Breach Security Executives to Address Zero-Day Attacks and Web Application Security at BlackHat USA and LifeCycle Security Conferences
CARLSBAD, Calif., August 4, 2008 — Breach Security, Inc., the leader in web application security, today announced that Ivan Ristic, vice president of security research, and Ofer Shezaf, vice president of product management, will be presenting at two upcoming security shows. Ristic and Shezaf will co-present “No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler and Traffic Profiling” at BlackHat USA 2008 on August 7. Additionally, Ristic will give an update on the Web Application Security Consortium (WASC) on August 8 and present “Evaluation Criteria for Web Application Firewalls” on August 9 at the LifeCycle Security Conference.
In their presentations, Ristic and Shezaf will address the security issues caused by the rapid growth of web applications, explain current solutions on the market today and discuss the future of web application security, including the projects on which they are currently working. Both executives are members of the Breach Security Labs research team, active in industry organizations such as WASC and the Open Web Application Security Project (OWASP), and have access to worldwide web security threat data.
Already recognized for its industry-leading PCI DSS compliance capabilities that protect leakage of credit card data, WebDefend version 3.4 expands its masking capabilities of sensitive payment account data. The new release now allows administrators to mask full magnetic stripe data, preventing it from being stored or displayed anywhere within the WebDefend software, including in audit logs and within the management console.
Additionally, at the show, Breach Security will be offering a new white paper from Breach Security Labs titled: “Enough with Default Allow in Web Applications!” This paper discusses current web application security issues associated with the default allow deployment model—a method of web application modeling, which forces applications to accept any requests, rather than only those they can handle—and methods for remediating these issues, while adopting best practices for new platforms. For more information, or for a copy of the report, please visit Breach Security at BlackHat booth #13.
Upcoming Executive Presentations
BlackHat USA 2008:
Who: Ivan Ristic and Ofer Shezaf
What: “No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler and Traffic Profiling”
When: Thursday, August 7 at 11:15 am
Where: Fourth Floor Palace Tower Convention Floor, Caesars Palace Hotel and Casino, Las Vegas, Nevada
Session highlights include:
- Results of a project designed to help tighten the security of web applications with little effort
- Benefits of a new web application traffic analysis tool that observes what’s valid and what’s not
- How this new tool creates a tight application shield and eliminates the complexity of shield construction
For more information about BlackHat USA 2008, visit: wwww.blackhat.com/index.html
LifeCycle Security 2008:
Who: Ivan Ristic
What: “Evaluation Criteria for Web Application Firewalls”
When: Saturday, August 9 at 3:15 pm
Where: Caesars Palace Hotel and Casino, Las Vegas, Nevada
Session highlights include:
- An overview of web application firewalls and which features really matter
- How to customize the work of the Web Application Firewall Evaluation Criteria project
- How to use the customized criteria to select the best product
Who: Ivan Ristic with Tom Brennan, CTO of Proactive Risk
What: WASC and OWASP update
When: Friday, August 8 at 1:30 pm
Where: Caesars Palace Hotel and Casino, Las Vegas, Nevada
Session highlights include:
- Ristic will give an overview and update on WASC
- Brennan will give an overview and update on OWASP
For more information about LifeCycle Security 2008, visit: www.lifecyclesecurity.com
About Ivan Ristic
Ivan Ristic is the vice president of Security Research for Breach Security, Inc. and a member of Breach Security Labs. He joined the company following Breach Security’s acquisition of Thinking Stone Ltd. and its ModSecurity open-source web application firewall. At Breach Security, Ristic focuses primarily on educating the market about the security risks associated with conducting business on the web and continues to improve the open-source ModSecurity project. Prior to moving to the computer security field, Ristic spent a number of years working as a developer, system architect and technical director in the software development industry. He authored Apache Security for O’Reilly (www.apachesecurity.net), a concise yet comprehensive web security guide for administrators, system architects and programmers. Ristic earned a BSc with honors in Information Technology and Computing from the Open University. He also completed coursework at the Faculty of Electrical Engineering, University of Belgrade. Ristic is an active participant in the web application security community, an officer of WASC and the leader of the OWASP London Chapter. Ivan’s blog is located at http://blog.ivanristic.com.
About Ofer Shezaf
Ofer Shezaf is the vice president of Product Management for Breach Security, Inc. and a member of Breach Security Labs. He is responsible for defining Breach Security’s product roadmap and features. Shezaf brings to Breach Security both broad experience in information security and a background in entrepreneurship and venture capital. Shezaf served as a technology expert for leading venture capital funds such as Pitango and Evergreen, evaluating new opportunities and working with early-stage companies on their technology and roadmaps. Previously, Shezaf served as a group manager and, later, a special advisor on national infrastructure protection for the Israeli government and intelligence forces. As a well-known application security expert, Shezaf is an officer of WASC, where he leads the Web Hacking Incidents Database project, and leads the Israeli chapter of OWASP. Shezaf holds a bachelor’s degree in computer engineering from the Technion and an MBA from Tel-Aviv University.
Breach Security, Inc.
Breach Security, Inc. is the leading provider of real-time, continuous web application security that protects sensitive web-based information. Breach Security’s products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company’s products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel and government. For more information, please visit www.breach.com.
###
Breach Security, the Breach Security logo, WebDefend and ModSecurity are trademarks of Breach Security, Inc. All other brand, product and service names are the trademarks, registered trademarks and service marks of their respective owners.