Difference between revisions of "Defend Yourself: Integrating Real Time Defenses into Online Applications"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightAsk any attacker how many attempts it takes them to successfully exploit a vulnerability - two attempts, three, five…')
 
m
Line 3: Line 3:
 
[[Image:Owasp_logo_normal.jpg|right]]Ask any attacker how many attempts it takes them to successfully exploit a vulnerability - two attempts, three, five? In general, an attacker requires several attempts before they can devise a successful exploit. And that is only after they've probed the site to find the vulnerable areas in the first place. Most applications are missing a critical opportunity, the attacker has made their presence known while probing for the vulnerability. Take defensive action and shut down the offending account! This presentation will continue the discussion on AppSensor, a strategy for implementing automatic attack detection and real time response to eliminate the threat of an attacker. During this presentation we will explore a new online application which implements AppSensor. The concepts discussed in this presentation can be immediately integrated into enterprise applications looking to bolster their security posture against determined attackers. We will see that the required changes have a minimal impact on the architecture of the application and require only a small amount of code change. However, there are immense benefits to detecting malicious attackers before they are successful.
 
[[Image:Owasp_logo_normal.jpg|right]]Ask any attacker how many attempts it takes them to successfully exploit a vulnerability - two attempts, three, five? In general, an attacker requires several attempts before they can devise a successful exploit. And that is only after they've probed the site to find the vulnerable areas in the first place. Most applications are missing a critical opportunity, the attacker has made their presence known while probing for the vulnerability. Take defensive action and shut down the offending account! This presentation will continue the discussion on AppSensor, a strategy for implementing automatic attack detection and real time response to eliminate the threat of an attacker. During this presentation we will explore a new online application which implements AppSensor. The concepts discussed in this presentation can be immediately integrated into enterprise applications looking to bolster their security posture against determined attackers. We will see that the required changes have a minimal impact on the architecture of the application and require only a small amount of code change. However, there are immense benefits to detecting malicious attackers before they are successful.
  
== The speakers ==
+
== The speaker ==
  
 
Michael Coates is a Senior Application Security Engineer for Aspect Security and has performed numerous penetration assessments, security code reviews, and security training sessions for leading corporations worldwide. Michael is the creator and leader of
 
Michael Coates is a Senior Application Security Engineer for Aspect Security and has performed numerous penetration assessments, security code reviews, and security training sessions for leading corporations worldwide. Michael is the creator and leader of

Revision as of 19:01, 3 August 2009

The presentation

Owasp logo normal.jpg
Ask any attacker how many attempts it takes them to successfully exploit a vulnerability - two attempts, three, five? In general, an attacker requires several attempts before they can devise a successful exploit. And that is only after they've probed the site to find the vulnerable areas in the first place. Most applications are missing a critical opportunity, the attacker has made their presence known while probing for the vulnerability. Take defensive action and shut down the offending account! This presentation will continue the discussion on AppSensor, a strategy for implementing automatic attack detection and real time response to eliminate the threat of an attacker. During this presentation we will explore a new online application which implements AppSensor. The concepts discussed in this presentation can be immediately integrated into enterprise applications looking to bolster their security posture against determined attackers. We will see that the required changes have a minimal impact on the architecture of the application and require only a small amount of code change. However, there are immense benefits to detecting malicious attackers before they are successful.

The speaker

Michael Coates is a Senior Application Security Engineer for Aspect Security and has performed numerous penetration assessments, security code reviews, and security training sessions for leading corporations worldwide. Michael is the creator and leader of

UNFINISHED