Securing Your Applications - From Testing to True Software Assurance

Derek Brink, VP & Research Fellow, Aberdeen Group
So you've successfully gotten started with your application security initiative -- now what? How do you take securing your applications to the next level?

Characteristics of the companies achieving top performance in application security include:

- Start from a solid foundation of testing
- Start small (e.g., with a proof-of-concept) and then expand by building on your success
- Establish a risk-based approach on what vulnerabilities to address and when
- Partner between the IT Security and Application Development teams to expand your program beyond testing to create a true software assurance program

Research from Aberdeen Group confirms that bringing about a systemic change across the entire software development lifecycle -- i.e., to become "secure at the source" -- yields the best results.

In addition to the use of several enabling tools and technologies -- including application vulnerability scanning, penetration testing, manual source code reviews, static source code analysis and verification, and dynamic source code analysis and verification -- this webinar will review the "people and process" capabilities that most strongly differentiate the top performers.
Nov 10 2011
38 mins
Securing Your Applications -  From Testing to True Software Assurance
Join us for this summit:
  • Channel
  • Channel profile
Up Down
  • Implementing a Business-Driven Security Strategy Recorded: Oct 17 2013 66 mins
    **At the end of the session we're giving away a $2,950 guest pass to the Cyber Security & Digital Forensics Exchange (http://www.cyber-securityexchange.com). The pass is for the entire 3 day event, and includes meals and two night hotel accommodation. The winner will be chosen at random. To be entered into the draw you must attend this live webcast.**

    Today’s corporate leaders face multiple challenges, including the need to innovate in extremely competitive business climates, address highly dynamic regulatory and compliance challenges, and secure the enterprise against a wide barrage of new and evolving sophisticated threats. Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. Organizations often take a bottoms-up approach to security and continually build on top of their existing security investments. This technology-centric approach often creates an excessively complex and disjointed security infrastructure that is difficult to manage and prone to operational inefficiencies which can escalate IT costs.

    The need to be able to integrate security with business functions and operations exists more than ever. A Business-Driven approach can achieve end-to-end security that supports business goals such as driving innovation and reducing organizational costs, as well as operational requirements to address compliance measures, protect against internal and external threats, and prioritize the security risk management activities that make the most sense for their organization. In this webcast presentation we will address how to implement a solid Business-Driven security strategy within your organization.
  • Sign up for the CSI 7.0 Global Launch Event on September 5th Recorded: Sep 5 2013 50 mins
    In September 2013 we launch the Secunia CSI 7.0! This launch event is a great occasion for us to share the news about our new solution with you. During the event you will hear the latest news from Secunia and learn about the CSI 7.0. You are also invited to ask questions to our key company stakeholders and solution specialists.

    Key take-aways:

    - Secunia CSI 7.0 gives you the when, the where, the what and the how…to patch!

    - CSI 7.0 Live product demo

    - Analyst View: Insight on Secunia’s position on the market.

    - Q&A session
  • Security in the Software Development Lifecycle Recorded: Nov 15 2012 34 mins
    Aberdeen’s research finds that companies who pay attention to security for developed applications – if they pay attention at all -- leverage three distinct strategies:

    Inspection (“Find and Fix”)
    Additional layers of protection (“Defend and Defer”)
    Prevention (“Secure at the Source”)

    The trends towards a more dynamic user experience and integration with back-end services are powering even more complex web applications – a rise in enterprise mobile applications as well. All of which makes deciding which approach(es) to use for application security is a multifaceted business decision – one part context, one part judgment, and one part philosophy.

    Embedding security from the beginning of the software development lifecycle is not for everyone, but Aberdeen’s research confirms that it does yield the best results. This presentation provides insights into the benefits and tradeoffs of addressing security as part of the software development lifecycle.
  • Panel Session: Mobile App Security Strategies for Financial Services Recorded: Nov 14 2012 46 mins
    This panel will tackle the unique challenges faced by businesses in Financial Services as they try to enter the growing mobile app market. We will bring together perspectives from vendors and researchers focusing on the topic and end users implementing the solutions and dealing with the day-to-day challenges.

    Moderator: Derek Brink, Research Fellow, Aberdeen Group
    Kevin Morgan, CTO, Arxan Technologies;
    John Steven, Internal Chief Technology Officer, Cigital
    James Lynn, Practice Principal - Fortify on Demand & Mobile Security Services, HP Enterprise Security
  • BYOD and Video: Analyst Q&A Recorded: Nov 6 2012 15 mins
    In this short video session, Aberdeen analysts Andrew Borg and Derek Brink address questions about their recent research in the area of Bring Your Own Device (BYOD) and IT Security.
  • The Hidden Costs of BYOD Recorded: Sep 24 2012 30 mins
    BYOD's rapid adoption is widely discussed, but a thorough examination of its actual cost to the organization has been lacking. Expanding mobile access to the greatest number, within the constraints of capital equipment budgets, is one of the undeniable benefits of a well-managed policy. But BYOD also brings significant challenges: the increasing power and complexity of devices adds to the cost of support; cost controls are disaggregated; and new risks regarding security and compliance.

    Aberdeen Group describes a best practices approach to address these concerns, derived from its recent study of more than 560 organizations in 45 countries.
  • Right to Choose vs. Right to Wipe: The Division Triggered by BYOD? Recorded: Sep 24 2012 13 mins
    "Right to Choose" vs. "Right to Wipe" – which sounds like a polarizing election-year issue – refers to the tension between enterprise end-users wanting to use their own smartphones and tablets to access enterprise resources, and enterprise IT departments wanting to ensure that they can centrally lock / erase / wipe enterprise data if the device is lost or stolen.

    This presentation summarizes an Aberdeen Group analysis of more than 430 organizations, which indicates that end-users are actually most productive and most satisfied when they have the freedoms of BYOD, but within certain boundaries and protections.
  • What's Stopping You? Removing the Barriers and Migrating to the Cloud Recorded: May 24 2012 58 mins
    Are your cloud concerns valid? This panel will focus on identifying the major perceived barriers to business adoption of cloud computing from the perspectives of security, compliance, privacy and policy. The goal is to separate founded and unfounded concerns and help IT security professionals and C-level executives make educated cloud decisions for their business.

    Panelists:

    Derek Brink, Vice President and Research Fellow, IT Security and IT GRC, Aberdeen Group (moderator)
    John Howie, COO, Cloud Security Alliance
    Pravin Kothari, Founder and CEO, CipherCloud
    Adam Swidler, Sr. Product Marketing Manager, Google
  • DLP, the Ideal Referee: Let the Game Go On! Recorded: Apr 5 2012 34 mins
    In its fifth annual study on best practices in data loss prevention (DLP), Aberdeen analyzed and compared the results from more than 600 organizations which have adopted one of four distinct approaches to the operational use of DLP technologies. The best approach, in terms of balancing enterprise risk and reward, is like the ideal referee in sports: one that makes good calls and enforces the rules regarding safety and fair play, but generally doesn't get in the way of the people playing the game.
  • Consumerization of IT: Enforcing Policies Without the Pain Recorded: Mar 15 2012 55 mins
    Consumerization of IT and BYOD represent an opportunity and a challenge for businesses. At the crux of the issue is the tension between enterprise IT professionals who are tasked with establishing and enforcing policies and end-users who care about mobility and freedom anytime, anywhere. This webinar will explore how establishing the right BYOD policy can help a company embrace the consumerization of IT while keeping their enterprise secure.


    Derek Brink, VP, Aberdeen Group; Patrick Wheeler, Sr. Marketing Manager Endpoint Security, Trend Micro: Mary Siero, CEO, Innovative IT LLC; Benjamin Robbins, Principal, Palador
  • Securing Your Applications - From Testing to True Software Assurance Recorded: Nov 10 2011 38 mins
    So you've successfully gotten started with your application security initiative -- now what? How do you take securing your applications to the next level?

    Characteristics of the companies achieving top performance in application security include:

    - Start from a solid foundation of testing
    - Start small (e.g., with a proof-of-concept) and then expand by building on your success
    - Establish a risk-based approach on what vulnerabilities to address and when
    - Partner between the IT Security and Application Development teams to expand your program beyond testing to create a true software assurance program

    Research from Aberdeen Group confirms that bringing about a systemic change across the entire software development lifecycle -- i.e., to become "secure at the source" -- yields the best results.

    In addition to the use of several enabling tools and technologies -- including application vulnerability scanning, penetration testing, manual source code reviews, static source code analysis and verification, and dynamic source code analysis and verification -- this webinar will review the "people and process" capabilities that most strongly differentiate the top performers.
  • Securing Your Applications – Get Started Now Recorded: Oct 27 2011 34 mins
    Today’s headlines provide ongoing evidence that IT Security teams are losing the battle against attackers, reinforcing the need to address the security of enterprise applications. If your organization hasn’t gotten started yet in the area of application security – in spite of the dynamic nature of the application security threat landscape, the size and diversity of your application software portfolio, and the significant financial impact of the average application security-related incident – do it because of the positive impact on your bottom line. This web seminar will outline and provide tangible directives for you to build and execute an Application Security initiative.
  • Too Trusted to Fail: Attacks on SSL Server Certificate Infrastructure in 2011 Recorded: Oct 25 2011 23 mins
    Two publicly disclosed attacks on the infrastructure for issuing SSL Server Certificates made headlines in 2011 – in large part based on the evidence that they were part of a state-sponsored effort to hijack the trust of legitimate domain names, and thereby gather private or sensitive information from its unsuspecting citizens. From the perspective of the countless enterprises that rely upon the global foundation of trust provided by SSL Server Certificates, however, the three key implications should be a renewed preference for top quality Certification Authorities, a continued shift toward higher assurance EV SSL Server certificates, and a higher priority for assessing the risk of current certificate revocation mechanisms.
  • More on EV SSL Server Certificates: Where is the Growth? Recorded: Oct 25 2011 14 mins
    Extended Validation (EV) SSL Server Certificates are designed to address the need to increase end-user confidence in transacting online, by establishing a higher level of assurance that they are on a legitimate web site and that their personal data is being encrypted while in transit. Aberdeen's research and analysis indicates that the strongest near-term growth for EV SSL Server Certificates will come from Small businesses (<$50M in annual revenue), particularly in the EMEA and Asia / Pacific geographies.
  • EV SSL Server Certificates: Looking Up to the Other "Green" IT Recorded: Oct 25 2011 14 mins
    Perhaps one of the most overlooked areas for improved key management involves deployments of SSL Server Certificates and Extended Validation (EV) SSL Server Certificates – the latter which require a more rigorous vetting process to confirm the identity of the requesting site owner before being issued.

    Aberdeen's research shows that leading performers were 1.7-times more likely than lagging performers to have current deployments of EV SSL Server Certificates, providing their end-users with a higher level of assurance of a legitimate web site and greater confidence in conducting online transactions.
  • Adapt or Die: Threats, Vulnerabilities and Your Networks and Data Recorded: Sep 14 2011 49 mins
    The threat landscape is escalating, and the nature of vulnerabilities and threats is changing. If your strategy has been to assume that your organization is immune, you may want to consider the latest evidence to adapt.

    At a blended business/technical level, this panel will discuss:
    • Techniques currently being used by attackers
    • Emerging vulnerabilities and threats
    • Strategies and solutions currently available
    • Examples of effective and cost-efficient tools

    Panelists:
    Derek E. Brink, Vice President & Research Fellow, Aberdeen Group (Moderator)
    Michael Stute, CTO, Global DataGuard
    Dwayne Melancon, Head of Products and Product Strategy, Tripwire
    Gary Golomb, Sr. Research and Development Engineer, RSA NetWitness
  • OWASP Panel: New Web Application Threats and Ways to Secure Them Recorded: Mar 16 2011 46 mins
    Join an expert panel of OWASP leaders as they discuss new web application threats and give their insights on ways to secure them for your business.
  • Worries of 2011 – What to look out for and how to tackle them Recorded: Dec 7 2010 48 mins
    Worries of 2011 – What to look out for and how to tackle them
  • The State of In-Security Recorded: Nov 5 2010 43 mins
    In a study of more than 160 organizations, Aberdeen found that respondents annually spend an average total of $2,150,000 in IT Security-related activities: $870,000 invested in their IT Security initiatives, plus an additional $1,280,000 in costs related to IT Security incidents that were not avoided in spite of these investments. This works out to approximately $220 per employee per year, or roughly 0.2% of annual revenue – less than many companies spend on complimentary tea and coffee. But how have some companies successfully optimized the balance between their annual investments in IT Security initiatives, and the additional financial impact of IT Security-related costs not avoided – the very essence of a risk-based approach?
Highlights from fact-based market research on IT Security topics
What separates "Best-in-Class" (top 20%) organizations from their "Industry Average" (middle 50%) and "Laggard" (bottom 30%) counterparts when it comes to various topics in IT Security? Aberdeen's unique, fact-based approach to market research provides a framework for end-user organizations to benchmark their own strategies, capabilities and use of enabling technologies against companies with top performance. Areas of coverage in Aberdeen's IT Security practice include topics in Identities and Access, Data Protection, IT Infrastructure Security (including Endpoints, Delivery Platforms, Applications and Databases, Networks, and Storage), Physical Infrastructure Security, Policies, and Security GRC (Governance, Risk Management, and Compliance). Complimentary access is provided to the full benchmark research reports, for a limited time after initial publication.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Securing Your Applications - From Testing to True Software Assurance
  • Live at: Nov 10 2011 6:00 pm
  • Presented by: Derek Brink, VP & Research Fellow, Aberdeen Group
  • From:
Your email has been sent.
or close
You must be logged in to email this