Indlæg på Stay Secure
Indlæg på Stay Secure
Application Security Testing
84% of all hacks are made through the application level. What we see today is that hackers have stepped up their game and are not only attacking the infrastructure but now also the applications. We need to move forward to stay secure and start to security test our applications as well. How to do it and what will happen if we don´t do it will be discussed in this presentation.
Jesper Kråkhede, Head of Security hos Capgemini Sogeti
Jesper er ansvarlig for Capgemini Sogetis Cybersecurity afdeling med over 17 års erfaring med sikkerhedsarkitektur i felten. Han har arbejdet med alt fra penetrationstest og computer forensics til strategisk rådgivning og CSO/CISO. Jesper har erfaring med sikkerhed og sikkerhedstest fra en række sektorer, fra manufacturing, logistik, finans til atom. Hans holdning til sikkerhed er, at det skal være let for slutbrugerne, give værdi for organisationen og være målbart.
- Tid: kl.10.20 – 11.00
- Sprog: engelsk
How security intelligence and security testing changed our company
During the last few years we have seen a change in the attack patterns and as an industrial company we struggle with the availability of our factories every day. After we were hit hard by a virus a few years back we invested in security intelligence and security testing. It has given us both better security and better resilience.
Torbjörn Samuelsson, Security Officer at SWEP
Torbjörn Samuelsson is Security Office at SWEP, a Dover company. He has an extensive career within IT and have before this worked as IT Operations Manager and network engineer at SWEP. Torbjörn started at SWEP 2002 and has taken the company on an extensive journey from a standard manufacturing company to a modern IT based company with secure setup. His view on security is: terrifying but exciting, and every ones responsibility.
- Tid: kl. 11.05 - 11.45
- Sprog: engelsk
Nye forretningsmuligheder - øget risiko for cyber kriminalitet
Nye innovative teknologier skaber nye forretningsmuligheder, men mulighederne skaber også en øget risiko for cyber kriminalitet. Tilgangen til it-sikkerhed er under radikal forandring, og evnen til at omstille sig er kritisk for virksomheders konkurrenceevne. IBM har en af de mest omfattende sikkerhedsporteføljer, og kan hjælpe din virksomhed på vej, så I får defineret jeres sikkerhedsstrategi og optimeret jeres sikkerhedsprogrammer, så I beskytter jeres kritiske aktiver.
Jouni Lehto, Technical Security Specialist at IBM
Jouni Lehto, CISSP, CISM, CEH Technical security specialist IBM Finland. Jouni has 15 years of experience in many roles of Java based project development, and have an excellent view on how important it is to start to take security into account during the development phase. He is Certified Ethical Hacker and in Application security scanning.
- Tid: kl. 13.10 - 13.40
- Sprog: English
Testing for security: why, what, and how?
To accurately assess the quality of a piece of software, regular functional testing is insufficient. There are many other quality aspects relevant to the stakeholders, and security is one of the most prominent of those. The reason for this is pretty clear: in today’s world, custom applications are the most common route for attackers to break into networks.
But testing for security is very different from regular testing. It’s not about testing what an application is supposed to do, but about testing that it’s not doing what it’s not supposed to do. In this session, we will cover the basics of application security testing. We’ll discuss the OWASP Top-10, with interesting real-life examples. After that, we’ll look at integrating security into your testing practices.
Frans van Buul, Solutions architect at HPE
Frans van Buul, CISSP, CSSLP is solutions architect at Hewlett Packard Enterprise (HPE). Based in the Netherlands, he specializes in HPE’s application security products and services, and covers the Nordics, Baltics, Benelux, Switzerland and Austria. Frans frequently speaks at events about application security topics.
Before joining HPE, Frans has worked as a Java software architect for about 5 years. Before that, he has been a security auditor and consultant for about 10 years. In his current field, these two areas of experience come together.
- Tid: kl. 13.45 - 14.15
- Sprog: engelsk
Myths and Reality around Threats: Cybersecurity Testing is KEY
If we would have to make a bet on this… I would say that the answer is pretty obvious… Nevertheless, as soon as you make a Chief Information Security Officer sit next to an Ethical (or not) hacker… the answer become a little bit…” foggy”.
The only sure thing we know is what is the current state of Application Security Testing, in particular:
- Organizations are under increased pressure to develop new applications to support
digital transformation – whether internal or external facing
- Security checks are left to the end of the development lifecycle (penetration testing)
- Network and infrastructure security testing are now widely covered, but there is a lack of maturity at the application level
With such a state, we would like to bring you through a short journey that will put into perspective these “Current State” versus several Facts, figures and myths such as:
- 160% increase in breaches reported in 2015
- 1 in 8 legitimate websites have a critical vulnerability easily exploitable by hackers
- Over 500M identities were exposed via breaches in 2014
- Web-based attacks: 80% of attacks
- 68% increase in mobile application vulnerability disclosures
Would the real myth be, in fact, that we must focus on protecting the application layer instead of the rest?
Let’s have an IT Security Officer of a large insurance company, discussed live about it with a Security Expert and see what is REALLY true, what is not and what could be in the “foggy” area.
Frédéric De Pauw, Head of IT Security at Ethias
Frédéric is a cyber security expert with over 9 years of experience in domains such as Security Architecture, Ethical Hacking, IAM and IT Operations Security.
He is currently head of IT Security at Ethias, where he is in charge of the IT Security Program.
He is also an independent Ethical Hacker working for several companies specialized in penetration testing.
Before being employed at Ethias, Frederic was a senior consultant specializing in cyber security at Deloitte Luxembourg where he was mainly active in penetration testing engagements for financial sector.
Frédéric Associated for Certified Professional Information Systems Security Professional (CISSP), Systems Security Certified Professional (SSCP) and ISO27001 Lead Implementer (provisional).
Vincent Lauren, Global Leader at Cybersecurity Sogeti BeLux
Graduated with a Master’s degree in Computer Science and a Master’s degree in Business Administration, Vince started his career in the IT Security field as an independent Ethical Hacker in the mid 90’s.
Passing through the entire Information Security landscape by being a Security consultant, an IT Audit Manager, an Interim CISO, a Security Team-Leader, he became the Chief Security Officer of Dexia Technology Services, the Internal IT Infrastructure branch of the Group, managing cross-border teams of experts in Belgium and Luxembourg.
Vince joined Sogeti in June 2013 to start the Luxembourg Security Practice and to support Sogeti Group in several Strategic Security Initiatives all around the Word. He is now the Global Leader of the Cybersecurity Unit for the BeLux region and he manages at the Group level several key strategic partnerships.
- Tid: kl. 14.45 - 15.20
- Sprog: engelsk
Why and how we are investing in Application Security Testing
Taking an organisation from standard testing to also include security testing is a challenging task. Swedish Tax Authorities have initiates this process and are well on their way of implementing a security testing service that all development projects should use. As security testing is to some extent different from functionality testing both new processes, new skills and new technology needs to be implemented. Jesper Kråkhede and Saeid Mojtahedzadeh will describe how to initiate and run such a change.
Saeid Mojtahedzadeh, Test Strategist and Test Manager at Skatteverket Sverige
Saeid Mojtahedzadeh , Senior Test Manager and Test Strategist with about 20 years of work experience in IT, telecom and finance from Ericsson telecom, Telia AB, CSC(Computer Sciences Corporation),Tele2 AB , OMX Nasdaq , Nexus security , Sogeti AB and Tax Authorityin Sweden and four years of financial work experience from other countries.
He is a Certified Project Manager and Scrum Master.
He has worked and been testing and quality manager for large and strategic projects from system testing to the acceptance test level. As a test specialist, he has worked with testing process improvement, different test methodology, test tools , test data management , test environments , test automation and application security testing.
- Tid: kl. 15.25 - 16.05
- Sprog: engelsk
- Mohamed AttazghartiMarketing & Communication Director
Mohamed AttazghartiMarketing & Communication Director