David Bryan will present “Cloud Computing, A Weapon of Mass Destruction?” which will review common attack types and how they can be used to disrupt service. He will also review the steps that lead organizations to choose the cloud computing environment, why these environments are good for most businesses, but why they may not meet your regulatory requirements. He will then review mitigation strategies and response programs that can reduce the operational risks when responding to these events.
During training, Charles Henderson and Matt Tesauro will teach a class that will cover the full range of tools that OWASP provides under free and open licenses. The class will include a DVD of the OWASP Web Testing Environment (WTE), a collection of tools and documentation for testing web applications available both as a Live CD and virtual machines. When the class is complete, students will be familiar with a wide range of tools and techniques to test web applications.
Trustwave also will unveil its 360 Application Security program at AppSec USA 2010. This program is the only vertically-integrated application security offering, combining the critically-acclaimed WebDefend Web Application Firewall (WAF) from Trustwave’s acquisition of Breach Security, with the industry-leading security services of Trustwave’s SpiderLabs.
A strong application security posture requires good offense and defense; Trustwave’s 360 Application Security program combines Secure Code Training, Application Penetration Testing, Code Review and Trustwave WebDefend WAF with Virtual Patching into a holistic security program. The entire solution is delivered by the security experts at SpiderLabs, bridging the gap between expert manual testing and automated protection found within many organizations.
Prior to application development, Trustwave SpiderLabs will deliver Secure Code Training to ensure developers are creating programs based upon industry best practices. During the development and quality assurance cycle, SpiderLabs’ manual code review inspects all relevant application source code to pinpoint deficiencies in security controls and identify development errors. Once development is complete, an application penetration test will simulate a coordinated attack, exposing security weaknesses by highlighting vulnerabilities that can lead to compromise of critical data.
The final component to the program is Trustwave WebDefend, an advanced WAF that offers customized, behavior-based security for each protected application. The SpiderLabs expert that conducted the application penetration test and code review will configure and tune the WAF to provide real time application protection. On a regular basis, the SpiderLabs team member will conduct security and application defect log analysis, and apply Virtual Patches to provide immediate protection to any discovered vulnerability. Virtual Patching protects vulnerable applications from attack, without having to wait for the next release cycle.
"It's exciting to see an organization that understands the complexities of application security create such a complete solution," says Corey Moscoe, chief information security officer for SEI. "Combining the knowledge and experience at SpiderLabs with the WebDefend and ModSecurity platforms sets Trustwave apart."
“Testing is critical, but as applications evolve new vulnerabilities emerge,” says Robert J. McCullen, chairman and CEO of Trustwave. “WAF protection is ongoing, but IT organizations often lack the man power of application security knowledge to optimize it. The SpiderLabs penetration tester who understands the application’s vulnerabilities is the one to tune the WAF for optimal protection.”
“Poorly developed applications are a risk to any organization as critical information is accessed through the application layer,” says Nicholas J. Percoco, senior vice president of SpiderLabs. “This holistic approach ensures that organizations are putting application security at the forefront to help remediate risks before they become vulnerabilities.”
About Trustwave Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today’s challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.