Web applications are under siege as hackers work around the clock to identify weak spots and steal data. Last year’s Equifax data breach put a spotlight on web-application vulnerabilities, which can be used to target any organization with an internet presence.
Cyber attackers have embraced the use of automation to scan applications for vulnerabilities. Protecting against application-layer techniques such as SQL injection (SQLi), cross-site scripting (XSS), cross-site request forgery (CSRF) and distributed denial of service (DDoS) is imperative, but automated attacks can overwhelm existing security solutions.
Join us to learn:
• How to maintain awareness of evolving web application issues and trends
• Tips for advancing patch management and vulnerability assessment processes
• Solutions that leverage DDoS defenses, bot mitigation, artificial intelligence (AI) and API endpoint protection to combat automated attacks
• Techniques for protecting apps in multi-cloud infrastructures
• Best practices for ensuring security checks and controls are applied automatically and transparently throughout the software development lifecycle.
4. 100 percent of web applications
studied in a recent report were found
to contain at least one vulnerability,
with a median number of 11 detected
per application
Last year’s Equifax data breach
put a spotlight on web-application
vulnerabilitiesWeb applications are
under siege as cyber
attackers work around
the clock to identify weak
spots and steal data.
5. OWASP TOP 10
Targeted Expertise
Members include security
experts from around the world
who have come together to
share their expertise
Identifies Risks
Represents a broad
consensus about the most
critical security risks to web
applications
Facilitates Awareness
Helps organizations
maintain awareness of
current web application
issues and trends
6. 1. Injection (includes SQL, OS, LDAP, and others)
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with Known Vulnerabilities
10. Insufficient Logging & Monitoring
OWASP TOP 10 2017
7. Ask yourself:
HOW ARE YOU PROTECTING YOUR
ORGANIZATION’S WEB
APPLICATIONS?
a) NGFW, IPS
b) Identity & Access Management
c) Traditional WAF
d) Focusing on secure SDLC
13. Ask yourself:
WHAT IS MOST IMPORTANT TO YOUR
ORGANIZATION WHEN CONSIDERING
A WAF SOLUTION?
a) Security & Compliance
b) Application architecture; on-premises, public cloud, private cloud
c) Security effectiveness; zero trust, negative and positive security models
d) Business continuance, manageability and consistency
15. • Take steps to strengthen vulnerability
assessment and patch management
practices
• Implement advanced WAF technology
• Better align security with development
teams and IT operations groups
OPTIMIZE
YOUR WEB
APPLICATION
SECURITY