LSEC - Leaders in Security

LSEC Application Security Seminar 2008

Part of the Global Security Week 2008 Special on Cybersecurity

Learn about the current trends and evolutions in Application Security, including Web Application and Web 2.0, AJAX, webservices & XML, database security. Learn from recent threat models, best practices and current evolutions. During this seminar some of the experts will guide you through some of the threats that organizations are facing or could face using a variety of applications. Those could be as trivial as just a website that hosts the company profile, but could have adverse effects on the companies’ image or online transactions.
Those could also be very sophisticated attacks aimed at the heart of the business, by penetrating the deep insides of the applications themselves and changing their face and business logic, without being able to notice ...

Program Summary

The number of applications connected today to the Internet, to business partners and to other systems is still on the steep rise. Notwithstanding the benefits of those applications themselves, their uniqueness and business advantages in terms of efficiency, speed, effectiveness, control and other ... in most cases, those applications as most systems are not completely waterproof. Some vendors are continuously improving potential threats from the inside and outside on a continuous basis, but also custom applications can sometimes be overlooked; especially when integrating with existing applications. 


The purpose of this seminar is not to dive into Secure Software development, or development lifecycle. During the seminar, more attention will be paid to the architecture, systems design, application implementation and maintenance of those systems. This should be of concern to everybody responsible over one or more websites, databases, applications running on application servers and custom developed applications.


For more than 10 years, the interest into application security has grown, as the threat models and potential risks coming out of those applications has risen also. A number of experts and application security products have developed best practices, procedures and models to reduce potential risks coming out of those applications.


LSEC is aiming to provide an update on the current state of affairs and evolutions of application security with the following program of this afternoon seminar:

13.00 : Welcome & Registration, Sandwich Lunch offered by LSEC and its partners

14.00 : Introduction : Global Security Week and Application Security Seminar
Setting the program and defining the outline : Ulrich Seldeslachts, CEO LSEC

14.10 : Trends in webhacking in 2008 and beyond : Ofer Shezaf, Vice President Breach Security


Breach Labs issues a periodical report on trends in Web Application Security, a common form of Application Security issues. During this presentation, Ofer will present an update on some of the statistics coming out of the web hacking incident database, and more in particular why and how web hacking impacts business. It also tries to give an insight in the drivers of those web hackers, and presents an insight in the business model behind it; allowing for security professionals and architects to come up with business models to prevent them.


About : Ofer is responsible for defining Breach Security’s product roadmap and features today, after having been leading the security research group at the company. Previously, Ofer served as technology expert for leading venture capital funds, and was a special advisoron national infrastructure protection for the Israeli government and intelligence forces.
Ofer is officer of the Web Application Security Consortium (WASC) and lead of the OWASP Israel chapter. He holds a BA in
computer engineering from the Technion and an MBA from Tel-Aviv University.


15.00 : Pro-active application Security : Sebastien Deleersnyder, Telindus - Belgacom ICT


About : Sebastien started the successful Belgian OWASP CHapter and performed several public presentations on web application and web services security. Sebastien specialises in (web) applicatoin security, combining his software development and information security experience. He is currently OWASP Foundation board member and responsible for the Telindus application security offering. 


15.45 Coffee Break & Networking

16.00 Dealing with Application Security in the organization.  Marc Stern, Approach


How to effectively deal with securing applications in the organization, within operations, what/how/when can and need things be done. What are the norms, compliance issues, and other aspects that companies should be aware of? This presentation will offer a practical guidance to how to manage and maintain the correct policy, procedures and how to effectively implement and manage this in view of the technological and business impact that Application Security breaches could have.


What are the real risks (different types of attacks, motivations, impact on service, legal impact, ....)? What are all the possibilities and how do they fit together (sequence, timing)? Impacts on service, future proof approaches, .... How do application protection impacts the organization?
Involment, costs vs benefits, .... What are some of the trends and expectations for the following months and years ? How are new trends
in development impacting or resolving the problems (SOA, Ajax, ... )


About : Marc is senior consultant, head of the Security Group of Approach Belgium.


16.45 Effectively securing databases and implementing an efficient Data Security Model, for outside and inside threats.
George Fyffe, Director Application Security


About : George is Director at Application Security Inc, with integrated database security solutions that have helped over a thousand global organizations secure their databases from internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements.


17.30 Keynote :  Security threats in the world. How the world is evolving from simple security threats to cyberterrorisms. How this is impacting today’s business and how organizations should consider future evolutions. Peter Evans, IBM Vice President Internet Security Systems.


About : Peter Evans serves as vice president of marketing for IBM Internet Security Systems. With more than eighteen years of telecommunications and enterprise security experience, Evans is responsible for defining and executing the company’s worldwide corporate marketing strategy.  Peter Evans is a frequent keynote speaker at leading industry events, such as VON, RSA and the Gartner IT Security Summits, as well as with major business and trade media, and on national broadcast news.  Evans holds bachelor’s degrees in applied mathematics and computer science from Queen’s University, Ontario, Canada.  He also holds a master’s of business administration from York University in Toronto.

18.30 Panel Discussion :


How real is the threat ?

Insider vs Outsider threat levels and how to deal with them ?

Should companies have aligned security strategies, or should they become purely focused on implementing Common Criteria
and best practices by themselves ?

What can and should be expected from new OS’es, from SOA and webservices models ?



19.00 : Conclusion Remarks, experiences from the Belgian landscape and key learnings from the battlefield. Erwin Geirnaert, Zion Security.


19.20 : Introduction to the Open Web Application Security Project (OWASP) : Sebastien Deleersnyder (see above)


19.30 : Reception & Networking


20.30 : Close of Seminar

For more than 10 years, the interest into application security has grown, as the threat models and potential risks coming out of those applications has risen also.
A number of experts and application security products have developed best practices, procedures and models to reduce potential risks coming out of those applications.