Name: OWASP Top 10: Cryptographic Failures - Ep 2
Start: 2024-04-30T09:00:00Z
End: 2024-04-30T09:00:09.000Z
Location: BrightTALK
Rating: 4.7

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to secure and optimize every app and API anywhere—on premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats.

The rise of AI is not all hype and frenzy. There are real implications – for productivity and competitiveness, for governance and compliance, and for security.

Cyber security is a principal concern for those tasked with delivering AI services. Generative AI and other AI toolkits are becoming prime attack surfaces for cyber criminals, who are both targeting AI and leveraging AI for malicious gains.

It is imperative that architects and security teams unpack the massive risk surface for AI applications.

In this webinar, we’ll cover:
- AI app architectures: Deploying and protecting AI apps across distributed environments

- AI security issues: Addressing new threats such as prompt injection attacks, data leakage, and OWASP Top 10 for LLM Apps

- App services for AI security: Leveraging solutions such as API security, DDoS protection, and bot defence

By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

Is Your AI Security Ready for the Perfect Storm?

APIs are fundamental to the digital economy, serving as the bridge to modernise legacy apps. However, the rise of API-based architectures introduces unforeseen risks from an expanding ecosystem of third-party integrations, making APIs an attractive vector for adversaries.

Join us for an insightful webinar with guest Forrester, as we delve into the market challenges, the development of the API landscape, and the security risks associated with API deployment. We will discuss the critical components of API security and offer practical suggestions to defend against API-specific attacks and threats.

By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

Shielding Your APIs: Practical Tips and AI-Powered Security

In today’s rapidly evolving digital landscape, organisations are increasingly harnessing the power of edge computing to drive innovation and maintain a competitive advantage. By bringing computational resources closer to the source of data generation, edge computing minimises latency and reduces bandwidth use, leading to more efficient operations.

As AI-driven applications proliferate, the adoption of edge computing is set to accelerate due to its ability to synthesise and analyse data at unprecedented speeds. This trend underscores the importance of understanding and embracing edge strategies to stay at the forefront of technological advancement.

About this webinar, our experts will cover:
• Business drivers and technical requirements for edge computing
• Traditional solutions vs. novel approaches
• Deploying, managing, and protecting applications at the edge
• Practical approaches to Edge AI and federated learning
 
Join us to gain actionable insights and solutions for effectively managing the edge ecosystem.

AI on the Edge

APIs are fundamental to the digital economy, serving as the bridge to modernise legacy apps. While APIs are subject to the same attacks that target web apps, API-based architectures introduce unforeseen risk from an ever-expanding ecosystem of third-party integrations.
 
Join us for an insightful session on the critical components of API security. We'll cover the risks associated with deploying APIs and explore how you can safeguard your APIs against potential threats and vulnerabilities.

Whether you're managing a single cloud or a complex multicloud architecture, this webinar will equip you with the knowledge and tools you need to stay ahead of the curve in API security.

Navigating API Security Challenges

Learn how you can deploy and consume F5 Distributed Cloud Services closer to your apps, either on premises or in private and public clouds, by leveraging the Customer Edge concept. While the operational model is identical to the one explained in the previous sessions, the deployment model is different. 

F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data center, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Decentralising WAAPaaS with Customer Edge - Ep 6

Get insights into how F5 Distributed Cloud Services can help simplify bot and automated threat protection. We will demonstrate how our embedded AI engine makes detection and protection highly accurate. 

F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data centre, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

 By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Blocking Automated Threats and Smart Bots - Ep 5

Gain insights into how F5 Distributed Cloud Services can help you integrate security into the API development lifecycle, ensuring your SecOps-governed API security policies stay in sync with the latest API changes by the DevOps teams. 

 F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data center, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Applying the Easy Button for API Security - Ep 3

Learn how F5 Distributed Cloud Services provide you with a new Web Application Firewall (WAF) boundary to help protect your web applications and APIs wherever they are located, with a simplified approach adapted to the needs of SecOps and DevOps. 

 
F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data centre, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Creating the New WAF Boundary - Ep 2

Experience the look-and-feel and get an understanding of the main concepts and building blocks of the F5 Distributed Cloud Services Platform. This SaaS-based platform allows you to quickly deploy, secure, connect, and operate your applications in a multi-cloud environment. 

 

F5 Demo Days – Experience F5’s comprehensive, easy-to-use SaaS security solution 

F5 Distributed Cloud Services are SaaS-based security, networking, and application management services that enable customers to deploy, secure, and operate their applications in a cloud-native environment wherever needed – data centre, multi-cloud, or the network edge. 

In a series of six short demo sessions, we’ll be demonstrating the power of the F5 Distributed Cloud Web Application and API Protection (WAAP) solution and how easy it is to enable security services, including SaaS-based WAF, API security, bot defence, and DDoS mitigation. 

By watching this demo session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time

Getting to Know the F5 Distributed Cloud Platform - Ep 1

In this session, we'll dive into the portfolio of Web Application and API Protection (WAAP) solutions that allow you to secure your workloads no matter where or how they are deployed. You will hear how we are unifying the experiences across our application security portfolio to make them easier to manage and deploy. The session will also cover how F5 products deal with advanced threats that can only be defeated with AI/ML available within the F5 product portfolio.
  
By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

Securing Apps and APIs Across Hybrid and Multicloud

It’s time to dive into the world of multicloud networking. In this session, we'll discuss how Distributed Cloud solutions create a new way to deliver your applications across multiple clouds, data centers, and the edge while maintaining full visibility, control and security. You will learn how Distributed Cloud allows you to seamlessly move and secure workloads with full layer 3 to 7 control and visibility. We’ll also cover how multicloud networking can be extended to create a distributed application environment leveraging Distributed Cloud App Stack.

 By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

Redefining Secure Multicloud Networking

With the rise in the adoption of AI and ML-related tools, many enterprises are defending their apps and infrastructure with automation. Some even leverage large language models (LLMs) to build their own AI-based solutions, managing associated apps and workloads. In this session, learn how F5 leverages AI and ML in our security products, including anomaly detection, malicious users, and more.

By watching this session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services, but you can unsubscribe at any time.

Using AI to Stop AI-Based Attacks

SSRF flaws occur when a web app fetches a remote resource without validating the user-supplied URL. Attackers can coerce the app to send a request to an unexpected destination—even if it’s secured by a firewall, VPN, or other network access control list (ACL). 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 

Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.

OWASP Top 10: Server Side Request Forger - Ep10

Without properly logging and monitoring app activities, breaches cannot be detected. Not doing so directly impacts visibility, incident alerting, and forensics. The longer an attacker goes undetected, the more likely the system will be compromised. 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
 
 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

 Follow the link to sign up and tune into the next episode. 
  
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Security Logging and Monitoring Failures - Ep9

This new risk category focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. The SolarWinds supply-chain attack is one of the most damaging we've seen. 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
 
 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 
 
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

Follow the link to sign up and tune into the next episode. 
  
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Software and Data Integrity Failures - Ep8

It is critical to confirm identity and use strong authentication and session management to protect against business logic abuse. Most authentication attacks trace to the continued use of passwords. Compromised credentials, botnets, and sophisticated tools provide an attractive ROI for automated attacks like credential stuffing. 
  
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The 2021 update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
  
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

 • How OWASP creates its Top 10 list of the most critical security risks to web applications. 
 • Key changes including recategorization of risk to align symptoms to root causes. 
 • When each risk can manifest, why it matters, and how to improve your security posture. 
 
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.

 Follow the link to sign up and tune into the next episode. 
 
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Identification and Authentication Failures - Ep7

Open Source software exploits are behind many of the biggest security incidents. The recent Log4j2 vulnerability is perhaps the most serious risk in this category to date. 
 
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

Follow the link to sign up and tune into the next episode. 

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

OWASP Top 10: Vulnerable and Outdated Components - Ep 6

Security Misconfiguration is a major source of cloud breaches. Learn what to do and avoid—as modern app development, software re-use, and architectural sprawl across clouds increases this risk. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 

 Follow the link to sign up and tune into the next episode. 

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

OWASP Top 10: Security Misconfiguration - Ep 5

OWASP Top 10: Insecure Design - Ep 4

OWASP Top 10: Injection - Ep 3

OWASP Top 10: Broken Access Control - Ep 1

OWASP Top 10: Overview

OWASP Top 10: Lightboard Lesson Series

2021 OWASP Top 10: Cryptographic Failures - 02 

Cryptographic failures, previously known as "Sensitive Data Exposure", lead to sensitive data exposure and hijacked user sessions. Despite widespread TLS 1.3 adoption, old and vulnerable protocols are still being enabled. 
 
Protect Your Web Apps from New and Critical Risks 

The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software. 
 
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn: 

• How OWASP creates its Top 10 list of the most critical security risks to web applications. 
• Key changes for 2021, including recategorization of risk to align symptoms to root causes. 
• When each risk can manifest, why it matters, and how to improve your security posture. 

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners. 
 
Follow the link to sign up and tune into the next episode.

OWASP Top 10: Cryptographic Failures - Ep 2

Application Security

OWASP

Web Application Security

Application Delivery

Security

Mitigation

Risk Mitigation

Cryptography

Data Breach

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

OWASP Top 10: Cryptographic Failures - Ep 2

Presented by

About this talk

More from this channel