YoVDO

Sinking Your Hooks in Applications

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Web Development Courses Java Courses Ruby Courses Network Security Courses .NET Courses Middleware Courses Application Security Courses

Course Description

Overview

Explore techniques for enhancing application security through automatic code injection in this 44-minute conference talk from AppSecUSA 2015. Learn how to leverage hooking vulnerable code paths in production applications to introduce additional security layers without requiring developer intervention or application recompilation. Discover specific examples of hooking Java, .NET, and Ruby frameworks as presenters Richard Meester and Joe Rozner demonstrate innovative approaches to combat the challenges of detecting and remediating all vulnerabilities before release. Gain insights into semantic analysis tools, novel integration technology, and runtime patching methods to improve protection against XSS and SQL injection attacks.

Syllabus

Introduction
attackers know this too
current strategies
stop gap
Middleware
Use Cases
Java
Wrapping
HTTP Modules
Network Requests
Finding Hooks
Trampoline Use
Kali and Method Replacement
Efficiency
Demo
Profiling API
Demonstration
Wrapup


Taught by

OWASP Foundation

Related Courses

Algorithms, Part I
Princeton University via Coursera Introduction à la programmation orientée objet (en Java)
École Polytechnique Fédérale de Lausanne via Coursera MongoDB for Java Developers
MongoDB University Initiation à la programmation (en Java)
École Polytechnique Fédérale de Lausanne via Coursera Intro to Java Programming
San Jose State University via Udacity