We all trust pretty much the same software to write code and push it from dev to production… Trust is a beautiful thing… what could possibly go wrong?
Everybody’s spending a lot of energy on application security, and yet every once and then someone gets hacked. It’s not easy to stay ahead. Applications need to be ultra-secure from a long line of suspicious malware and marauding hackers, yet hackers only need to find one way in. But Hackers are now looking for profit, […]
An Infosecurity 2014 talk Adam Brown, UK Manager Quotium Tim Holman, CEO & Chief Consultant 2-Sec, President ISSA-UK The success and impact of a cyber-attack largely depends on how secure an organization’s software applications are. When applications have serious vulnerabilities, a cyber-attack can easily succeed and its impact can be considerable. PCI DSS goes a […]
With Agile development seeing software released at a fast and furious rate how can you be sure each release is safe? This is a very important talk for any security professional that needs to protect their business in the best possible way from application attacks. This presentation present an efficient, effective, real and proven way to develop / deploy secure software. How to really address the issue of application security in an Agile or hybrid process, automatically, accurately and therefore efficiently and simply.
Video: View one of Europe’s largest online retailers frequently deploying web applications with built-in security. This video is Important for security professionals who wish to develop and deploy secure software.
View one of Europe’s largest online retailers frequently deploying web applications with built-in security. This video is Important for security professionals who wish to develop and deploy secure software. Video Part 2
The need to create applications quickly and efficiently is driving organizations to Agile development, raising the question whether such short development cycles permit secure development. In this webinar panel of analysts, vendor and customer representatives, they discuss the challenges and the different ways of developing secure Agile environments. Participants:
Ofer Maor, CTO, Quotium
Alea Fairchild, Analyst
Ian Murphy, Analyst
Wahid Iqbal, Shop Direct
Until recently, SAST/DAST dominated the application security testing market, each with its own pros and cons. We present IAST, a completely new approach – analyzing code execution, memory and data in runtime, allowing for accurate inspection of the application.
In a talk that examines technological concepts rather than specific products, IAST will be compared with the current SAST/DAST that has dominated the application security testing market. The talk presents the standard IAST building blocks and shows advanced IAST data analysis capabilities, including practical samples and including code.
To identify actual business threats we must focus on the data context of application vulnerabilities.
The presentation discusses common application security approaches and major disproportionate spending. Also discussed are current solutions for application security testing and their limitations. Finally, a new approach is examined that allows organizations to concentrate their efforts on protecting their most valuable assets.
Adam Brown, Manager of Quotium Technologies Ltd., UK, explains that applications are still being developed with vulnerabilities using outdated source code analyzers (DAST) and scanners (SAST) technologies. With the advent of Interactive Application Security (IAST), new technologies are now providing automated application security during software development life cycles.
CISOs test their application security thoroughly but their applications still get hacked.
The challenge lies in testing applications that, over time, have grown to enormous proportions, such as Content Management Systems, CRMs, Portals and other applications. This challenge is caused by the sheer amount of components, not to mention frequent changes, 3rd party components and new code.
This talk describes a dialog between a SaaS provider developing an effective SDLC program and a security expert offering solutions, using real-world cases. The talk identifies relevant methods and how to implement them effectively to create a successful SDLC.
Guy Bejerano, CSO of LivePerson (NASDAQ:LPSN) talks about the challenges facing a CSO of a Cloud vendor building such a program, and their resolution, including case studies.
Ofer Maor, CTO of Quotium, represents product and service solutions.
This white paper discusses an advanced SQL Injection technique that enables exploitation through extraction of data in situations that were considered non-exploitable up until now.
This presentation discusses the quality of security testing alternatives, looking at consulting services, products, and software-as-a-service solutions. Tips are provided on what organizations can do in this respect.
Blind reliance on public key cryptography and client side certificates can be disastrous, even though they have been valuable security mechanisms.
This talk discusses and demonstrates common implementation pitfalls that are often seen in real life PKI based authentication systems.
This talk presents a case-study of a recent Denial of Service (DoS) and Distributed Denial of Service (DDoS) project conducted for a Hacktics customer utilizing advanced application DoS attacks and evasion of Anti-DDoS protection. The current and future trends of denial of service attacks are reviewed, with tips for reducing risks
Phishing, Trojans and other techniques now perform theft of mass credentials and gain access to data without having to break into remote systems.
A live demonstration is presented with real-world hacking stories.
This demonstration is of application hacking techniques executed on a demonstration online banking application. All common web application attacks are used with an explanation of the flaws which cause them.
At the end of this session, each attendee was able to truly understand the real essence of web application attacks and the threat they pose to the business of their organization
While distributed port scanning is not a new concept, it has been seldom used in a real world environment. This session presents a new approach for distributed port scanning through widely available free HTTP proxy servers. It shows how HTTP proxies are able to identify open ports, and how distributed port scanning can be performed.
This demonstration is of application hacking techniques executed on a demonstration online banking application. All common web application attacks are used with an explanation of the flaws which cause them. Actual exploits used by hackers in the real world are demonstrated, such as SQL Injection, URL Tampering, Cookie Poisoning, Session Hijacking and others.
These presentations, for the Microsoft Developer’s Security Forum, demonstrate application security vulnerabilities and hacking tactics. The first presentation includes an introduction to application attacks, overview of application penetration techniques, and descriptions of some of the basic attacking techniques. In the second presentation, more advanced techniques are covered, including SQL Injection, Cross Site Scripting, Parameter Tampering, Cookie Poisoning and others.