker:
    Ismael Valenzuela 13 years years experience in IT security and currently works as Principal Architect at McAfee Foundstone Services in EMEA. Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also has experience teaching at BlackHat, serves on the GIAC Advisory Board and is a Community SANS Instructor for the Computer Forensics and Intrusion Detection tracks.

    He holds a bachelor's degree in computer science from the University of Malaga (Spain), is certified in Business Administration, and holds several professional certifications including. He is Lead Auditor from Bureau Veritas UK.

    Some of his articles are freely available at http://blog.ismaelvalenzuela.com.
    Mr. Valenzuela can be followed on twitter at @aboutsecurity
    Read more >
    Enter
  • While threat intelligence promises to help with the effective detection of advanced threats, it usually achieves the opposite: detecting the most predictable attackers. To be included as part of a vendor provided threat intelligence feed, an attacker must have tried attacking several potential victims before, and must have used the exact same method to be captured in the threat intelligence feed.

    In this presentation we will see how to make threat intelligence valuable for detecting advanced targeted threats directly aimed at your organization. We will see how to create a threat intelligence feed close to the target, as a shared effort between departments, subsidiaries or organizations working closely together to ensure identification of targeted threats. In addition we will see how to extend the term intelligence into additional detection mechanisms such as behavioral patterns.
    Read more >
    Enter
  • While threat intelligence promises to help with the effective detection of advanced threats, it usually achieves the opposite: detecting the most predictable attackers. To be included as part of a vendor provided threat intelligence feed, an attacker must have tried attacking several potential victims before, and must have used the exact same method to be captured in the threat intelligence feed.

    In this presentation we will see how to make threat intelligence valuable for detecting advanced targeted threats directly aimed at your organization. We will see how to create a threat intelligence feed close to the target, as a shared effort between departments, subsidiaries or organizations working closely together to ensure identification of targeted threats. In addition we will see how to extend the term intelligence into additional detection mechanisms such as behavioral patterns.
    Read more >
    Enter
  • While threat intelligence promises to help with the effective detection of advanced threats, it usually achieves the opposite: detecting the most predictable attackers. To be included as part of a vendor provided threat intelligence feed, an attacker must have tried attacking several potential victims before, and must have used the exact same method to be captured in the threat intelligence feed.

    In this presentation we will see how to make threat intelligence valuable for detecting advanced targeted threats directly aimed at your organization. We will see how to create a threat intelligence feed close to the target, as a shared effort between departments, subsidiaries or organizations working closely together to ensure identification of targeted threats. In addition we will see how to extend the term intelligence into additional detection mechanisms such as behavioral patterns.
    Read more >
    Enter
  • Drawing on data gathered from nearly 40,000 unique cyber attacks (more than 100 per day) and over 22 million malware command and control (CnC) communications, the Advanced Threat Report provides a global look into cyber attacks that routinely bypass traditional defenses such as firewalls, next-generation firewalls, IPS, antivirus and security gateways.

    Join FireEye's Greg Day, VP & CTO for EMEA, for an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the countries where advanced attacks are most prevalent today. In addition, Greg will look at trends taking place in specific industries.
    Read more >
    Play
  • Drawing on data gathered from nearly 40,000 unique cyber attacks (more than 100 per day) and over 22 million malware command and control (CnC) communications, the Advanced Threat Report provides a global look into cyber attacks that routinely bypass traditional defenses such as firewalls, next-generation firewalls, IPS, antivirus and security gateways.

    Join FireEye's Greg Day, VP & CTO for EMEA, for an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the countries where advanced attacks are most prevalent today. In addition, Greg will look at trends taking place in specific industries.
    Read more >
    Play
  • Android smartphones provide amazing connectivity and convenience but this accessibility and customization but can come at the price of personal security. Mobile security software can provide the safeguards you need for your device and information.
    Read more >
    Play
  • This panel session moderated by Jarad Carleton of Frost and Sullivan will bring together industry experts from the likes of Lacoon, Skycure and Lookout. Our panelists will discuss the greatest challenges mobile security poses to the enterprise and share their insights and best practices to keeping organizations secure.
    Read more >
    Play
  • This panel session moderated by Jarad Carleton of Frost and Sullivan will bring together industry experts from the likes of Lacoon, Skycure and Lookout. Our panelists will discuss the greatest challenges mobile security poses to the enterprise and share their insights and best practices to keeping organizations secure.
    Read more >
    Play
  • Channel
  • Channel profile

Information Security

Up Down
  • Automation, Security Configuration & Compliance Management for Servers Mar 13 2014 3:00 pm UTC 45 mins
    Join Mike Gare to hear more about how to simplify security configuration management and automation for servers.

    IBM intention to share the details of a our exciting solution comprising our best-in-class automation and security configuration management capabilities - all leveraging the BigFix platform. That means a single agent, console and server to provide a comprehensive offering for Data Center Ops and IT Security Professionals - all at the lowest TCO.

    Michael Gare is a Product Manager with more than 20 years of experience with global organizations including Computerland, Nortel Networks and IBM. Mike has a broad range of experience in Telecommunications, Mobile technologies, Data Center Automation and Cloud Computing. He has performed a variety of leadership roles, all of which, involved working directly with customers.

    He is currently a software product manager in IBM responsible for a number of solutions focused on automating the lifecycle management of servers.
    Attend
  • New technologies and the internet of things Mar 13 2014 2:00 pm UTC 45 mins
    Organizations’ dependence on the Internet and technology has continued to grow over the years. The rise of objects that connect themselves to the Internet is releasing a surge of new opportunities for data gathering, predictive analytics and IT automation. The security threats of the Internet of Things (IoT) are broad and potentially devastating and organizations must ensure that technology for both consumers and companies adhere to high standards of safety and security. This webcast will look at the way IoT is impacting daily business and discuss how business leaders and security chiefs can get the most from this increasingly pervasive trend.
    Attend
  • Using Hackers' Own Methods & Tools to Defeat Persistent Threats Mar 12 2014 6:00 pm UTC 45 mins
    In today’s world of advanced persistent threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn't really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats.

    Thinking like an attacker isn't good enough, nor are traditional solutions, as smart adversaries already know which technologies they'll disable on your system. However, incorporating the right hacker-like methods and tools can give security teams a new level of situational awareness and context needed to respond quickly to targeted, persistent threats.

    Attendees will learn a new approach consisting of four fundamentals: Detect, Remediate, Analyze and Resist. The presentation will provide detailed information including how to:

    • Use attacker technology and tools against adversaries to detect their presence on all endpoints
    • Incorporate the same stealth techniques that attackers use to remain hidden from you - so you can monitor them
    • Leverage forensics at the point of attack to better understand the overall threat
    • Use big data analytics to collect and analyze behavioral data across the enterprise
    Attend
  • Intro to Box Mar 12 2014 6:00 pm UTC 60 mins
    Join us for our Intro to Box series, a monthly discussion of the latest in
    the world of enterprise IT, content collaboration, cloud technology, and Box.
    We'll cover an overview of Box, how businesses like yours are changing the
    way they work with Box and other cloud technologies, and walk through a
    demo of the latest and greatest in the product. The sessions will be led by
    Box product experts, and you might even get a guest appearance from one of
    our fearless leaders.
    Attend
  • Achieving Enterprise Defensibility Mar 12 2014 5:00 pm UTC 45 mins
    Advanced adversaries refining techniques hourly against a highly complex and constantly evolving enterprises with a Security team that is overwhelmed at a disadvantage immediately causes a chasm in overall Risk for most organizations. Learn how the best teams create more defensible state through enhanced visibility and advanced analytics in order to reduce the risk gap and quickly close any window of opportunity for an attacker.
    Attend
  • Resurrection of the Data Entry Attack Mar 12 2014 4:00 pm UTC 45 mins
    Since the 1990’s, data entry-based attacks have been utilized to social engineer credentials from users for network access. There was a period of time when they were forgotten or overlooked by information security teams due to the prevalence of Trojans, worms, DDoS, and other malware attacks. Well, data entry attacks are back in fashion as reported in recent high-profile breaches. This session will provide some history, highlight examples, and demonstrate the latest techniques to develop and detect data entry-based phishing attacks.
    Attend
  • Defending Your Data Visibility is the First Step In Defense Mar 12 2014 3:00 pm UTC 45 mins
    As threats have become more complex, so have the tools to mitigate them. Frost & Sullivan Principal Consultant Jarad Carleton and WatchGuard Director of Security Strategy Corey Nachreiner will discuss the pressing need for real-time visibility of critical security parameters, and better manageability of your increasingly numerous and complex IT security tools.

    Join Jarad as he explains what IT leaders should look for in security solutions in order to maximize efficiency and productivity—the tools you need to pull the critical information from your oceans of log data.

    Corey will then discuss specifics of how you can achieve a unified security environment that provides the focused visibility and simplified management you need.
    Attend
  • Advanced Threat Protection and the Role of a Sandbox Mar 12 2014 2:00 pm UTC 45 mins
    While understanding the need for Advanced Threat Protection (ATP) is easy, understanding what ATP actually is and how to implement it in your network is a completely different story.  In Network Security, like life, there are very few absolutes.  Relying on only one technology to fight a wide range of threats is not one of them.
     
    This webinar will cut through the various claims being made in the market and look at a solution designed with only one objective – to stop Advanced Targeted Attacks from getting into your network.
    Attend
  • 2014 Top IT Security Trends Mar 12 2014 11:00 am UTC 45 mins
    IT networks are staged for massive changes in 2014. With users and endpoint devices proliferating and with threats to systems and data becoming more sophisticated and pervasive, organizations of all sizes must be prepared for what lies ahead.
     
    Attend our  “Top Trends Driving IT Security in 2014” webinar to find out what these trends mean for your IT network, and what you can do to stay ahead of the game.
     
    You’ll learn:
    •What kinds of attacks to expect from a new generation of exploits
    •How botnet operators now cloak their command and control operations
    •What types of organizations and platforms will be targeted by ransomware
    •Why Near Field Communication capabilities open the door to new exploits
    Why traditional security is no longer effective against new, sophisticated threats
    Attend
  • 2014 – the Year of Data Encryption and Data Protection Mar 11 2014 5:00 pm UTC 45 mins
    Data Encryption has been spoken about for years, but finally ENCRYPTION importance has come front-page. From the recent Snowden NSA Affair to major data breaches at Target, companies now have no choice but to consider securing their data at the source.

    This presentation will introduce you to your responsibilities in providing your customers with the Due Diligence (Risk Control and Executive Management Oversight) and Due Care (Continuous Monitoring through Security Practices, Procedures, Policies, Processes and Standards) that their personal data deserves.
    Attend
  • Know Your APT Unknowns – How to Unlock Irrefutable Insight from Your Packets Mar 11 2014 3:00 pm UTC 45 mins
    Advance Persistent Threats (APT) use unexpected, multiple, time limited and diverse attack vectors. Experience, knowledge and skills all play a powerful role in shaping effective security intervention decisions but without robust understanding of your context, actual network traffic and content you are left relying on making an informed guess which may or not prove to be correct. 

    When APT security issues occur network security operations professionals are instantly under pressure from their organization to explain and resolve the problems swiftly. So how fast can you react to a suspected APT security anomaly? And even more importantly, are you giving yourself the best chance of success when you act by ensuring that your actions are informed, appropriate and effective?
     
    The capture and examination of network traffic before, during and after an event of interest can provide you the clarity and understanding to make a truly informed intervention and increase your likelihood of an effective outcome. Approaches to capture, indexing, search and recall of captured traffic can vary in cost and complexity, ranging from simple open source software tools to high performance, high fidelity Intelligent Network Recording solutions capable of operating at sustained link bandwidths up to 100 Gigabits per second.
     
    Join James Barrett, Technical Director of Endace in this session for network security operations professionals where he’ll  show you how to derive insight and certainty of what’s occurring by using network packet inspection and visualization techniques.
    Attend
  • Is Your Website the Soft Underbelly of Your Organisation? Mar 11 2014 12:00 pm UTC 45 mins
    Whilst not every organisation may be a target of an APT or targeted attack, it’s important that all companies large or small understand these attacks as a way to help build stronger defences against the constantly changing threat landscape.
    · Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010.
    · In 2012 the number of Web based attacks increased by 1/3 with approximately 247,350 Web-based attacks were blocked each day.
    · 5291 New Vulnerabilities were discovered in 2012
    · Spam accounts for 69% of all email and one in 414 emails are from phishers

    All security and IT professional need to understand the new reality classic textbook protections may well not be enough. Join Symantec Website Security solutions to understand how you can protect your websites from vulnerabilities and malware and how SSL can prevent your company and your customers.
    Attend
  • Catching "Wire-Bayas": Practical Kung-Fu to Detect Malware Traffic Live 45 mins
    BAYAS (Swahili word for 'badness' aka. malware of any kind, shape or form) continue to grow in number as script kiddies, hacktivists, organised crime and nation-state actors use them to deface websites, steal money, engage on cyber-warfare or "simply" to disrupt large businesses or nation-critical infrastructure.

    However, malicious software don't exist in a vacuum; any piece of malware is designed to call-back home sooner or later: to download additional malware, to report back to a C&C server or to exfiltrate data. How can Incident Responders detect hidden malware on the network using open-source tools and what patterns do they need to look for? In my webinar, I will share lessons learnt from practical traffic analysis in the field (i.e. predominate communication protocols, current trends, etc.) and present some effective techniques used to filter suspicious connections and investigate network data for traces of malware using tools like Wireshark, Snort and Bro.

    About the speaker:
    Ismael Valenzuela 13 years years experience in IT security and currently works as Principal Architect at McAfee Foundstone Services in EMEA. Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also has experience teaching at BlackHat, serves on the GIAC Advisory Board and is a Community SANS Instructor for the Computer Forensics and Intrusion Detection tracks.

    He holds a bachelor's degree in computer science from the University of Malaga (Spain), is certified in Business Administration, and holds several professional certifications including. He is Lead Auditor from Bureau Veritas UK.

    Some of his articles are freely available at http://blog.ismaelvalenzuela.com.
    Mr. Valenzuela can be followed on twitter at @aboutsecurity
    Enter
  • Why Vendor-driven Threat Intelligence is not Sufficient Anymore Live 45 mins
    While threat intelligence promises to help with the effective detection of advanced threats, it usually achieves the opposite: detecting the most predictable attackers. To be included as part of a vendor provided threat intelligence feed, an attacker must have tried attacking several potential victims before, and must have used the exact same method to be captured in the threat intelligence feed.

    In this presentation we will see how to make threat intelligence valuable for detecting advanced targeted threats directly aimed at your organization. We will see how to create a threat intelligence feed close to the target, as a shared effort between departments, subsidiaries or organizations working closely together to ensure identification of targeted threats. In addition we will see how to extend the term intelligence into additional detection mechanisms such as behavioral patterns.
    Enter
  • REVEALED: The Global Expansion of Malware Attacks Recorded: Mar 11 2014 52 mins
    Drawing on data gathered from nearly 40,000 unique cyber attacks (more than 100 per day) and over 22 million malware command and control (CnC) communications, the Advanced Threat Report provides a global look into cyber attacks that routinely bypass traditional defenses such as firewalls, next-generation firewalls, IPS, antivirus and security gateways.

    Join FireEye's Greg Day, VP & CTO for EMEA, for an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the countries where advanced attacks are most prevalent today. In addition, Greg will look at trends taking place in specific industries.
    Play
  • 5 Mobile Security Insights from RSAC Recorded: Mar 6 2014 58 mins
    This panel session moderated by Jarad Carleton of Frost and Sullivan will bring together industry experts from the likes of Lacoon, Skycure and Lookout. Our panelists will discuss the greatest challenges mobile security poses to the enterprise and share their insights and best practices to keeping organizations secure.
    Play
  • HIMSS 2014 recap: Latest trends seen at HIMSS Recorded: Mar 5 2014 55 mins
    ESET security researcher Lysa Myers reports on developments in healthcare IT system security that she observed attending the recent HIMSS conference in Orlando. Find out what is being done to better protect patient data privacy.
    Play
  • The Great APT Chase Recorded: Feb 27 2014 43 mins
    The increasing awareness of the APT threat landscape has encouraged more customers to leverage technologies based on a virtual execution environment to detect threats that evade traditional defenses. This significantly increases the difficulty for an adversary to penetrate an organization’s network. Does this mean that the adversary can no longer succeed? The reality is – the adversaries rapidly evolve and adapt.

    Join our webinar, The Great APT Chase presented by Mr RongHwa Chong, Malware Researcher in FireEye Asia. He will share on how the attacker evolves through exploiting more zero-day vulnerabilities, leveraging new techniques and on the various file formats. to evade heightened defenses. It is a session for both technical and business professionals interested in the latest in advanced threats.

    Agenda:

    1. Solving A Jurassic Problem
    2. How Cyber Threats Evolves
    3. To Chase Or Be Chased
    4. Questions & Answers
    Play
  • Institutionalizing Cyber Protection for Critical Assets Recorded: Feb 26 2014 35 mins
    In this webinar, Ron answers the question, "how do we provide for the common defense in the digital age?" With continuous advances in technology, this question can pose a big problem for organizations developing or modifying a security strategy.

    Join Ron as he covers the basics of defense against the most problematic vulnerabilities, the tools at your disposal to fight them, and a T.A.C.I.T security strategy that you can implement today in your organization.
    Play
  • Your Most Valuable & Vulnerable Asset: Intellectual Property in the Home Office Recorded: Feb 26 2014 45 mins
    The home office. One of the weakest links in the protection of your company’s most valuable assets.

    Intellectual property (IP). For today's enterprises, it is more valuable than money, capital or labor - but it is also more vulnerable. Where it is often most at risk is in the home offices of high-value employees, who have sensitive data in their email, but generally have no end-point security.
    Join Frost & Sullivan Senior Analyst Mike Jude, and WatchGuard Vice President of Corporate Strategy Dave R. Taylor, as they discuss the small office, home office (SOHO) phenomenon and learn why:

    The home offices of high-value employees are a key point of vulnerability for today’s enterprise IP secrets
    VPN access, long the standard for protecting communications for home-based employees, can no longer be the stand-alone tactic to repel today’s blended threats
    You should consider enabling UTM-level protection for your high-value employee’s home offices
    You can enable distributed security, just as you’ve enabled distributed connectivity, so every home office can have the same network security protection as a corporate branch office.
    Play
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.
  • Upcoming webinars (32)
  • Recorded webinars (1,136)
  • Subscribers (41,575)
Channel RSS feed
Up Down
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Impact of Cloud on the Future of Web Application Security
  • Live at: Sep 9 2010 2:00 pm
  • Presented by: Ron Condon; TechTarget; Dennis Groves, Founder, OWASP; Sukanta Chakravorty, Cloud Researcher, RHUL; Justin Clarke, OWASP
  • From:
Your email has been sent.
or close
You must be logged in to email this
OK