Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Dynamic App Patching

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Jon Rose Jon Rose
January 01, 2010

Dynamic App Patching

Avatar for Jon Rose

Jon Rose

January 01, 2010
Tweet

More Decks by Jon Rose

Other Decks in Technology

Transcript

  1. Agenda( •  The(Problem( •  Iden:fying(Risk( –  Web(App(Scanning( –  Code(Review( • 

    Mi:ga:ng(Risks( –  Code(Patches( –  Web(Applica:on(Firewall( •  A(Blended(Solu:on(
  2. The(Problem( •  Web(apps(have(security(vulnerabili:es( ( •  Feature(deadlines( •  Inexperienced( developers( • 

    Poor(system( administra:on( •  Insecure(defaults( •  Vulnerable(libraries(
  3. AOP(Advice( •  Input/output(valida:on( •  Logging( •  Access(control( •  Error(handling( • 

    Transac:on(management( •  Session(management( Method( AOP(Advice( Method(
  4. Addi:onal(Checks( •  Regularly(checks(config( file(for(insecure(seangs( •  Monitor(files(in(the( webroot( •  Determines(all( applica:on(input(by(

    evalua:ng(applica:on( code( •  Trace(SQL( •  Intercepts(all(requests/ responses( •  Basic(WAF(capability(