OWASP Chennai Talk - Application Security Risk - The Full Circle

•

0 likes•583 views

Abhay Bhargav's talk at the OWASP Chennai meeting on Application Security Risk

Education Technology Business

Application Security Risk -
The Full Circle

Abhay Bhargav
Chief Technology Ofﬁcer
we45 Solutions India Pvt. Ltd.

An Introduction of Yours Truly
AppSec and PCI Compliance Lead at SISA
Performed over 50 security assessments across 18
countries.
Spoken at several events including the OWASP
AppSec NYC 2008
Trainer and Workshop Lead for Security Training
Workshops
My blog: http://citadelnotes.blogspot.com

How I am feeling right now!!

The current state of AppSec

Awareness is on the rise
Myriad Materials and Tools to aid in security
Continually changing threat landscape
Web 2.0: Security Disaster Waiting to happen???
CONCLUSION: A science/art still in its infancy

AppSec Incidents - Evolution
Individual Application and
Database Attacks
Easy Availability of tools
for launching attacks
Rise of Polymorphic,
“Multi-tasking” Malware
Increasing trends of
hackers exploiting for
Monetary beneﬁt.

Where is the Disconnect?

Caught up with Marketing
Hype
Training and Orientation
Bad RAP

Caught up with the Marketing
Hype

Fastest growing security
products segment -
Application Security
tools and products
Limitations grossly mis-
understood
Vendors banking on the
Compliance Craze

Training and Orientation

Developers have little or no idea about Web
Application Security.
Code review and Testing does not hone in on
Security issues.
The Time:Quality Dilemma - Organizational “Mis-
prioritization”
“Customer is King” approach may not work here

Bad RAP - Risk Assessment
Practices

Current Situation: Threat Modeling = Risk Assessment
No Integration to Organizational Risk Management
No Customer and Management Interaction
“The essential urge to complicate” - Overemphasis on
Controls and undermining Risk.

The Full Circle
identify security
identify critical assets
requirements

Risk Treatment Plan create threat proﬁles

identify impact & perform vulnerability
probability assessments

Getting the RAP right!

Critical Information Assets is the Watch-word
Customer/Management Interaction - Assessing their
Areas of Concern and providing Broad Security
Requirements
Threat Proﬁles - Basic to Technical progression
Detailed Security Requirements and Trust Boundaries
Impact Analysis- a sound business case measure for
management.

The Benefits

RAP feeds the SDLC
Management/Customer involvement - Awareness and
Budgetary benefits.
“Abuse” Cases - Byproduct of vulnerability assessment
Impact Analysis - True measure of Cost vs Benefit
Provides clear requirements to Architects and
Developers

Thank you!!!

Questions??
My blog: http://citadelnotes.blogspot.com
Keep in touch: http://www.linkedin.com/in/
abhaybhargav
Email: abhay.bhargav@sisa.co.in,
abhaybhargav@gmail.com

More Related Content

Recently uploaded

Key note speaker Neum_Admir Softic_ENG.pdf

Key note speaker Neum_Admir Softic_ENG.pdf

Key note speaker Neum_Admir Softic_ENG.pdf

Basic Civil Engineering notes first year Notes Building notes Selection of site for Building Layout of a Building What is Burjis, Mutam Building Bye laws Basic Concept of sunlight ventilation in building National Building Code of India Set back or building line Types of Buildings Floor Space Index (F.S.I) Institutional Vs Educational Building Components & function Sills, Lintels, Cantilever Doors, Windows and Ventilators Types of Foundation AND THEIR USES Plinth Area Shallow and Deep Foundation Super Built-up & carpet area Floor Area Ratio (F.A.R) RCC Reinforced Cement Concrete RCC VS PCC

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Mehran University Newsletter Vol-X, Issue-I, 2024

Mehran University Newsletter Vol-X, Issue-I, 2024

Mehran University Newsletter Vol-X, Issue-I, 2024

Mehran University of Engineering & Technology, Jamshoro

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

PROCESS RECORDING FORMAT.docx

PROCESS RECORDING FORMAT.docx

PROCESS RECORDING FORMAT.docx

Seal of Good Local Governance (SGLG) 2024Final.pptx

Seal of Good Local Governance (SGLG) 2024Final.pptx

Seal of Good Local Governance (SGLG) 2024Final.pptx

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...

christianmathematics

Accessible design: Minimum effort, maximum impact

Accessible design: Minimum effort, maximum impact

Accessible design: Minimum effort, maximum impact

Measures of Central Tendency: Mean, Median and Mode

Measures of Central Tendency: Mean, Median and Mode

Measures of Central Tendency: Mean, Median and Mode

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"

National Information Standards Organization (NISO)

The basics of sentences session 2pptx copy.pptx

The basics of sentences session 2pptx copy.pptx

The basics of sentences session 2pptx copy.pptx

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx

RAM LAL ANAND COLLEGE, DELHI UNIVERSITY.

SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...

SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...

SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...

fourth grading exam for kindergarten in writing

fourth grading exam for kindergarten in writing

fourth grading exam for kindergarten in writing

TeacherCyreneCayanan

Class 11th Physics NEET formula sheet pdf

Class 11th Physics NEET formula sheet pdf

Class 11th Physics NEET formula sheet pdf

AyushMahapatra5

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

christianmathematics

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx

Introduction to Nonprofit Accounting: The Basics

Introduction to Nonprofit Accounting: The Basics

Introduction to Nonprofit Accounting: The Basics

An Overview of Mutual Funds Bcom Project.pdf

An Overview of Mutual Funds Bcom Project.pdf

An Overview of Mutual Funds Bcom Project.pdf

APM Welcome Tuesday 30 April 2024 APM North West Network Conference, Synergies Across Sectors Presented by: Professor Adam Boddison OBE, Chief Executive Officer, APM Conference overview: https://www.apm.org.uk/community/apm-north-west-branch-conference/ Content description: APM welcome from CEO The main conference objective was to promote the Project Management profession with interaction between project practitioners, APM Corporate members, current project management students, academia and all who have an interest in projects.

APM Welcome, APM North West Network Conference, Synergies Across Sectors

APM Welcome, APM North West Network Conference, Synergies Across Sectors

APM Welcome, APM North West Network Conference, Synergies Across Sectors

Association for Project Management

Recently uploaded (20)

Key note speaker Neum_Admir Softic_ENG.pdf

Key note speaker Neum_Admir Softic_ENG.pdf

Key note speaker Neum_Admir Softic_ENG.pdf

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx

Mehran University Newsletter Vol-X, Issue-I, 2024

Mehran University Newsletter Vol-X, Issue-I, 2024

Mehran University Newsletter Vol-X, Issue-I, 2024

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

Holdier Curriculum Vitae (April 2024).pdf

PROCESS RECORDING FORMAT.docx

PROCESS RECORDING FORMAT.docx

PROCESS RECORDING FORMAT.docx

Seal of Good Local Governance (SGLG) 2024Final.pptx

Seal of Good Local Governance (SGLG) 2024Final.pptx

Seal of Good Local Governance (SGLG) 2024Final.pptx

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...

Accessible design: Minimum effort, maximum impact

Accessible design: Minimum effort, maximum impact

Accessible design: Minimum effort, maximum impact

Measures of Central Tendency: Mean, Median and Mode

Measures of Central Tendency: Mean, Median and Mode

Measures of Central Tendency: Mean, Median and Mode

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"

Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"

The basics of sentences session 2pptx copy.pptx

The basics of sentences session 2pptx copy.pptx

The basics of sentences session 2pptx copy.pptx

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx

SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...

SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...

SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...

fourth grading exam for kindergarten in writing

fourth grading exam for kindergarten in writing

fourth grading exam for kindergarten in writing

Class 11th Physics NEET formula sheet pdf

Class 11th Physics NEET formula sheet pdf

Class 11th Physics NEET formula sheet pdf

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

This PowerPoint helps students to consider the concept of infinity.

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx

Introduction to Nonprofit Accounting: The Basics

Introduction to Nonprofit Accounting: The Basics

Introduction to Nonprofit Accounting: The Basics

An Overview of Mutual Funds Bcom Project.pdf

An Overview of Mutual Funds Bcom Project.pdf

An Overview of Mutual Funds Bcom Project.pdf

APM Welcome, APM North West Network Conference, Synergies Across Sectors

APM Welcome, APM North West Network Conference, Synergies Across Sectors

APM Welcome, APM North West Network Conference, Synergies Across Sectors

Featured

https://www.hubspot.com/state-of-marketing · Scaling relationships and proving ROI · Social media is the place for search, sales, and service · Authentic influencer partnerships fuel brand growth · The strongest connections happen via call, click, chat, and camera. · Time saved with AI leads to more creative work · Seeking: A single source of truth · TLDR; Get on social, try AI, and align your systems. · More human marketing, powered by robots

2024 State of Marketing Report – by Hubspot

2024 State of Marketing Report – by Hubspot

2024 State of Marketing Report – by Hubspot

ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!

Everything You Need To Know About ChatGPT

Everything You Need To Know About ChatGPT

Everything You Need To Know About ChatGPT

Expeed Software

Product Design Trends in 2024 | Teenage Engineerings

Product Design Trends in 2024 | Teenage Engineerings

Product Design Trends in 2024 | Teenage Engineerings

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

How Race, Age and Gender Shape Attitudes Towards Mental Health

How Race, Age and Gender Shape Attitudes Towards Mental Health

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Culture Code

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

PEPSICO Presentation to CAGNY Conference Feb 2024

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

Content Methodology: A Best Practices Report (Webinar)

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

How to Prepare For a Successful Job Search for 2024

How to Prepare For a Successful Job Search for 2024

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Social Media Marketing Trends 2024 // The Global Indie Insights

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Trends In Paid Search: Navigating The Digital Landscape In 2024

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

5 Public speaking tips from TED - Visualized summary

5 Public speaking tips from TED - Visualized summary

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

ChatGPT and the Future of Work - Clark Boyd

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Getting into the tech field. what next

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

How to have difficult conversations

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Introduction to Data Science

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Time Management & Productivity - Best Practices

Time Management & Productivity - Best Practices

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

The six step guide to practical project management

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

Featured (20)

2024 State of Marketing Report – by Hubspot

2024 State of Marketing Report – by Hubspot

2024 State of Marketing Report – by Hubspot

Everything You Need To Know About ChatGPT

Everything You Need To Know About ChatGPT

Everything You Need To Know About ChatGPT

Product Design Trends in 2024 | Teenage Engineerings

Product Design Trends in 2024 | Teenage Engineerings

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

How Race, Age and Gender Shape Attitudes Towards Mental Health

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

Skeleton Culture Code

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

PEPSICO Presentation to CAGNY Conference Feb 2024

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

Content Methodology: A Best Practices Report (Webinar)

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

How to Prepare For a Successful Job Search for 2024

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Social Media Marketing Trends 2024 // The Global Indie Insights

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

Trends In Paid Search: Navigating The Digital Landscape In 2024

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

5 Public speaking tips from TED - Visualized summary

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

ChatGPT and the Future of Work - Clark Boyd

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Getting into the tech field. what next

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

How to have difficult conversations

How to have difficult conversations

Introduction to Data Science

Introduction to Data Science

Introduction to Data Science

Time Management & Productivity - Best Practices

Time Management & Productivity - Best Practices

Time Management & Productivity - Best Practices

The six step guide to practical project management

The six step guide to practical project management

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

OWASP Chennai Talk - Application Security Risk - The Full Circle

1. Application Security Risk - The Full Circle Abhay Bhargav Chief Technology Ofﬁcer we45 Solutions India Pvt. Ltd.

2. An Introduction of Yours Truly AppSec and PCI Compliance Lead at SISA Performed over 50 security assessments across 18 countries. Spoken at several events including the OWASP AppSec NYC 2008 Trainer and Workshop Lead for Security Training Workshops My blog: http://citadelnotes.blogspot.com

3. How I am feeling right now!!

4. The current state of AppSec Awareness is on the rise Myriad Materials and Tools to aid in security Continually changing threat landscape Web 2.0: Security Disaster Waiting to happen??? CONCLUSION: A science/art still in its infancy

5. AppSec Incidents - Evolution Individual Application and Database Attacks Easy Availability of tools for launching attacks Rise of Polymorphic, “Multi-tasking” Malware Increasing trends of hackers exploiting for Monetary beneﬁt.

6. Where is the Disconnect? Caught up with Marketing Hype Training and Orientation Bad RAP

7. Caught up with the Marketing Hype Fastest growing security products segment - Application Security tools and products Limitations grossly mis- understood Vendors banking on the Compliance Craze

8. Training and Orientation Developers have little or no idea about Web Application Security. Code review and Testing does not hone in on Security issues. The Time:Quality Dilemma - Organizational “Mis- prioritization” “Customer is King” approach may not work here

9. Bad RAP - Risk Assessment Practices Current Situation: Threat Modeling = Risk Assessment No Integration to Organizational Risk Management No Customer and Management Interaction “The essential urge to complicate” - Overemphasis on Controls and undermining Risk.

10. The Full Circle identify security identify critical assets requirements Risk Treatment Plan create threat proﬁles identify impact & perform vulnerability probability assessments

11. Getting the RAP right! Critical Information Assets is the Watch-word Customer/Management Interaction - Assessing their Areas of Concern and providing Broad Security Requirements Threat Proﬁles - Basic to Technical progression Detailed Security Requirements and Trust Boundaries Impact Analysis- a sound business case measure for management.

12. The Benefits RAP feeds the SDLC Management/Customer involvement - Awareness and Budgetary benefits. “Abuse” Cases - Byproduct of vulnerability assessment Impact Analysis - True measure of Cost vs Benefit Provides clear requirements to Architects and Developers

13. Thank you!!! Questions?? My blog: http://citadelnotes.blogspot.com Keep in touch: http://www.linkedin.com/in/ abhaybhargav Email: abhay.bhargav@sisa.co.in, abhaybhargav@gmail.com

Editor's Notes

\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n