AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Thursday, September 24 • 3:00pm - 3:55pm
Sinking Your Hooks in Applications

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Attackers typically have more compute resources and can spend much more time breaking components of applications than the engineers that write them in the first place. Since the pressure is on developers to release new code, even at the expense of security best practices, expecting all application vulnerabilities to be detected and remediated in advance of an application’s release is unrealistic to say the least.

One approach to combat this is to automatically build more security into the applications themselves. In this talk, the speakers will demonstrate some techniques to leverage the hooking of potentially vulnerable code paths in production applications and injecting code to introduce additional layers of security without requiring developers to write any code or recompile the applications. Specific examples will be given of hooking Java, .NET and Ruby frameworks.

avatar for Richard Meester

Richard Meester

Software Engineer, Prevoty
Richard's primary focus is developing solutions for XSS/SQLi detection and protection in the .NET framework.
avatar for Joe Rozner

Joe Rozner

Software Engineer, Prevoty
Joe Rozner is a software engineer at Prevoty where he has built semantic analysis tools, worked to develop new methods to more accurately detect SQL injection and Cross Site Scripting (XSS), and designed novel integration technology leveraging runtime patching. His focus on LangSec... Read More →

Thursday September 24, 2015 3:00pm - 3:55pm PDT
Room C