Using Language-Theoretics and Runtime Visibility to Align AppSec with DevOps

Explore a comprehensive conference talk from AppSecUSA 2016 that delves into using language-theoretics and runtime visibility to align application security with DevOps practices. Learn about the limitations of traditional security models and discover how Runtime Application Self-Protection (RASP) tools, based on the LANGSEC methodology, can provide developers and security professionals with enhanced visibility into production attacks. Gain insights into the LANGSEC approach, which leverages programming language constructs to address various vulnerability classes. Understand how this innovative method can help bridge the gap between security and DevOps teams, enabling them to work more effectively in tandem. The talk covers topics such as the flaws in traditional security techniques, the principles of Language Security (LANGSEC), practical applications, and runtime SQL analysis, providing a comprehensive overview of this emerging approach to application security.

About
Methodologies
Signatures
Example XSS Regex
Fuzzed Input
Database Regexes
Tautologies
What is LANGSEC?
Practical Applications
Computation 1. LEXER - Generate a series of takens
Example Toolchain
Code & Walkthrough
Grammar Definition
SQLi Tautology Detection
Unit Testing
Expansions
Get Involved
SQL Analysis @ Runtime