Enhanced Application Security for the Financial Industry
- Tuesday, January 17th, 2017 at 1:00 PM EST (18:00:00 UTC)
- Steve Kosten and Mike Ware
You can now attend the webcast using your mobile device!
Application security is a growing concern for all businesses embracing a digital transformation, but in the financial sector, it is a top-level priority. With cyberattacks increasing in frequency and sophistication, financial institutions face the challenge of securing diverse portfolios of web and mobile applications that handle high volumes of transactions and sensitive data.
Organizations in the financial services industry go to great lengths to secure their applications, from adhering to industry standards and best practices to investing in penetration testing and web application firewalls. Despite these efforts, many AppSec initiatives fall short and fail to adequately secure business-critical applications.
So, what can be done to move the needle? The best answer today is to use a secure software development lifecycle (SDLC). Whether developing applications in-house, outsourcing development or purchasing applications from outside vendors, a financial institution must be able to ensure that secure development practices are being followed.
In this webcast, you will learn about the elements of a secure SDLC and why baking in proactive security controls early in the lifecycle is the best hedge against bugs that could be devastating if released into the wild. Attendees also will learn more about requirements and standards as well as best practices for financial services developmentand consequences for poor practices.†
Click here to be among the first to receive the associated whitepaper written by SANS expert Steve Kosten on this topic.
Steve Kosten, an instructor for SANSí Secure Coding in Java/JEE: Developing Defensible Applications course, holds the GSSP-JAVA, GWAPT, CISSP and CISM certifications. Experienced in secure code review, vulnerability assessment, penetration testing and risk management, he is a security consultant at Cypress Data Defense. Steve previously performed security work in the defense and financial sectors, and headed up the security department for a financial services firm. A frequent presenter at security-related conferences, he is currently leader of the Denver chapter of the Open Web Application Security Project (OWASP).
Mike Ware leads Cigitalís Southeast Practice in Atlanta, Georgia, where he advises clients on establishing and maturing software security initiatives. He joined Cigital in 2008 and has successfully led Cigitalís largest software security implementations, particularly in the financial and healthcare sectors. Mike leverages a unique background in software engineering, information security and management consulting when advising CISOs on cost-effectively scaling security practices to manage business risks. In 2011, Mike served as Cigitalís inaugural Static Analysis Practice director, where he developed Cigitalís offerings and led teams responsible for Cigitalís largest static analysis implementations. As a leader of Cigitalís Southeast management team, Mike is responsible for delivery operations and account management.