Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dynamic App Patching

Jon Rose
January 01, 2010

Dynamic App Patching

Jon Rose

January 01, 2010
Tweet

More Decks by Jon Rose

Other Decks in Technology

Transcript

  1. Agenda( •  The(Problem( •  Iden:fying(Risk( –  Web(App(Scanning( –  Code(Review( • 

    Mi:ga:ng(Risks( –  Code(Patches( –  Web(Applica:on(Firewall( •  A(Blended(Solu:on(
  2. The(Problem( •  Web(apps(have(security(vulnerabili:es( ( •  Feature(deadlines( •  Inexperienced( developers( • 

    Poor(system( administra:on( •  Insecure(defaults( •  Vulnerable(libraries(
  3. AOP(Advice( •  Input/output(valida:on( •  Logging( •  Access(control( •  Error(handling( • 

    Transac:on(management( •  Session(management( Method( AOP(Advice( Method(
  4. Addi:onal(Checks( •  Regularly(checks(config( file(for(insecure(seangs( •  Monitor(files(in(the( webroot( •  Determines(all( applica:on(input(by(

    evalua:ng(applica:on( code( •  Trace(SQL( •  Intercepts(all(requests/ responses( •  Basic(WAF(capability(