3 Keys to Web Application Security
Web applications are under siege as hackers work around the clock to identify weak spots and steal data. Last year’s Equifax data breach put a spotlight on web-application vulnerabilities, which can be used to target any organization with an internet presence. Cyber attackers have embraced the use of automation to scan applications for vulnerabilities. Protecting against application-layer techniques such as SQL injection (SQLi), cross-site scripting (XSS), cross-site request forgery (CSRF) and distributed denial of service (DDoS) is imperative, but automated attacks can overwhelm existing security solutions. Join us to learn: • How to maintain awareness of evolving web application issues and trends • Tips for advancing patch management and vulnerability assessment processes • Solutions that leverage DDoS defenses, bot mitigation, artificial intelligence (AI) and API endpoint protection to combat automated attacks • Techniques for protecting apps in multi-cloud infrastructures • Best practices for ensuring security checks and controls are applied automatically and transparently throughout the software development lifecycle.
3 Keys to Web Application Security
- 1. 3 KEYS TO WEB APPLICATION SECURITY
- 2. MEET THE EXPERTS CHRIS HOKE Managing Director, Sirius Security Solutions ED RABAGO Field Systems Engineer, F5 Networks
- 4. 100 percent of web applications studied in a recent report were found to contain at least one vulnerability, with a median number of 11 detected per application Last year’s Equifax data breach put a spotlight on web-application vulnerabilitiesWeb applications are under siege as cyber attackers work around the clock to identify weak spots and steal data.
- 5. OWASP TOP 10 Targeted Expertise Members include security experts from around the world who have come together to share their expertise Identifies Risks Represents a broad consensus about the most critical security risks to web applications Facilitates Awareness Helps organizations maintain awareness of current web application issues and trends
- 6. 1. Injection (includes SQL, OS, LDAP, and others) 2. Broken Authentication 3. Sensitive Data Exposure 4. XML External Entities (XXE) 5. Broken Access Control 6. Security Misconfiguration 7. Cross-Site Scripting (XSS) 8. Insecure Deserialization 9. Using Components with Known Vulnerabilities 10. Insufficient Logging & Monitoring OWASP TOP 10 2017
- 7. Ask yourself: HOW ARE YOU PROTECTING YOUR ORGANIZATION’S WEB APPLICATIONS? a) NGFW, IPS b) Identity & Access Management c) Traditional WAF d) Focusing on secure SDLC
- 8. TRADITIONAL SOLUTIONS ARE NOT EFFECTIVE AGAINST WEB- BASED THREATS
- 10. ONE STRENGTHEN SVA & PATCH MANAGEMENT Implement solid vulnerability assessment and patch management processes
- 11. Prevent attacks that network firewalls and intrusion detection systems can't TWO EVALUATE WAF SOLUTIONS
- 12. ADVANCED WAF
- 13. Ask yourself: WHAT IS MOST IMPORTANT TO YOUR ORGANIZATION WHEN CONSIDERING A WAF SOLUTION? a) Security & Compliance b) Application architecture; on-premises, public cloud, private cloud c) Security effectiveness; zero trust, negative and positive security models d) Business continuance, manageability and consistency
- 14. Nurture secure decisions throughout the SDLC THREE PLAN FOR DEVSECOPS
- 15. • Take steps to strengthen vulnerability assessment and patch management practices • Implement advanced WAF technology • Better align security with development teams and IT operations groups OPTIMIZE YOUR WEB APPLICATION SECURITY
- 16. NEXT STEPS Assess your capabilities and identify gaps
- 17. Q&A
- 18. CHRIS HOKE chris.hoke@siriuscom.com Or contact your Sirius Account Manager QUESTIONS