Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
 
View analytic
Thursday, September 24 • 3:00pm - 3:55pm
Sinking Your Hooks in Applications

Sign up or log in to save this to your schedule and see who's attending!

Attackers typically have more compute resources and can spend much more time breaking components of applications than the engineers that write them in the first place. Since the pressure is on developers to release new code, even at the expense of security best practices, expecting all application vulnerabilities to be detected and remediated in advance of an application’s release is unrealistic to say the least.

One approach to combat this is to automatically build more security into the applications themselves. In this talk, the speakers will demonstrate some techniques to leverage the hooking of potentially vulnerable code paths in production applications and injecting code to introduce additional layers of security without requiring developers to write any code or recompile the applications. Specific examples will be given of hooking Java, .NET and Ruby frameworks.

Speakers
avatar for Richard Meester

Richard Meester

Software Engineer, Prevoty
Richard's primary focus is developing solutions for XSS/SQLi detection and protection in the .NET framework.
avatar for Joe Rozner

Joe Rozner

Software Engineer, Prevoty
Joe Rozner is a software engineer at Prevoty where he has built semantic analysis tools, worked to develop new methods to more accurately detect SQL injection and Cross Site Scripting (XSS), and designed novel integration technology leveraging runtime patching. His focus on LangSec and formal languages has allowed him to develop novel approaches to traditionally difficult problems in the security space. In his spare time he’s developed custom... Read More →


Thursday September 24, 2015 3:00pm - 3:55pm
Room C