Application Security: Process, Tools, and Architecture

Presenters: Ramon Krikken, and Dave Muelhling

Duration: 3hrs 21min

Description: Attackers go for low-hanging fruit, which means they now often focus on applications instead of infrastructure. Risks include vulnerabilities allowing unauthorized database access, exploitation of design errors to manipulate business logic, and attacks on end-users via cross-site scripting.

This workshop addresses three main areas of concern, showing the need for security teams to work with the development teams in a concerted fashion to combat these threats:

• First are common web application architectural and software errors, using the OWASP Top 10 as one of the guides. Attendees will be advised on how architects and developers can avoid introducing these vulnerabilities into their own applications.
• Second are methods for weaving security throughout the software development lifecycle (SDLC) - highlighting key processes and tools, such as code review and scanning, web application scanning, development practices, change control, and release processing.
• Finally, what are the latest models of application security architecture? Burton Group will explain its latest reference architecture work in this area, which includes coverage on XML/Web application firewalls and other application-layer security services.

What You Will Learn:

• What are the threats that justify a focus on building robust, secure applications?
• How should the software development lifecycle (SDLC) encompass security processes?
• What are common application security failings?
• What products help the development or operation of secure applications?
• What should be the 2-3 year architecture for application security?

Back to all workshops

$199.00

(3 credits)