Your SlideShare is downloading. ×
Opa @ owasp 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Opa @ owasp 2010

1,456
views

Published on

Web applications and services have critical needs in terms of safety, security and privacy: they need to remain available constantly and can at any time be the object of attacks by malicious and …

Web applications and services have critical needs in terms of safety, security and privacy: they need to remain available constantly and can at any time be the object of attacks by malicious and anonymous distant users attempting to take control, alter data or steal it, or cause unwanted behaviors. Unfortunately, recent history shows numerous cases of popular web applications falling victim to such attacks, despite careful attempts to secure them.

In this talk, we introduce OPA (One Pot Application), a new platform based on formal methods, designed to make web development sane, safe and secure. OPA provides an integrated methodology where the complete application is written with one simple language with consistent semantics, enforces safe use of the infrastructure through compile-time static checking and a novel programming paradigm suited to the web and encourages correct-by-construction development.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,456
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 7 years project coming to fruition
    I had to swear upon everything I hold sacred that I would not attempt to sell anything to you. So, I’m going to do by something else. I’m going to steal one of yesterday’s presentations.






  • I’d like to introduce you to a concept that may be new to some in this room. In technical terms, we call it a web application.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.
  • And if you want to know the scary thing? Assuming you have secured all of these pipes, you haven’t even started securing your application itself.

    Ok, if you’re like me, at this stage, you’re starting to wonder just exactly where things went wrong. Well, I have one possible explanation. We’re in a 21st setting and we’re still using programming languages designed for command-line applications or desktop applications, and stacks of unrelated and mismatched technologies, to which we add plenty of glue. And when security issues appear, because they have to appear, we’re addressing them with what? With patches and sandboxing.





































































































  • Transcript

    • 1. OPA: Language Support for a Sane, Safe and Secure Web David Rajchenbach-Teller Head of R&D MLstate David.Teller@mlstate.com OWASP twitter.com/mlstate +33 1 55 43 76 55 June 24th, 2010 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org
    • 2. What Automated Solutions Miss What it’s all about !!Theoretical "!Logic flaws (business and application) "!Design flaws "!The Stupid !!Practical "!Difficulty interacting with Rich Internet Applications (RIA) "!Complex variants of common attacks (SQL Injection, XSS, etc) "!Cross-Site Request Forgery (CSRF) "!Uncommon or custom infrastructure "!Authorization enforcement "!Abstract information leakage OWASP OWASP 26
    • 3. What it’s all about What Automated Solutions Miss !!Theoretical "!Logic flaws (business and application) "!Design flaws "!The Stupid !!Practical "!Difficulty interacting with Rich Internet Applications (RIA) "!Complex variants of common attacks (SQL Injection, XSS, etc) "!Cross-Site Request Forgery (CSRF) "!Uncommon or custom infrastructure "!Authorization enforcement "!Abstract information leakage OWASP 6 “Automated vs. Manual: You can’t filter The Stupid” Charles Henderson, David Byrne AppSec DC 2009 + 2010 OWASP 2
    • 4. What it’s all about What Automated Solutions Miss !!Theoretical "!Logic flaws (business and application) "!Design flaws "!The Stupid !!Practical "!Difficulty interacting with Rich Internet Applications (RIA) "!Complex variants of common attacks (SQL Injection, XSS, etc) "!Cross-Site Request Forgery (CSRF) "!Uncommon or custom infrastructure "!Authorization enforcement "!Abstract information leakage OWASP 6 “Automated vs. Manual: You can’t filter The Stupid” Charles Henderson, David Byrne AppSec DC 2009 + 2010 “Oh, yeah?” The MLstate team AppSec Research 2010 OWASP 2
    • 5. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 3
    • 6. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 3
    • 7. Web Applications (high-level design) Logics App App Storage Delivery UI User User OWASP 4
    • 8. Web Applications (what we see) JavaScript Web Web Browser Server PHP? Language Database OWASP 5
    • 9. Web Applications (what we see) Web Server JavaScript Web Web Web Browser Web Server Server Server PHP? +scripts Who knows? Web Language Language Framework Browser Database Database Database Java? Language OWASP 5
    • 10. Web Applications (what we see) Web Server JavaScript Config Web Web Web error? Browser Web Server Server Server PHP? +scripts Who knows? Config Web error? Language Language Framework Browser Config error? Config Database error? Database Database Java? Language OWASP 5
    • 11. Web Applications (what we see) Web Server Protocol JavaScript ? Config Web Web Web error? Browser Protocol Web Server ? Server Server PHP? +scripts Who knows? Config Web error? Language Language Framework Browser Config error? Protocol Protocol ? ? Config Database error? Database Database Java? Language OWASP 5
    • 12. Web Applications (what we see) Web Server Protocol CSRF exploit Protocol JavaScript ? Info leak Config Web Web Web error? Browser Protocol Web Server Sniffing ? Server Server Data injection Memory injection PHP? +scripts Who knows? Config Web XSS error? Language injection SQL Language Framework Browser injection Config error? Protocol Protocol ? Memory Contami ? injection nation Config Database error? Database Database Java? Language OWASP 5
    • 13. Web Applications (what we see) Web Server Protocol CSRF exploit Protocol JavaScript ? Info leak Contami Config Web Web Web nation error? Browser Protocol Web Server Sniffing ? Server Server Data injection Memory injection PHP? +scripts Protocol Who exploit Known knows? Config Web XSS error? exploit Language injection SQL Language Framework Browser Protocol injection exploit Config error? Protocol Protocol ? Memory Contami ? injection nation Config + Phishing Database error? Protocol + (D)DoS, economic (D)DoS Database Database Java? exploit + Flash, Silverlight, Gears, XPCOM, Language Java(FX), NativeClient, Acrobat, QT... + Keyloggers + ... OWASP 5
    • 14. The general idea OWASP 6
    • 15. The general idea “If you can’t solve the problem, change the problem.” Ferengi Rule of Acquisition #408 OWASP 6
    • 16. The general idea “If you can’t solve the problem, change the problem.” Ferengi Rule of Acquisition #408 “What if the problem is that Joe User is stupid?” (Joe Developer) OWASP 6
    • 17. The general idea “If you can’t solve the problem, change the problem.” Ferengi Rule of Acquisition #408 “What if the problem is that Joe User is stupid?” (Joe Developer) “It’s not him, it’s you. You should design your tool so that Joe can’t do anything stupid.” Ferengi Rule of Acquisition #408, contd. OWASP 6
    • 18. The general idea “If you can’t solve the problem, change the problem.” Ferengi Rule of Acquisition #408 “What if the problem is that Joe User is stupid?” (Joe Developer) “It’s not him, it’s you. You should design your tool so that Joe can’t do anything stupid.” Ferengi Rule of Acquisition #408, contd. “What if the problem is that Joe Developer is stupid?” (Joe Meta-Developer) OWASP 6
    • 19. The general idea “If you can’t solve the problem, change the problem.” Ferengi Rule of Acquisition #408 “What if the problem is that Joe User is stupid?” (Joe Developer) “It’s not him, it’s you. You should design your tool so that Joe can’t do anything stupid.” Ferengi Rule of Acquisition #408, contd. “What if the problem is that Joe Developer is stupid?” (Joe Meta-Developer) “Haven’t I answered that question already?” Ferengi Rule of Acquisition #408, contd. “...oh, and don’t forget to make sure that Joe can still use the tools!” Ferengi Rule of Acquisition #408, contd. OWASP 6
    • 20. Web applications (with OPA) Logics OPA App App Storage Delivery UI User User OWASP 7
    • 21. Web applications (with OPA) Logics OPA App App Storage Delivery UI User User OWASP 7
    • 22. Web applications (with OPA) Logics OPA App App Untrusted Storage Delivery UI User User OWASP 7
    • 23. General OPA design OWASP 8
    • 24. General OPA design Clean-slate design Based on formal methods Safe languages from the bottom up OWASP 8
    • 25. General OPA design Clean-slate design Based on formal methods Safe languages from the bottom up One language for the whole application Glue & checks generated automatically No impedance mismatch OWASP 8
    • 26. General OPA design Clean-slate design Based on formal methods Safe languages from the bottom up One language for the whole application Glue & checks generated automatically No impedance mismatch “Just” a distributed system In which not all principals are trusted And communications use web standards Security is (mostly) automatic OWASP 8
    • 27. General OPA design Joe doesn’t need to know Clean-slate design Based on formal methods Safe languages from the bottom up One language for the whole application Simpler than LAMP Glue & checks generated automatically No impedance mismatch “Just” a distributed system Joe doesn’t need to know In which not all principals are trusted And communications use web standards Security is (mostly) automatic OWASP 8
    • 28. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 9
    • 29. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 9
    • 30. Hello, web OWASP 10
    • 31. Hello, web server = one_page_server("Hello, web", -> <>Hello, web</>) 1) Compile Complete web opa hello.opa application. 2) Run ./hello.exe 3) Test browse http://localhost:8080 OWASP 10
    • 32. URL shortener (22 loc) db /abbrevs: intmap(string) db /abbrevs[_] = "/" make_shorter(url:string):string =   key = Db.fresh_key(/abbrevs)   do /abbrevs[key] <- url   "{key}" _ = @server(make_shorter) do_shorten(_) = exec([#shortened <- make_shorter(Page.getVal(#origin))]) urls = parser | "/" dest=Rule.integer ->     Resource.redirection_page("Please wait a second", <div class="loading">(loading...)</>,{address_moved},0,/abbrevs[dest]) | .* ->     Resource.html("MLstate redirector",     <>Please enter a URL you wish to shorten<br/>     <input id="origin"/><button onclick={do_shorten}>Shorten</button>     <div id="shortened"></div>     </>) server = simple_server(urls) OWASP 11
    • 33. URL shortener (22 loc) db /abbrevs: intmap(string) Database db /abbrevs[_] = "/" make_shorter(url:string):string =   key = Db.fresh_key(/abbrevs)   do /abbrevs[key] <- url   "{key}" _ = @server(make_shorter) Control do_shorten(_) = exec([#shortened <- make_shorter(Page.getVal(#origin))]) UI urls = parser | "/" dest=Rule.integer ->     Resource.redirection_page("Please wait a second", <div class="loading">(loading...)</>,{address_moved},0,/abbrevs[dest]) | .* ->     Resource.html("MLstate redirector",     <>Please enter a URL you wish to shorten<br/>     <input id="origin"/><button onclick={do_shorten}>Shorten</button>     <div id="shortened"></div>     </>) server = simple_server(urls) OWASP 11
    • 34. Nice web chat type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(#show, Page.get_height(#show)+Page.get_scroll_top(#show)) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 12
    • 35. Nice web chat type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = ( UI   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(#show, Page.get_height(#show)+Page.get_scroll_top(#show)) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 12
    • 36. Nice web chat type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = ( Real-time   Resource.full_page(title, body, web <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = ( UI   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(#show, Page.get_height(#show)+Page.get_scroll_top(#show)) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 12
    • 37. Nice web chat type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = ( Real-time   Resource.full_page(title, body, web <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = ( UI   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(#show, Page.get_height(#show)+Page.get_scroll_top(#show)) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start URLs resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 12
    • 38. There’s more Games Productivity tools Development tools Security applications e-Commerce applications ... OWASP 13
    • 39. Things we can do (and check!) OWASP 14
    • 40. Things we can do (and check!) Programmable security policies Ajax SOAP Complex database ... XML processing Comet Fine-grained sessions Time-unlimited rollback Distribution Multitasking Higher-order database User interface Concurrent transactions WSDL Higher-order programming Data history Capabilities OWASP 14
    • 41. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 15
    • 42. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 15
    • 43. Transparent protections type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 44. Transparent protections type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) All insertions user_update(x:mess) = ( = ( are checked user_update(x:mess)   line = <div class="opa-line">   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>     <div class="opa-message">{x.message}</div></div>   </div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show)   do exec([#show +<- line ]) )   Page.set_scroll_top(#show, Page.get_height(#show)+Page.get_scroll_top(#show)) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 45. Transparent protections type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 46. Transparent protections All communications type mess = {id: string; message: string} are checked room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 47. Transparent protections type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 48. Transparent protections type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)       styled_page("Chat",  //Display styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div> Per-user      <div id="show"></div>      <div id="header"><div id="logo"></div></div> capability?*      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>      <div id="show"></div>      )    <input id="entry"/> )      <div class="opa-button" onclick={broadcast}>Send!</div>    urls      = parser .* -> start ) resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 49. Transparent protections type mess = {id: string; message: string} room = Network.empty():Network.network(mess) connect(callback) = Network.add(Session.make_callback(callback), room) make_broadcaster(id) = _ -> Network.broadcast({~id message=Page.get_value(#entry)}, room) styled_page(title, body) = (   Resource.full_page(title, body, <link rel="stylesheet" type="text/css" href="resources/css.css" />, {success}, []) ) user_update(x:mess) = (   line = <div class="opa-line">     <div class="opa-wrap"><div class="opa-user">{x.id}:</div>     <div class="opa-message">{x.message}</div></div>   </div>   do exec([#show +<- line ])   Page.set_scroll_top(Page.get_height(#show)+Page.get_scroll_top(#show), #show) ) start(connexion) = (    id = String.sub(0, 8, Server.get_user(connexion) ? "Unknown")    broadcast = make_broadcaster(id)    styled_page("Chat",  //Display      <script onload={_ -> connect()}/>      <div id="header"><div id="logo"></div></div>      <div id="show"></div>      <input id="entry"/>      <div class="opa-button" onclick={broadcast}>Send!</div>    ) ) urls      = parser .* -> start resources = @static_include_directory("resources") server    = Server.make(Resource.add_auto_server(resources, urls)) OWASP 16
    • 50. More A1-Injection A6-Security Misconfiguration A2-Cross Site Scripting (XSS) A7-Insecure Cryptographic Storage A3-Broken Authentication and A8-Failure to Restrict URL Access Session Management A4-Insecure Direct Object A9-Insufficient Transport Layer References Protection A5-Cross Site Request Forgery A10-Unvalidated Redirects and (CSRF) Forwards OWASP 17
    • 51. More A1-Injection A6-Security Misconfiguration A2-Cross Site Scripting (XSS) A7-Insecure Cryptographic Storage A3-Broken Authentication and A8-Failure to Restrict URL Access Session Management A4-Insecure Direct Object A9-Insufficient Transport Layer References Protection A5-Cross Site Request Forgery A10-Unvalidated Redirects and (CSRF) Forwards OWASP 17
    • 52. More A1-Injection A6-Security Misconfiguration A2-Cross Site Scripting (XSS) A7-Insecure Cryptographic Storage A3-Broken Authentication and A8-Failure to Restrict URL Access Session Management A4-Insecure Direct Object A9-Insufficient Transport Layer References Protection A5-Cross Site Request Forgery A10-Unvalidated Redirects and (CSRF) Forwards OWASP 17
    • 53. progress) What Automated Solutions Miss !!Theoretical "!Logic flaws (business and application) "!Design flaws "!The Stupid !!Practical "!Difficulty interacting with Rich Internet Applications (RIA) "!Complex variants of common attacks (SQL Injection, XSS, etc) "!Cross-Site Request Forgery (CSRF) "!Uncommon or custom infrastructure "!Authorization enforcement "!Abstract information leakage OWASP OWASP 16 18 6
    • 54. progress) What Automated Solutions Miss ^ other !!Theoretical "!Logic flaws (business and application) (in progress) "!Design flaws "!The Stupid (what we do best) !!Practical (been there, done that) "!Difficulty interacting with Rich Internet Applications (RIA) "!Complex variants of common attacks (SQL Injection, XSS, etc) (been there, done that) "!Cross-Site Request Forgery (CSRF) (in progress) "!Uncommon or custom infrastructure (abstract&specify them away!) "!Authorization enforcement (been there, done that) "!Abstract information leakage (been there, done that) OWASP OWASP 16 18 6
    • 55. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 19
    • 56. OPA: Language Support for a Sane, Safe and Secure Web General approach Keeping in the Smart Useful Filtering out the Stupid Fragile Lessons and Future OWASP 19
    • 57. Theoretical foundations Building on 30+ years of research in formal methods & language theory. Key for precise analysis. Key for precise optimizations. OWASP 20
    • 58. False positives False positives are annoying but not that bad -- as long as they are predictable and there’s a workaround. Experienced developers make safety/security mistakes quite often. False positives often later reveal themselves as true positives. OWASP 21
    • 59. Future Eliminate CSRF. Extend per-application security policy. Extend per-library/per-data safety policy. Plenty of additional features! Hiring you? OWASP 22
    • 60. That’s all, folks! http://www.mlstate.com OWASP 23
    • 61. That’s all, folks! Thanks and apologies to David Byrne & Charles Anderson for hijacking their slides http://www.mlstate.com OWASP 23