YoVDO

Sinking Your Hooks in Applications

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Java Courses Ruby Courses Network Security Courses .NET Courses Middleware Courses Application Security Courses

Course Description

Overview

Explore techniques for enhancing application security through automatic code injection in this 44-minute conference talk from AppSecUSA 2015. Learn how to leverage hooking vulnerable code paths in production applications to introduce additional security layers without requiring developer intervention or application recompilation. Discover specific examples of hooking Java, .NET, and Ruby frameworks as presenters Richard Meester and Joe Rozner demonstrate innovative approaches to combat the challenges of detecting and remediating all vulnerabilities before release. Gain insights into semantic analysis tools, novel integration technology, and runtime patching methods to improve protection against XSS and SQL injection attacks.

Syllabus

Introduction
attackers know this too
current strategies
stop gap
Middleware
Use Cases
Java
Wrapping
HTTP Modules
Network Requests
Finding Hooks
Trampoline Use
Kali and Method Replacement
Efficiency
Demo
Profiling API
Demonstration
Wrapup


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube