Strategies to protect applications from external threats
September 5, 2019
7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded
Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois
Application security is the process of making applications more secure by finding, fixing, and enhancing the security of applications. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This has taken on greater importance as hackers are increasingly targeting applications with their attacks.
What You Will Learn
In this one day conference attendees will learn:
Conference Price: $289.00 per person
Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.
8:00am – 9:00am: Registration and Continental Breakfast
9:00am-10:00am: OWASP Top 10 in Depth
The OWASP Top 10 is a powerful awareness analysis for web application security. It represents a broad consensus about the most critical security risks to web applications. Contributors include a variety of security experts from around the world who have shared their expertise to produce the list. The presentation will cover each vulnerability in detail as well as mitigation strategies.
10:00am -10:30am: Refreshment Break
10:30am-11:30am: Five Steps to Achieve Risk-based Application Security Management
Software applications can represent your weakest link. A large number of security risks happen at the application layer. The pressure on development teams to build and deploy software quickly makes it challenging for them to prioritize application security risk. The pressure on development teams to build and deploy software quickly makes it challenging for them to prioritize application security risk. Reducing focus on security can make your applications big targets for cybercriminals looking to exploit vulnerabilities and steal IP.
In this session, attendees will learn 5 steps to reduce your security risks inherent in applications.
11:30am-12:30pm: DevSecOps – Where to Start? How to Unite
DevOps is concerned with uniting two areas: development and operations. These groups have seemingly competing priorities: features versus stability.
DevOps helps mitigate these contradictions. How does security get involved?
In this session we will discuss how Security can unite with DevOps creating DevSecOps through:
12:30pm – 1:30pm Luncheon
1:30pm-2:30pm: A Framework Advanced Application Security Testing
This session will provide attendees with exploitation scenarios, focusing on advanced SQL injection, XML eXternal Entities (XXE) and server-side request forgery (SSRF) attacks. It will also cover out-of-band detection and exfiltration using the DNS, which has recently become a popular technique used by penetration testers.
In this session, attendees will learn an advanced framework of testing your applications.
2:30pm – 3:00pm: Refreshment Break
3:00pm-4:00pm: Building Secure API’s and Web Applications
APIs have become a strategic necessity for enterprises. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are extremely with the risks of breaches.
In this session, attendees will learn:
4:00pm-5:00pm: How to Bake Application Security into Your Application Development Environment (Panel Discussion)
Speakers will feature professionals from IT Departments sharing lessons learned
In this panel discussion, senior security executives will share how they build Application Security into their development from the early stages.
Areas that will be discussed include: