 |
A Proactive Approach to Building a Successful Security Development Lifecycle (SDL)
 |
|
|
With software security, the best defense is a good offense. A good offense starts with security as part of the whole development lifecycle – not just an afterthought -- and requires specialized security knowledge and tools that organizations can adopt quickly and with minimal disruption to their development process. Three industry leaders discuss why and how you can get your organization on the right path to a successful SDL implementation. |
|
|
Presenters: Michael Howard, Principal Security Program Manager, Microsoft Corporation, Jon Oltsik, Senior Analyst, Enterprise Strategy Group and Ed Adams, CEO, Security Innovation |
|
|
The Most Dangerous Vulnerabilities – Finding, Understanding and Mitigating Them
|
|
|
This Webcast, presented by a Senior Security Trainer and Security Testing practioner, highlights the three most dangerous vulnerabilities that often slip past conventional testing efforts. The information presented can help you assess your own capabilities and determine whether or not you are properly prepared to defend against them. |
|
|
Presenter: Kevin Poniatowski, Senior Security Trainer |
|
|
Software Security: An ISO 27002/ITIL Perspective
|
|
|
With the advent of new regulations around data security and privacy,
executive decision-makers can no longer afford to relegate software
security to such a role. This talk introduces a new way of elevating
software security to its rightful position within larger IT security
risk management frameworks such as ISO 27002, PCI DSS and ITIL. |
|
|
Presenter: Reed Augliere, VP of Operations (bio) |
|
|
Application Security Maturity (ASM) Model and
Roadmap
|
|
|
Security Innovation analyzed application security data points from
client engagements over a span of nearly 10 years and distilled the
data into a diagram, which explains where each organization fits
into the maturity continuum of three application security phases.
This webcast allows organizations to see where they fit into the
model and provides a roadmap for progressing to a state of high
maturity. |
|
|
Presenter: Edward A. Adams, CEO (bio) |
|
|
|
|
|
Tough
Application Security Questions
to Ask Your Software Vendor
|
|
|
The overall “risk” that a piece of software carries has as much to do
with how a vendor supports it as it does to how secure the code is.
Vulnerabilities cost a besieged company money and deploying security
patches is expensive. This webcast presents fifteen specific
questions that organization's can ask to assess a vendor’s
commitment to security. |
|
|
Presenter: Edward A. Adams, CEO (bio) |
|
|
|
|
|
Web
Security Urban Legends
|
|
|
This webcast discusses the inherent security challenges of Web
applications and urban legends that lead to a false sense of
security. Topics include outside and inside threats of web
applications, limits of Network Security systems, what SSL really
protects, the two most dangerous web vulnerabilities, and
counter-measures to help protect your enterprise in the short and
long-term |
|
|
Presenter: John Carmichael, Security Trainer |
|
|
|
|
|
New PCI
Requirements for 2008: Tackling Application Security
|
|
|
Two industry experts, with more than 20 years of application security
and PCI Compliance experience, will discuss important changes to
requirement 6 of the PCI-DSS and other important upcoming changes
specific to application security. Attendees will gain a clear
understanding of the specific actions that must be taken to comply
with the new requirements by the June 2008 deadline |
|
|
Presenter: Edward A. Adams,
CEO (bio)
and Mathieu Gorge, Managing Director, Vigitrust |
|
|
|
|
|
Secure
Software Design
|
|
|
Many software development teams employ effective, time-tested
principles and practices to deliver relatively bug free software on
time; however, many also lack adequate security expertise and
unknowingly incorporate vulnerabilities into their applications.
This Webinar will bridge this knowledge gap and arm development
teams with principles and techniques for secure software design. |
|
|
Presenter: Joe Basirico, Security Trainer (bio)
|
|
|
|
 |
The Art of IT Risk Threat Modeling |
|
|
Threat modeling can quickly assess hundreds of applications, be
leveraged for better risk management decisions, and integrated into
risk management frameworks. This webcast examines the critical
activities involved in threat modeling and demonstrates its benefits
in the context of IT risk management |
|
|
Presenter: Fabien Casteran, Senior Security
Engineer (bio) |
|
|
|
|
|
Building a Sustainable PCI Program (and Achieving Payment Brand Safe
Harbors)
|
|
|
This Webinar offers practical advice and tips on how to
“get there” - achieving sustainable PCI
compliance at a reasonable cost and with improved security. Rather
than addressing each requirement in detail, we present a risk
management approach to information security where you aim for data
security and become compliant along the way. |
|
|
Presenter: Michael Gavin, Security Strategist (bio) |
|
|
|
|
|
Writing Secure Code
|
| |
Everyone, whether they write protocols or internal processes, is
responsible for using secure coding techniques to minimize the
adverse effects of attacks. This Webcast addresses common
coding pitfalls and design errors and provides practical techniques developers can
use to reduce the
susceptibility of code to vulnerabilities and cultivate a defensive
coding mindset.
|
|
Presenter: Joe Basirico, Security Trainer (bio)
|
|
|
|
|
Techniques to
Quickly Understand your Application Security Risks |
|
|
There are inherent threats that
applications pose that need to be understood if they are to
be mitigated. In this presentation, you'll learn two
effective ways to gain a quick and clear understanding of
your most imposing threats – giving you the knowledge to
implement effective security programs & reduce your overall
risk. |
|
|
Presenter: Fabien Casteran, Senior Security
Engineer (bio) |
|
|
|
|
|
How to Break
Software Security
|
|
|
Proactive software vendors and IT Organizations invest heavily to ensure
that their software development teams attain the specialized
knowledge needed to conduct effective security testing. This Webcast
provides an overview of the techniques needed to effectively
recognize and expose security flaws in software and
introduces a fault model to help testers conceptualize these
types of bugs. |
|
|
Presenter: Joe Basirico, Security Trainer (bio)
|
|
|
|
|
|
Biggest
Security Mistakes Organizations Make
|
|
|
Organizations continue to make seemingly
avoidable mistakes when it comes to Application Security.
This Webcast, presented by a seasoned veteran in the
Software Quality and Security space, will discuss the
underlying causes of security mistakes, specific mistakes
organizations make and best practices/infrastructure needed
for a secure process for software development and
management. |
|
|
Presenter: Edward A. Adams,
CEO (bio) |
|
|
|
|
|
What Security
Means to My Business: The Quest for Security ROI
|
| |
In order to maintain security of software you need to
establish metrics for security that fit into your
organization’s existing business and metrics structure. In
this presentation you’ll learn principles of implementing a
security program for your organization to help determine and
justify what needs to be done to improve the security of
your software. |
|
Presenter:
Dr. Herbert H. Thompson, Chief Security Strategist |
|
|
|
|
Understanding
Risk - Secrets your Applications Hide
|
| |
There are inherent threats that applications present to your
enterprise that need to be understood if they are to be mitigated.
In this talk, we will discuss the Top 5 Secrets that your
applications hide and convey steps you can take to mitigate those
risks - both near and long-term.
|
|
Presenter: Fabien Casteran, Senior Security
Engineer (bio) |
|
|
|
|
Threat Modeling -
the Art of Identifying, Assessing & Mitigating Risk
|
| |
Learn to characterize your business/technology from an
attacker's viewpoint & determine the myriad of threats to your
enterprise. We'll
present a case study that emulates a real-world scenario and walk
you through the process of identifying and ranking threats and
creating a threat escalation model. |
|
Presenter: Fabien Casteran, Senior Security Engineer (bio) |
|
|
|
|
How to Break Web Software
|
| |
The primary author of all
three “How to Break..” books will take you on a journey through the set of techniques
for breaking (from a security standpoint) web applications. This
talk covers all the normal basics (SQL injection, XSS, etc.) but
goes beyond that to more advanced and sinister attacks. |
|
Presenter: Dr. James A. Whittaker — Founder
|
|
|
|
|
How to Break Software Security
|
| |
Funded by a government & corporate initiative, we analyzed thousands of vulnerabilities that shipped in major products
like enterprise applications, shrink-wrap software, operating systems, browser plug-ins, firewalls,
etc. We studied each vulnerability and asked questions such as:
What fault would have caused this vulnerability? What were the failure symptoms
of this vulnerability? What testing technique would find this vulnerability?
The end result was a body of knowledge incorporated
in the book "How to Break Software Security", and this
Webcast passes it along to you. |
|
Presenter: Dr. James A. Whittaker — Founder
|
|
|
|
|
Attacking
Applications with Holodeck
|
|
Learn how to use Holodeck to discover and
exploit an application's entry-points (files, libraries,
api's, shared resources, etc.). Touches upon software
security principles, the value of fault-injection (Holodeck's
underlying engine) and monitoring/controlling entry points. |
|
|
|
|
Application
Security by Design
|
| |
In this Webcast, a Security Innovation expert and Senior Security
Engineer from Compuware will discuss the fundamentals of secure
coding. You will explore creative and contextual ways to think
about software development, learn best practices for the creation of
secure code, and develop a new understanding of the engineering
processes required to write robust and secure applications.
|
|
Presenters: Joe Basirico, Security Trainer (bio);
Toby Cardone, Senior Systems Engineer, Compuware (bio) |
|
|
|
|
Protecting Customer Data - Secrets of Web
Application Security
|
| |
Applications are the most susceptible piece of your organizations’
system. Even though you may employ intrusion detection
systems and firewalls, your applications are likely leaving
doors wide open to your customer data. In
this session, we will show you ways that attackers can gain access to your data and discuss some best practices of application design and development.
|
|
Presenter: Dr. Herbert Thompson, Chief Security Strategist
|
|
|
|
|
Protecting the Enterprise from Intruders -
Outsiders AND Insiders
|
| |
We know about protecting enterprise networks from
trespassers, but what about the applications? Have you
considered all intruders, both outsiders as well as the
individuals inside the castle gate? A recent survey
estimates that 70% of losses are from insider attacks. This
presentation offers guidance on mitigating the threat from
the outsiders as well as the rogue insider or partially
trusted user. |
|
Presenter: Dr. Herbert H. Thompson, Chief Security Strategist
|
