Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
JARED BIRD Nagios: Providing Value Throughout the Organization.
Barracuda Web Application Firewall
Security Controls – What Works
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Website Hardening HUIT IT Security | Sep
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SecureAware Building an Information Security Management System.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Unify and Simplify: Security Management
PCI: As complicated as it sounds? Gerry Lawrence CTO
HIPAA COMPLIANCE WITH DELL
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Auditing IT Vulnerabilities IT vulnerabilities are weaknesses or exposures in IT assets or processes that may lead to a business risk or security risk.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Exchange Deployment Planning Services Exchange 2010 Complementary Products.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Microsoft Azure and ServiceNow: Extending IT Best Practices to the Microsoft Cloud to Give Enterprises Total Control of Their Infrastructure MICROSOFT.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Defining your requirements for a successful security (and compliance
Web Application Protection Against Hackers and Vulnerabilities
Securing Your Web Application in Azure with a WAF
What is the McAfee Compatible Solutions Center?
Information Security: Risk Management or Business Enablement?
I have many checklists: how do I get started with cyber security?
Making Information Security Manageable with GRC
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
Varonis Overview.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
smartmail & smartportal: Introducing Two-Factor Authentication
Office 365 and Microsoft Project Integrations for HULAK Project Management Software Enable Teams to Remain Productive and Within Budget OFFICE 365 APP.
Contact Center Security Strategies
IT Management Services Infrastructure Services
In the attack index…what number is your Company?
Presentation transcript:

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP-Day Università La Sapienza Rome 10 th September Web Application Security : Increasing customer’s awareness Laurent PETROQUE System Engineer, F5 Networks

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy  “Webification” of applications  Intelligent browsers and applications  Public awareness of data security  Increasing regulatory requirements  The next attackable frontier  Targeted attacks Application Security: Trends and Drivers

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Almost every web application is vulnerable!  70% of websites at immediate risk of being hacked! - Accunetix – Jan 2007 http :// ://  “8 out of 10 websites vulnerable to attack” - WhiteHat “security report – Nov 2006”  “75 percent of hacks happen at the application.” - Gartner “Security at the Application Level”  “64 percent of developers are not confident in their ability to write secure applications.” - Microsoft Developer Research

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Spreading Web Application Security  Groups:  Risk assessment group  Security officer  Application guys  Network guys  Segments  PCI compliance  SOX Compliance  Financials  Healthcare  E-Commerce

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Why this is important  Unique value to customers  Dramatically improve attach rate  Position bigger platforms  Position new and more services  Introduce to new groups within the organization  Security impacts the entire process

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Understand the customer’s Business Problem - not just the technical problem. Customer’s business problem isn’t always a security breach  Compliance  Business enabler  Extension  Acquisition or new partnership  Company security policy  Install WAF  Audit Code  Recurring pen testing  Monitoring layer 7

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Understand the customer’s Business Problem - not just the technical problem. Sometimes it is pure security  Failed security audit  Discovered vulnerability  Hacked  Critical/high profile application

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Who is responsible for application security? Network Security? Web developers? DBA? Engineering services?

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Know who we are talking with  Network guys – keep it simple !!! Talk about how easy/fast it is to deploy. Remember! They are in the network business since they don’t like applications...  Many times they are responsible for entire security and now they are expected to protect an application layer ? How can they do that ?  Application guys – show them policy – the application map

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Know who we are talking with  Security guys – They know a lot about network security but less about web application security  They are often isolated in the organization  Attached to General management  Show them how to inflate an application security message  Benefit from this knowledge  In front of developers for instance  New technology validation

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Speaking to execs  Protects stakeholders from regulatory violations  Increases and simplifies compliance  PCI  Sarbanes-Oxley  Brand protection  Provides insurance, assurance and accountability  Improves business agility  Provides risk insight and risk mitigation  Continuous improve of confidentiality, availability and accuracy of business information and process

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy PCI Awareness campaign in Italy  We ran a phoning campaign  75 companies contacted  Enormous awareness job still to complete  Huge business potential detected  Strong on Web Application Security

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Sarbanes-Oxley Compliance  Huge potential with SOX “The requirements for SOX compliance apply to any system that processes or maintains financial data”  Most of applications are moving to Web  Even those maintaining “financial data”  Impact numerous organizations  Execs are more than receptive

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy What customers want from Sarbanes-Oxley User Authentication Password Management Access controls Input validation Exception handling Secure data storage and transmission Logging Monitoring and alerting  System hardening Change management  Application development  Periodic security assesments and audits

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Polizia Postale Statistics for 2005

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy Polizia Postale Statistics for 2006

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy ApplicationsUsers International Data Center F5 Networks: Integrated & Modular Application Delivery Networking Architecture Enterprise Manager TMOS iControl BIG-IP Global Traffic Manager WANJet FirePass BIG-IP Local Traffic Manager TrafficShield Web Accelerator BIG-IP Link Controller Operational Efficiency through Intelligent Design

OWASP-Day – La Sapienza, 10 th Sep 07 OWASP Italy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.