Watchfire - Webcast Archives



AppScan	Rational Policy Tester	Fanatical Success	Partners	News & Events	About Watchfire
AppScan > Product Overview Demo & Download Solutions Fanatical Success > Training Professional Services Extreme Support Partners > Partner Portal Consulting Technology Resellers News & Events > Press Releases News Whitepapers Trade Shows Webcasts About Watchfire > Leadership Team Our Customers Careers Contact Us





Webcasts Webcast Archives		Webcast Archives Watchfire offers web seminars that address best practices in online risk and compliance management. The following are recordings of previously held seminars for you to view at your convenience. Be sure to check back as new topics are frequently added. These seminars are best experienced if you have a soundcard on your computer. If you are having difficulty viewing these recorded seminars, you may need to download the latest version of Windows Media Player. Website Accessibility Webinar - The Target lawsuit receives class action status! This 45 minute presentation will demonstrate how your organization and Watchfire can work together to effectively monitor and manage website accessibility issues to ensure you are in compliance with government regulations. View Website Accessibility Webinar - The Target lawsuit receives class action status! Demonstrating the Top 10 Web Application Hack Attacks While developers labour to build next-generation applications, hackers have evolved and are working to create new and sophisticated techniques to break through current security measures and snatch valuable data found within Web applications. Are you vulnerable? The OWASP (Open Web Application Security Project) Top Ten was created to help organizations and government agencies focus on the most serious web application security vulnerabilities. Adopting a process to monitor for, identify and remediate these "Top Ten" flaws is the most effective first step towards ensuring the security of your web applications. This Webinar will: Examine new and emerging hack attacks Provide a demonstration and informative discussion of the Top 10 web application attacks and their consequences Offer proven strategies for defending against these attacks, such as Cross-Site Scripting (XSS) Flaws, parameter tampering, cookie poisoning, and SQL injection Registration for this seminar takes place on a third party website View Demonstrating the Top 10 Web Application Hack Attacks Integrating Security into QA's Current Testing Processes As the importance of securing web applications increases, organizations must look for ways to scale security testing. It can no longer remain an independent function performed by specialized security personnel. Since QA teams are already testing applications for quality and performance issues, it makes sense to integrate security into the current processes. But for this to be successful, QA teams - who are not typically security experts -- require a simplified method of integrating security testing into their existing quality and performance testing environments. Watchfire's AppScan QA and AppScan Enterprise are integrated with IBM Rational ClearQuest, enabling QA teams to include security as a key component of their normal testing process, providing a single console for managing all web application tests. Adding value beyond the product integration, Watchfire solutions facilitate the shift of security testing from the security team to the QA organization. View Integrating Security into QA's Current Testing Processes Introducing AppScan 7.5 and AppScan eXtensions Framework On April 16, 2007 Watchfire announced AppScan 7.5. AppScan 7.5 introduced AppScan eXtensions Framework (AXF) to harness the power of Watchfire's application scanning engine. Coupled with Pyscan, a new AppScan Python-scripting based web application security testing platform, AppScan 7.5 enables you to extend and create your own custom testing solutions using the core technology of AppScan to accomplish specific security-related tasks. The extensibility and control that this unique solution provides is truly unmatched in the industry. View Introducing AppScan 7.5 and AppScan eXtensions Framework WASC Threat Classification - Web Application Authorization Attacks - Are you vulnerable? The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web. Their mission is to develop, adopt and advocate standards for web application security. The Web Security Threat Classification is a cooperative effort to clarify and organize the threats to the security of a website. The members of the WASC have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors and compliance auditors have the ability to access a consistent language for web security related issues. View WASC Threat Classification - Web Application Authorization Attacks - Are you vulnerable? Outsourcing: IT Dream or Security Nightmare? As IT budgets continue to be squeezed and organizations struggle to find new ways to grow and innovate, identifying potential candidates for outsourcing moves higher on the CIO's "to do" list. Application development - including web applications - seems a logical choice considering the potential cost and time savings. But at what expense? Although there may be clear benefits to outsourcing web application development, there are also significant security risks to be considered. Negotiating compliance into contracts, investing in a well thought out process and insisting on audits and automation to manage and mitigate breaches should be considered best practice. Please join Mandiant and Watchfire - two security industry experts - for a 1-hour web seminar. We will share our experiences, identifying security vulnerabilities in outsourced applications, and what you can do to prevent them from happening. We'll discuss contractual issues, real-world examples and how best to avoid a breach using both manual and automated approaches. View Outsourcing: IT Dream or Security Nightmare? Watchfire and Fortify Software Team to Bring You Complete SDLC Security According to Gartner research, "Through 2010, software development organizations that integrate security into their software development lifecycles will experience an 80 percent decrease in critical vulnerabilities found in their publicly released software or externally facing web applications."[1] That's why Watchfire and Fortify Software joined forces. The integration of their best-of-breed web application and source code scanning solutions brings to market the ability to identify vulnerabilities, understand their impact on the security posture and pinpoint code errors from a single user interface. Join us for an informative one-hour webcast and live demonstration of this new product integration where we will showcase the ability to identify, analyze and remediate security vulnerabilities throughout the SDLC. This integration provides best-of-breed technology for both application scanning and source code analysis in a single user interface. In this web seminar, you will learn: The importance of monitoring the results of both code scanning and web application vulnerability testing How to improve visibility, metrics and compliance reporting that leads to better accuracy and completeness of findings How to better identify, analyze and remediate security vulnerabilities throughout the SDLC with one solution View Watchfire and Fortify Software Team to Bring You Complete SDLC Security [1] Source: Gartner Research, "Integrate Security Best Practices and Tools Into Software Development Life Cycle," 10 February 2006, Amrit T. Williams, Neil MacDonald. Improving SQL Injection Validation Using AppScan One of the most common vulnerabilities that exist in web applications today is SQL Injection, an extremely dangerous attack which allows malicious hackers to manipulate queries for their own benefit. Most web application scanners use two different techniques to validate the existence of SQL Injection. The first is through injecting string terminating characters (Parameter Tampering) that cause the web application to return an SQL error. A second technique is called Blind SQL Injection which uses a series of requests to detect how the application reacts to parameter values - and implies if the application is vulnerable to SQL Injection or not. Watchfire AppScan® is the only product on the market that uses a third technique of SQL Injection validation, Port Listener tests, to validate the existence of SQL Injection vulnerabilities, which often times cannot be detected using Parameter Tampering and Blind SQL Injection. Join Watchfire's Ory Segal, Director of Security Research, for an informative discussion about SQL Injection and SQL Injection validation where you will learn: What is SQL Injection, how is it caused and how it can be exploited Three methods to test for SQL Injection What are Port Listener tests and what are their advantages over regular SQL Injection validation View Improving SQL Injection Validation Using AppScan AppScan 6.5 Join Watchfire's John Burroughs, Security Consultant, for an informative discussion and demo of Watchfire's latest web application security testing product, AppScan 6.5. AppScan 6.5 offers: Web Services Scanning Coverage Advanced Automated Capabilities for Penetration Testers PCI Data Security Standards Compliance Token Analysis Authentication Testing Automated JavaScript execution and much more! Watchfire AppScan® helps ensure the security and compliance of web applications throughout the software development lifecycle. Named the worldwide market-share leader according to Gartner and IDC, AppScan offers a solution for all types of security testing - outsourced, desktop-user, and enterprise wide analysis - and for all types of users - application developers, quality assurance teams, security auditors and senior management. View AppScan 6.5 AppScan 101 Join Watchfire's Mark Snider, Security Consultant, for an informative discussion and demo of Watchfire's web application security testing product, AppScan. In this web seminar you will learn about AppScan's: Built-in reporting engine and templates Remediation functionalities Daily Security Updates Easy user authentication and login methods Advisories and Fix Recommendations Watchfire® AppScan® helps ensure the security and compliance of web applications throughout the software development lifecycle. Named the worldwide market-share leader according to Gartner and IDC, AppScan offers a solution for all types of security testing - outsourced, desktop-user, and enterprise wide analysis - and for all types of users - application developers, quality assurance teams, security auditors and senior management. View AppScan 101 AppScan for Penetration Testers - A Tour of the Advanced Features of AppScan For those penetration testers who are using - or are considering using - AppScan® for their clients web application security audits, we invite you to join Watchfire for a second in the pen tester series of one-hour detailed technical demonstrations of AppScan. Presented by Ory Segal, Director of Security Research at Watchfire and WASC officer - and one of the industry's preeminent web application security researchers - this session is intended to show you how AppScan works "under the hood" and its advanced functionality for creating application specific tests to help you get the most out of AppScan for the automated portion of your audits. In this session, you will learn: Infrastructure tests (static vs. dynamic) Complex parameter tampering tests Adapting tests to your application Poison Null Byte eShoplifting (shopping cart manipulations) Manipulating Numeric/Selection values out of range Toggling values Port Listener tests Testing login/logout pages properly Validating DoS tests View AppScan for Penetration Testers - A Tour of the Advanced Features of AppScan Getting the Most Out of AppScan - A Guide to Web Application Scanning Using AppScan For those penetration testers who are using - or are considering using - AppScan® to perform web application security audits for clients, we invite you to join Watchfire for a one-hour detailed technical demonstration of AppScan. Presented by Ory Segal, Director of Security Research at Watchfire - and one of the industry's preeminent web application security researchers and a WASC officer - this session is intended to help you get the most of AppScan for the automated portion of your audits. In this session, you will learn: Proper configuration of AppScan for complete application coverage: Starting point URL, application path limits, crawling depth, redundant path limit, amount of links to crawl, crawling algorithm, automatic form filler configuration, exclude file types, communication timeout, crawler proxy settings, authentication credentials, client-side certificates, session management Verifying scan configuration/scan completeness: View the application tree and browse application data (visited URLs, broken links, interactive links, filtered URLs) Proper results interpretation to see the exact difference between the original (valid) request and the manipulated test request Switch between test variants, switch between the original (valid) request and test request, test variant manipulation View Getting the Most Out of AppScan - A Guide to Web Application Scanning Using AppScan Web Application Security 101: Minimize Your Online Risk Are you currently testing your web applications for security vulnerabilities? Have you ever been hacked using an application vulnerability? Join Watchfire Security Expert, Armando Bioc, as he provides valuable insight into several web application hacking techniques - such as Cross-Site Scripting, Forceful Browsing and SQL Injection - that are being used successfully today to maliciously attack web facing applications. Learn how Watchfire's AppScan® automated web application security testing solution helps enterprises and companies like yours to find, report and, most importantly, secure web applications before hackers can exploit them. View Web Application Security 101: Minimize Your Online Risk Improve your FISMA scores with AppScan Meeting Office of Management and Budget (OMB) FISMA compliance requirements and supporting the President's Management Agenda of providing a more citizen-centered government have proven challenging for many agencies. Consider, too, that government websites have grown in size and complexity, and security issues can be spread across millions of web pages and thousands of web applications. Join Watchfire's Mark Silver, Security Consultant and Gary Vincent, Solutions Manager for an informative discussion around solving the problem of security vulnerabilities and FISMA compliance scores in Federal web applications. In this web seminar, we will discuss the problem of security vulnerabilities from a software development life cycle (SDLC) perspective, and will provide a demonstration of AppScan®, our market-leading web application security testing tool. AppScan improves the efficiency and effectiveness of agency management and governance procedures for FISMA compliance by helping developers and auditors detect web application vulnerabilities. AppScan scans web applications, tests for security issues, provides fix recommendations, and ultimately, enhances the skillset of the federal employee (human capital) for making eGovernment more citizen-centric. View Improve your FISMA scores with AppScan Need a Privacy Refresher? Bentley College/Watchfire Reveal Online Privacy Practices in Higher Education With an increasing number of colleges and universities across the U.S. falling victim to data breaches, online privacy has emerged as an important risk management issue in higher education. Not surprising at a time when most schools are using the Internet to process electronic applications and other types of e-commerce transactions, ranging from online alumni donations to the sale of athletic tickets, clothing and textbooks. In a first-of-its-kind national study conducted by Bentley College and Watchfire surveying 236 institutions from the 2004 U.S. News and World Report list of America's Best Colleges only 65 or 236 schools surveyed have privacy notices linked from their homepage while nearly all schools surveyed engage in practices that potentially pose privacy risk. Join Watchfire and Bentley College for an informative one-hour webcast where we will reveal our study findings and offer best practices for mitigating online privacy and security risk. Clearly higher education is not immune from concerns about online privacy. Privacy breaches potentially undermine consumer trust and confidence and highlight the need for building trust by reducing the risk of disclosing personal information online. View Need a Privacy Refresher? Bentley College/Watchfire Reveal Online Privacy Practices in Higher Education Consumer Data Privacy - At an All Time Low While the Stakes Have Never Been Higher USA Today: "Social Security numbers found on state website"[1] Computerworld: "'Human error' exposes patients' Social Security numbers in NC"[2] MSNBC: "FCC says AT&T, Alltel failed to protect records, companies could face $100,000 fines over customer privacy"[3] The stakes have never been higher. The daily deluge of news about privacy breaches and personal information of American citizens being compromised and mishandled is alarming, and recent surveys have shown it has eroded our faith in the web as a viable business channel. Companies need to start getting serious about Consumer Data Privacy. It is no longer enough to simply have a privacy statement on a website. The content of that statement must be regularly scanned to ensure it hasn't been altered and that it is being strictly enforced. In addition, if you are offering financial or health services online or global services, you need to be concerned with a host of privacy regulations that will put further scrutiny on your business. Of course, there is always the option to not collect any data at all, but few could really run their business that way. It's time to consider conducting regular online privacy audits of your website in order to ensure compliance and customer trust. Join Watchfire for this one hour webcast and we will share with you our 4-step approach to Consumer Data Privacy assessments. This includes: Privacy Policy Management to help you understand how current and accurate your policies are PII Discovery to confirm the number of data collection forms and form types in use on your site Leak Prevention to verify that security safeguards exist where data is collected and transmitted Compliance Audits to ensure you are adhering to the privacy laws and regulations that affect your business View Consumer Data Privacy - At an All Time Low While the Stakes Have Never Been Higher [1] http://www.usatoday.com/tech/news/internetprivacy/2006-03-02-social_x.htm [2] http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,108444,00.html [3] http://www.msnbc.msn.com/id/11118732/ Security Throughout the Software Development Lifecycle The shift in focus from network-based vulnerabilities to application-based vulnerabilities has left many organizations exposed. Many companies are struggling to effectively combat this growing problem and handle the volume of application testing. It is only through strict processes can web application vulnerabilities be identified, reducing exposure. Join Watchfire's Danny Allan, Security Analyst, for an informative discussion on techniques and best practices to proactively manage web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this web seminar you will learn: How to better understand potential web application security vulnerabilities Best practices and how to effectively integrate application security testing into the software development lifecycle The importance of detecting and removing software vulnerabilities during application development View Security Throughout the Software Development Lifecycle OWASP Top 10 - Are you vulnerable? The OWASP Top Ten was created to help organizations and government agencies focus on the most serious web application security vulnerabilities. Adopting a process to monitor for, identify and remediate these "Top Ten" flaws is perhaps the most effective first step towards ensuring the security of your web applications. Join Watchfire's John Burroughs, Security Consultant, for an informative discussion and demo of the OWASP Top 10 web application attacks. View OWASP Top 10 - Are you vulnerable? AppScan Enterprise - Your Next Step in Application Security Join Watchfire's Karl Snider, Director of Product Management, for an informative discussion and demo of Watchfire's new product, AppScan® Enterprise. AppScan Enterprise enables organizations to take a more strategic approach to fixing their web application security issues by providing: Centralized scanning and control for managing all application security issues Enterprise-wide scalability High-level visibility and reporting Flexibility and customization Issue management and remediation capabilities AppScan Enterprise also includes a seamless integration with the desktop version of AppScan®, extending the market-leading tool's capabilities. View AppScan Enterprise - Your Next Step in Application Security F5/Watchfire Webcast - Safeguarding Your Web Applications: A Detailed Approach Application security is vital not only from a business continuity perspective but also from a legal standpoint. With growing privacy issues and increasing regulatory and legal pressures for protecting consumer information, your company runs the risk of legal problems and damage to corporate image if applications are attacked, secure information is stolen, or databases are destroyed. As an IT professional, it's your responsibility to manage online security risks without affecting performance and availability. This webcast will help you do just that. A panel of industry experts including Mark Bouchard, noted security analyst, Michael Weider, Founder and CTO, Watchfire, and Andrew Stern, Director of Security Products at F5, will help you understand the most important issues involved in securing business-critical applications. Tune in for an insightful look at application security as well as a detailed discussion on: What changes are heightening the requirements for application security The myth that current security methods like firewalls and IDS systems protect applications The top security challenges IT will face Best practices for securing applications Why testing is crucial and where it fits into the development lifecycle Why the biggest houses on Wall Street are creating application security departments as part of their best practices View F5/Watchfire Webcast - Safeguarding Your Web Applications: A Detailed Approach TRUSTe/Watchfire Webcast -- Securing Consumer Data on your Website: Priceless A recent exposure of 40 million consumer credit cards by MasterCard vendor, CardSystems Solutions provides an excellent case study for security do's and don'ts. Although CardSystems had received certification for compliance with the credit card data security standard, an audit conducted after the reported breach found issues that left consumer data vulnerable. The take away - security is not a "one time thing." Achieving compliance then forgetting about it until your next audit is just bad practice. To fully protect your priceless consumer data, you must enforce policies that include ongoing security monitoring procedures. In this seminar, TRUSTe and Watchfire walk through two solution pillars - technology for monitoring web application security, and policies and people to manage vendor data handling procedures. Watchfire and TRUSTe present a dual approach to attacking reasonable and reliable application security. You will hear about TRUSTe's recent security guidelines, which provide a step-by-step snapshot of your security practices and potential vulnerabilities. In addition, Watchfire describes automated security monitoring solutions that can provide the visibility and control necessary to effectively implement online governance strategies. In this session we review reasonable security measures and enterprise application security solutions for governance and accountability in a joint presentation by VP of Policy and Legal, Cathy Bump of TRUSTe and David Grant, Director Product Marketing, Watchfire. View TRUSTe/Watchfire Webcast -- Securing Consumer Data on your Website: Priceless Responsible for a Financial Services Website? What Every Executive Needs to Know about Website Security How great is the risk of not understanding website security? Here's a hint: it's greater than you think. Identity theft, customer trust - these are your issues. Sure, you have a top-notch security team, but ultimately, if there's a breach, who's on the line? Your security ignorance may be putting your e-business budget, the channel, even your job in jeopardy. Watchfire recently assessed the measures financial firms have taken to prevent identity theft. We analyzed 130 financial websites for potential security flaws. Our findings were not surprising. Although, it's a well-published fact that 75 percent of all hack attacks occur via web applications such as online bill pay, still today, we found firms are overwhelmingly susceptible to known vulnerabilities - some more than five years old. Like it or not, if you're going to have meaningful conversations with your security team to resolve these issues, you need to understand the basics. Basic web application hack techniques like cross-site scripting and deep-site linking are routinely exploited by phishers intent on stealing customer account and identity data. In this seminar we review these vulnerabilities, share our research findings, and offer best practices for web application security auditing and monitoring. View Responsible for a Financial Services Website? What Every Executive Needs to Know about Website Security Web Application Security: The New Battlefront in Online Risk High profile online security and privacy breaches have fueled fear of completing transactions and sharing personal information over the Internet. Privacy and security legislation such as Canada's PIPEDA, the Gramm-Leach-Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA), combined with the startling rise in "phishing", "pharming" and identity theft, have made it necessary for organizations to comply with and manage a myriad of online requirements. Many organizations are legally bound by legislation to protect the privacy and security of personally identifiable information, and if hackers can get at this sensitive information, run the risk of not being in compliance. To avoid online security breaches, it's critical that both private and public organizations establish formal online risk management processes and to proactively monitor through the use of best practices and technology. Security breaches and non-compliance can result in brand, reputation and trust erosion; lost revenue and business opportunities; and in many cases, litigation. Only through strict processes and regular analysis and monitoring can web application vulnerabilities be identified and online risk management be achieved, reducing the danger of exposure. In this session will discuss how organizations can proactively manage web application security and regulatory compliance. In this session, you will learn: How to better understand potential online risk management issues, including web application security vulnerabilities How to establish enterprise risk management processes How to bridge the communications gap between your legal and technical teams How new technologies can automate the testing and analysis of sites for risk issues View Web Application Security: The New Battlefront in Online Risk Understanding your Online Risk: The Benefits of Enterprise Security Most companies today have focused their security efforts on networks, servers and desktops, but web applications present the greatest risk and vulnerability. By their very nature, they are decentralized, difficult to manage and often collect sensitive data that places organizations at risk to hackers and other web attacks. By ensuring the security of your web applications across the enterprise, you can minimize your online risk and improve the effectiveness and efficiency of your online channel. Watchfire analyzes websites for online risk exposure by running thousands of platform- and application-specific tests to detect hundreds of types of security compliance vulnerabilities. It incorporates sophisticated security algorithms and combines them with enterprise scanning, dashboarding, trending and reporting capabilities. Watchfire will help you and your team: See security issues across the entire enterprise Enable enterprise database support for large-scale scans across thousands of websites and applications Provide a full inventory of your web environment, so you can understand what you have before you conduct security assessments Personalize stakeholder log-in to report for areas of responsibility Find and assign critical issues, and provide interface for filtering issues Conduct trending reporting Integrate server log files and system information to prioritize the high-traffic applications with security issues In this webcast we review the benefits of enterprise security so you can better leverage your online investments and minimize risk. View Understanding your Online Risk: The Benefits of Enterprise Security eGov Technology Best Practices: Aligning Your Web Applications Strategy with the President's Management Agenda You're aware that information security and privacy are not just technical challenges --- they require processes and management oversight. Now advanced software solutions can be efficiently and cost-effectively deployed to reduce the risks and vulnerabilities that pervade an agency's online operations --- ensuring FISMA, Section 208, Section 508 compliance, and providing support for the President's Management Agenda. Watchfire WebXM is a proven software solution that offers you total command and control of your online operations, and provides the visibility and tools necessary to measure, manage, improve and secure your web applications. WebXM will help you and your team: Understand security and privacy exposures in your web environment and federal enterprise architecture Develop a comprehensive, reporting dashboard for FISMA, Section 208, Section 508 and agency-wide standards management Get the most out of your web applications (ROI, capital investment, cost containment) Reduce your costs to complete OMB privacy (Section 208) and FISMA POAMS This webcast explains how to better define, measure and manage risk and compliance across your agency to better leverage your IT investments, meet PMA requirements and ultimately, improve customer satisfaction and online trust. View eGov Technology Best Practices: Aligning Your Web Applications Strategy with the President's Management Agenda eGov Innovations: Ensuring Online Privacy and Security A number of highly publicized online privacy 'breaches' have resulted in a significant lack of trust among web users. Hackers alone have dramatically increased the cost of doing business online, despite valiant efforts to thwart these attacks. These security breaches are eroding customer trust in the Internet as a viable channel. Although government and industry regulators have enacted legislation in an attempt to govern the collection, use, retention and distribution of customers' personally identifiable information, there is still cause for alarm. Ensuring the security of your website and its compliance with privacy policies, industry rules and applicable laws is critical for increasing the efficiency and effectiveness of web applications in support of IT investments and the President's Management Agenda. The impact of having a secure federal information infrastructure is increased satisfaction and customer trust in the online channel. Watchfire's WebXM is a software solution that provides the visibility and tools necessary to measure, manage, improve and secure your web applications, and identify, report and prioritize potential privacy and security risks. WebXM reveals what you need to know, including: Understanding the vulnerabilities of the online channel Identifying site privacy and security issues that are currently going unnoticed Providing tools to help improve your OMB Security Score Watchfire is already producing measurable results for a number of Federal Government agencies, including Veterans Affairs, Health and Human Services and the Social Security Administration. In this webcast we discuss the strategies necessary for you to define, measure and manage privacy and security issues to better meet legislation and PMA requirements, and ultimately, improve customer satisfaction and online trust. View eGov Innovations: Ensuring Online Privacy and Security Raising the Bar for eGov: Effective Online Strategies for U.S. Government Agencies According to Gartner Group, seventy-five percent of today's hack attacks occur at the web application layer. You can respond by deploying proven security technology that complements your current policies and procedures. Technology is essential to reducing the risks and vulnerabilities associated with an agency's online operations, and for ensuring regulatory compliance with FISMA, Section 208 and other federal regulations and NIST standards. A more secure federal information infrastructure results in both increased customer satisfaction and more efficient and effective online processes to achieve the agency mission and fulfill the requirements of the President's Management Agenda. Watchfire WebXM provides the visibility and controls necessary to evaluate an agency's web property risk exposure. WebXM reveals what you need to know, including: Status of agency web applications to improve overall Security Assessment Measurement criteria for compliance with FISMA, Section 208, Exhibit 300s, etc. Analysis and reporting tools to conduct comprehensive agency-wide web audits to reduce the risks of security breaches Watchfire WebXM is already hard at work and producing measurable results for the Federal Government. View Raising the Bar for eGov: Effective Online Strategies for U.S. Government Agencies Web Application Security and Site Quality Go Hand-in-Hand As a WebQA user, you know your websites better than anyone. You know the link structure, the forms, the linked files and flat pages, and you know the requirements for accessibility that you need to support. You also know that you need to be concerned with web application security, or the hard work you do to ensure quality can be rendered useless. The most pressing issue today for web application developers is security. While broken links and lost or inactive files won't threaten the long-term value of your site to your customers, information exposed through common web vulnerabilities can impact your business immediately. "But our site is safe!" That's what we hear from companies who have firewalls in place, encrypt their data, perform audits and implement stringent privacy policies. Let us help explain to you why even these security measures fall short. Did you know that 75 percent of today's hack attacks happen at the web application layer? These attacks are executed directly against the web applications you've worked so hard to build, QA and maintain. In this webcast where you will learn: WebQA updates and enhancements specific to your ongoing quality concerns How web application security and site quality go hand-in-hand Common vulnerabilities and their business impact How to quickly scan and analyze your websites for known vulnerabilities, and report the results to management and auditors How to recommend fixes to development View Web Application Security and Site Quality Go Hand-in-Hand VISA and MasterCard Security Deadlines Are Looming: Will You Be Ready? With the recent onslaught of highly publicized online privacy breaches, it is no surprise that credit card companies are taking proactive measures to help ensure the protection of their cardholders' confidential information. By June 30, 2005, both Visa and MasterCard will expect merchants and service providers to be compliant with the Payment Card Industry (PCI) Data Security Standards, which offers a single approach to safeguarding sensitive data for all card brands. Are You in Compliance? If you're regularly scanning your networks -- you may think so -- but what about your web applications? According to PCI documentation, "the most elusive vulnerabilities are those introduced through custom-developed e-commerce applications." Network testing is not enough. Learn How to Scan and Secure Your Web Applications Please join Watchfire and Deloitte for an informative, one-hour webcast, where we will discuss: Current research about the security status on major online retail sites If web applications create the most elusive vulnerabilities - how can you avoid them? Additional requirements for securing networks and databases How Watchfire and Deloitte can partner with you to create a complete PCI Compliance program View VISA and MasterCard Security Deadlines Are Looming: Will You Be Ready? Is Your Website a Business Asset or Compliance Risk? As more and more business is conducted via online channels, executives need to consider the impact that their web properties have on Risk Management strategies. Although many have been consumed by the challenges of Enterprise Risk Management, today few have visibility into the online issues that could potentially expose the company and impact those ERM practices. The enactment of sweeping global legislation and regulations governing the collection, use, retention and distribution of personal information makes Online Risk Management a challenge worthy of more senior level attention. This seminar reviews the online issues that impact enterprise compliance initiatives and shares how Watchfire has helped companies like yours automate Risk monitoring. View Is Your Website a Business Asset or Compliance Risk? Do Your Customers Trust Your Web Site? You May Not Like the Answer Phishing scams and cyber-threats are still growing at an alarming rate, and consumers are taking notice. Identity theft alone cost American consumers nearly $500 million in 2004. As a result, confidence in the Internet as a trusted business channel is faltering. In fact, a recent Forrester Research survey found that 92% of respondents fear "the risks of providing personal information far outweigh the benefits" of doing business online. Companies need to take a hard look at their Web operations and discover the solutions that will get customers online and keep them coming back. Easier said than done? Not necessarily. Implementing a comprehensive online risk management and compliance platform gives management the insights they want and the control they need to maintain a trusted Web channel. Ensuring security, privacy and accessibility for your online business is simply good business and the reason why firms like IBM, Microsoft, SunTrust, etc have put Watchfire to work. In less than an hour, we'll show you what steps you can take to build and sustain the trust of your customers. View Do Your Customers Trust Your Web Site? You May Not Like the Answer Section 208 and 508: Understanding the Laws and Automating Compliance More and more, federal agencies rely on their public-facing websites to communicate and provide critical information and services to citizens. And more and more, citizens rely on these sites to perform tasks -- from filing taxes to applying for license renewals -- they used to have to do in person. Steadily increasing governmental use of information technology, and the emergence of the Internet as a new channel of interaction between citizen and State, have given rise to the need for strengthened protections for personal privacy and the provision of accessibility to individuals with disabilities. As such, it's critical for federal agencies to comply with Section 508 to ensure that the information on their website is accessible to all individuals, including those with disabilities, thereby improving the experience for these visitors. Citizens are also concerned with the privacy of their personal information and are more likely to interact with a site that ensures that protection. Federal agencies can protect that privacy by complying with Section 208 of the E-Government Act. Watchfire and Documentum understand the challenge of ensuring compliance with multiple regulations and legislation. Our Online Government Solutions helps protect your federal agency from risk and vulnerability and achieve: Section 508 Compliance: Demonstrate leadership by providing web access to people with disabilities. Section 208 Compliance: Protect the online privacy of US citizens' information. This seminar will help you better understand potential compliance issues and how to use the latest technologies to help proactively manage them. View Section 208 and 508: Understanding the Laws and Automating Compliance Failure is not an option: Why online compliance and security can't wait. A pre-recorded webcast Join Gary Beach, technology host and CXO Media Group Publisher for an informative discussion on the important issues surrounding the management of online security, privacy and compliance. Discussion points: Find out what online compliance and privacy issues you need to be aware of How to deal with the growing challenges of leakage, daily phishing, identity theft attacks, denial of service, corporate espionage or IP theft Get expert advice on how to implement systems, processes and technologies to help address the threats your website encounters everyday Learn how to assess whether your applications are secure Hear how to make legacy applications secure Click here to view Failure is not an option webcast. Phishing Lures: Understanding the Techniques Scammers Use to Steal Identities A pre-recorded webcast 1,974 new, unique phishing attacks were launched in July 2004, a 39% increase over the number of attacks reported in June. And phishing may be the most expensive e-scam of all. Gartner measures the direct losses at over $2.4 billion in the last 12 months, and that doesn't include the millions that firms are spending internally to try to cope with these attacks. To protect your clients, and your firm, from phishing attacks start by understanding the most common techniques the frauds use to lure the unsuspecting. Their sophisticated measures may surprise you. Join Watchfire and the Keller Advisory Group for our free webcast where we will explore: How phishing attacks work - the latest e-scammer techniques Steps you can take to secure your customers' confidential and user account information Ways to protect your critical Web applications from unwanted attacks Click here to view the Phishing Lures webcast.

Related Links