Web-based applications are a prime vector of attack for malicious actors. Organizations have seen their own applications turned against them as attackers exploit vulnerabilities in custom code and commonly used open source frameworks. In 2015, a global shipping company had bills of lading exfiltrated from its homegrown Content Management System by pirates, used later to attack ocean-going vessels.
This session will explore several common web-based application attacks, review tools that scan for vulnerabilities, and discuss operational technologies that protect production applications. The session will round out its review of Railinc's defense-in-depth approach by discussing the importance of a Secure Software Development Lifecycle and risk assessments in protecting Railinc’s software as a service model.
1. Understand the different attacks against web-based applications
2. Discuss Railinc's defense-in-depth approach to application security
3. Review technologies for scanning applications to help identify vulnerabilities — including those in open source libraries/frameworks — and operational technologies that protect production applications
4. Discuss the importance of application risk assessments in securing the software as a service model.