This event is history, please check out the list of upcoming seminars
Why this seminar?
Web Applications have become the point of entry to critical and confidential data, and have become the interface to internal resources, e-business and e-government platforms. Yet, we read time-and-time again that they remain a major source of comprise.
Web Services are maybe not so visible, but there are more and more of them everyday. They are being set up both internally within organisations to facilitate internal communications and processes, and externally to facilitate the exchange of business-critical (e.g. financial) data. Most of these Web Services lack any solid security.
Everyone is using these technologies to unlock data and processes, even over the Internet. The advantages of being able to flexibly reach anyone, anywhere, anytime are clear. However, it is important to unlock wisely and in a controlled fashion.
This seminar will refrain from being highly technical and try to run you conceptually through the different topics which should be looked at when setting up any Web Application or Web Services Architecture.
First of all we will set the scene using some simple examples of how Web resources can and are easily exploited. Then secondly, we will get into the overall controls which should be put in place: we will show you how to assess your real risk and how security should be fit into the application processes. Also, we'll give a complete overview of the scene and all procedural and technical building blocks for such environments.
Following those overall controls, we will thirdly get into Web application security specifics: how should Web applications be securely developed and what extra layer of security can be put in place to mitigate human/programmer's failure ? Next, we will add an important component which is identity and access control management and how this best fits into Web environments. Finally, we will look at Web services, their specific security issues and how the lessons we already learned can be re-applied to these Web services.
Questions answered in this seminar
Who should attend this seminar ?