YoVDO

Sinking Your Hooks in Applications

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Java Courses Ruby Courses Network Security Courses .NET Courses Middleware Courses Application Security Courses

Course Description

Overview

Explore techniques for enhancing application security through automatic code injection in this 44-minute conference talk from AppSecUSA 2015. Learn how to leverage hooking vulnerable code paths in production applications to introduce additional security layers without requiring developer intervention or application recompilation. Discover specific examples of hooking Java, .NET, and Ruby frameworks as presenters Richard Meester and Joe Rozner demonstrate innovative approaches to combat the challenges of detecting and remediating all vulnerabilities before release. Gain insights into semantic analysis tools, novel integration technology, and runtime patching methods to improve protection against XSS and SQL injection attacks.

Syllabus

Introduction
attackers know this too
current strategies
stop gap
Middleware
Use Cases
Java
Wrapping
HTTP Modules
Network Requests
Finding Hooks
Trampoline Use
Kali and Method Replacement
Efficiency
Demo
Profiling API
Demonstration
Wrapup


Taught by

OWASP Foundation

Related Courses

MongoDB for .NET Developers
MongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera