OWASP AppSec DC 2012/Web Application Defense with Bayesian Attack Analysis

From OWASP
Revision as of 23:39, 9 March 2012 by Dallendoug (Talk | contribs)

Jump to: navigation, search

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Owasp logo normal.jpg
Bayesian text classifiers have long been been successful in the fight against email SPAM. Why can't these same methods be used to help prevent against web-based attack payloads? This talk will demonstrate a working bayesian analysis system within the ModSecurity open source web application firewall which uses the Lua API to both classify and test payloads to identify attacks.

The Speakers

Ryan Barnett

Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Research Team where he specializes in web application defense. He is a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Web Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache. Twitter account - @ryancbarnett


Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg