TRAINING AGENDA
What is Web Application Security (Part 1)
Web application security is a key top-of-mind concern for general managers, CISO’s, CIO’s and security staff for all companies. Widespread data breaches and intellectual property thefts have left few organizations untouched or unaware. This session will provide an overview of the web application security space including:
-
History,
-
Trends,
-
Regulations, and
-
Hacker profiles.
-
Common Web Application Attacks
What is Web Application Security (Part 2)
For those of you wanting an advance session on Web application security, you will learn further details on the following items:
-
Products,
-
Strategies,
-
Implementation, and
-
Attack Vectors.
-
How Web Application Scanners Really Work
Where to Implement Security
Current methods of addressing the application security problem focus on improving the security process within the software development lifecycle. Testing early in the development cycle has great merit, but it leaves production applications’ exposure unaddressed. Only a small percentage of Web applications are in the development or QA stage at any point of time, leaving a vast majority of the applications in production exposed and vulnerable. This session will teach you how you can test in your production environments –without affecting or corrupting the database and application — using virtualization.
360-Degree View of your Enterprise’s Application Security Posture
How can your entire team – from development, QA, and production to senior management — stay on top of the entire company’s Web vulnerabilities? This guided demonstration session will show you how to obtain a dashboard view of various security perspectives, including:
-
How many web applications do I have?
-
Can I prioritize vulnerabilities?
-
What’s tested and what needs testing?
-
How productive is my team?
-
Spidering and Navigation in Web Applications
Technical Sessions (AFTERNOON)
Common Web Application Attacks
From buffer-overflows to SQL injection, hackers have various techniques at their disposal to attack Web applications. This session explains how Web application attacks occur, identifies common and obscure Web application attacks, and provides Web application security tools and tactics to protect against them.
How Web Application Scanners Really Work
This session will focus on the mechanisms used by scanners to learn as much as possible about the targeted Web server. Some learning highlights will include:
-
Black box v white box testing and
-
Signature-based scanning.
How to Handle AJAX and Web Services
Topics covered include understanding how web application risks (such as those in OWASP Guide and OWASP Top Ten) apply in a Web Services world, and Web Services security topics such as:
-
Secure Exception handling in Web Services
-
Understanding the impact of Web 2.0 technologies like AJAX
Spidering and Navigation in Web Applications
In this advanced session, you’ll learn how spiders and navigations can be automated or guided across your entire Web application infrastructure to best detect vulnerabilities.
SPEAKERS BIO
Prashanth Ravishankar, Director of Technical Services, Cenzic Inc.
Prash is one of the sharpest minds in the new and evolving world of web application security. With nearly a decade of hands-on experience in the security industry, Prashanth has helped clients on a variety of issues, focusing on holographic and quantum cryptography, and more recently web application security. Prash has been with Cenzic for more than four years, and has worked in engineering, professional services, and pre-sales capacities. In his role at Cenzic, Prashanth managed the remote penetration testing arm of Cenzic, working to test a variety of web applications from Fortune 1000 organizations. He has spoken on the topic of application security in many countries around the world.
Prash holds a bachelors degree in computer science from Northwestern University in Chicago, and will be taking leave from Cenzic this fall to pursue his MBA from the Kellogg School of Business at Northwestern University in Chicago.
Steve Maxwell – Director of Worldwide Channels and Alliances, Cenzic, Inc.
Steve has more than 20 years experience in technology, software, and security sales and operations. Working for companies such as Hewlett-Packard, BEA Systems, Borland Software, Nokia, and SonicWALL, Steve has helped hundreds of organizations understand and deploy enterprise solutions. Over the past four years, he has turned his attention to the rapidly evolving area of security, first in the network security space with SonicWALL and Nokia, and now the area of web application security with Cenzic.
Steve holds a bachelors degree from San Jose State University in San Jose, California, and an MBA from Golden Gate University in San Francisco.
SORRY REGISTRATION CLOSED
