• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
FireHost Webinar: Protect Your Application With Intelligent Security
 

FireHost Webinar: Protect Your Application With Intelligent Security

on

  • 362 views

Learn from the experts how to effectively secure your online business. Join FireHost’s CEO, Chris Drake, and WhiteHat Security’s CTO, Jeremiah Grossman as they identify current threats, and reveal ...

Learn from the experts how to effectively secure your online business. Join FireHost’s CEO, Chris Drake, and WhiteHat Security’s CTO, Jeremiah Grossman as they identify current threats, and reveal how examining billions of attempted attacks at a macro level has identified a new way for enterprises to make intelligent decisions about better protecting their information assets.

Statistics

Views

Total Views
362
Views on SlideShare
362
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • See full webinar with audio here: http://www.firehost.com/company/resources-and-multimedia/webinars/
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    FireHost Webinar: Protect Your Application With Intelligent Security FireHost Webinar: Protect Your Application With Intelligent Security Presentation Transcript

    • Learn from the Experts Protect Your Applications with Intelligent Security Presented by: Chris Drake Jeremiah Grossman Founder & CEO FireHost Founder & CTO WhiteHat Security
    • Today’s Agenda • Explore the Evolving Threat Landscape in Today’s Business Environment • Discuss Specific Vulnerabilities and related Security at the Web Application Layer • Analyze Current Security Funding Trends & Strategies • Present Strategies for Addressing Threats and Vulnerabilities in an Economically Rational Manner • Address Your Questions Submit your questions throughout the webinar via chat. We’ll address them live at the end or follow up offline
    • Jeremiah Grossman Chris Drake Founder & CTO WhiteHat Security Founder & CEO FireHost • Renounced worldwide as an expert on web security • Leading FireHost with 100 percent year-over-year growth • Co-founder of the Web Application Security Consortium • Established as a go-to resource for secure cloud hosting • Recently named InfoWorld’s Top 25 CTO’s for 2007 • Paratrooper in the 82nd Airborne Division at Fort Bragg • Credited with the discovery of many cutting-edge attack and defense techniques • Sought after speaker and writer on cloud, hosting, and security • Co-author of the recently published book, Cross-Site Scripting Attacks • Awarded Tech Titans Emerging CEO of the Year for 2013 and Dallas Business Journal’s “40 under Forty” business leaders
    • Headlines on Security Breaches Targeting Web Applications Cyber-attacks Cost $1 Million on Average to Resolve - InfoSecurity magazine, October 10, 2013 Why the state of application security is not so healthy - CSO magazine, September 23, 2013 Adobe deals with data breach affecting 2.9 million customers - Software Development Times, October 7, 2013 More than Half Of Companies Suffered A Web Application Security Breach In Last 18 Months - Dark Reading, Sept. 18, 2012
    • World's Biggest Data Breaches: Selected losses greater than 30,000 records Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
    • Key Trends in Securing Applications & Resources • 86% of all websites had at least one serious vulnerability. • The average number of serious vulnerabilities identified per website was 56, continuing the downward trend from 79 in 2011 and 230 in 2010. • 61% of all serious vulnerabilities were resolved. Less than 63 percent in 2011 but still up from 53% in 2010 and far better than 2007 when it was 35%. • 53% of organizations said their software projects contain an application library or framework that centralizes and enforces security controls. • 85% of organizations said they perform some amount of application security testing in pre-production website environments. • 39% of organizations said they perform some amount of Static Code Analysis on their websites' underlying applications. • 55% of organizations said they have a Web Application Firewall (WAF) in some state of deployment. Source: Website Security Statistics Report, WhiteHat Security, May 2013
    • 14% 13% 11% 8% 7% SQL Injection HTTP Response Splitting 9% Predictable Resource Location 11% Abuse of Functionality Directory Indexing Insufficient Authorization URL Redirector Abuse Session Fixation Insufficient Transport Layer Protection 26% 25% Fingerprinting Cross-Site Request Forgery Brute Force Content Spoofing Cross-Site Scripting Information Leakage Top 15 Vulnerability Classes (2012) Likelihood that at least one serious* vulnerability will appear in a website 54% 52% 32% 22% 21% 4%
    • Attack types are not evolving…. 2013 Q3 Comparison of Superfecta Cyber Attacks 2013 Q2 Between Q2 2013 and Q3 2013 34% Cross-Site Scripting 33% 24% Cross-Site Request Forgery 26% 22% Directory Traversal 23% 20% SQL Injection 18% 0% Attack Statistics 5% 10% 15% 20% 25% 30% 35% Total Attacks Blocked Quarter over Quarter Delta Filtered by IPRM Quarter over Quarter Delta Percentage IPRM Filtered 2013 Q3 31,808,175 32% 17,488,853 77% 54% 2013 Q2 23,926,025 40% 9,876,834 41% Source: FireHost, October 2013
    • Web Applications: The Largest Threat 54% of attacks are on the web application layer 92% of web application attacks resulted in over 90% of record access Verizon / United States Secret Service Data Breach Investigation Report
    • 2012
    • Spending on Security The biggest line item in [non-security] spending SHOULD match the biggest line item in security IT IT SECURITY Applications 1 3 Host 2 2 Network 3 1
    • Other Integrated lifecycle management Legacy Code Lack of technical resources Lack of application security skills Lack of integrated buy-in between security… Lack of funding/management buy-in Identifying all applications Barriers to Addressing Vulnerabilities at the Web Application Layer 30% 25% 20% 15% 10% 5% 0% First Second Third Source: SANS Institute, October 2013
    • Managing Risk and Security in Mixed and Outsourced Environments If 2013 is the year enterprises begin implementing their hybrid cloud strategies, as the experts are predicting, then it follows that this will also be the year when hybrid cloud security takes center stage. -- Network World, February 11, 2013 Christine Burns Rudalevige Security tops the list of concerns that IT has with cloud services, according to the InformationWeek survey; 51% of respondents cited security defects as their greatest concern, a figure that remains unchanged from 2012. -- Network Computing, August 20, 2013 Tony Kontzer
    • Key Take Home Points 1. Ensure you’re properly investing in application security threats 2. Classify your data and setting security/uptime requirements for each 3. Isolate your mixed IT/application environments (internal or hosted)
    • Questions & Answers
    • Thank You Chris Drake Jeremiah Grossman Founder & CEO FireHost Founder & CTO WhiteHat Security linkedin.com/in/chrisdraketx linkedin.com/in/grossmanjeremiah @chrisdrake @jeremiahg