This paper explores the role of white box vs. black box testing. White box testing technologies have a definite but limited use and value. From a Web application security perspective it must be understood that significant blind spots come with white box testing. Ultimately white box testing is not sufficient to secure your applications: simply put organizations that rely solely on white box technologies will be exposed to vulnerabilities in their applications, thus making it an ineffectual method of testing real-world risks. This paper will demonstrate black box or dynamic testing is ultimately the appropriate solution for “truly” securing Web applications.
This white paper highlights Cenzic’s recommendation of a process of continuous assessment for applications in development and production environments -- a process that can equally apply to Intranet and public facing applications alike. Continuous testing can now be easily and safely done in a virtualized environment; no longer putting production web applications at risk. Companies can now easily and quickly, add vulnerability testing to their list of activities for all of their Web applications including production applications. Using a testing methodology across a company’s Web application portfolio will significantly enhance the security of all Web applications.
Published By: ZSL Inc.
Published Date: Sep 25, 2008
The hotspot in the current IT world is optimized Web Services. Now the enterprises have started their vision towards next generation Web Services. This white paper gives information for the business managers and engineers in developing and deploying Web Services using Rational Application Developer (RAD) and WebSphere Application Server (WAS), respectively. This paper explains the process to:* create a Web Service and Web Server client* build security to that web service* deploy the web service in WebSphere application server
This webinar explores 12 of the most common security traps in Java by examining the causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, we look at vulnerabilities from a developer’s perspective, focusing on the source code.
Web Services are emerging as the preeminent method for program-to-program communication across corporate networks as well as the Internet. Securing web Services has been a challenge until recently, as typical Web authentication and authorization techniques employed browser-to-server architectures (not program-to-program). This resulted in user identity ending at the Web Application Server, forcing the Web Services Provider to trust blindly that the Web Services Requester had established identity and trust with the end user.
Financial services companies have been the target of a serious, sustained, and well-funded DDoS campaign for more than a year. What these attacks have continued to demonstrate is that DDoS will continue to be a popular and increasingly complex attack vector. DDoS is no longer simply a network issue, but is increasingly a feature or additional aspect of other advanced targeted attacks. The motivation of modern attackers can be singular, but the threat landscape continues to become more complex and mixes various threats to increase the likelihood of success. There have certainly been cases where the MSSP was successful at mitigating against an attack but the target Website still went down due to corruption of the underlying application and data. In order to defend networks today, enterprises need to deploy DDoS security in multiple layers, from the perimeter of their network to the provider cloud, and ensure that on-premise equipment can work in harmony with provider networks for effective and robust attack mitigation
Published By: AlienVault
Published Date: Aug 11, 2015
This webinar talks about common PCI DSS compliance challenges, questions to ask as you plan and prepare, core capabilities needed to demonstrate compliance, and how to simplify compliance with a unified approach to security
Gartner named Akamai a Leader in their 2017 Magic Quadrant for Web Application Firewalls.
A web application firewall is an essential element in your defense against application-layer attacks, which pose an ever-greater threat to productivity and security.
The Akamai approach to WAF combines:
An anomaly detection model
A repeatable testing framework to measure effectiveness
Threat intelligence to identify the latest threats
A cloud platform for global scale
Managed security services to help organizations better protect their websites and web applications over time
Independent technology research firm Forrester evaluated web application firewall (WAF) vendors and published the results in The Forrester Wave™: Web Application Firewalls, Q2 2018. Akamai Technologies emerged as one of the leaders after a comprehensive evaluation on 33 criteria. The report states that security pros require a WAF that will automatically protect web applications, stay ahead of zero-day attacks and protect new application formats including APIs and serverless architectures. The report also reveals detailed findings for the 10 most significant WAF vendors. Akamai’s Kona Site Defender was the top scorer in the zero-day attacks criterion and one of the select vendors rated a Leader, the highest-ranking level in the report.
In viewing this Akamai content, we would like to share your data with Akamai. Click here for more info or to opt out.
What you'll learn in this webinar:
Optimize your operations by taking advantage of the modern, scalable cloud infrastructure available on Amazon Web Services (AWS). Migrate your Oracle applications and databases to AWS and get all the benefits of the cloud.
Migrating mission-critical Oracle databases and applications to the cloud is complex and you may feel locked into your platform. Amazon Aurora provides commercial-grade database performance and availability at a fraction of the cost. Apps Associates—an AWS Partner Network (APN) Partner and Oracle expert—can migrate enterprise workloads to the cloud, freeing customers to focus on higher-value initiatives.
Watch this webinar to learn how to:
Run your entire Oracle database and application environment on the cloud
Take advantage of lower IT costs on the cloud and reduce your Total Cost of Ownership (TCO)
Leverage Amazon Aurora to help satisfy your company’s cloud-first mandate, improve security, and reduce risk
Organizations often struggle to protect business-critical applications from ever-increasing threats. Many organizations lack the security staff, and sometimes knowledge, to mitigate the seriousness—and scope—of the attacks they constantly face. APN Security Competency Partner Imperva provides automated security solutions that can help you defend against both known and zero-day attacks and increase visibility across your entire Amazon Web Services (AWS) environment, to rapidly stop attacks and quickly identify the real threats that need to be investigated.
Join our upcoming webinar to learn how DigiCert has protected both their AWS and on-premises environments from DDoS attacks and other threats by using Imperva’s SaaS Web Application Security solution. This versatile security offering helps keep application workloads safe across cloud and on-premises environments and can be managed from a single pane of glass, enabling security teams to more effectively and efficiently secure business
Fulfilling the security and compliance obligations within the AWS Shared Responsibility Model is critical as organizations shift more of their infrastructure to the cloud. Most infrastructure and application monitoring solutions haven’t caught up to meet these new requirements, forcing IT and security teams to resort to traditional monitoring strategies that don’t allow for innovation and growth.
Join us for this webinar to learn how Splunk and AWS give you end-to-end visibility across your applications and help quickly detect potential security threats. Find out how Experian leveraged Splunk Cloud to deliver log data in near real-time to their operations teams for analysis and monitoring, roll out new features/updates faster, create reusable features to deploy in multiple customer environments to scale with their business, and ensure adherence to security and compliance standards.
Published By: Veracode
Published Date: Oct 26, 2016
20% of enterprises have suffered a security incident related to a business application or IT service consumed from external partners. With breaches like these making headlines, and enterprises’ growing reliance on third-party software, security of the cyber supply chain will garner increased attention. Download this joint Veracode/Enterprise Strategy Group (ESG) report to explore enterprises’ challenges in securing their cyber supply chain and get best practices for ensuring that every application – regardless of its origin – is secure.
Published By: Veracode
Published Date: Oct 26, 2016
Web application attacks are now the most frequent pattern in confirmed breaches, and organizations know that application security is key to protecting their data. But many organizations lack the resources to develop a comprehensive AppSec program, and need to look to external services. Download this guide for a straightforward, four-step method for acquiring the services you need to support a comprehensive AppSec program.
Published By: Tenable
Published Date: Aug 07, 2018
"Digital transformation is putting tremendous pressure on IT security. Whether it’s discovering short-lived assets (e.g., containers), assessing cloud environments or maintaining web application security, understanding and reducing cyber risk across your entire attack surface is tough. Get the CISO POV in this on-demand webcast and learn how to:
• Minimize the attack surface
• Expand visibility of assets beyond the perimeter
• Enhance security practices to accommodate more dynamic IT environments"
The average company uses more than 50 security vendors.
Firewalls, Web proxies, SIEM, Appliances & Third-party intelligence.
The list goes on — and sometimes you still find your stack coming up short when it comes to securing users anywhere they access the internet. Strengthening your security stack doesn’t mean a massive overhaul or a loss of customization and control. Check out these 6 ways to amplify and extend your stack with cloud security from Cisco Umbrella.
Credit Union Times is the nation's leading independent source for breaking news and analysis for credit union leaders. For more than 20 years, Credit Union Times has set the standard for editorial excellence and ethical, straight-forward reporting.