Securing Web Applications: Identifying and Managing Risks with Programming Languages and Frameworks
- Wednesday, May 21st, 2014 at 1:00 PM EDT (17:00:00 UTC)
- Johannes Ullrich and Jeremiah Grossman
You can now attend the webcast using your mobile device!
Web application attacks are continually growing in intensity and impact. Many have raised the question of whether the choice of language or framework has an impact on the overall security posture of an application. Conventional wisdom is that most contemporary software stacks have a similar level of security - but there is very limited objective data to support this claim.
In our recently published 2014 Website Security Statistics Report https://info.whitehatsec.com/Website-StatsReport.html?utm_source=websitedirect&utm_medium=website-2014statsreport&utm_campaign=web , we begin to answer this question by presenting a rigorous analysis of more than 30,000 websites under management under WhiteHat Sentinel.
In this webinar, led by WhiteHat Security Founder and iCEO Jeremiah Grossman and co-presenter Johannes Ullrich from the SANS Institute, we will present metrics on how various web programming languages and development frameworks actually perform in the field. The insights discussed will help the application security community evaluate risk-prone areas and ultimately develop more secure websites.
Beyond identification of risks, we will also address the question of appropriately prioritizing remediation. In today's environment, it is critical to identify the risks that have the highest business impact and address them on a priority-basis. We will discuss a three-step process to do this:
- Understanding resistance to attack
- Measuring business impact
- Continually monitoring the threat landscape
Participants in this webinar will benefit from a deeper understanding of the vulnerabilities inherent in languages and frameworks, and an approach for remediation that minimizes business risk.
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.
Jeremiah Grossman founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Mr. Grossman is a founder of the Web Application Security Consortium (WASC), and was named to InfoWorld's Top 25 CTOs for 2007.
Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA Confeedge attack and defensive techniques and is a co-author of XSS Attacks: Cross Site Scripting Exploits and Defense.
Mr. Grossman is frequently quoted in major media outlets such as USA Today, the Washington Post, The Financial Times, InformationWeek, InfoWorld, USA Today, PC World, Dark Reading, SC Magazine, CNET, CSO and NBC news. He frequently alerts the media community to the latest attacks and is not only able to offer in-depth commentary, but also provide his perspective of what's to come. Mr. Grossman was named a "friend of Google" and is also an influential blogger (http://www.jeremiahgrossman.blogspot.com) who offers insight and encourages open dialogue regarding current research and vulnerability trend information.
Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.