Submit Search
Upload
Appsec Introduction
•
0 likes
•
899 views
Mohamed Ridha CHEBBI, CISSP
Follow
Introduction to Application Security
Read less
Read more
Report
Share
Report
Share
1 of 33
Download now
Download to read offline
Recommended
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
Maloney slides
Maloney slides
Onkar Sule
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
Secure, Automated Network Access for Any Device on Campus
Secure, Automated Network Access for Any Device on Campus
Cisco Security
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
What you need to know about cyber security
What you need to know about cyber security
Carol Meng-Shih Wang
Recommended
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
Maloney slides
Maloney slides
Onkar Sule
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
Secure, Automated Network Access for Any Device on Campus
Secure, Automated Network Access for Any Device on Campus
Cisco Security
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
IRJET Journal
101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
What you need to know about cyber security
What you need to know about cyber security
Carol Meng-Shih Wang
Cloud Security
Cloud Security
Terell Jones
Advanced Web Security Deployment
Advanced Web Security Deployment
Cisco Canada
Internet & iot security
Internet & iot security
Usman Anjum
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
Oracle
188
188
vivatechijri
The importance of information security
The importance of information security
ethanBrownusa
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
Advanced monitoring
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
Cyber Security Intelligence
Cyber Security Intelligence
ijtsrd
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
Amy Daly
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
From app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok gupta
owaspindia
Internet of things
Internet of things
varungoyal98
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
Prathan Phongthiproek
Information Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET Journal
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
ijtsrd
Java zone ASVS 2015
Java zone ASVS 2015
Joachim Van der Auwera
Attacking HTML5
Attacking HTML5
AppSec_Labs
More Related Content
What's hot
Cloud Security
Cloud Security
Terell Jones
Advanced Web Security Deployment
Advanced Web Security Deployment
Cisco Canada
Internet & iot security
Internet & iot security
Usman Anjum
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
Oracle
188
188
vivatechijri
The importance of information security
The importance of information security
ethanBrownusa
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
Advanced monitoring
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
Cyber Security Intelligence
Cyber Security Intelligence
ijtsrd
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
Amy Daly
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
From app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok gupta
owaspindia
Internet of things
Internet of things
varungoyal98
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
Prathan Phongthiproek
Information Security for Small Business
Information Security for Small Business
Julius Clark, CISSP, CISA
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET Journal
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
ijtsrd
What's hot
(20)
Cloud Security
Cloud Security
Advanced Web Security Deployment
Advanced Web Security Deployment
Internet & iot security
Internet & iot security
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
188
188
The importance of information security
The importance of information security
Безопасность данных мобильных приложений. Мифы и реальность.
Безопасность данных мобильных приложений. Мифы и реальность.
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
Cyber Security Intelligence
Cyber Security Intelligence
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
From app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok gupta
Internet of things
Internet of things
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
Information Security for Small Business
Information Security for Small Business
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technology
Viewers also liked
Java zone ASVS 2015
Java zone ASVS 2015
Joachim Van der Auwera
Attacking HTML5
Attacking HTML5
AppSec_Labs
AppSec Pipeline Reference Architecture
AppSec Pipeline Reference Architecture
Aaron Weaver
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck Willis
Magno Logan
Why AppSec Matters
Why AppSec Matters
InnoTech
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Rafal Los
AppSec EU 2011 - An Introduction to ZAP by Simon Bennetts
AppSec EU 2011 - An Introduction to ZAP by Simon Bennetts
Magno Logan
Viewers also liked
(7)
Java zone ASVS 2015
Java zone ASVS 2015
Attacking HTML5
Attacking HTML5
AppSec Pipeline Reference Architecture
AppSec Pipeline Reference Architecture
AppSec DC 2009 - Learning by breaking by Chuck Willis
AppSec DC 2009 - Learning by breaking by Chuck Willis
Why AppSec Matters
Why AppSec Matters
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
AppSec EU 2011 - An Introduction to ZAP by Simon Bennetts
AppSec EU 2011 - An Introduction to ZAP by Simon Bennetts
Similar to Appsec Introduction
From SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
EMC
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Peter Wood
Web App Se Saidi Scan
Web App Se Saidi Scan
Aung Khant
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
HP Enterprise Italia
Time based security for cloud computing
Time based security for cloud computing
Jorge Sebastiao
Info sec for startups
Info sec for startups
Kesava Reddy
Security Intelligence
Security Intelligence
IBMGovernmentCA
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
BYOD and Security Trends
BYOD and Security Trends
Cisco Russia
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
Julien Ott
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
IBM Sverige
Introduction to Application Security Testing
Introduction to Application Security Testing
Mohamed Ridha CHEBBI, CISSP
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration Testing
iViZ Techno Solutions
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
Security is Hard
Security is Hard
Mike Murray
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
Sw keynote
Sw keynote
gueste69f645
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Liwei Ren任力偉
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
Similar to Appsec Introduction
(20)
From SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
Web App Se Saidi Scan
Web App Se Saidi Scan
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
Time based security for cloud computing
Time based security for cloud computing
Info sec for startups
Info sec for startups
Security Intelligence
Security Intelligence
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
BYOD and Security Trends
BYOD and Security Trends
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
CS Sakerhetsdagen 2015 IBM Feb 19
CS Sakerhetsdagen 2015 IBM Feb 19
Introduction to Application Security Testing
Introduction to Application Security Testing
iViZ Security : On Demand Penetration Testing
iViZ Security : On Demand Penetration Testing
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Security is Hard
Security is Hard
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Sw keynote
Sw keynote
IoT Security: Problems, Challenges and Solutions
IoT Security: Problems, Challenges and Solutions
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
Appsec Introduction
1.
Security Verified
Introduction to Web Application Security Mohamed Ridha Chebbi, CISSP iCode InfoSec – CEO & Head of PS ridha.chebbi@icodesecurity.com Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
2.
Agenda
Security Verified • Application InSecurity • TOP 10 Risks in APPSEC • Addressing the Problem • APPSEC Training • APPSEC Verification Process • APPSEC Standard (Security Levels) • APPSEC Protection Infrastructure Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
3.
Security Verified
Application InSecurity Mohamed Ridha Chebbi, CISSP Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
4.
Web Application Security
Defined Security Verified Intrusion Detection and Prevention Internet Desktop / Client Firewall Web App Database Server Server Server Ports 443 & 80 still open Web app layer: 75% of hacker attacks occur here Desktop & Content Security Network Security Application Security 1980s 1990s 2000s WEB APPLICATION SECURITY EVOLUTION Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
5.
Why Website Security
Matters Security Verified $7.2+ Million is the average cost of a data breach Ponemon Institute –2011 400+ 75%+ of cyber attacks & Internet security New violations are generated through applications Vulnerabilities a Gartner Group – 2011 Month and Growing 75% of enterprises experienced some form of cyber attack in 2011 Symantec Internet Security Report – April 2011 79% of victims subject to PCI DSS had not achieved compliance Verizon Business Data Breach Report – July 2011 Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
6.
Today’s Web Application
Vulnerabilities (Q1-Q2 2010) Security Verified Web Application Vulnerabilities (% of total) Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
7.
Today’s Web Application
Vulnerabilities (Q1-Q2 2010) Security Verified Web Application Vulnerabilities by Class (Commercial Applications) Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
8.
Today’s Web Application
Vulnerabilities (Q1-Q2 2010) Security Verified Other Category Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
9.
Today’s Web Application
Vulnerabilities (Q1-Q2 2010) Security Verified Web Application Vulnerabilities (Proprietary Applications) Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
10.
Today’s Web Application
Vulnerabilities (Q1-Q2 2010) Security Verified Vulnerable Web Applications by type (Proprietary Applications) Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
11.
Hacking Continues …
Security Verified Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
12.
Breach Time to
Detection Security Verified Average Number of Days from when a breach occurred and when it was Discovered = 156 Days (Between 5 & 6 Months) Main reason why an investigation launched? Because the Credit Card company detected a data pattern of unauthorized use. Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
13.
Security Verified
The Top 10 Risks in Application Security Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
14.
OWASP Top Ten
(2010 Edition) Security Verified http://www.owasp.org/index.php/Top_10 Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
15.
VERACODE Assessment Results
Security Verified Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
16.
VERACODE Assessment Results
Security Verified Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
17.
Security Verified
Addressing the Problem Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
18.
How to Start
? Security Verified 1- Develop Secure Code Use Application Security Standard – Risk Mitigation Best Practices Training in Secure Coding 2- Test and Review Applications in accordance to Application Security Standard - Verification Process Security Considerations during the SDLC : Static Assessment (during build) Dynamic Assessment (during Testing) Internal Reviews (during design & build) PEN Testing (during operation) 3- Protect & Monitor Applications and Databases in accordance to Application Security Standard – Protection & Monitoring Architecture Protect applications & data by using : Web Application Firewalls (WAF) Database Firewalls (DBF) File Firewalls (FF) Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
19.
Application Security Training
Security Verified iCode in-Class Courses Application Security Fundamentals TOP 10 OWASP In detail Secure Coding Java Secure Coding .NET Mobile Application Security Security Testing SDL iCode Virtual Class Courses 50+ Hours of Online Courses 33+ Course Modules (from security fundamentals to Secure Coding) Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
20.
Application Security Life
Cycle Security Verified Design Build Test Deploy Operate Internal Review Annually Static Assessment … Dynamic Assessment … PEN Testing New Versions/Releases Web Application & Data Protection & Monitoring Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
21.
Security Verified
Application Security Levels Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
22.
Security Requirements &
Levels Security Verified Level of rigor V1. Security Architecture V2. Authentication V3. Session Management V4. Access Control Level of rigor V5. Input Validation V6. Output Encoding/Escaping Level 1 Level 2 V7. Cryptography V8. Error Handling and Logging V9. Data Protection V10. Communication Security V11. HTTP Security V12. Security Configuration V13. Malicious Code Search V14. Internal Security Sections Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
23.
Application Security Level
1 Security Verified Level 1 Verification is typically appropriate for applications where some confidence in the correct use of security controls is required. Threats to security will be typically viruses, warms and misuse. There are two constituent components for Level 1. - Level 1A is for the use of automated application vulnerability scanning (dynamic analysis) - Level 1B is for the use of automated source code scanning (static analysis). NOTE : if the verifier’s selected tool suite does not have the capability to verify a specified verification requirement, the verifier can perform manual verification to fill this gap. Level 1A + Level 1B = Level 1 Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
24.
Application Security Level
2 Security Verified Level 2 is appropriate for applications that handle personal transactions, conduct business-to-business transactions, or process personally identifiable information. Threats to security will be typically viruses, warms and opportunists such as malicious attackers. There are two constituent components for Level 2. - Level 2A is for the use of automated application vulnerability scanning (dynamic analysis) - Level 2B is for the use of automated source code scanning (static analysis). Note 1 : if the verifier’s selected tool suite does not have the capability to verify a specified verification requirement, the verifier can perform manual verification to fill this gap. Note 2 : The verifier needs to manually review and augment all the results for each Level 2 requirement. Level 2A + Level 2B = Level 2 Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
25.
Application Security Level
1 Security Verified Example : ADB/ASS-V2 Authentication Verification Requirements for Level 1 Verification Requirement Level 1A Level 1B V2.1 Verify that all pages and resources require authentication except those specifically intended to be public. V2.2 Verify that all password fields do not echo the user’s password when it is entered, and that password fields (or the forms that contain them) have autocomplete disabled. V2.3 Verify that if a maximum number of authentication attempts is exceeded, the account is locked for a period of time long enough to deter brute force attacks. Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
26.
Application Security Level
2 Security Verified Example : ADB/ASS-V2 Authentication Verification Requirements for Level 2 Verification Requirement Level 2A Level 2B V2.1 Verify that all pages and resources require authentication except those specifically intended to be public. V2.2 Verify that all password fields do not echo the user’s password when it is entered, and that password fields (or the forms that contain them) have autocomplete disabled. V2.3 Verify that if a maximum number of authentication attempts is exceeded, the account is locked for a period of time long enough to deter brute force attacks. V2.4 Verify that all authentication controls are enforced on the server side. V2.5 Verify that all authentication controls (including libraries that call external authentication services) have a centralized implementation. V2.6 Verify that all authentication controls fail securely. V2.7 Verify that the strength of any authentication credentials are sufficient to withstand attacks that are typical of the threats in the deployed environment. Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
27.
Application Security Level
2 Security Verified Example : ADB/ASS-V2 Authentication Verification Requirements for Level 2 (Continue) Verification Requirement Level 2A Level 2B V2.8 Verify that users can safely change their credentials using a mechanism that is at least as resistant to attack as the primary authentication mechanism. V2.9 Verify that re-authentication is required before any application- specific sensitive operations are permitted. V2.10 Verify that after an administratively-configurable period of time, authentication credentials expire. V2.11 Verify that all authentication decisions are logged. V2.12 Verify that account passwords are salted using a salt that is unique to that account (e.g., internal user ID, account creation) and hashed before storing. V2.13 Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location (not in source code). Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
28.
Verification Output Report
Security Verified Level 1 or Level 2 Verification Report shall document the results of the analysis, including any remediation of vulnerabilities that was required. Level Pass Fail Requirement • Verdict • Verdict • Verdict justification • Location (URL (Level 2) w/parameters and/or source file path, name and line number(s)) • Description (including configuration information as appropriate) • Risk rating • Risk justification Any remediation of vulnerabilities that was discovered shall be provided apart of the report. Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
29.
Security Verified
Accreditation & Baselines Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
30.
Example of Accreditation
Document Security Verified Accreditation Application Security Accreditation Form Application Category Version Release Date Application Supports The following Business Functions : Application makes use of the following Technology : Application makes use of the following IT Infrastructure : Application First Name Title Department Developer/Vendor Last Name Telephone email Primary Contact Information 1 Security Verification P F N/T N/R Ref./Comments Process L1A Level 1A Verification L1B Level 1B Verification L2A Level 2A Verification L2B Level 2B Verification Accreditation Zone Production Date : Notes/Comments Accreditation Envolved Patries … Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
31.
Security Verified
Applications & Data Protection Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
32.
Application & Data
Protection Security Verified Security Operating Center Database Local Agent Databases Database Activity Monitoring N etw ork or M onitoring Discovery and Assessment Server N ative Audit Management Server Database Firewall Web Web Application Firewall Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
33.
Security Verified
Thanks Next-Gen Applications & Data Security conference, March 6th 2012 © 2012 iCode information security All rights reserved
Download now