News Article | December 13, 2016
Los Angeles, Orange County, San Diego, and Santa Barbara chapters of the Open Web Application Security Project (OWASP) today announced that the Agenda is complete for the Fourth Annual AppSec California taking place January 23 – 25, 2017 in Santa Monica, CA at the Annenberg Beach House. It’s time to secure a spot at the table and start selecting the breakouts to attend. Taking place on the beach at the elegant Annenberg Beach House, this year’s conference will feature keynote speakers who understand the challenges and trends of the mercurial world of cybersecurity: Dr. Zulfikar Ramzan, Chief Technology Officer at RSA, Gary McGraw, Chief Technology Officer, Cigital, and Chris Roberts, Chief Security Architect at Acalvio Technologies. In addition to the keynotes, attendees will find a plethora of sessions to attend. Some of the application and web security topics included this year range from securing the Internet of Things (IoT) and the physical web to Java and Powershell apps; and from scaling testing in DevOps to crowdsourcing security. Of course, no application security conference would be complete without killing passwords, taking a #securityselfie, finding unicorns, and a bit of Twubhubbook. "We are really excited about AppSec Cali 2017; every year we wonder if we can pull off an event as great as the last, but we seem to have done it again,” says Caleb Queern, Manager, KPMG Cyber and chapter organizer of OWASP San Diego. “With application security experts from the likes of Google, LinkedIn, Cisco, DropBox, Facebook, Salesforce, and eBay giving talks, it feels like the location and the inertia we've built continues to bring back great content.” For a complete list of all the great sessions the team has in store for this year’s attendees, the full agenda can be found here: https://appseccali2017.sched.com/ Celebrating Diversity In addition to skill enhancement, attendees will gain insight into the infosec life from the female perspective in our new featured panel: Women in Security. Learn about the unique challenges and opportunities in cybersecurity for women from: "Diversity within the cyber security industry is still a challenge - we have 11% women workforce as opposed to the over 20% women participation in the general high tech industry," says Wang, a panelist for the women in security panel. “I am pleased that AppSec California is putting this issue on the table and look forward to a thought-provoking discussion” Of course, diversity extends beyond gender, which is one of the reasons the AppSec California planning committee offered scholarships for this year’s conference. The team is pleased to announce the winners of the scholarship: Remember to Sign Up for Training Just like last year, the training sessions kick off the conference will full-day trainings beginning at 9am Monday morning, January 23rd. “The training opportunities are a great excuse to spend another day by the beach learning modern web app security too!” adds Queern. Learn more about the training opportunities from these 4 experts: Welcome Sponsors! Sponsorship opportunities are also available, both for the media and for vendors in the security industry. For more details and the full range of sponsorships, please visit: https://2017.appseccalifornia.org/sponsorship/. Additional Information For more information on AppSec California and for registration details, please visit https://2017.appseccalifornia.org/. Be sure to register today to reserve a place at the table. About OWASP: The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. OWASP’s mission is to make application security visible to ensure that organizations and individuals can make informed decisions about true application security risks. Participation in OWASP is free of charge and open to the general public. All OWASP materials are available under a free and open software license. http://www.owasp.org The OWASP Los Angeles chapter hosts a networking dinner on the fourth Wednesday of every month, and the Orange County chapter meets on the fourth Thursday. Function presentations are focused on what security is really about. Join the movement today! The San Diego chapter meets the third Thursday of every month.
News Article | November 2, 2016
Los Angeles, CA – November 2, 2016 – Los Angeles, Orange County, San Diego, and Santa Barbara chapters of the Open Web Application Security Project (OWASP) today announced that Dr. Zulfikar Ramzan, Chief Technology Officer at RSA, Gary McGraw, Chief Technology Officer, Cigital, and Chris Roberts, Chief Security Architect at Acalvio Technologies, will be featured keynote speakers at the Fourth Annual AppSec California taking place January 23 – 25, 2017 in Santa Monica, CA at the Annenberg Beach House. "We have heard from many attendees that if given the choice of only one conference to attend, it would be AppSec California,” says Richard Greenberg, President, OWASP Los Angeles. “The combination of two full days of amazing speakers, world-leading keynotes, a full day of great classes at ridiculously low cost, and networking at the beach in the winter are just too much to resist. You will take away more from attending AppSec California and feel more fulfilled than from any other event (other than if the Beatles were able to reunite). Come join us on the beach!” **More Great Speakers** In addition to the planned interactive training sessions on day one of the conference, world-renowned experts in the field of web application security secure development best practices will lend their expertise to event goers through presentations and roundtable discussions. This year’s event brings an array of distinct speakers including Arvind Mani from LinkedIn, Caroline Wong from Cobalt, Dan Cornell from Denim Group, Ltd., Neil Matatall from GitHub, and Tin Zaw from Verizon Digital Media Services, just to name a few. **Supporting Our Veterans** OWASP AppSec Cali is dedicated to helping veterans find meaningful employment while helping solve the information security talent shortage. With these goals in mind, the conference is giving veterans the opportunity to apply for a scholarship which will cover the price of conference admission. We are hoping to attract veterans who either are software developers interested in security, information security practitioners with an interest in application security, or students looking to learn more about security. "As a Marine Corps Veteran, I am pleased that the planning committee is supporting fellow veterans by allowing them to be exposed to more than just ethical hacking or a typical blue team information security conference,” says Michael Rodriguez, industry expert in application security. “I'm looking forward to meeting and networking with the scholarship winners.” Details of the veterans’ scholarship program can be found at https://2017.appseccalifornia.org/veterans-scholarship-application-form/ **Additional Information** Attendees interested in getting hands-on experience with physical and digital cyber challenges can also partake in a Capture the Flag (CTF) competition. For more information on AppSec California and for registration details, please visit https://2017.appseccalifornia.org/. Be sure to register today to reserve a place at the table. Sponsorship opportunities are also available, both for the media and for vendors in the security industry. For more details and the full range of sponsorships, please visit: https://2017.appseccalifornia.org/sponsorship/. About OWASP: The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. OWASP’s mission is to make application security visible to ensure that organizations and individuals can make informed decisions about true application security risks. Participation in OWASP is free of charge and open to the general public. All OWASP materials are available under a free and open software license. http://www.owasp.org The OWASP Los Angeles chapter hosts a networking dinner on the fourth Wednesday of every month, and the Orange County chapter meets on the fourth Thursday. Function presentations are focused on what security is really about. Join the movement today! The San Diego chapter meets the third Thursday of every month.
News Article | November 7, 2016
MOUNTAIN VIEW, Calif., Nov. 7, 2016 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) has signed definitive agreements to acquire Cigital, a privately held provider of software security managed and professional services, and Codiscope, a 2015 spinoff of Cigital and provider of complementary...
News Article | November 30, 2016
MOUNTAIN VIEW, Calif., Nov. 30, 2016 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) has completed its acquisitions of Cigital, a privately held provider of software security managed and professional services, and Codiscope, a 2015 spinoff of Cigital and provider of complementary security...
News Article | November 8, 2016
According to new market research report "Penetration Testing Market by Testing Service (Network, Web, Mobile, Social Engineering, Wireless, Embedded Devices and Industrial Control System), Deployment Mode (Cloud and On-Premises), Organization Size, Vertical, and Region - Global Forecast to 2021", by MarketsandMarkets, the Penetration Testing Market is estimated to grow from USD 594.7 Million in 2016 to USD 1,724.3 Million by 2021, at a Compound Annual Growth Rate (CAGR) of 23.7%. Browse 50 market data Tables and 49 Figures spread through 144 Pages and in-depth TOC on "Penetration Testing Market - Global Forecast to 2021" Download PDF Brochure@ http://www.marketsandmarkets.com/pdfdownload.asp?id=13422019 Early buyers will receive 10% customization on this report. The major forces driving the Penetration Testing Market are the need for protection from various cyber-attacks and increasing number of mobile users and applications. The penetration testing market is growing rapidly because of the growing security needs of Internet of Things (IoT) and Bring Your Own Device (BYOD) trends and increased deployment of web & cloud-based business applications. Wireless penetration testing to grow at the highest CAGR from 2016 to 2021 Penetration testing services are used to secure wireless infrastructures and the devices connected through it. The emerging IoT and BYOD trends and connected number of devices and applications are susceptible to vulnerabilities and Advanced Persistent Threats (APTs). Wireless penetration testing is expected to witness the highest CAGR in the global penetration testing market during the period 2016–2021. North America is expected to account for the largest market share in 2016, due to the presence of a number of security vendors in the region. Government & defense vertical to have the largest market size in 2016 The Penetration Testing Market is also segmented by various industry verticals; out of which, the adoption of penetration testing services is expected to be the highest in the government and defense vertical as the critical data and applications used by the vertical are prone to advanced threats. Moreover, BFSI, retail, and IT & telecom verticals are expected to gain traction during the forecast period. North America is expected to dominate the penetration testing market in 2016 North America is expected to hold the largest share of the Penetration Testing Market in 2016 due to the technological advancements and early adoption of penetration testing in the region. The market in APAC is expected to grow at the highest CAGR between 2016 and 2021. The major driving forces for this growth are increasing technological adoption and huge opportunities across industry verticals in APAC countries, especially India and China. The Penetration Testing Market report also encompasses different strategies, such as mergers & acquisitions, partnerships & collaborations, business expansions, and product developments, adopted by major players to increase their market share. Some of the major technology vendors include Hewlett Packard Enterprise (U.S.), IBM Corporation (U.S.), Rapid7, Inc. (U.S.), Qualys, Inc. (U.S.), Veracode (U.S.), Trustwave Holdings, Inc. (U.S.), Acunetix (Malta), Cigital, Inc. (U.S.), WhiteHat Security (U.S.), and Checkmarx (Israel).
News Article | December 19, 2016
— According to a new market research report "Application Security Market by Component (Solutions, Services), Solutions (Web Application Security, Mobile Application Security), Testing Type (SAST, DAST, IAST), Deployment Mode, Organization Size, Vertical, Region - Global Forecast to 2021", The Application Security Market size estimated to grow from USD 2.24 Billion in 2016 to USD 6.77 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 24.8% from 2016 to 2021. Browse 78 market data Tables and 47 Figures spread through 156 Pages and in-depth TOC on "Application Security Market - Global Forecast to 2021" http://www.marketsandmarkets.com/Market-Reports/application-security-market-110170194.html Early buyers will receive 10% customization on this report. Application security is to safeguard applications from vulnerabilities such as SQL injection and cross-site scripting via security testing techniques which scan the web and mobile applications for security flaws throughout the application development lifecycle. As the frequency of targeted attacks on applications is growing, the market is expected to gain traction in the next five years. Rise in security breaches targeting business applications will drive the application security market The major forces driving the application security market are the rise in security breaches targeting business applications and strong application security regulation and compliance requirements. In today’s hyper-connected business environment, there is rapid emergence of digital solutions and devices, which is based on communication between various business-critical applications and data. As these business applications hold critical organizational data, safeguarding them from vulnerabilities is of the utmost importance for any organization. Hybrid analysis (IAST) to play a key role in the application security market Interactive Application Security Testing (IAST), sometimes referred to as “hybrid analysis,” is an emerging security testing type which is a combination of both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Various advantages offered by IAST include false positive reduction, comprehensive vulnerability coverage, entire code coverage that includes the libraries and frameworks, scalability to handle large applications, instant developer feedback to save time, and zero process disruption. The IAST segment is expected to grow at the highest rate during the forecast period. Banking, Financial Services, and Insurance (BFSI) vertical expected to grow at the highest rate during the forecast period The BFSI vertical is one of the most omni-present industries prone to targeted attacks in today’s digital inter-connected world. The BFSI vertical is expected to grow at the highest rate from 2016 to 2021, in the application security market. The market is also projected to witness growth in the healthcare, retail, and IT & telecom sectors during the forecast period. North America expected to contribute the largest market share, Asia-Pacific (APAC) to grow the fastest North America is expected to hold the largest market share and dominate the application security market from 2016 to 2021, due to the presence of a large number of application security vendors. APAC offers potential growth opportunities, as there is a rise in the Bring Your Own Device (BYOD) adoption rate among organizations that in turn are deploying application security solutions to defend against potential threats to protect business-critical applications. The major vendors in the application security market include IBM Corporation, Hewlett Packard Enterprise, WhiteHat Security, Veracode, Checkmarx, Qualys, Rapid7, Trustwave, Acunetix, and Cigital, among others. The report covers detailed information regarding the major factors influencing the growth of the application security market such as drivers, restraints, challenges, and opportunities. A detailed analysis of the key industry players has been done to provide insights into their business overview, products and services, key strategies, new product launches, mergers and acquisitions, partnerships, agreements, and collaborations, associated with the application security market. MarketsandMarkets is the world’s No. 2 firm in terms of annually published premium market research reports. Serving 1700 global fortune enterprises with more than 1200 premium studies in a year, M&M is catering to a multitude of clients across 8 different industrial verticals. We specialize in consulting assignments and business research across high growth markets, cutting edge technologies and newer applications. Our 850 fulltime analyst and SMEs at MarketsandMarkets are tracking global high growth markets following the "Growth Engagement Model – GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. M&M’s flagship competitive intelligence and market research platform, "RT" connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets. The new included chapters on Methodology and Benchmarking presented with high quality analytical infographics in our reports gives complete visibility of how the numbers have been arrived and defend the accuracy of the numbers. We at MarketsandMarkets are inspired to help our clients grow by providing apt business insight with our huge market intelligence repository. For more information, please visit http://www.marketsandmarkets.com/Market-Reports/application-security-market-110170194.html
IEEE Security and Privacy | Year: 2016
Gary McGraw talks to the co-inventor of public-key cryptography, Martin Hellman, about his cutting-edge career, his involvement in the Crypto Wars, and his work with risk management and peace issues. © 2016 IEEE.
Computer | Year: 2016
Analyzing data from 78 firms using the Building Security In Maturity Model (BSIMM) revealed four truths about software security that will help firms protect and secure their assets. © 2016 IEEE.
Network Security | Year: 2012
Mobile devices enable millions of users to be more productive and interact with their world in more ways than ever before. Today's mobile devices pack quite a punch - multi-core, multi-gigahertz processors, gigabytes of onboard and external storage capabilities coupled with wifi, Bluetooth and GSM or CDMA radios - all packed into a form factor not much larger than a candy bar. Mobile devices are essentially highly miniaturised desktops, and they are also set to become the principle interface between people and business. Chief among the attractions of mobile devices is the use of mobile applications that extend and enhance the capabilities of smartphones in thousands of ways. Mobile devices enable millions of users to be more productive and interact with their world in more ways than ever before. However, mobile applications also expose users and their phones to a multitude of not-so traditional issues, such as a lack of effective security controls, a new information protection landscape, and new security and design paradigms that simply didn't exist a few years ago. Approaches to securing mobile applications build upon many of the techniques used in more traditional software development. However, properly accounting for new threats and attacks requires the use of mobile-specific security assessment processes. Jason Rouse of Cigital explores this threat landscape which, he argues, must be properly understood, especially by those developing software. © 2012 Elsevier Ltd. All rights reserved.
IEEE Security and Privacy | Year: 2010
Many security managers avoid discussing threat modeling because they perceive it as expensive and difficult. However, threat modeling has become easier, just as it has become more important. Perhaps it's time for another look. © 2006 IEEE.