Imperva Blog|Login|中文Deutsch日本語

Podcasts

Launch iTunes & Subscribe  Imperva on iTunes Hide Descriptions
Selected Tag: Security | Show All
Application Security Survey Results -- An interview with Jeremiah Grossman

Application Security Survey Results -- An interview with Jeremiah Grossman


On this episode of the Imperva Security Podcast Jeremiah Grossman of Whitehat Security is interviewed regarding the latest application security survey conducted by the Ponemon Institute.

Jeremiah gives his perspectives on the survey results and details the why and how of the survey's findings: good, bad, and ugly.

Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co-founder of the Web Application Security Consortium, and was named to InfoWorld's Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events and universities around the globe. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in the business and technical press. Prior to WhiteHat, Grossman was an information security officer at Yahoo!

Tags: Application Security, Jeremiah Grossman, Whitehat Security, Survey, WAF, VA, Application Security Survey Results

Play Podcast Podcast Transcript (PDF)
Application Security Survey Results -- An interview with Dr. Larry Ponemon

Application Security Survey Results -- An interview with Dr. Larry Ponemon


On this episode of the Imperva Security Podcast Dr. Larry Ponemon of the Ponemon Institute is interviewed regarding his latest application security survey.

Dr. Ponemon discusses why this survey is so timely given the state of application security. He goes on to discuss some of the statistical findings as well as well as his interpretation of the results. Finally, he outlines what companies that are getting application security done correctly are doing in contrast to those that are missing the mark.

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework.

Dr. Ponemon consults with leading multinational organizations on global privacy management programs. Dr. Ponemon was appointed to the Advisory Committee for Online Access & Security for the United States Federal Trade Commission. He was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security. Dr. Ponemon was also an appointed to two California State task forces on privacy and data security laws.

Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master's degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona.

Tags: Application Security, Larry Ponemon, Ponemon Institute, Survey, WAF, VA, Application Security Survey Results

Play Podcast Podcast Transcript (PDF)
Perspectives on Data Security in Asia -- An interview with Terry Ray

Perspectives on Data Security in Asia -- An interview with Terry Ray


On this episode of the Imperva Security Podcast Terry Ray -- Senior Director for Americas and Asia Pacific Technical Services for Imperva is interviewed.

Terry is a frequent visitor to many parts of Asia. Over the years he has developed a relationship with customers and partners in Asia, giving him a sense for the state of data security, general security trends, and reactions to current security events from an Asian-centric perspective that he can contrast with a North America-centric view. Terry discusses how different regions approach application and database security, current events such as the recent Google attacks in China, and how the Asian community is applying countermeasures to protect their sensitive applications and databases.

Terry Ray is the Senior Director for Americas and Asia Pacific Technical Services for Imperva Inc., a provider of data security solutions. At Imperva, Terry manages teams of security engineers and, has designed and deployed data security solutions, and performed data penetration testing for a wide range of healthcare, financial services, government and eCommerce organizations. Terry has been a frequent speaker for ISSA, OWASP, ISACA, IANS and others in the Americas and abroad.

Prior to joining Imperva, Terry worked in a variety of technical roles at Check Point Software Technology ltd., including security engineering and, partner and end-user technical instruction. Terry has lectured on general network security topics and taught professional security related product certifications in over 35 countries worldwide.

Tags: Terry Ray, Imperva, Asia, Data Security

Play Podcast Podcast Transcript (PDF)
Securing Mission-Critical Web Applications -- An interview with Catho Online CTO - Marcelo Roberto Riberio

Securing Mission-Critical Web Applications -- An interview with Catho Online CTO - Marcelo Roberto Riberio


Marcelo, CTO of Catho Online in Brazil, discusses the importance of Web application security for one of the largest job-search websites in South America.

Catho Online is the largest job-search website in South America, and one of the top 15 in the world. It is the market leader in its segment. With the slogan "your success is our business", the company's main objective is to facilitate hiring processes, as a liaison those looking for new challenges with hiring companies.

Marcelo Roberto Ribeiro has been the CTO at Catho Online since 2007. His goal is to turn Catho's network and security infrastructure into a high-availability, cutting-edge technology environment, meant to work like the major internet providers, focused on availability, performance, integrity, security and professionalism.

Marcelo has over 25 years of experience in Information Technology, majored in Information Technology and Business Administration, and has experience working in different industries: Internet Service Provider, Telecom Operator, Pulp and Paper, Oil, and others.

To download a Portuguese version of the transcript, click here.

Tags: Marcelo Roberto Ribeiro, WAF, Application Security, Catho Online, Customer

Play Podcast Podcast Transcript (PDF)
Data Security at a Non-Profit Radio Station -- An interview with Juan Walker

Data Security at a Non-Profit Radio Station -- An interview with Juan Walker


On this episode of the Imperva Security Podcast Juan Walker -- Database and Data Security Advisor with the Educational Media Foundation (EMF) is interviewed.

Juan and I discuss the need for non-profits to protect sensitive information such as donor details. The key to a solid security strategy for EMF is data security, so Juan talks about a number of controls that EMF has in place including the Imperva Database Activity Monitoring (DAM) solution. Juan discusses why the Imperva DAM was chosen over several competitors, how it is currently used to address security and compliance, as well as some of the early wins it has given them related to data discovery and reporting.

Juan Walker is Database and Data Security Advisor for the Information Technology Team at EMF Broadcasting, which is KLOVE and Air-1 Radio Network with over 610 Stations and Translators in 46 States. Juan has over 15 years of experience in Database Architecture and Administration, and extensive knowledge in encryption and data security. Prior to EMF Broadcasting Juan worked as a Database Administrator at Microsoft Corporation and Senior Data Architect at Georgia Pacific Corporation. He has received certifications from SANS and ISC2.

Tags: Juan Walker, Educational Media Foundation, Customer, DAM, Data Security

Play Podcast Podcast Transcript (PDF)
Software Security -- An interview with Dr. Gary McGraw

Software Security -- An interview with Dr. Gary McGraw


On this episode of the Imperva Security Podcast Dr. Gary McGraw, CTO of Cigital, interviewed.

Gary and I discuss the current state of software security. We talk about SDLC, building security in, incident prevention and incident detection, and leveraging Web Application Firewalls, or WAF.

Gary also talks about BSIMM -- the Building Security In Maturity Model. You can find out more about BSIMM here -- http://www.bsi-mm.com/.

Gary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online.

Tags: Dr. Gary McGraw, Software Security, WAF, SDLC

Play Podcast Podcast Transcript (PDF)
Portuguese interview with Rafael Koike of Telsinc Brazil; he talks about growing trends in application and database security in Brazil

Portuguese interview with Rafael Koike of Telsinc Brazil; he talks about growing trends in application and database security in Brazil


On this episode of the Imperva Security Podcast Rafael Koike of Telsinc is interviewed by Luiz Eduardo Dos Santos of Imperva.

Rafael and Luiz discuss the partnership between Telsinc and Imperva, as well as the evolution, current state, and futures of the security industry in the Brazil. Topics covered are the main drivers for application security, compliance, internal fraud, and, inevitably touch on the controversial subject of the power blackout that recently happened in Brazil.

Telsinc is an Imperva partner and has been active in the Brazilian IT market since 1994, offering advanced solutions and professional services. They are recognized as a company that is agile, experienced and innovative in the utilization and operation of information technology.

Rafael has been with Telsinc since 2006 and helps develop and grow the IT Security business within Telsinc which offers complete solutions from the perimeter to the end point. He has more than ten years of experience in networking and security field having previously worked at Siemens. Rafael holds CISSP and CISM certifications in governance and administration. In addition, he is technically certified CCSE Checkpoint and CCNP Cisco. Due to his contributions, Telsinc's IT Security division has grown an average of 33% annually with estimated revenue of over R$11m in 2010 in hardware sales alone.

To download a Portuguese version of the transcript, click here.

Tags: Partner, Telsinc, Rafael Koike, Portuguese, Brazil, Data Security

Play Podcast Podcast Transcript (PDF)
Interview with Lars Ewe -- CTO of Cenzic -- WAF

Interview with Lars Ewe -- CTO of Cenzic -- WAF


On this episode of the Imperva Security Podcast Lars Ewe, CTO of Cenzic, is interviewed.

Lars discusses the Imperva Cenzic partnership, and why bringing together vulnerability scanning services with Web Application Firewalls (WAF) is critical for application security. He also shares his views on what the future holds for application security overall.

Lars Ewe, Chief Technology Officer and VP of Engineering with Cenzic, is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. Lars was also AMD's representative to the board of directors of the Distributed Management Task Force. Before AMD, Lars was senior director at Borland Software Corp., where he managed worldwide server software pre-sales, technical services, and key partner relationships. Prior to Borland he held key positions at Oracle Corporation's Server Technologies Division and Webgain. Lars has Bachelor of Science and Master of Science degrees in Mechanical Engineering from the Technical University of Munich, Germany.

Tags: Lars Ewe, Cenzic, Partner, WAF and VA, Web Application Security

Play Podcast Podcast Transcript (PDF)
Interview with the CISO of the State of Colorado and his security deputy on the consolidation of IT security resources and building security in early

Interview with the CISO of the State of Colorado and his security deputy on the consolidation of IT security resources and building security in early


On this episode of the Imperva Security Podcast Seth Kulakow - Chief Information Security Officer for the State of Colorado and his deputy Travis Schack are interviewed.

We discuss several issues that are unique to state-level information security as well as several solid, modern approaches to developing an effective security posture. The consolidation of IT security resources such as security, database and application developers, etc under one umbrella, and the need for executive level sponsorship kicks off this discussion. We also talk about the importance of marketing security internally to peers, building security into the business process and outlining key requirements early on in the form of RFPs, contracts and the like to ensure that there is a real partnership between vendors and customers.

Seth Kulakow was selected as the Chief Information Security Officer (CISO) in November 2008. As the CISO, Seth is responsible for the State's Information Assurance and Compliancy programs.

Prior to joining the Governor's Office of Information Technology, Seth was the Information Security Officer for Denver International Airport (DIA), ranked the 4th busiest airport in the nation and the 10th busiest in the world. During his tenure at DIA, Seth created and managed a peer recognized first of its kind (in any US airport) full time security program from its infancy to a best practice repeatable program. The program covered every facet of security from risk analysis and assessment, compliancy, system auditing, penetration testing and forensics, to ingress and egress controls.

Tags: Seth Kulakow, Travis Schack, State of Colorado, Data Security, State Government, Government

Play Podcast Podcast Transcript (PDF)
Direct Database SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder

Direct Database SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder


On this episode of the Imperva Security Podcast Amichai Shulman -- CTO and Co-founder of Imperva talks about Direct Database SQL Injection attacks. A video on this subject can be found here. He discusses how these attacks are preformed directly through the database interface or through Web applications. He also talks about flaws in stored procedures that make these attacks possible.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, Direct Database SQL Injection, Database Security, Web Application Security, SQL Injection

Play Podcast Podcast Transcript (PDF)
Insider Threats, Privileged User Abuse and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder

Insider Threats, Privileged User Abuse and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder


On this episode of the Imperva Security Podcast Amichai Shulman -- CTO and Co-founder of Imperva talks about Insider Threats. He explores the differences between careless and nefarious insiders and talks about the difficulties of managing risks surrounding privileged users. He also discusses several threat mitigation strategies.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, Insider Threat, Privileged User, Database Security, Application Security

Play Podcast Podcast Transcript (PDF)
Protecting Web Portals and Bringing Together Security Operations and Development with the Imperva SecureSphere WAF at Telefonica O2 Germany -- an Interview with Daniel Stricharz

Protecting Web Portals and Bringing Together Security Operations and Development with the Imperva SecureSphere WAF at Telefonica O2 Germany -- an Interview with Daniel Stricharz


On this episode of the Imperva Security Podcast Daniel Stricharz is interviewed. He shares his experiences around choosing, implementing and operating the Imperva SecureSphere Web Application Firewall (WAF). He shares a number of examples where WAF helped Telefonica discover and address application vulnerabilities. He also discusses:
  • Drivers to implement WAF in large, complex, telco
  • Bringing together security operations and developers with WAF
  • Business logic attacks and application profiling
  • What to look for in a WAF
Daniel Stricharz is a senior security and infrastructure specialist at Telefonica O2 Germany responsible for the customer portals and their value-added services. Stricharz has studied law and computer science. Before he joined the telecommunications area in 2000 he worked as a consultant both in the IT and legal area for international businesses. His knowledge of emerging German legislation, cyber-crime, and cyber-law has helped to reconcile both specific legal and complex technical requirements. He initially specialized in data protection law and its technical implementation until he moved on to cover the full range of security aspects from product development to the operations of on-line services.

Telefonica O2 Germany GmbH & Co. OHG belongs to Telefonica Europe and is part of the Spanish telecommunication group Telefonica S.A. The Company offers its German private and business customers postpaid and prepaid mobile telecom products as well as innovative mobile data services based on the GPRS and UMTS technologies. In addition, the integrated communications provider also offers DSL fixed network telephony and high-speed internet. Telefonica Europe has nearly 47 million mobile and fixed network customers in Great Britain, Ireland, the Czech Republic, Slovakia and Germany.

In Germany, where the company is known simply as O2 with its head quarter located in Munich, Germany, has a customer base of more than 14.5 Million. Besides its more than 750 shops O2 operates a massive online portal, offering services ranging from an on-line shop over a complex web-based email solution, to a range of self-service opportunities for the customers and a huge number of other mobile services that help enrich the customers' mobile experience.

Tags: Daniel Stricharz, Customer, Telefonica O2 Germany, WAF, Business Logic Attacks, Application Profiling, Web Portal Security

Play Podcast Podcast Transcript (PDF)
Database Activity Monitoring (DAM) for State-Wide Healthcare Programs -- Gary Lilley, an Imperva Customer, Shares his Experiences

Database Activity Monitoring (DAM) for State-Wide Healthcare Programs -- Gary Lilley, an Imperva Customer, Shares his Experiences


On this episode of the Imperva Security Podcast Gary Lilley from an anonymous state agency talks about choosing, deploying, and using Database Activity Monitoring (DAM) solutions. He shares his experiences with Imperva SecureSphere, why Imperva was chosen, and some of the value already achieved.

Currently working on a state-wide, healthcare database activity monitoring project, Gary Lilley is a Senior Enterprise Solutions Architect at HP with Nineteen years + of experience in software system design, development, implementation with extensive experience in government systems, large scale chain retail, data management, manufacturing, distribution, translation software, within the computer industry, banking, EDI and most translators across all hardware platforms.

Tags: Gary Lilley, Customer, State Government, Database Security, Database Audit, Database Activity Monitoring, DAM

Play Podcast Podcast Transcript (PDF)
SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder

SQL Injection Attacks and Mitigation Techniques with Amichai Shulman -- Imperva CTO & Co-founder


On this episode of the Imperva Security Podcast Amichai Shulman -- CTO and Co-founder of Imperva talks about SQL Injection. He discusses how these attacks are preformed, why they are so pervasive, why signature detection doesn't work, and how to mitigate these attacks.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, SQL Injection, WAF, Web Application Security

Play Podcast Podcast Transcript (PDF)
GLBA co-author, Paul Reymann talks about GLBA, compliance and security within the financial industry

GLBA co-author, Paul Reymann talks about GLBA, compliance and security within the financial industry


On this episode of the Imperva Security Podcast Paul Reymann - CEO of the Reymann Group & co-author of GLBA talks about the financial industry, and how security and compliance have been changing. He also touches on financial modernization, the convergence of NIST and ISO, and the risk management continuum.

Mr. Reymann is one of the nation's leading regulatory experts and co-author of Section 501 of the Gramm-Leach-Bliley Act Security rule. Fortune 500 companies have leveraged Mr. Reymann's subject matter expertise to develop successful go-to-market strategies for information security and technology products and services within key vertical markets.

He has more than twenty years experience in the financial services industry, including thirteen years with the Department of Treasury's Office of Thrift Supervision (OTS) in Washington D.C. There he guided the regulatory agency's Technology Risk management activities and authored several key regulatory directives and advisories on emerging risk management issues, including the industry's first regulatory directive on "Transactional Internet Banking."

Tags: Paul Reymann, GLBA, GLB, NIST, ISO, Financial, Data Security

Play Podcast Podcast Transcript (PDF)
Aviram Jenik of BeyondSecurity, an Imperva Partner, talks about WAF, VA, Black Box testing, and related solutions necessary for a strong application security posture

Aviram Jenik of BeyondSecurity, an Imperva Partner, talks about WAF, VA, Black Box testing, and related solutions necessary for a strong application security posture


On this episode of the Imperva Security Podcast Aviram Jenik of BeyondSecurity is interviewed. Aviram discusses why Imperva and BeyondSecurity have partnered to offer a combination of WAF, Black Box Testing, and Vulnerability Assessment services together. Aviram discusses several very interesting application security "stories from the trenches," and shares his perspectives on the evolution of application security.

Mr. Jenik has 17 years of experience in the Computer Security field. From the early days of computer viruses he was involved in the fields of encryption, security vulnerabilities detection and research. He worked in development, marketing and sales roles in several startups, and had 2 successful exits before co-founding Beyond Security in 1999.

Aviram has a Bsc. in Computer Science with a major in cryptography and an MBA from T.A. University with majors in strategy and entrepreneurship.

Tags: Aviram Jenik, Partner, BeyondSecurity, WAF, VA, Black Box Testing

Play Podcast Podcast Transcript (PDF)
Mark Weatherford, CISO for the State of California, discusses the complexities of security within state government

Mark Weatherford, CISO for the State of California, discusses the complexities of security within state government


On this episode of the Imperva Security Podcast Mark Weatherford, CISO for the State of California is interviewed. He discusses challenges within information security at the state level including fusion centers, cross-agency coordination, and addressing risks beyond the perimeter -- specifically sensitive data.

Mark Weatherford has extensive executive and operational experience in the information and cyber security arena with a career that spans both the public and private information security sectors. Appointed by Governor Schwarzenegger to his present position as Executive Officer of the California Office of Information Security and Privacy, Weatherford has broad authority over the State's information security and privacy activities.

Mr. Weatherford previously served as the Chief Information Security Officer for the State of Colorado where he was appointed by two successive governors to develop and lead the state information security program.

Mr. Weatherford is a former U.S. Naval Cryptologic Officer, holds a Bachelor of Science degree in Business Administration from the University of Arizona at Tucson and a Master of Science degree in Information Technology Management from the Naval Postgraduate School in Monterey, California.

Tags: Mark Weatherford, State Government, Data Security, Government

Play Podcast Podcast Transcript (PDF)
Jeremiah Grossman of Whitehat Security, an Imperva Partner, talks about bringing together to worlds of WAF and VA to improve overall application security and reduce business risk

Jeremiah Grossman of Whitehat Security, an Imperva Partner, talks about bringing together to worlds of WAF and VA to improve overall application security and reduce business risk


On this episode of the Imperva Security Podcast Jeremiah Grossman of Whitehat Security is interviewed. Jeremiah discusses why Imperva and Whitehat have partnered to offer a blended approach to Web application security through WAF plus VA. Jeremiah explains that the industry now requires these once diametrically opposed solutions to unite in order to address today's threats and reduce overall business risk.

Jeremiah Grossman is the founder and CTO of WhiteHat Security. He is considered a world-renowned expert in Web security, is a co-founder of the Web Application Security Consortium, and was named to InfoWorld's Top 25 CTOs for 2007. Grossman is a frequent speaker at industry events and universities around the globe. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks. Grossman is often quoted in the business and technical press. Prior to WhiteHat, Grossman was an information security officer at Yahoo!

Tags: Jeremiah Grossman, Partner, Whitehat Security, WAF, VA

Play Podcast Podcast Transcript (PDF)
Microsoft IIS WebDAV Remote Authentication Bypass: Interview with Amichai Shulman -- CTO and Co-founder of Imperva

Microsoft IIS WebDAV Remote Authentication Bypass: Interview with Amichai Shulman -- CTO and Co-founder of Imperva


On this episode of the Imperva Security Podcast Amichai Shulman is interviewed. He talks about Microsoft Security Advisory Number 971492 that was released on May 17th 2009. This vulnerability is related to Microsoft IIS servers running WebDAV. Amichai goes into detail about the vulnerability, why servers are still vulnerable even though this is a well known exploit, and how attacks can be mitigated with WAF or Web Application Firewalls. Amichai further talk about how the Imperva SecureSphere WAF has been protecting customers from redundant UTF-8 encoding attacks just like this for over three years.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.

Tags: Amichai Shulman, ADC, Microsoft IIS WebDAV Remote Authentication Bypass, Redundant UTF-8 Encoding, Microsoft Security Advisory Number 971492

Play Podcast Podcast Transcript (PDF)
Convergence of Risk and Security -- Andreas Wuchner, advisory board member for companies such as Microsoft, Oracle, Symantec and Cisco, is interviewed

Convergence of Risk and Security -- Andreas Wuchner, advisory board member for companies such as Microsoft, Oracle, Symantec and Cisco, is interviewed


On this episode of the Imperva Security Podcast Andreas Wuchner is interviewed. He discusses a wide range of subjects related to risk and security converging.
  • Who owns risk management
  • How can solutions like WAF be evaluated by businesses in terms of organizational risk
  • Where is the real value in risk management
  • How important are technical solutions and automation
  • Perspectives on cloud computing, outsourcing, and trust based models as they relate to risk
Andreas is an experienced IT Manager, Risk, Compliance and Security Professional who is a globally acknowledged and a well known thought leader, who is a highly respected deliverer within the Risk and Security industry. Andreas sits on advisory boards of leading IT technology companies including Microsoft, Oracle, Symantec, Cisco and others. In addition to his role at a multi-national pharmaceutical company Andreas operates the Risk Management Blog IT Risk Space - http://ITRiskSpace.com.

Tags: Andreas Wuchner, Risk Management, Security, Governance, WAF

Play Podcast Podcast Transcript (PDF)
Interview with Joe White -- Imperva Customer and Web Application Security Practitioner:  Getting Started in Web Application Security

Interview with Joe White -- Imperva Customer and Web Application Security Practitioner: Getting Started in Web Application Security


On this episode of the Imperva Security Podcast Joe White is interviewed. This is the second in a series of podcast interviews where Joe White and Brian Contos will discuss various topics related to application and data security.

Joe talks about getting started in Web Application Security. He discusses several tools and resources useful for those that are new to this industry and for seasoned experts. Here are some examples.In addition to working for a large SaaS provider in Northern California that's an Imperva Customer, Joe White is President of Cyberlocksmith Corporation, and specializes in Information Security and technology risk. He is a Subject Matter Expert in Internet, Extranet, and Intranet security risks and network penetration techniques. He has 15+ years of Information Technology experience including SOA, SaaS, Information Security, and Systems. Joe has focused expertise in securing web applications and extensive knowledge of networking, routing protocols switching and remote access methodologies. Over the years, Joe has participated in numerous penetration tests and ethical hacking engagements and comes to Web Application Security after spending many years involved in traditional infrastructure/operations security. Finally, with 10+ years of Business Development experience Joe offers a unique perspective on the marriage between business and technology.

Tags: Joe White, Customer, Practitioner, WAF, Getting Started with Web Application Security

Play Podcast Podcast Transcript (PDF)
Interview with Martin McKeay -- Host of the Network Security Blog and Podcast Series, and QSA

Interview with Martin McKeay -- Host of the Network Security Blog and Podcast Series, and QSA


On this episode of the Imperva Security Podcast Martin McKeay is interviewed. Martin talks about the recent Webcast from Homeland Security titled "Do the Payment card Industry Data Standards Reduce Cyber Crime." He also shares with us his perspectives on the changing security industry. Martin discusses how he got into blogging and podcasting, and gives some insight into the Network Security Blog -- including some interesting history related to interviewing Imperva's Chief Security Strategist:Martin McKeay started blogging about security in August of 2003. He took up blogging as a means to extend his knowledge and test ideas about security by putting them up for peer review. Four years later he's still at it. He works as a Senior Consultant for Trustwave, specializing in PCI assessments. He has a podcast co-hosted with Rich Mogull of Securosis. He also writes for Computerworld.

Tags: Martin McKeay, PCI, Podcaster, Network Security Blog, Network Security Podcast

Play Podcast Podcast Transcript (PDF)
Interview with Jim Manico -- Web Application Architect, Security Engineer, and Producer & Host of the OWASP Podcast Series

Interview with Jim Manico -- Web Application Architect, Security Engineer, and Producer & Host of the OWASP Podcast Series


On this episode of the Imperva Security Podcast Jim Manico is interviewed. Jim tells us how he got into the application security space, gives us some background on OWASP, and shares some of his perspectives on application security.

Jim Manico is a Web Application Architect and Security Engineer for Aspect Security. Jim has 11 years of experience developing Java-based data-driven web applications for organization such as FoxMedia (MySpace), GE, CitiBank and Sun Microsystems. Jim also volunteers for the Open Web Application Security Project by producing and hosting the OWASP Podcast Series as well as participating in the Enterprise Security API (ESAPI) Project.

Tags: Jim Manico, OWASP, Podcaster, Application Security

Play Podcast Podcast Transcript (PDF)
Interview with Raffy Marty -- Chief Security Strategist for Splunk and Security Author

Interview with Raffy Marty -- Chief Security Strategist for Splunk and Security Author


On this episode of the Imperva Security Podcast Raffy Marty is interviewed. Raffy discusses the importance of visualization when analyzing network, security, application and database information. He shares several use cases and provides insights on the relevance of visualization as a critical resource for any security practitioner.

As chief security strategist for Splunk, Raffy is customer advocate and guardian - expert on all things security and log analysis. Starting with IBM Research and Price Waterhouse Coopers Consulting, then ArcSight and Splunk, Raffy has been in the log management and analysis world for many years. He has built numerous log analysis systems and implemented use-cases for hundreds of customers that deal with log management challenges on a daily basis. Currently he uses his skills in data visualization, compliance, security metrics, and risk management to solve problems and create solutions for Splunk customers. Fully immersed in industry initiatives, standards efforts and activities, Raffy lives and breathes security and visualization.

His passion for visualization is evident in the many presentations he gives at conferences around the world and his book: "Applied Security Visualization". In addition, Raffy is the author of AfterGlow, founder of the security visualization portal, and contributing author to a number of books on security and visualization.

Tags: Raffy Marty, Security Visualization

Play Podcast Podcast Transcript (PDF)
Interview with Nick Selby, Leader of the 451 Group's Enterprise Security Practice

Interview with Nick Selby, Leader of the 451 Group's Enterprise Security Practice


On this episode of the Imperva Security Podcast Nick Selby is interviewed. Nick talks about analyzing cyber black markets and trends in compliance. He also covers the maturing of security as it becomes more about operations and business risk. He also discusses the economy and its impact on the network security and data security industry.

Nick Selby leads The 451 Group's Enterprise Security Practice (ESP), which provides objective analysis of enterprise security businesses and trends. Nick also serves as The 451's Director of Research Operations, leading the coordination of 451 analysts' research methodologies and processes.

Tags: Nick Selby, Black Market, Compliance, Business Risk, Network Security, Data Security

Play Podcast Podcast Transcript (PDF)
Interview with Dr. Anton Chuvakin, Director of PCI Compliance Solutions at Qualys and Recognized Security Expert & Author

Interview with Dr. Anton Chuvakin, Director of PCI Compliance Solutions at Qualys and Recognized Security Expert & Author


On this episode of the Imperva Security Podcast Dr. Anton Chuvakin is interviewed. Anton talks about PCI and the need for vulnerability assessments to work in concert with application and data security solutions to develop a strong security posture.

Dr. Anton Chuvakin (http://www.chuvakin.org) is the Director of PCI Compliance Solutions at Qualys and is a recognized security expert and book author. He is an author of the book "Security Warrior" and a contributor to books such as "Know Your Enemy II", "Information Security Management Handbook", "Hacker's Challenge 3", "PCI Compliance", "OSSEC HIDS" and others. Anton also published numerous papers on a broad range of security subjects. In his spare time he blogs at http://www.securitywarrior.org. Anton has presented at many security conferences across the world; his recent speaking engagements include presenting in the United States, UK, Singapore, Spain, Canada, Poland, Czech Republic, Russia and other countries. Anton holds a Ph.D. degree from Stony Brook University.

Tags: Anton Chuvakin, PCI, Data Security

Play Podcast Podcast Transcript (PDF)
Interview with Gretchen Hellman, VP of Marketing & Product Management Vormetric

Interview with Gretchen Hellman, VP of Marketing & Product Management Vormetric


On this episode of the Imperva Security Podcast Gretchen Hellman is interviewed. Gretchen talks about the Heartland Data Breach, and shares her perspectives on compliance. She also discusses data security and explains how there is not technological panacea -- data security comes through defense in depth.

Gretchen Hellman brings over 10 years of enterprise security and enterprise software experience to her role as the VP of Marketing and Product Management for Vormetric. Most recently, Gretchen was Director of Product Marketing for Voltage Security, where she led product marketing, field marketing and corporate marketing initiatives. Prior to Voltage Security, she was responsible for compliance market strategy at ArcSight, where she drove initiative to apply ArcSight's award winning Security Information and Event Management solution to the regulatory compliance market. She has also held marketing leadership roles at Network Associates/McAfee. Gretchen began her career in information security as a consultant specializing in security policy and security program development. Gretchen is a frequent speaker in the areas of security standards and control frameworks, regulatory compliance strategies, security policy, and security technologies. She holds a B.S.E.E. from Santa Clara University.

Tags: Gretchen Hellman, Data Security, Compliance, Heartland, Partner

Play Podcast Podcast Transcript (PDF)
Interview with John P. Pironti, President of IP Architects and Interop Chairperson

Interview with John P. Pironti, President of IP Architects and Interop Chairperson


On this episode of the Imperva Security Podcast John P. Pironti is interviewed. John discusses the relationship between security operations and business risk management. He also shares his views on regulatory compliance and the changing landscape for network and data security professionals.

John P. Pironti is the President of IP Architects, LLC and Interop chairperson. He has designed and implemented enterprise wide electronic business solutions, information security programs, business resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, energy, government, hospitality, aerospace, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). He is also a published author and writer, highly quoted and often interviewed by global media, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.

Tags: John P. Pironti, Data Security, Risk Management, Compliance

Play Podcast Podcast Transcript (PDF)
Interview with Richard Stiennon, Founder of IT-Harvest and Former Gartner Analyst

Interview with Richard Stiennon, Founder of IT-Harvest and Former Gartner Analyst


On this episode of the Imperva Security Podcast Richard Stiennon is interviewed. Richard talks about beginning authorship of a new book and his perspectives on data security including a very interesting story about WWI and efficiency experts.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He recently re-launched the security blog ThreatChaos.com and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software. Before Webroot, Mr. Stiennon was VP Research at Gartner Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting, and managed security services for the Security and Privacy group. He is a holder of Gartner's Thought Leadership award and was named "One of the 50 most powerful people in Networking" by NetworkWorld Magazine.

Music provided by partnersinrhyme.com.

Tags: Richard Stiennon, Data Security

Play Podcast Podcast Transcript (PDF)
Selected Tag: Security | Show All
Launch iTunes & Subscribe Request More Information