This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Join us at OWASP AppSec APAC 2014 !!
View analytic
Thursday, March 20 • 1:40pm - 2:30pm
1 user, 10 places, 100 seconds

Sign up or log in to save this to your schedule and see who's attending!



Imagine: a user authenticates from ten places around the world-all in 100 seconds. We show how runtime agents can extract the information needed to block this and other attacks.

SIEM solutions have excellent visibility at the network layer, but have at best mediocre visibility into applications running on the network. Until now, if these applications were not designed and developed with security logging in mind, they were a black box to security analysts. In this talk we detail a runtime-agent based approach for gathering detailed security logs from existing applications and discuss use cases for correlating this information with other sources of security events to profile users and reduce risk. Visibility into application-layer security events is broadly important for understanding the threats faced by software, but becomes even more interesting when events can be tied to active users.
We discuss challenges involved in retrofitting applications to produce more security-relevant logs and show how runtime agents present a viable solution. We detail the capabilities of an agent-based approach ranging from automatically capturing login events in applications that use standard authentication frameworks to capturing business-specific events in proprietary code. We conclude with a lengthy discussion of correlation techniques for combining application-layer events with other security insights to address a number of real-world monitoring scenarios.

avatar for Matias Madou

Matias Madou

Research Lead, HP
Matias Madou is Research Lead for HP Security Research (HPSR). He leads the product research for the Agent based solutions (called HP Fortify Runtime products). In his role, he creates proof-of-concepts to fill specific holes in the marketplace after which he helps to generalize and productize the solution. His research not only led to successful stand-alone Fortify products, but also cross pillar Fortify-ArcSight products. | | When he’s... Read More →

Thursday March 20, 2014 1:40pm - 2:30pm
Secure Your Site Hall(HALL WEST)

Attendees (18)