There are plenty of articles and presentations on Web application threats that use FUD to make it seem secure Web applications are no longer possible, but few put today's Web application threats in context and explain to enterprise infosec pros and developers what's really necessary to protect applications. Financial institutions in particular need concrete information to understand the risks to their applications and how these problems originate as they push the edge of development.
In this special long-format video presentation, learn about the major Web application attack methods such as SQL injection, cross-site scripting and cross-site request forgery and learn what an organization can do to counter them. Also learn about emerging attacks, and the most common mistakes that lead to successful Web application attacks, many of which aren't technical. Included are concrete examples, countermeasures and advice on how to integrate security into the Web application development process.
Editor's note: This presentation was originally recorded in June 2011.
About the author:
Mike Rothman is president and analyst with research and advisory firm Securosis.