Learn how to secure your applications like the experts

1:48 - The main issues affecting application security • Discusses findings from the M Trends survey regarding prevalent attack vectors and the rising global costs of data breaches.

1:55 - Cyber-risks & attacks • Explores various cyber-risks and attacks, including exploitation, phishing, and stolen credentials, based on the M Trends survey.

2:59 - Investing now can save millions • Highlights the importance of increasing security investments to mitigate the financial impact of data breaches.

4:29 - Main issues affecting server security • Identifies software supply chain attacks, DDoS attacks, and infrastructure configuration issues as primary concerns for server security.

5:11 - The main issues managing information security • Covers challenges like phishing attacks, vulnerable packages, misconfigurations, budget constraints, security compliance regulations, and outdated software.

7:47 - 7 tips on how to secure your applications • Provides foundational principles of information security, including defense in depth, minimizing attack surfaces, and the principle of least privilege.

8:30 - Defense in depth • Advocates for implementing multiple layers of security measures to effectively mitigate risks.

9:40 - Minimize the attack surface • Discusses the importance of reducing exposure to potential attacks by eliminating unnecessary components and services.

10:34 - Principle of least privilege • Explains the concept of granting minimal necessary permissions to users or systems to reduce the risk of unauthorized access.

12:08 - Stay alert • Stresses the importance of maintaining vigilance and proactively monitoring for suspicious activities or anomalies.

13:57 - Application security management is never complete • Emphasizes that securing applications is an ongoing process due to the evolving nature of threats and vulnerabilities.

14:59 - Securing your applications with WAFs, APIs, and OWASPS • Emphasizes the importance of tracking all components of an application, including APIs, users, and connections. • Highlights the need for using the latest TLS and SSL types, implementing authentication and authorization, and maintaining up-to-date logging.

18:17 - Update, configure and secure • Advises against writing custom encryption algorithms and recommends using industry best standards. • Encourages using tools like Dependabot to track vulnerabilities in dependencies and ensuring secure configurations for web servers and database platforms.

21:40 - How Platform.sh can help • Discusses how Platform.sh provides a centralized dashboard for managing projects and supports IP filtering to minimize attack surfaces. • Highlights the platform’s isolation of applications and services, along with read-only containers, to prevent compromise.

23:15 - Secure your application with one, reliable PaaS • Discusses the benefits of Platform.sh in reducing security compromises compared to previous systems. • Highlights the platform’s ability to handle various types of applications and offer IP filtering for enhanced security.

24:45 - Controlling access and readability to maximize security • Emphasizes the importance of using password managers to minimize human error and ensure unique passwords. • Discusses the benefits of Platform.sh’s access controls and dedicated security team in maintaining security standards.

26:00 - From data protection to built.in security incident plans • Describes how Platform.sh complies with GDPR, CCPA, and other international standards. • Discusses the platform’s automated backups and vault service for storing sensitive data securely.

27:41 - Fastly NexGen WAF • Introduces Fastly NexGen WAF as an advanced Web Application Firewall that automates rule updates and ensures compliance with various standards. • Emphasizes its effectiveness in preventing common vulnerabilities and attacks.

28:33 - A dedicated security team • Discusses how Platform.sh’s dedicated security team handles stack updates and ensures compliance with global security standards. • Highlights the platform’s continuous monitoring and incident response capabilities to maintain a high level of security.