web application security increasing customer s awareness n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Web Application Security : Increasing customer’s awareness PowerPoint Presentation
Download Presentation
Web Application Security : Increasing customer’s awareness

Loading in 2 Seconds...

play fullscreen
1 / 17

Web Application Security : Increasing customer’s awareness - PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on

Web Application Security : Increasing customer’s awareness. Laurent PETROQUE System Engineer, F5 Networks l.petroque@f5.com. Application Security: Trends and Drivers. “Webification” of applications Intelligent browsers and applications Public awareness of data security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Web Application Security : Increasing customer’s awareness


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Web Application Security :Increasing customer’s awareness Laurent PETROQUE System Engineer, F5 Networks l.petroque@f5.com

    2. Application Security: Trends and Drivers • “Webification” of applications • Intelligent browsers and applications • Public awareness of data security • Increasing regulatory requirements • The next attackable frontier • Targeted attacks

    3. Almost every web application is vulnerable! • 70% of websites at immediate risk of being hacked! - Accunetix – Jan 2007http://www.acunetix.com/news/security-audit-results.htm • “8 out of 10 websites vulnerable to attack” - WhiteHat “security report – Nov 2006”https://whitehatsec.market2lead.com/go/whitehatsec/webappstats1106 • “75 percent of hacks happen at the application.”- Gartner “Security at the Application Level” • “64 percent of developers are not confident in their ability to write secure applications.” - Microsoft Developer Research

    4. Spreading Web Application Security • Groups: • Risk assessment group • Security officer • Application guys • Network guys • Segments • PCI compliance • SOX Compliance • Financials • Healthcare • E-Commerce

    5. Why this is important • Unique value to customers • Dramatically improve attach rate • Position bigger platforms • Position new and more services • Introduce to new groups within the organization • Security impacts the entire process

    6. Understand the customer’s Business Problem - not just the technical problem. Customer’s business problem isn’t always a security breach • Compliance • Business enabler • Extension • Acquisition or new partnership • Company security policy • Install WAF • Audit Code • Recurring pen testing • Monitoring layer 7

    7. Understand the customer’s Business Problem - not just the technical problem. Sometimes it is pure security • Failed security audit • Discovered vulnerability • Hacked • Critical/high profile application

    8. Who is responsible for application security? Web developers? Network Security? Engineering services? DBA?

    9. Know who we are talking with • Network guys – keep it simple !!! Talk about how easy/fast it is to deploy. Remember! They are in the network business since they don’t like applications... • Many times they are responsible for entire security and now they are expected to protect an application layer ? How can they do that ? • Application guys – show them policy – the application map

    10. Know who we are talking with • Security guys – They know a lot about network security but less about web application security • They are often isolated in the organization • Attached to General management • Show them how to inflate an application security message • Benefit from this knowledge • In front of developers for instance • New technology validation

    11. Speaking to execs • Protects stakeholders from regulatory violations • Increases and simplifies compliance • PCI • Sarbanes-Oxley • Brand protection • Provides insurance, assurance and accountability • Improves business agility • Provides risk insight and risk mitigation • Continuous improve of confidentiality, availability and accuracy of business information and process

    12. PCI Awarenesscampaign in Italy • We ran a phoning campaign • 75 companies contacted • Enormous awareness job still to complete • Huge business potential detected • Strong on Web Application Security

    13. Sarbanes-Oxley Compliance • Huge potential with SOX • “The requirements for SOX compliance apply to any system that processes or maintains financial data” • Most of applications are moving to Web • Even those maintaining “financial data” • Impact numerous organizations • Execs are more than receptive

    14. What customers want from Sarbanes-Oxley • User Authentication • Password Management • Access controls • Input validation • Exception handling • Secure data storage and transmission • Logging • Monitoring and alerting • System hardening • Change management • Application development • Periodic security assesments and audits

    15. Polizia Postale Statistics for 2005

    16. Polizia Postale Statistics for 2006