UPCOMING EVENTS

Application Security

 

Strategies to protect applications from external threats

 

September 5, 2019

 

9:00am-5:00pm

 

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

 

Conference location: Donald E. Stephens Convention Center Rosemont (O’Hare) Illinois

  

      


Overview

 

Application security is the process of making applications more secure by finding, fixing, and enhancing the security of applications. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This has taken on greater importance as hackers are increasingly targeting applications with their attacks.


What You Will Learn

 

In this one day conference attendees will learn:

  • OWASP Top 10 in Depth
  • Five Steps to Achieve Risk-based Application Security Management
  • DevSecOps- Where to Start? How to Unite
  • A Framework Advanced Application Security Testing
  • Building Secure API’s and Web Applications
  • How to Bake Application Security into Your Application Development Environment

 

Conference Price: $289.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.



8:00am – 9:00am: Registration and Continental Breakfast


9:00am-10:00am: OWASP Top 10 in Depth

 

 

 

The OWASP Top 10 is a powerful awareness analysis for web application security. It represents a broad consensus about the most critical security risks to web applications. Contributors include a variety of security experts from around the world who have shared their expertise to produce the list. The presentation will cover each vulnerability in detail as well as mitigation strategies.

 

 


10:00am -10:30am: Refreshment Break


10:30am-11:30am: Five Steps to Achieve Risk-based Application Security Management

 

 

 

Software applications can represent your weakest link. A large number of security risks happen at the application layer. The pressure on development teams to build and deploy software quickly makes it challenging for them to prioritize application security risk. The pressure on development teams to build and deploy software quickly makes it challenging for them to prioritize application security risk. Reducing focus on security can make your applications big targets for cybercriminals looking to exploit vulnerabilities and steal IP.

 

In this session, attendees will learn 5 steps to reduce your security risks inherent in applications.

  • Creating an inventory of application assets and assessing their business impact
  • Testing applications for vulnerabilities
  • Determining risks and prioritizing vulnerabilities
  • Remediating risks
  • Measuring progress and demonstrating compliance

 

 


11:30am-12:30pm: DevSecOps – Where to Start? How to Unite

 

 

 

DevOps is concerned with uniting two areas: development and operations. These groups have seemingly competing priorities: features versus stability.

 

DevOps helps mitigate these contradictions. How does security get involved?

 

In this session we will discuss how Security can unite with DevOps creating DevSecOps through:

  • Creating feedback loops
  • Uniting security and engineering culture
  • Enabling delivery velocity
  • Treating everything as code

 

 


12:30pm – 1:30pm Luncheon


1:30pm-2:30pm: A Framework Advanced Application Security Testing

 

 

 

This session will provide attendees with exploitation scenarios, focusing on advanced SQL injection, XML eXternal Entities (XXE) and server-side request forgery (SSRF) attacks. It will also cover out-of-band detection and exfiltration using the DNS, which has recently become a popular technique used by penetration testers.

 

In this session, attendees will learn an advanced framework of testing your applications.

 

 


2:30pm – 3:00pm: Refreshment Break


3:00pm-4:00pm: Building Secure API’s and Web Applications

 

 

 

APIs have become a strategic necessity for enterprises. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are extremely with the risks of breaches.

 

In this session, attendees will learn:

  • How the top API concerns
  • How to address those concerns early in the process
  • How to help keep APIs secured

 

 

 


4:00pm-5:00pm: How to Bake Application Security into Your Application Development Environment (Panel Discussion)

 

Speakers will feature professionals from IT Departments sharing lessons learned

 

In this panel discussion, senior security executives will share how they build Application Security into their development from the early stages.

 

Areas that will be discussed include:

  • Where to start planning
  • How to get buy-in
  • Who owns the responsibility?

 

 


CONFERENCE CO-SPONSORS