SlideShare una empresa de Scribd logo

AppSensor Near Real-Time Event Detection and Response - DevNexus 2016

J
jtmelton

AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications. There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.

Tecnología
1 de 85
Descargar para leer sin conexión
AppSensor ~real-time event detection and response
me • appsensor dev lead (OWASP) • dev / security ! • twitter: @_jtmelton • email: jtmelton at gmail.com • github: jtmelton
agenda • history (recent) • motivations / problems • solution / tech • future / wrap-up
thesis: ! modern secure applications protect themselves against attackers
history
~5 yrs ago dev • mostly web apps [RoR, PHP, .NET, Java) • ajax (jquery) use growing • mobile just getting started • deployment to VMs • hadoop picking up • BI tools • AWS starting • cloud hype cycle (NIST defines)
~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile
~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile 1 .. * of [scale, speed, cloud, lack of environmental access]
(brief) history
- LinkedIn, March 2015 “the Kafka ecosystem at LinkedIn is sent over 800 billion* messages per day.. At the busiest times of day, we are receiving over 13 million messages per second.” * Update (Sept 2015) : 1.1 Trillion messages per day
last ~5 yrs security • 3rd party libs (dep-check) • bug bounties • sast / dast evolve (ZAP) • iast / rasp • http security headers • automatic encoding (JXT) • *-monkey -NetflixOSS • bdd-security/gauntlt • ci/cd plugins • 2fa • osquery 1 .. * of [scale, speed, cloud, lack of environmental access]
dev vs. security • dev is exploiting fundamental architectural and deployment changes to add business value ! • security is iterating on existing solutions - and - trying to close gaps (known problems)
security ~5 yrs ago vs today ?
motivations
“security” • confidentiality and integrity important • availability often ignored by security (informs the whole industry- eg. tooling) • if availability important, runtime important
http://i.imgur.com/TdtgvtW.png
your environment • how many concurrent users do you have right now? • what are your users doing in the app?
https://github.com/aphyr/jepsen-talks/blob/master/2015/goto/goto.pdf
Security defects are a subset of all defects
catching defects • what do dev/qa do for functionality? • test [unit, integration, system, manual, tools] • what do attackers do for security? • test [automated tools, manual]
observations • attackers do bad things • bad things often easily recognizable (to you) • attacker success often* requires > 1 attempt * If not, you lose
robbing a bank Physical Controls Electronic Monitoring Human Monitoring Instant Detection and Response Controlled Access Multi Factor Auth Transaction Verification
would you bank here? Alternate Admin Access Partial External Controls Ineffective Monitoring No Real Time Analysis Unnecessary Partner Trust No Response Capability Single Factor Auth Limited Security Training
http://worth1000.s3.amazonaws.com/submissions/414000/414200_9830_1024x2000.jpg
defender’s dilemma • attacker needs ONE successful attack • defender must defend ALL attacks ! • NOTE: you are defenders
on people • 18.2 million devs • 200K security (all, not appsec only) • ~ 1.1 sec : 100 dev ! • 1.75 sec : 100 dev (bsimm)
security modern dev • polyglot static and dynamic languages • microservices / soa • json, thrift, protobuf, etc. endpoints • WebAssembly ??? • a single mature, static language • monolith • http (really html) endpoints
in summary … • “traditional” security, dev, ops doesn’t know what’s going on in the app at runtime • security defects exist • attackers don’t magically know what’s vulnerable • existing “monitoring” usually terrible • there will never be enough “security” people • “traditional” security tooling doesn’t fit modern dev • actual defense is _really_ hard
the pitch ! (a humble proposal)
having to deal with [scale, speed, cloud, lack of environmental access].. ! ..this as of now incomplete transition.. ! ..represents an enormous opportunity for security
the pitch • in addition to a secure SDLC … (ie. > 1 request/attack) ! • figure out what’s happening at runtime • make intrusion detection primitives available in app • exploit automated response > manual response • stop attacker before success • get self-protecting applications and valuable intel X success AppSensor
X
prior work • Network IDS (Denning, * others, NIST SP800-94) • Intrusion prevention • Fraud detection • Rules engines, Risk analysis/reduction, HIDS
terminology • event - suspicious • attack - malicious (1 .. * events) • response - take action (1 .. 1 attack) • detection point - activity category (e.g. cookie modification)
the tech
Architecture
• picture 1
Correlation
Adding Detection Points
adding detection points • manually • reverse proxy • owasp aside
manual POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
manual POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
manual POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
manual @POST public Response transfer( String from, String to, String amount) { ! transfer(from, to, amount); ! return Response.ok(); }
manual @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } ! return Response.ok(); }
manual @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } else {! showErrorPage();! // normal error handling! }! ! return Response.ok(); }
manual @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } else {! ! appsensor.addEvent( new Event(currentUser, "ACE2") );! showErrorPage(); // normal error handling! }! ! return Response.ok(); }
appsensor-reverse-proxy
appsensor-reverse-proxy • written in go • blocks requests • canned detection points (toggle-able) • easily extendable • https://github.com/jtmelton/appsensor- reverse-proxy
OWASP ASIDE • UNCC SIS project • secure programming IDE plugin • educational component • https://www.owasp.org/index.php/ OWASP_ASIDE_Project
OWASP ASIDE • eclipse IDE • reminder icon or highlight • drop down list of applicable sensors • auto-insertion of ASIDE sensor APIs and code refactoring
OWASP ASIDE
OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
OWASP ASIDE It  not  only  captures  the  context   informaFon  (e.g.  the  sensor  event  is   from  username  field),  but  also   records  that  the  sensor  event  is  due   to  an  exceedingly  lengthy  input.  
Detec%on(Point(Type( Detec%on(Points(Covered( Authen'ca'onExcep'on. AE4:.Unexpected.Quan'ty.of.Characters.in.Username. AE5:.Unexpected.Quan'ty.of.Characters.in.Password. AE6:.Unexpected.Type.of.Character.in.Username. AE7:.Unexpected.Type.of.Character.in.Password. InputExcep'on. IE1:.Cross.Site.Scrip'ng.AEempt. EncodingExcep'on. EE1:.Double.Encoded.Character. EE2:.Unexpected.Encoding.Used. CommandInjec'onExcep 'on. CIE1:.Blacklist.Inspec'on.for.Common.SQL.Injec'on.Values. Detec%on(Points(Picked( Corresponding(ASIDE(APIs( AE4:%Unexpected%Quan1ty% of%Characters%in%Username% AE5:%Unexpected%Quan1ty% of%Characters%in%Password% Java.lang.String% ASIDE.Quan%tyExcep%onSensor(Java.lang.String%parameter)% AE6:%Unexpected%Type%of% Character%in%Username% AE7:%Unexpected%Type%of% Character%in%Password% Java.lang.String% ASIDE.TypeExcep%onSensor(Java.lang.String%parameter)% IE1:%Cross%Site%Scrip1ng% AKempt% Java.lang.String% ASIDE.XSSSensor(Java.lang.String%parameter)% EE1:%Double%Encoded% Character% EE2:%Unexpected%Encoding% Used% Java.lang.String% ASIDE.EncodingExcep%onSensor(Java.lang.String%parameter)% CIE1:%Blacklist%Inspec1on%for% Common%SQL%Injec1on% Values% Java.lang.String% ASIDE.SQLInjec%onSensor(Java.lang.String%parameter)%
Viewing Data
owasp SoC sprint • Sumanth Damarla • appsensor -> ELK stack • appsensor -> influxdb -> grafana
owasp SoC sprint
owasp SoC sprint
machine learning • very simple analysis • generated demo dataset for 1-week • build base model • look for “anomalies”
appsensor-ui • spring boot + reactjs • simple dashboards / trends
future plans
future • reverse proxy • appsensor-ui • framework integration for detection points (spring security exists, add others) • analysis engines - 2 grad students (David Scrobonia, Kelvin Brown Bomah) doing projects here (rules and ML) • ???
you • help wanted! • plenty of places to contribute and improve • friendly, helpful community • https://github.com/jtmelton/appsensor/issues • https://www.owasp.org/index.php/ OWASP_AppSensor_Project#tab=Road_Map_ and_Getting_Involved
wrap-up
related projects • repsheet • ensnare • fido • riemann • elastalert
pick a tool (or 2) … ! but use the idea
contributors • https://www.owasp.org/index.php/ OWASP_AppSensor_Project#tab=Acknowledgements
links • https://www.owasp.org/index.php/ OWASP_AppSensor_Project • http://appsensor.org/ • https://github.com/jtmelton/appsensor
?

Recomendados

AppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and ResponseAppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and Responsejtmelton
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
AppSensor CodeMash 2017
AppSensor CodeMash 2017AppSensor CodeMash 2017
AppSensor CodeMash 2017jtmelton
 
Owasp appsensor self-protecting applications
Owasp appsensor self-protecting applicationsOwasp appsensor self-protecting applications
Owasp appsensor self-protecting applicationsRaphaël Taban
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsJames '​-- Mckinlay
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0Dinis Cruz
 
App sec and quality london - may 2016 - v0.5
App sec and quality london - may 2016 - v0.5App sec and quality london - may 2016 - v0.5
App sec and quality london - may 2016 - v0.5Dinis Cruz
 

Recomendados

AppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and ResponseAppSensor - Near Real Time Event Detection and Response
AppSensor - Near Real Time Event Detection and Responsejtmelton
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
AppSensor CodeMash 2017
AppSensor CodeMash 2017AppSensor CodeMash 2017
AppSensor CodeMash 2017jtmelton
 
Owasp appsensor self-protecting applications
Owasp appsensor self-protecting applicationsOwasp appsensor self-protecting applications
Owasp appsensor self-protecting applicationsRaphaël Taban
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsJames '​-- Mckinlay
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0New Era of Software with modern Application Security v1.0
New Era of Software with modern Application Security v1.0Dinis Cruz
 
App sec and quality london - may 2016 - v0.5
App sec and quality london - may 2016 - v0.5App sec and quality london - may 2016 - v0.5
App sec and quality london - may 2016 - v0.5Dinis Cruz
 
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...Abhay Bhargav
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6Dinis Cruz
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationAbhay Bhargav
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery WorldDinis Cruz
 
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Dinis Cruz
 
Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Atlassian
 
Null singapore - Mobile Security Essentials
Null singapore - Mobile Security EssentialsNull singapore - Mobile Security Essentials
Null singapore - Mobile Security EssentialsSven Schleier
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.Matt Tesauro
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Security champions v1.0
Security champions v1.0Security champions v1.0
Security champions v1.0Dinis Cruz
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual TestingDenim Group
 
Making security-agile matt-tesauro
Making security-agile matt-tesauroMaking security-agile matt-tesauro
Making security-agile matt-tesauroMatt Tesauro
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsSumo Logic
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDSparsh Raj
 
DevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileDevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileMatt Tesauro
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOpsFelicia Haggarty
 
NodeJS security - still unsafe at most speeds - v1.0
NodeJS security - still unsafe at most speeds - v1.0NodeJS security - still unsafe at most speeds - v1.0
NodeJS security - still unsafe at most speeds - v1.0Dinis Cruz
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterMatt Tesauro
 
What is dev ops?
What is dev ops?What is dev ops?
What is dev ops?Mukta Aphale
 
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...Márton Kodok
 

Más contenido relacionado

La actualidad más candente

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...Abhay Bhargav
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Dinis Cruz
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6Dinis Cruz
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationAbhay Bhargav
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery WorldDinis Cruz
 
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Dinis Cruz
 
Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Atlassian
 
Null singapore - Mobile Security Essentials
Null singapore - Mobile Security EssentialsNull singapore - Mobile Security Essentials
Null singapore - Mobile Security EssentialsSven Schleier
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.Matt Tesauro
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Security champions v1.0
Security champions v1.0Security champions v1.0
Security champions v1.0Dinis Cruz
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual TestingDenim Group
 
Making security-agile matt-tesauro
Making security-agile matt-tesauroMaking security-agile matt-tesauro
Making security-agile matt-tesauroMatt Tesauro
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsSumo Logic
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDSparsh Raj
 
DevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileDevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileMatt Tesauro
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOpsFelicia Haggarty
 
NodeJS security - still unsafe at most speeds - v1.0
NodeJS security - still unsafe at most speeds - v1.0NodeJS security - still unsafe at most speeds - v1.0
NodeJS security - still unsafe at most speeds - v1.0Dinis Cruz
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterMatt Tesauro
 

La actualidad más candente (20)

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
 
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 PresentationThreat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
Threat-Modeling-as-Code: ThreatPlaybook AppSecUSA 2018 Presentation
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security Agile
 
Security in a Continuous Delivery World
Security in a Continuous Delivery WorldSecurity in a Continuous Delivery World
Security in a Continuous Delivery World
 
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
Start with passing tests (tdd for bugs) v0.5 (22 sep 2016)
 
Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011Get Ready for JIRA 5 - AtlasCamp 2011
Get Ready for JIRA 5 - AtlasCamp 2011
 
Null singapore - Mobile Security Essentials
Null singapore - Mobile Security EssentialsNull singapore - Mobile Security Essentials
Null singapore - Mobile Security Essentials
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Security champions v1.0
Security champions v1.0Security champions v1.0
Security champions v1.0
 
Blending Automated and Manual Testing
Blending Automated and Manual TestingBlending Automated and Manual Testing
Blending Automated and Manual Testing
 
Making security-agile matt-tesauro
Making security-agile matt-tesauroMaking security-agile matt-tesauro
Making security-agile matt-tesauro
 
You Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOpsYou Build It, You Secure It: Introduction to DevSecOps
You Build It, You Secure It: Introduction to DevSecOps
 
OpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATEDOpenSourceSecurityTools - UPDATED
OpenSourceSecurityTools - UPDATED
 
DevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileDevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone Agile
 
8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps8 Tips for Deploying DevSecOps
8 Tips for Deploying DevSecOps
 
NodeJS security - still unsafe at most speeds - v1.0
NodeJS security - still unsafe at most speeds - v1.0NodeJS security - still unsafe at most speeds - v1.0
NodeJS security - still unsafe at most speeds - v1.0
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
 

Destacado

VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...Márton Kodok
 
Sprint 49 review
Sprint 49 reviewSprint 49 review
Sprint 49 reviewManageIQ
 
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...VMware Tanzu
 
Performance Benchmarking of Clouds Evaluating OpenStack
Performance Benchmarking of Clouds Evaluating OpenStackPerformance Benchmarking of Clouds Evaluating OpenStack
Performance Benchmarking of Clouds Evaluating OpenStackPradeep Kumar
 
Exponentiële groei v2
Exponentiële groei v2Exponentiële groei v2
Exponentiële groei v2guest6b41899
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCohesive Networks
 
150430 regiosessie corv_almelo
150430 regiosessie corv_almelo150430 regiosessie corv_almelo
150430 regiosessie corv_almeloKING
 
JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...
JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...
JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...Leonardo De Moura Rocha Lima
 
E-commerce Berlin Expo - Divante - Anna Lankauf
E-commerce Berlin Expo - Divante - Anna LankaufE-commerce Berlin Expo - Divante - Anna Lankauf
E-commerce Berlin Expo - Divante - Anna LankaufE-Commerce Berlin EXPO
 
(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New InfrastructureAmazon Web Services
 
Evolutions et nouveaux outils SEO
Evolutions et nouveaux outils SEOEvolutions et nouveaux outils SEO
Evolutions et nouveaux outils SEODimitri Brunel
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cohesive Networks
 
Catálogo 15 16 elksport
Catálogo 15 16 elksportCatálogo 15 16 elksport
Catálogo 15 16 elksportElk Sport
 
Complex realtime event analytics using BigQuery @Crunch Warmup
Complex realtime event analytics using BigQuery @Crunch WarmupComplex realtime event analytics using BigQuery @Crunch Warmup
Complex realtime event analytics using BigQuery @Crunch WarmupMárton Kodok
 
Retelling nonfiction
Retelling nonfictionRetelling nonfiction
Retelling nonfictionEmily Kissner
 
Performance monitoring and call tracing in microservice environments
Performance monitoring and call tracing in microservice environmentsPerformance monitoring and call tracing in microservice environments
Performance monitoring and call tracing in microservice environmentsMartin Gutenbrunner
 

Destacado (20)

What is dev ops?
What is dev ops?What is dev ops?
What is dev ops?
 
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
VoxxedDays Bucharest 2017 - Powering interactive data analysis with Google Bi...
 
Arquitecturas de microservicios - Medianet Software
Arquitecturas de microservicios - Medianet SoftwareArquitecturas de microservicios - Medianet Software
Arquitecturas de microservicios - Medianet Software
 
Sprint 49 review
Sprint 49 reviewSprint 49 review
Sprint 49 review
 
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
How to Build a High Performance Application Using Cloud Foundry and Redis (Cl...
 
Performance Benchmarking of Clouds Evaluating OpenStack
Performance Benchmarking of Clouds Evaluating OpenStackPerformance Benchmarking of Clouds Evaluating OpenStack
Performance Benchmarking of Clouds Evaluating OpenStack
 
Veselík 1
Veselík 1Veselík 1
Veselík 1
 
Exponentiële groei v2
Exponentiële groei v2Exponentiële groei v2
Exponentiële groei v2
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
 
150430 regiosessie corv_almelo
150430 regiosessie corv_almelo150430 regiosessie corv_almelo
150430 regiosessie corv_almelo
 
JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...
JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...
JavaOne 2017 - Choosing a NoSQL API and Database to Avoid Tombstones and Drag...
 
E-commerce Berlin Expo - Divante - Anna Lankauf
E-commerce Berlin Expo - Divante - Anna LankaufE-commerce Berlin Expo - Divante - Anna Lankauf
E-commerce Berlin Expo - Divante - Anna Lankauf
 
(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure(ARC401) Cloud First: New Architecture for New Infrastructure
(ARC401) Cloud First: New Architecture for New Infrastructure
 
Evolutions et nouveaux outils SEO
Evolutions et nouveaux outils SEOEvolutions et nouveaux outils SEO
Evolutions et nouveaux outils SEO
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
 
Catálogo 15 16 elksport
Catálogo 15 16 elksportCatálogo 15 16 elksport
Catálogo 15 16 elksport
 
Elk stack
Elk stackElk stack
Elk stack
 
Complex realtime event analytics using BigQuery @Crunch Warmup
Complex realtime event analytics using BigQuery @Crunch WarmupComplex realtime event analytics using BigQuery @Crunch Warmup
Complex realtime event analytics using BigQuery @Crunch Warmup
 
Retelling nonfiction
Retelling nonfictionRetelling nonfiction
Retelling nonfiction
 
Performance monitoring and call tracing in microservice environments
Performance monitoring and call tracing in microservice environmentsPerformance monitoring and call tracing in microservice environments
Performance monitoring and call tracing in microservice environments
 

Similar a AppSensor Near Real-Time Event Detection and Response - DevNexus 2016

AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorjtmelton
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with PythonAbhay Bhargav
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
How not to fall into the DevSecOps trap
How not to fall into the DevSecOps trapHow not to fall into the DevSecOps trap
How not to fall into the DevSecOps trapMatteo Emili
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 
HouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchHouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchSpencer Koch
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)Rich Mills
 
михаил дударев
михаил дударевмихаил дударев
михаил дударевapps4allru
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller
 
Owasp tds
Owasp tdsOwasp tds
Owasp tdssnyff
 

Similar a AppSensor Near Real-Time Event Detection and Response - DevNexus 2016 (20)

AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensor
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Python
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
How not to fall into the DevSecOps trap
How not to fall into the DevSecOps trapHow not to fall into the DevSecOps trap
How not to fall into the DevSecOps trap
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
HouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchHouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from Scratch
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
Owasp tds
Owasp tdsOwasp tds
Owasp tds
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

AppSensor Near Real-Time Event Detection and Response - DevNexus 2016

  • 2. me • appsensor dev lead (OWASP) • dev / security ! • twitter: @_jtmelton • email: jtmelton at gmail.com • github: jtmelton
  • 3. agenda • history (recent) • motivations / problems • solution / tech • future / wrap-up
  • 5.
  • 7. ~5 yrs ago dev • mostly web apps [RoR, PHP, .NET, Java) • ajax (jquery) use growing • mobile just getting started • deployment to VMs • hadoop picking up • BI tools • AWS starting • cloud hype cycle (NIST defines)
  • 8. ~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile
  • 9. ~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile 1 .. * of [scale, speed, cloud, lack of environmental access]
  • 11.
  • 12. - LinkedIn, March 2015 “the Kafka ecosystem at LinkedIn is sent over 800 billion* messages per day.. At the busiest times of day, we are receiving over 13 million messages per second.” * Update (Sept 2015) : 1.1 Trillion messages per day
  • 13. last ~5 yrs security • 3rd party libs (dep-check) • bug bounties • sast / dast evolve (ZAP) • iast / rasp • http security headers • automatic encoding (JXT) • *-monkey -NetflixOSS • bdd-security/gauntlt • ci/cd plugins • 2fa • osquery 1 .. * of [scale, speed, cloud, lack of environmental access]
  • 14. dev vs. security • dev is exploiting fundamental architectural and deployment changes to add business value ! • security is iterating on existing solutions - and - trying to close gaps (known problems)
  • 15. security ~5 yrs ago vs today ?
  • 17. “security” • confidentiality and integrity important • availability often ignored by security (informs the whole industry- eg. tooling) • if availability important, runtime important
  • 19. your environment • how many concurrent users do you have right now? • what are your users doing in the app?
  • 21. Security defects are a subset of all defects
  • 22.
  • 23.
  • 24. catching defects • what do dev/qa do for functionality? • test [unit, integration, system, manual, tools] • what do attackers do for security? • test [automated tools, manual]
  • 25.
  • 26. observations • attackers do bad things • bad things often easily recognizable (to you) • attacker success often* requires > 1 attempt * If not, you lose
  • 27. robbing a bank Physical Controls Electronic Monitoring Human Monitoring Instant Detection and Response Controlled Access Multi Factor Auth Transaction Verification
  • 28. would you bank here? Alternate Admin Access Partial External Controls Ineffective Monitoring No Real Time Analysis Unnecessary Partner Trust No Response Capability Single Factor Auth Limited Security Training
  • 30. defender’s dilemma • attacker needs ONE successful attack • defender must defend ALL attacks ! • NOTE: you are defenders
  • 31. on people • 18.2 million devs • 200K security (all, not appsec only) • ~ 1.1 sec : 100 dev ! • 1.75 sec : 100 dev (bsimm)
  • 32. security modern dev • polyglot static and dynamic languages • microservices / soa • json, thrift, protobuf, etc. endpoints • WebAssembly ??? • a single mature, static language • monolith • http (really html) endpoints
  • 33. in summary … • “traditional” security, dev, ops doesn’t know what’s going on in the app at runtime • security defects exist • attackers don’t magically know what’s vulnerable • existing “monitoring” usually terrible • there will never be enough “security” people • “traditional” security tooling doesn’t fit modern dev • actual defense is _really_ hard
  • 35. having to deal with [scale, speed, cloud, lack of environmental access].. ! ..this as of now incomplete transition.. ! ..represents an enormous opportunity for security
  • 36. the pitch • in addition to a secure SDLC … (ie. > 1 request/attack) ! • figure out what’s happening at runtime • make intrusion detection primitives available in app • exploit automated response > manual response • stop attacker before success • get self-protecting applications and valuable intel X success AppSensor
  • 37. X
  • 38. prior work • Network IDS (Denning, * others, NIST SP800-94) • Intrusion prevention • Fraud detection • Rules engines, Risk analysis/reduction, HIDS
  • 39. terminology • event - suspicious • attack - malicious (1 .. * events) • response - take action (1 .. 1 attack) • detection point - activity category (e.g. cookie modification)
  • 43.
  • 45.
  • 46.
  • 47.
  • 49. adding detection points • manually • reverse proxy • owasp aside
  • 50. manual POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
  • 51. manual POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
  • 52. manual POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
  • 53. manual @POST public Response transfer( String from, String to, String amount) { ! transfer(from, to, amount); ! return Response.ok(); }
  • 54. manual @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } ! return Response.ok(); }
  • 55. manual @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } else {! showErrorPage();! // normal error handling! }! ! return Response.ok(); }
  • 56. manual @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } else {! ! appsensor.addEvent( new Event(currentUser, "ACE2") );! showErrorPage(); // normal error handling! }! ! return Response.ok(); }
  • 58. appsensor-reverse-proxy • written in go • blocks requests • canned detection points (toggle-able) • easily extendable • https://github.com/jtmelton/appsensor- reverse-proxy
  • 59. OWASP ASIDE • UNCC SIS project • secure programming IDE plugin • educational component • https://www.owasp.org/index.php/ OWASP_ASIDE_Project
  • 60. OWASP ASIDE • eclipse IDE • reminder icon or highlight • drop down list of applicable sensors • auto-insertion of ASIDE sensor APIs and code refactoring
  • 62. OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
  • 63. OWASP ASIDE It  not  only  captures  the  context   informaFon  (e.g.  the  sensor  event  is   from  username  field),  but  also   records  that  the  sensor  event  is  due   to  an  exceedingly  lengthy  input.  
  • 64. Detec%on(Point(Type( Detec%on(Points(Covered( Authen'ca'onExcep'on. AE4:.Unexpected.Quan'ty.of.Characters.in.Username. AE5:.Unexpected.Quan'ty.of.Characters.in.Password. AE6:.Unexpected.Type.of.Character.in.Username. AE7:.Unexpected.Type.of.Character.in.Password. InputExcep'on. IE1:.Cross.Site.Scrip'ng.AEempt. EncodingExcep'on. EE1:.Double.Encoded.Character. EE2:.Unexpected.Encoding.Used. CommandInjec'onExcep 'on. CIE1:.Blacklist.Inspec'on.for.Common.SQL.Injec'on.Values. Detec%on(Points(Picked( Corresponding(ASIDE(APIs( AE4:%Unexpected%Quan1ty% of%Characters%in%Username% AE5:%Unexpected%Quan1ty% of%Characters%in%Password% Java.lang.String% ASIDE.Quan%tyExcep%onSensor(Java.lang.String%parameter)% AE6:%Unexpected%Type%of% Character%in%Username% AE7:%Unexpected%Type%of% Character%in%Password% Java.lang.String% ASIDE.TypeExcep%onSensor(Java.lang.String%parameter)% IE1:%Cross%Site%Scrip1ng% AKempt% Java.lang.String% ASIDE.XSSSensor(Java.lang.String%parameter)% EE1:%Double%Encoded% Character% EE2:%Unexpected%Encoding% Used% Java.lang.String% ASIDE.EncodingExcep%onSensor(Java.lang.String%parameter)% CIE1:%Blacklist%Inspec1on%for% Common%SQL%Injec1on% Values% Java.lang.String% ASIDE.SQLInjec%onSensor(Java.lang.String%parameter)%
  • 66. owasp SoC sprint • Sumanth Damarla • appsensor -> ELK stack • appsensor -> influxdb -> grafana
  • 69. machine learning • very simple analysis • generated demo dataset for 1-week • build base model • look for “anomalies”
  • 70.
  • 71. appsensor-ui • spring boot + reactjs • simple dashboards / trends
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 78. future • reverse proxy • appsensor-ui • framework integration for detection points (spring security exists, add others) • analysis engines - 2 grad students (David Scrobonia, Kelvin Brown Bomah) doing projects here (rules and ML) • ???
  • 79. you • help wanted! • plenty of places to contribute and improve • friendly, helpful community • https://github.com/jtmelton/appsensor/issues • https://www.owasp.org/index.php/ OWASP_AppSensor_Project#tab=Road_Map_ and_Getting_Involved
  • 81. related projects • repsheet • ensnare • fido • riemann • elastalert
  • 82. pick a tool (or 2) … ! but use the idea
  • 85. ?