On April 11th I'm going to present a webinar on web application security, with a twist. The Webinar will outline the top threats to web sites in 2006 and will predict the trends of web attacks for 2007, but while most discussions of web site security vulnerabilities traditionally focused on the technical complexity of these attacks this time I will try to focus on the business impact of the vulnerabilities.
The traditional "techie" approach is to an extent based on "fear factor" and does not provide tools to assess the risk associated with web application vulnerabilities and therefore the effort and resources required to mitigate them.
This WebEx will use the Web Hacking Incident Database to prioritize web based attacks based on their actual business impact by examining past web site break-ins. The presentation will unveil a major upgrade to the Web Hacking Incident Database project, a Web Application Security Consortium project that documents known web site security incidents. The new upgrade will add business impact information to each incident in addition to the technical information available today.
The WebEx is targeted both at decision makers faced with the dilemma of budgeting web application security mitigation as well as consultants & security professionals tasked with performing risk assessment to web sites and web based applications.
Further details and registration at Breach Security Webinar Center
