When it comes to application security which approach is best? Is static application security testing better than dynamic testing? Or is manual penetration testing best of all? Or can I forego testing all together and rely on my web application firewall? The answers to these questions seem to vary depending on who you're talking to; but there is one thing all security professionals agree on - we MUST secure our software now. Maintaining secure software is essential to ensure business processes remain functional and that the data they rely on is not compromised. This webinar will explore the alternative testing methods and approaches available to IT professionals and security practitioners looking to implement a software security program.
After attending this webinar you will:
Understand why application security testing is a critical component of any enterprise security program
Understand the differences between Static Testing, Dynamic Testing and Manual Penetration Testing
Be able to determine which testing approach is best suited to your organization
Software applications are an integral part of 21st century business processes. The majority of software is still installed in-house, either as specially developed custom applications or commercially acquired packages. However, the proportion of software procured as a service is on the rise, as is the use of mobile apps and open source components. In addition, more and more in-house applications are being web-enabled and exposed to the outside world.
Regardless of its origin, the vast majority of software will contain flaws which can constitute a security risk, especially for those applications that are web-enabled. The cost of fixing a flaw increases the later that they are found in the development, acquisition and deployment life-cycle. There are a number of measures that can be taken to mitigate the problem and reduce the overall cost of managing software whilst ensuring better security. Increasingly, businesses are recognizing the benefits of outsourcing at least some of the effort through the use of on-demand software testing services.
This webinar explores how businesses are deploying software and what measures are in place for checking the security of applications. This webinar will present new research conducted amongst US and UK enterprises from a range of industries and assesses the scale of the software security problem, the ways in which it can be mitigated, the extent to which this is being achieved, the costs involved and how these can be minimized.
2011 was the Year of the Breach. Some of the world's best companies and brands were attacked making securing your enterprise applications a key information security imperative.
As applications become more mission critical to the enterprise, so too does the need to secure them.
Learn how enterprises can leverage the various application testing approaches in their application security programs.
Bob writes regular analytical columns for Computing, Computer Weekly, silicon.com and Computer Reseller News (CRN), and has written for The Times, Financial Times and The Daily Telegraph. Bob blogs for Computing, Info Security Advisor and IT-Director.com. He also provides general comment for the European IT and business press. Bob has extensive knowledge of the IT industry. Prior to joining Quocirca in he spent 16 years working for US technology vendors including DEC (now HP), Sybase, Gupta, Merant (now Serena), eGain and webMethods (now Software AG).
Chris Wysopal, Veracode's CTO and Co-Founder, is responsible for the company's software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is an author of L0phtCrack and netcat for Windows. He is the lead author of "The Art of Software Security Testing" published by Addison-Wesley.