MS-ISAC National Webcast Initiative

National Webcast Initiative

Application Security

April 9, 2009

The second of the 2009 National Webcast series was held on April 9th with a featured presentation on Application Security. Over 900 individuals representing 47 states, and 9 countries registered for this event. Opening remarks were provided by Mr. William Pelgrin, Chair of the Multi-State Information Sharing and Analysis Center, followed by Mr. Alan Paller, Director of Research from SANS Institute.

Application security is a crucial layer in a multi-tiered cyber security strategy. Building security in at the beginning of development, as well as continued throughout the application life cycle, is important in minimizing potential vulnerabilities. For example, we’ve seen the results when vulnerabilities in web applications are exploited, leading to SQL injection attacks, cross-site scripting and other malicious activity.

This webcast provided discussion of the current issues surrounding application security and the consequences of successful exploitation of vulnerabilities. The session also provided information about what can be done to address the issues, including use of the recently released 2009 CWE/SANS Top 25 Most Dangerous Programming Errors, procurement guidelines being made available, as well as other tools to help developers and security professionals minimize risks.

Webcast Presentation:

April 9th - National Webcast Initiative PowerPoint Presentation - View
View the April 9th National Webcast Archived Recording

Webcast Related Material:

[These resources are provided because they have information that may be useful and are provided as a general reference only. We do not warrant the accuracy of any information contained in the resources and neither endorse nor promote the advertising of any resources. The information provided is by no means an exhaustive list, however, it can be utilized as a foundation from which you can build your knowledge and further pursue these topics on your own.]

Questions and Answers Transcript

Application Security Procurement Guidelines: http://www.cscic.state.ny.us/resources/aspl.cfm
SANS Top 25 Errors: http://www.sans.org/top25errors/
Open Web Application Security Project (OWASP): http://www.owasp.org/index.php/Main_Page

The Department of Homeland Security’s National Cyber Security Division and the Multi-State Information Sharing and Analysis Center have partnered to establish the National Webcast Initiative to develop a series of national webcasts which will examine critical and timely cyber security issues. Embracing the concept that security is everyone’s responsibility, these webcasts are available to a broad audience to help raise awareness and knowledge levels. A number of vendors have offered their services at no cost to government, to help develop and deliver the webcasts.

The National Webcast Initiative is also coordinated by the New York State Office of Cyber Security and Critical Infrastructure Coordination and the New York State Forum.

If you have any questions, please contact 518/474-0865 or email to info@msisac.org.