OWASP AppSec India Conference 2008 Web Application Security : Too Costly To Ignore

Summary
Application security is the trend of the future. The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC. That was the anti-virus era. The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era. Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. Web applications can take many forms—an informational website, an e-commerce site, an extranet, an intranet, an exchange, a search engine, a transaction engine, an e-business. All of these applications link to computer systems that contain weaknesses that can pose risks to your organization. Weaknesses exist in system architecture, system configuration, application design, implementation configuration and operations. The risks include the possibility of incorrect calculations, damaged hardware and software, data accessed by unauthorized users, data theft or loss, misuse of systems and disrupted business operations. As the digital enterprise embraces the benefits of e-business, the use of web-based technology continues to grow. Most organizations today use the web as a way to manage their customer relationships, enhance their supply chain operations, expand into new markets and deploy new products and services to customers and employees. However, successfully implementing the powerful benefits of web-based technologies cannot be achieved without a consistent approach to web application security. In the past, the majority of security breaches occurred at the network layer of enterprise systems. Today, however, hackers are manipulating web applications inside the enterprise firewall, enabling them to access and sabotage corporate and customer data. Given even a tiny vulnerability in a company's web application code, an experienced intruder with only a web browser and a little determination can break into most commercial websites.

About Speaker
Brandi Moore's career began in computer security inside the US government where she was the first researcher to measure the effectiveness of laws designed to address computer crime. She was recruited by AOL and spent almost 8 years working for a variety of teams, ending her post inside the Operations Security group where she was responsible for managing international compliance issues and AOL's Security Awareness Program. Brandi was recruited to Mandiant, a boutique Incident Response firm, leading East Coast sales for the US. Today she is a member of Ounce Lab's team working as a Director of Sales for the New York region. She is on the Board of Directors for OWASP's NY Chapter, holds a BS from Michigan State University and a Masters in Forensic Science from George Washington University. Brandi is owns IndiaThink, a firm focused on helping companies across the US develop strategies to obtain the most from their India investments through cultural awareness.