Imperva Blog|Login|中文Deutsch日本語

Podcasts

Launch iTunes & Subscribe  Imperva on iTunes Hide Descriptions
Selected Tag: Application Security | Show All
Application Security Survey Results -- An interview with Jeremiah Grossman

Application Security Survey Results -- An interview with Jeremiah Grossman


On this episode of the Imperva Security Podcast Jeremiah Grossman of Whitehat Security is interviewed regarding the latest application security survey conducted by the Ponemon Institute.

Jeremiah gives his perspectives on the survey results and details the why and how of the survey's findings: good, bad, and ugly.

Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co-founder of the Web Application Security Consortium, and was named to InfoWorld's Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events and universities around the globe. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in the business and technical press. Prior to WhiteHat, Grossman was an information security officer at Yahoo!

Tags: Application Security, Jeremiah Grossman, Whitehat Security, Survey, WAF, VA, Application Security Survey Results

Play Podcast Podcast Transcript (PDF)
Application Security Survey Results -- An interview with Dr. Larry Ponemon

Application Security Survey Results -- An interview with Dr. Larry Ponemon


On this episode of the Imperva Security Podcast Dr. Larry Ponemon of the Ponemon Institute is interviewed regarding his latest application security survey.

Dr. Ponemon discusses why this survey is so timely given the state of application security. He goes on to discuss some of the statistical findings as well as well as his interpretation of the results. Finally, he outlines what companies that are getting application security done correctly are doing in contrast to those that are missing the mark.

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework.

Dr. Ponemon consults with leading multinational organizations on global privacy management programs. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws.

Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master's degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona.

Tags: Application Security, Larry Ponemon, Ponemon Institute, Survey, WAF, VA, Application Security Survey Results

Play Podcast Podcast Transcript (PDF)
Securing Mission-Critical Web Applications -- An interview with Catho Online CTO - Marcelo Roberto Riberio

Securing Mission-Critical Web Applications -- An interview with Catho Online CTO - Marcelo Roberto Riberio


Marcelo, CTO of Catho Online in Brazil, discusses the importance of Web application security for one of the largest job-search websites in South America.

Catho Online is the largest job-search website in South America, and one of the top 15 in the world. It is the market leader in its segment. With the slogan "your success is our business", the company's main objective is to facilitate hiring processes, as a liaison those looking for new challenges with hiring companies.

Marcelo Roberto Ribeiro has been the CTO at Catho Online since 2007. His goal is to turn Catho's network and security infrastructure into a high-availability, cutting-edge technology environment, meant to work like the major internet providers, focused on availability, performance, integrity, security and professionalism.

Marcelo has over 25 years of experience in Information Technology, majored in Information Technology and Business Administration, and has experience working in different industries: Internet Service Provider, Telecom Operator, Pulp and Paper, Oil, and others.

To download a Portuguese version of the transcript, click here.

Tags: Marcelo Roberto Ribeiro, WAF, Application Security, Catho Online, Customer

Play Podcast Podcast Transcript (PDF)
Interview with Lars Ewe -- CTO of Cenzic -- WAF

Interview with Lars Ewe -- CTO of Cenzic -- WAF


On this episode of the Imperva Security Podcast Lars Ewe, CTO of Cenzic, is interviewed.

Lars discusses the Imperva Cenzic partnership, and why bringing together vulnerability scanning services with Web Application Firewalls (WAF) is critical for application security. He also shares his views on what the future holds for application security overall.

Lars Ewe, Chief Technology Officer and VP of Engineering with Cenzic, is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. Lars was also AMD's representative to the board of directors of the Distributed Management Task Force. Before AMD, Lars was senior director at Borland Software Corp., where he managed worldwide server software pre-sales, technical services, and key partner relationships. Prior to Borland he held key positions at Oracle Corporation's Server Technologies Division and Webgain. Lars has Bachelor of Science and Master of Science degrees in Mechanical Engineering from the Technical University of Munich, Germany.

Tags: Lars Ewe, Cenzic, Partner, WAF and VA, Web Application Security

Play Podcast Podcast Transcript (PDF)
Direct Database SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder

Direct Database SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder


On this episode of the Imperva Security Podcast Amichai Shulman -- CTO and Co-founder of Imperva talks about Direct Database SQL Injection attacks. A video on this subject can be found here. He discusses how these attacks are preformed directly through the database interface or through Web applications. He also talks about flaws in stored procedures that make these attacks possible.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, Direct Database SQL Injection, Database Security, Web Application Security, SQL Injection

Play Podcast Podcast Transcript (PDF)
Insider Threats, Privileged User Abuse and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder

Insider Threats, Privileged User Abuse and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder


On this episode of the Imperva Security Podcast Amichai Shulman -- CTO and Co-founder of Imperva talks about Insider Threats. He explores the differences between careless and nefarious insiders and talks about the difficulties of managing risks surrounding privileged users. He also discusses several threat mitigation strategies.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, Insider Threat, Privileged User, Database Security, Application Security

Play Podcast Podcast Transcript (PDF)
SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder

SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder


On this episode of the Imperva Security Podcast Amichai Shulman -- CTO and Co-founder of Imperva talks about SQL Injection. He discusses how these attacks are preformed, why they are so pervasive, why signature detection doesn't work, and how to mitigate these attacks.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, SQL Injection, WAF, Web Application Security

Play Podcast Podcast Transcript (PDF)
Interview with Joe White -- Imperva Customer and Web Application Security Practitioner:  Getting Started in Web Application Security

Interview with Joe White -- Imperva Customer and Web Application Security Practitioner: Getting Started in Web Application Security


On this episode of the Imperva Security Podcast Joe White is interviewed. This is the second in a series of podcast interviews where Joe White and Brian Contos will discuss various topics related to application and data security.

Joe talks about getting started in Web Application Security. He discusses several tools and resources useful for those that are new to this industry and for seasoned experts. Here are some examples.In addition to working for a large SaaS provider in Northern California that's an Imperva Customer, Joe White is President of Cyberlocksmith Corporation, and specializes in Information Security and technology risk. He is a Subject Matter Expert in Internet, Extranet, and Intranet security risks and network penetration techniques. He has 15+ years of Information Technology experience including SOA, SaaS, Information Security, and Systems. Joe has focused expertise in securing web applications and extensive knowledge of networking, routing protocols switching and remote access methodologies. Over the years, Joe has participated in numerous penetration tests and ethical hacking engagements and comes to Web Application Security after spending many years involved in traditional infrastructure/operations security. Finally, with 10+ years of Business Development experience Joe offers a unique perspective on the marriage between business and technology.

Tags: Joe White, Customer, Practitioner, WAF, Getting Started with Web Application Security

Play Podcast Podcast Transcript (PDF)
Interview with Jim Manico -- Web Application Architect, Security Engineer, and Producer & Host of the OWASP Podcast Series

Interview with Jim Manico -- Web Application Architect, Security Engineer, and Producer & Host of the OWASP Podcast Series


On this episode of the Imperva Security Podcast Jim Manico is interviewed. Jim tells us how he got into the application security space, gives us some background on OWASP, and shares some of his perspectives on application security.

Jim Manico is a Web Application Architect and Security Engineer for Aspect Security. Jim has 11 years of experience developing Java-based data-driven web applications for organization such as FoxMedia (MySpace), GE, CitiBank and Sun Microsystems. Jim also volunteers for the Open Web Application Security Project by producing and hosting the OWASP Podcast Series as well as participating in the Enterprise Security API (ESAPI) Project.

Tags: Jim Manico, OWASP, Podcaster, Application Security

Play Podcast Podcast Transcript (PDF)
Selected Tag: Application Security | Show All
Launch iTunes & Subscribe Request More Information