Injecting Security Into Web Apps With Runtime Patching And Context Learning

Explore cutting-edge web application security techniques in this 55-minute conference talk from nullcon Goa 2017. Delve into Runtime Application Self Protection (RASP) and learn how to implement runtime patching algorithms to secure vulnerable applications against code injection and other logical issues. Discover methods for preventing SQL injection, remote command execution, cross-site scripting, and more through dynamic rule generation and context-aware protection. Compare RASP to traditional Web Application Firewalls (WAFs) and understand its advantages in tackling modern AppSec challenges like session hijacking, Layer 7 DDoS, and credential stuffing. Gain insights into the future of runtime protection and its potential to defend against zero-day vulnerabilities affecting framework and language components.

Intro
AGENDA WHAT THE TALK IS ABOUT?
STATE OF WEB FRAMEWORK SECURITY Remote Os Command Execution - No
APPLICATION SECURITY RULE OF THUMB
RUNTIME APPLICATION SELF DEFENCE
TYPES OF RASP
FOCUS OF RESEARCH
MONKEY PATCHING
LEXICAL ANALYSIS AND TOKEN GENERATION
PREVENTING CODE INJECTION VULNERABILITIES
REMOTE OS COMMAND INJECTION HOOK
REMOTE OS COMMAND INJECTION PROTECT
PREVENTING HEADER INJECTION
FILE UPLOAD PROTECTION
PREVENTING PATH TRAVERSAL
THE RASP ADVANTAGES
BIGGEST ADVANTAGE