Securing Web Applications Made Simple and Scalable
- Thursday, October 10 at 1:00 PM EDT
- Stephen Sims, SANS Senior Instructor, Gregory Leonard, SANS Analyst, and Mark Painter, HP
Many organizations put an enormous amount of responsibility and faith into automated penetration testing frameworks, and security professionals have an obligation to ensure these tools meet these high demands. Web applications are still one of the most common vehicles in which attackers breach confidentiality, exposing sensitive data and often pivoting through into an organization's internal network. In this one-hour webcast we will take a close-up look at the latest version of HP's WebInspect tool, and give you insight as to how it can be effectively used to secure your web applications. Most importantly, we want to evaluate its effectiveness in meeting critical requirements including:
- Automation and Ease in Configuration
- Support for Large Scans
- False Positive Reduction
- Advanced Attack Technique Simulation
- Detailed Reporting and Remediation Guidance
We will walk through various attack scenarios and examples, such as SQL Injection and Cross-Site Request Forgery (CSRF), interpreting the results and providing insight into the latest features.
Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper containing details of Gregory Leonard's review of HP WebInspect, in which he was advised by Stephen Sims.
Click here to view the associated whitepaper.
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant. He has spent many years performing security architecture, exploit development, reverse engineering, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC710: Advanced Exploit Development, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.
Mark Painter is a product marketing manager for the Fortify pillar of HP Enterprise Security Products. In this role, he is responsible for the marketing efforts for both the Fortify product suite and the Fortify on Demand professional services organization. He is also a noted security blogger and has served as editor/contributor for the last several versions of the HP Cyber Risk Report. Over the past 12 years, Mark has held marketing, product management, and security researcher/blogger positions with HP and SPI Dynamics (acquired by HP in 2007). Mark holds a Master of Arts degree in literature from the University of Tennessee.
Gregory Leonard has over 13 years of experience in software development, with an emphasis on writing large-scale enterprise applications. He has worked with several government agencies, including designing and developing applications for the U.S. Treasury. Greg's current responsibilities include application architecture and security; performing infrastructure design and implementation, security analysis, code reviews, and evaluating performance diagnostics.