Securing Web Applications: Identifying and Managing Risks with Programming Languages and Frameworks

  • Webcast Aired Wednesday, 21 May 2014 1:00PM EDT (21 May 2014 17:00 UTC)
  • Speakers: Johannes Ullrich, PhD, Jeremiah Grossman

Web application attacks are continually growing in intensity and impact. Many have raised the question of whether the choice of language or framework has an impact on the overall security posture of an application. Conventional wisdom is that most contemporary software stacks have a similar level of security - but there is very limited objective data to support this claim.

In our recently published 2014 Website Security Statistics Report https://info.whitehatsec.com/Website-StatsReport.html?utm_source=websitedirect&utm_medium=website-2014statsreport&utm_campaign=web , we begin to answer this question by presenting a rigorous analysis of more than 30,000 websites under management under WhiteHat Sentinel.

In this webinar, led by WhiteHat Security Founder and iCEO Jeremiah Grossman and co-presenter Johannes Ullrich from the SANS Institute, we will present metrics on how various web programming languages and development frameworks actually perform in the field. The insights discussed will help the application security community evaluate risk-prone areas and ultimately develop more secure websites.

Beyond identification of risks, we will also address the question of appropriately prioritizing remediation. In today's environment, it is critical to identify the risks that have the highest business impact and address them on a priority-basis. We will discuss a three-step process to do this:

  1. Understanding resistance to attack
  2. Measuring business impact
  3. Continually monitoring the threat landscape

Participants in this webinar will benefit from a deeper understanding of the vulnerabilities inherent in languages and frameworks, and an approach for remediation that minimizes business risk.