Date: April 27, 2023
Time: 7:00 PM IST | 3:30 PM CET | 9:30 AM EDT
Topic: How Penetration Testing Helps Secure Web Applications
Abstract: Web applications are at the forefront of business marketing and operational capabilities, making them a prime target for threat actors. Migration to a cloud or hybrid environment has stretched the security perimeter further, requiring a more proactive approach to application security. Pen testing for web applications helps a security team detect and identify gaps in application security that may allow a malicious hacker to access data. By stepping into a attacker’s shoes, the red team assesses existing security policies for weaknesses, simulating the environment and conditions that are available to threat actors. While part of the process is carried out by automation tools and scanners that detect ongoing attacks and possible misconfigurations, experienced penetration testers are needed to detect more complicated vulnerabilities like gateway and logic errors. This process is not only time-consuming but also involves the use of multiple tools for the varied processes. The current webinar explains the importance of penetration testing as a holistic approach to securing web applications.
Key takeaways:
- the state of web applications security in the current evolving threat landscape
- the importance of penetration testing for web applications
- common web application vulnerabilities
- penetration testing frameworks for web applications
- penetration testing stages and approaches
Speaker:
Milton Araújo, Security Expert
Bio: Milton Araújo is the founder and CISO of Secure Tecnologia, a reference company in northern Brazil that manages large data centers of various segments. As an information security specialist with over 10 years of experience, Milton focuses on incident detection and response and has served national and multinational companies, playing key roles in helping to build large data centers from scratch. In addition to being an entrepreneur, Milton is also a cybersecurity instructor for postgraduate courses. His most recent certifications include the following:
- EC-Council: C|PENT (Certified Penetration Testing Professional), C|EH ANSI (Certified Ethical Hacker), C|EH Practical (Certified Ethical Hacker – Practical), C|EH Master, C|ND (Certified Network Defender), C|SA (Certified SOC Analyst), C|EI (Certified EC-Council Instructor)
- (ISC)²: Certified in Cybersecurity
- Exin: Ethical Hacking
- Microsoft: MCP (Microsoft Certified Professional), MTA – Security (Microsoft Technology Associate – Security), MTA – WSA (Microsoft Technology Associate – Windows Server Administration), MTA – Network (Microsoft Technology Associate – Network)
- SolarWinds: RMM (Remote Management), Backup & Disaster Recovery (Master of Backup)
- Heimdal Security: Technical Officer
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)