Protecting your web application against today's botnet threats, including DDoS and hacking / Continuous Improvement to Enterprise Remediation: The Role of the Risk Registry

Session Description:

1. Protecting your web application against today's botnet threats, including DDoS and hacking. (1-3pm) by Nelson Chen

2. Continuous Improvement to Enterprise Remediation: The Role of the Risk Registry (3pm-4:15pm) by Nick Deshpande


1st part:

The 2017 Verizon Data Breach Investigations Report (DBIR) revealed that web application attacks was the source of the most security breaches, approximately accountable for 30% of all reported data breaches.  In this report, it was also revealed that Botnets was responsible for 77% of all of these web application breaches, therefore almost a quarter of all verified data breaches can be attributed to botnet attacks against web applications.

Today's botnets are the hacker's swiss army knives and can perform many functions.  While we all know that botnets are responsible for launching DDoS attacks, they can also perform other malicious activites, such as the following:

Launch DDoS attacks

Execute JavaScript on victims' computers

Steal form data, steal cookies or keylog an infected webpage

Scan a target server for vulnerabilities

Send multiple different exploits to the browser

Send POST requests and self-replicate on XSS vulnerable sites.

Send ShellShock exploits

Preform ClickJacking

Silently load webpage

etc., etc.

As organizations are increasingly reliant on information technology as a crucial component of business operations,  information is often partially or fully in electronic form via a public facing web application...... Attacks against web servers are one of the most prevalent issues in cyber security today and very recently, Equifax has become one of the largest web application data breaches in history.  Could what happened at Equifax happen at my company? - most definitely!

In this session, Nelson will talk about some of the common botnet threats including DDoS and application layer threats as well as best practices on how to stop these threats, discuss why secure development practices and patching alone is not effective enough to combat these threats.

2nd part:

Nick will deliver a practical session about a risk registry in an enterprise context: who contributes, who owns it, how is it leveraged for continuous improvement of a company's remediation regime? In light of recent events, this open discussion will leave listeners with a greater understanding of how a risk registry underpins remediation. Listeners are invited to share their best practices and experiences, as well!

Target Audience:

CFO; CIO; CTO; CSO, SVP/VP/Director of IT, IT Managers, internal audit professionals including IT auditors, Information Security Managers and Analysts; Systems Administrators; and Information Technology professionals


Nelson Chen, CISSP, CISM, CISA, ITIL, Director of Information Security Solutions at Zenedge, past roles including Global Information Security Officer at OpenText, Director of IT at Hummingbird.

Nick Deshpande, CISSP, is the vice president of product development at Zenedge, where he combines his passions for user experience and security. He's a graduate of the Royal Military College of Canada and American Military University. Nick has worked in enterprise security governance and compliance, architecture, and delivered managed security services. He's a member of the ISACA Toronto Chapter and (ISC)2.


Date & Time: Oct 31, 2017 01:00 PM to
Oct 31, 2017 04:30 PM
[America/Toronto UTC -5]


Add to my Calendar
Location: Holiday Inn Express & Suites
40 Admiral Blvd
Mississauga ON

Get Driving Directions
Registration Closes: Oct 31, 2017 01:00 PM

Event Coordinator:

Admin Support
 Registration Fees
Member Price
Registration Fee  
Non-member Price
Registration Fee  

Registration is now closed.


Powered By