About meAlex Bello• Director of Technical Operations at IronKey• Product Threat Team Lead at IronKey• Technical Operations at Anti-Phishing Working Group (APWG)Deep expertise in process, systems architecture, networking,databases, security and web development.
About IronKey• Founded by security experts in 2005• Funded by DHS• Designed & assembled in USA• Secure Hardware with cloud based remote management services• Scales globally in major banks, hospitals, DHS, FEMA and NATO
Facts• Web is full of web application hacking tutorials and tools• Botnets are used to scan for recent web application exploits• 75% of attacks happen at the app layer• Security holes in web apps result in huge business losses
What to do?• Create security program• Integrate security into SDLC• Use phased approach
How to Start?• Create security awareness and training• Get release management under control• Assess important security controls• Scan applications prior to new releases• Benchmark against industry best-practices• Communicate results to the organization• Conduct independent security audits
Summary• Invest in security training and certification• Integrate security into SDLC in phases• Never trust input, validate all input/output• Strong encryption of sensitive data and key management• Strong access controls and hardening• Stay on top of vulnerabilities and keep your networks, servers, applications up to date