|Protecting your web application against today's botnet threats, including DDoS and hacking / Continuous Improvement to Enterprise Remediation: The Role of the Risk Registry|
1. Protecting your web application against today's botnet threats, including DDoS and hacking. (1-3pm) by Nelson Chen
2. Continuous Improvement to Enterprise Remediation: The Role of the Risk Registry (3pm-4:15pm) by Nick Deshpande
The 2017 Verizon Data Breach Investigations Report (DBIR) revealed that web application attacks was the source of the most security breaches, approximately accountable for 30% of all reported data breaches. In this report, it was also revealed that Botnets was responsible for 77% of all of these web application breaches, therefore almost a quarter of all verified data breaches can be attributed to botnet attacks against web applications.
Today's botnets are the hacker's swiss army knives and can perform many functions. While we all know that botnets are responsible for launching DDoS attacks, they can also perform other malicious activites, such as the following:
Launch DDoS attacks
Steal form data, steal cookies or keylog an infected webpage
Scan a target server for vulnerabilities
Send multiple different exploits to the browser
Send POST requests and self-replicate on XSS vulnerable sites.
Send ShellShock exploits
Silently load webpage
As organizations are increasingly reliant on information technology as a crucial component of business operations, information is often partially or fully in electronic form via a public facing web application...... Attacks against web servers are one of the most prevalent issues in cyber security today and very recently, Equifax has become one of the largest web application data breaches in history. Could what happened at Equifax happen at my company? - most definitely!
In this session, Nelson will talk about some of the common botnet threats including DDoS and application layer threats as well as best practices on how to stop these threats, discuss why secure development practices and patching alone is not effective enough to combat these threats.
Nick will deliver a practical session about a risk registry in an enterprise context: who contributes, who owns it, how is it leveraged for continuous improvement of a company's remediation regime? In light of recent events, this open discussion will leave listeners with a greater understanding of how a risk registry underpins remediation. Listeners are invited to share their best practices and experiences, as well!
CFO; CIO; CTO; CSO, SVP/VP/Director of IT, IT Managers, internal audit professionals including IT auditors, Information Security Managers and Analysts; Systems Administrators; and Information Technology professionals
Nelson Chen, CISSP, CISM, CISA, ITIL, Director of Information Security Solutions at Zenedge, past roles including Global Information Security Officer at OpenText, Director of IT at Hummingbird.
Nick Deshpande, CISSP, is the vice president of product development at Zenedge, where he combines his passions for user experience and security. He's a graduate of the Royal Military College of Canada and American Military University. Nick has worked in enterprise security governance and compliance, architecture, and delivered managed security services. He's a member of the ISACA Toronto Chapter and (ISC)2.
Registration is now closed.