This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Data Driven Web Application Security
The security posture of an application is directly proportional to the amount of information that is known about the application. How can we, as web application security practitioners, take advantage of application metrics to improve the security posture of our product?
This talk will explore the ways that application data and metrics can be taken advantage of to create effective defenses for web applications today. We'll outline the fundamental classes of web application security mechanisms and once an understanding of the domain is established, we'll explore several specific examples that outline how Etsy's security team uses metrics, analytics and big data every day to solve hard, interesting problems and create a safer experience for millions of users all over the world.
Mike Arpaia is a Senior Software Engineer on the security team at Etsy. Before working at Etsy, Mike worked at iSEC Partners, a leading information security consulting firm where he specialized in mobile application, web application and mobile operating system security. Before working at iSEC, Mike worked at another leading information security consulting firm and co-founded the Stevens Cyber Defense Team at Stevens Institute of Technology where he remains an advisor to the group.
Mike has previously presented at over a dozen security conferences in 7 US states and 3 countries including Black Hat Europe, Source Boston, DEF CON and Nordic Security Conference on topics such as secure mobile development, mobile exploit intelligence, mobile operating system security and information security education.
Senior Product Manager
Ryan has been in the security industry for over 15 years. He started out as a software engineer for Sprint straight out of high school and moved on to helping build companies that provided Cloud-based security services like remote access, web filtering, and anti-malware. Most recently he played a pivotal role as a PM for Cisco's Cloud Web Security product line which he joined via ScanSafe's acquisition in 2009. He left Cisco late 2012 to join Silver Tail Systems, Part of RSA, as the Senior Product Manager.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations solve their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.