Upcoming Targeted IT Conferences

The OWASP (Open Web Application Security Project) Top Ten was created to help organizations and government agencies focus on the most serious web application security vulnerabilities. Adopting a process to monitor for, identify and remediate these “Top Ten” flaws is perhaps the most effective first step towards ensuring the security of your web applications. Are you at risk for an attack? Find out now!

10:30 am - 11:30 am
Designing a Framework for Effectively Securing Enterprise Web Applications
Gary Alterson, Security Risk Management, Corp-Sec Project

To effectively combat against web application security threats and  attacks, organizations need to have a well formulated plan in place.  The framework should be designed to incorporate the following:

* Application Architecture - Multiple services must act securely together so that there is no single point of failure. 

* Application Complexity - When application functionality broadens the risk & probability increases that more bugs exist. 

* Manipulation of Data - The collection and presentation of data must be managed properly to meet legal, privacy and financial regulations and guidelines.
 
* Application Deployment -  The application and its environment must be secured.  A vulnerability in a web server negates security implemented in the application.

* Application Security Requirements - Properly engineered and clearly stated security requirements form the basis for designing appropriately secure systems.

* SDLC Integration - Integrating security into the regular SDLC lifecyle embeds controls where they are most effective - within applications themselves.

During this presentation you will learn how the components fit together and how you can overcome many of the challenges inherent in securing your organization’s web applications

1:30 pm - 2:30 pm
Extending Web Application Security Beyond the Application
Jason Wilcox, Security Practice Lead, Yash Technologies

Web Application security extends far beyond the application itself.  Everything surrounding the application such as authentication processes, user management, password management, Single Sign On solutions and Federating access to an application are all points of attack and potential weaknesses in your applications security. Identity and Access Management can no longer be treated as separate entities in today’s enterprise, and must be integrated from the beginning.

In this session you will learn:

• Key Identity Management Challenges and how they affect application security

• Key Integration points for Identity Management

• Methods to Leverage Identity Management in Web Single Sign On

• About Identity Federation Technologies, e.g., SAML, Liberty Alliance

• Methods to Leverage Identity Federation technologies to secure your application

2:30 pm - 3:00 pm  Break

3:00 pm - 4:00 pm
Security Throughout the Software Development Lifecycle
Danny Allan, Security Analyst, Watchfire

The shift in focus from network-based vulnerabilities to application-based vulnerabilities has left many organizations exposed.  A leading IT analyst company estimates that 75% of online attacks are targeting web applications yet many organizations are doing very little to protect online applications. Many companies are struggling to effectively combat this growing problem and handle the volume of application testing.  

Only through strict processes can web application vulnerabilities be identified, reducing exposure.  Our speaker will discuss techniques and best practices to proactively manage web application security and how to effectively build application security testing into the software development lifecycle (SDLC) including: secure coding techniques, building application security into the development lifecycle and understanding legislative compliance, as well as ways to safeguard the privacy and confidentiality of highly sensitive online information.

In this session you will learn:

* How to better understand potential web application security vulnerabilities 
* Best practices and how to effectively integrate application security testing into the software development lifecycle.
* The importance of detecting and removing software vulnerabilities during application development 

4:00 pm-5:00 pm
You’ve Built It, But Who’s Really Using It? – Achieving Post Deployment Web Application Security by Identifying and Guarding Against Potential Threats
Dave Armstrong, Director of Research, Authentify

Web applications pose a particularly tough security challenge in that once an application is deployed, it exists in an environment where security threats are potentially as diverse as the people who create them.  Developing an identity focused strategy for safeguarding web applications and their legitimate users is a post-deployment step necessary to ensure the ongoing viability for your application.  Identity focused security centers on:

• Human Identification –

Methods such as PIN / password strategies, digital certificates and biometrics for protecting legitimate application users while guarding against malicious users.

• Site Identification –

Protecting your application from security threats such as phishing and other identity-related attacks.

In this session you will see actual examples of how enterprises employ identity focused strategies to protect their web application.