SlideShare a Scribd company logo

AppSensor - Near Real Time Event Detection and Response

J
jtmelton

AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications. There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.

Technology
1 of 59
Download to read offline
AppSensor ~real-time event detection and response
Agenda • who - prior work • why - motivations • what - the pitch • how - the tech • when - future plans • who - contributors
who
prior work • Network IDS (Denning, * others, NIST SP800-94) • Intrusion prevention • Fraud detection • Rules engines, Risk analysis/reduction (see Groves), HIDS
terminology • event - suspicious • attack - malicious (1 .. * events) • response - take action (1 .. 1 attack) • detection point - activity category (e.g. cookie modification)
why
~5 yrs ago dev • mostly web apps [RoR, PHP, .NET, Java) • ajax (jquery) use growing • mobile just getting started • deployment to VMs • hadoop picking up • BI tools • AWS starting • cloud hype cycle (NIST defines)
~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile
~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile 1 .. * of [scale, speed, cloud, lack of environmental access]
dev buzzwords • devops • functional (FP) • agile • cqrs / event sourcing • cloud (-native) • iot • scalable • microservices • ci/cd • containers • big data • streaming
- LinkedIn, March 2015 “the Kafka ecosystem at LinkedIn is sent over 800 billion* messages per day.. At the busiest times of day, we are receiving over 13 million messages per second.” * Update (Sept 2015) : 1.1 Trillion messages per day
last ~5 yrs security • 3rd party libs (dep-check) • bug bounties • sast / dast evolve (ZAP) • iast / rasp • http security headers • automatic encoding (JXT) • *-monkey -NetflixOSS • bdd-security/gauntlt • ci/cd plugins • 2fa • osquery 1 .. * of [scale, speed, cloud, lack of environmental access]
dev vs. security • dev is exploiting fundamental architectural and deployment changes to add business value ! • security is iterating on existing solutions - and - trying to close gaps (known problems)
having to deal with [scale, speed, cloud, lack of environmental access] ! represents an enormous opportunity for security
what
the pitch • security can’t scale without dev + ops • automated response > manual response • make IDS primitives available at app layer • stop attacker before success • build self-protecting applications • gain valuable intel • benefit / extend (existing) secure sdlc efforts X success AppSensor
• picture 1
Correlation … and scale
how
example POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
example POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
example POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
example @POST public Response transfer( String from, String to, String amount) { ! transfer(from, to, amount); ! return Response.ok(); }
example @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } ! return Response.ok(); }
example @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } else {! appsensor.addEvent( new Event(currentUser, "ACE2") );! }! ! return Response.ok(); }
OWASP ASIDE • secure programming IDE plugin • educational component • https://www.owasp.org/index.php/ OWASP_ASIDE_Project
OWASP ASIDE
OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
OWASP ASIDE It  not  only  captures  the  context   informaFon  (e.g.  the  sensor  event  is   from  username  field),  but  also   records  that  the  sensor  event  is  due   to  an  exceedingly  lengthy  input.  
Detec%on(Point(Type( Detec%on(Points(Covered( Authen'ca'onExcep'on. AE4:.Unexpected.Quan'ty.of.Characters.in.Username. AE5:.Unexpected.Quan'ty.of.Characters.in.Password. AE6:.Unexpected.Type.of.Character.in.Username. AE7:.Unexpected.Type.of.Character.in.Password. InputExcep'on. IE1:.Cross.Site.Scrip'ng.AEempt. EncodingExcep'on. EE1:.Double.Encoded.Character. EE2:.Unexpected.Encoding.Used. CommandInjec'onExcep 'on. CIE1:.Blacklist.Inspec'on.for.Common.SQL.Injec'on.Values. Detec%on(Points(Picked( Corresponding(ASIDE(APIs( AE4:%Unexpected%Quan1ty% of%Characters%in%Username% AE5:%Unexpected%Quan1ty% of%Characters%in%Password% Java.lang.String% ASIDE.Quan%tyExcep%onSensor(Java.lang.String%parameter)% AE6:%Unexpected%Type%of% Character%in%Username% AE7:%Unexpected%Type%of% Character%in%Password% Java.lang.String% ASIDE.TypeExcep%onSensor(Java.lang.String%parameter)% IE1:%Cross%Site%Scrip1ng% AKempt% Java.lang.String% ASIDE.XSSSensor(Java.lang.String%parameter)% EE1:%Double%Encoded% Character% EE2:%Unexpected%Encoding% Used% Java.lang.String% ASIDE.EncodingExcep%onSensor(Java.lang.String%parameter)% CIE1:%Blacklist%Inspec1on%for% Common%SQL%Injec1on% Values% Java.lang.String% ASIDE.SQLInjec%onSensor(Java.lang.String%parameter)%
OWASP ASIDE • eclipse IDE • reminder icon or highlight • drop down list of applicable sensors • auto-insertion of ASIDE sensor APIs and code refactoring
owasp SoC sprint • Sumanth Damarla • 6 weeks • appsensor -> ELK stack • appsensor -> influxdb -> grafana
owasp SoC sprint
owasp SoC sprint
owasp SoC sprint
owasp SoC sprint
owasp SoC sprint
owasp SoC sprint
machine learning • very simple analysis • generated demo dataset for 1-week • build base model • look for “anomalies”
DEMO appsensor UI & exception handling example
when
future • better story for adding detection points • more (canned) analysis (exploring machine learning, expert systems) • more integrations • standard refactoring / maintenance
you • help wanted! • plenty of places to contribute and improve • friendly, helpful community • https://github.com/jtmelton/appsensor/issues • https://www.owasp.org/index.php/ OWASP_AppSensor_Project#tab=Road_Map_ and_Getting_Involved
who
related projects • ensnare • fido • riemann • elastalert
pick a tool … ! but use the idea
contributors • https://www.owasp.org/index.php/ OWASP_AppSensor_Project#tab=Acknowledgements
me • appsensor dev lead • twitter: @_jtmelton • email: jtmelton@gmail.com • github: jtmelton
links • https://www.owasp.org/index.php/ OWASP_AppSensor_Project • http://appsensor.org/ • https://github.com/jtmelton/appsensor
?

Recommended

Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...
Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...
Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...Peter Schrey
 
jaringan wan dengan cisco
jaringan wan dengan ciscojaringan wan dengan cisco
jaringan wan dengan ciscoAriefiandra Ariefiandra
 
Insights on the configuration and performances of SOME/IP Service Discovery
Insights on the configuration and performances of SOME/IP Service DiscoveryInsights on the configuration and performances of SOME/IP Service Discovery
Insights on the configuration and performances of SOME/IP Service DiscoveryNicolas Navet
 
ARM Processor architecture
ARM Processor architectureARM Processor architecture
ARM Processor architecturerajkciitr
 
Insights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryInsights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryRealTime-at-Work (RTaW)
 
IP Multimedia Subsystems Overview - My Training on IMS
IP Multimedia Subsystems Overview - My Training on IMSIP Multimedia Subsystems Overview - My Training on IMS
IP Multimedia Subsystems Overview - My Training on IMSInam Khosa
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
Course 101: Lecture 1: Introduction to Embedded Systems
Course 101: Lecture 1: Introduction to Embedded SystemsCourse 101: Lecture 1: Introduction to Embedded Systems
Course 101: Lecture 1: Introduction to Embedded SystemsAhmed El-Arabawy
 

Recommended

Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...
Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...
Microservice-Architektur-Prozess für Software-Plattformen und Microservice-Ec...Peter Schrey
 
jaringan wan dengan cisco
jaringan wan dengan ciscojaringan wan dengan cisco
jaringan wan dengan ciscoAriefiandra Ariefiandra
 
Insights on the configuration and performances of SOME/IP Service Discovery
Insights on the configuration and performances of SOME/IP Service DiscoveryInsights on the configuration and performances of SOME/IP Service Discovery
Insights on the configuration and performances of SOME/IP Service DiscoveryNicolas Navet
 
ARM Processor architecture
ARM Processor architectureARM Processor architecture
ARM Processor architecturerajkciitr
 
Insights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryInsights on the Configuration and Performances of SOME/IP Service Discovery
Insights on the Configuration and Performances of SOME/IP Service DiscoveryRealTime-at-Work (RTaW)
 
IP Multimedia Subsystems Overview - My Training on IMS
IP Multimedia Subsystems Overview - My Training on IMSIP Multimedia Subsystems Overview - My Training on IMS
IP Multimedia Subsystems Overview - My Training on IMSInam Khosa
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
Course 101: Lecture 1: Introduction to Embedded Systems
Course 101: Lecture 1: Introduction to Embedded SystemsCourse 101: Lecture 1: Introduction to Embedded Systems
Course 101: Lecture 1: Introduction to Embedded SystemsAhmed El-Arabawy
 
MQTT
MQTTMQTT
MQTTESUG
 
File systems for Embedded Linux
File systems for Embedded LinuxFile systems for Embedded Linux
File systems for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRipes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRISC-V International
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
SystemC
SystemCSystemC
SystemCSaber Ferjani
 
can bus theory solution
can bus theory solutioncan bus theory solution
can bus theory solutionMd. Mashiur Rahman
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeTeodoro Cipresso
 
Automotive embedded systems part7 v1
Automotive embedded systems part7 v1Automotive embedded systems part7 v1
Automotive embedded systems part7 v1Keroles karam khalil
 
D-bus basics
D-bus basicsD-bus basics
D-bus basicsEmre Can Kucukoglu
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 
Privacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCPrivacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCArnaud BUDKIEWICZ
 
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)Kentaro Ebisawa
 
LINUX ADMIN. RESUME.
LINUX ADMIN. RESUME.LINUX ADMIN. RESUME.
LINUX ADMIN. RESUME.Bagoubadi Bileza
 
Parallel programming using MPI
Parallel programming using MPIParallel programming using MPI
Parallel programming using MPIAjit Nayak
 
Arm modes
Arm modesArm modes
Arm modesabhi165
 
Examen final actualizado 2014 moldulo 4, 80
Examen final actualizado 2014 moldulo 4, 80Examen final actualizado 2014 moldulo 4, 80
Examen final actualizado 2014 moldulo 4, 80gildardos88
 
Arm cortex-m3 by-joe_bungo_arm
Arm cortex-m3 by-joe_bungo_armArm cortex-m3 by-joe_bungo_arm
Arm cortex-m3 by-joe_bungo_armPrashant Ahire
 
Ems
EmsEms
EmsPradeep Kumar
 
Vxworks
VxworksVxworks
Vxworksismaeil nethead
 
ARM - Advance RISC Machine
ARM - Advance RISC MachineARM - Advance RISC Machine
ARM - Advance RISC MachineEdutechLearners
 
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumu
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumuUfrs varlıklar grubu standartları i̇nceleme raporu sunumu
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumuMerve Ülkü
 
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)Laura Zielke
 

More Related Content

What's hot

MQTT
MQTTMQTT
MQTTESUG
 
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRipes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRISC-V International
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeTeodoro Cipresso
 
Automotive embedded systems part7 v1
Automotive embedded systems part7 v1Automotive embedded systems part7 v1
Automotive embedded systems part7 v1Keroles karam khalil
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 
Privacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCPrivacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCArnaud BUDKIEWICZ
 
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)Kentaro Ebisawa
 
Parallel programming using MPI
Parallel programming using MPIParallel programming using MPI
Parallel programming using MPIAjit Nayak
 
Arm modes
Arm modesArm modes
Arm modesabhi165
 
Examen final actualizado 2014 moldulo 4, 80
Examen final actualizado 2014 moldulo 4, 80Examen final actualizado 2014 moldulo 4, 80
Examen final actualizado 2014 moldulo 4, 80gildardos88
 
Arm cortex-m3 by-joe_bungo_arm
Arm cortex-m3 by-joe_bungo_armArm cortex-m3 by-joe_bungo_arm
Arm cortex-m3 by-joe_bungo_armPrashant Ahire
 
ARM - Advance RISC Machine
ARM - Advance RISC MachineARM - Advance RISC Machine
ARM - Advance RISC MachineEdutechLearners
 

What's hot (20)

MQTT
MQTTMQTT
MQTT
 
File systems for Embedded Linux
File systems for Embedded LinuxFile systems for Embedded Linux
File systems for Embedded Linux
 
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRipes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
 
SystemC
SystemCSystemC
SystemC
 
can bus theory solution
can bus theory solutioncan bus theory solution
can bus theory solution
 
Applying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine CodeApplying Anti-Reversing Techniques to Machine Code
Applying Anti-Reversing Techniques to Machine Code
 
Automotive embedded systems part7 v1
Automotive embedded systems part7 v1Automotive embedded systems part7 v1
Automotive embedded systems part7 v1
 
D-bus basics
D-bus basicsD-bus basics
D-bus basics
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of Things
 
Privacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERCPrivacy Enhanced RTP Conferencing with WebRTC - PERC
Privacy Enhanced RTP Conferencing with WebRTC - PERC
 
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
Intro to Single / Two Rate Three Color Marker (srTCM / trTCM)
 
LINUX ADMIN. RESUME.
LINUX ADMIN. RESUME.LINUX ADMIN. RESUME.
LINUX ADMIN. RESUME.
 
Parallel programming using MPI
Parallel programming using MPIParallel programming using MPI
Parallel programming using MPI
 
Arm modes
Arm modesArm modes
Arm modes
 
Examen final actualizado 2014 moldulo 4, 80
Examen final actualizado 2014 moldulo 4, 80Examen final actualizado 2014 moldulo 4, 80
Examen final actualizado 2014 moldulo 4, 80
 
Arm cortex-m3 by-joe_bungo_arm
Arm cortex-m3 by-joe_bungo_armArm cortex-m3 by-joe_bungo_arm
Arm cortex-m3 by-joe_bungo_arm
 
Ems
EmsEms
Ems
 
Vxworks
VxworksVxworks
Vxworks
 
ARM - Advance RISC Machine
ARM - Advance RISC MachineARM - Advance RISC Machine
ARM - Advance RISC Machine
 

Viewers also liked

Ufrs varlıklar grubu standartları i̇nceleme raporu sunumu
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumuUfrs varlıklar grubu standartları i̇nceleme raporu sunumu
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumuMerve Ülkü
 
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)Laura Zielke
 
How to: node js & micro-services
How to: node js & micro-servicesHow to: node js & micro-services
How to: node js & micro-servicesMichael Haberman
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
 
Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Ethan Dodge
 
Splunk Dynamic lookup
Splunk Dynamic lookupSplunk Dynamic lookup
Splunk Dynamic lookupSplunk
 
Docker experience @inbotapp
Docker experience @inbotappDocker experience @inbotapp
Docker experience @inbotappJilles van Gurp
 
Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...
Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...
Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...Codemotion
 
Tubular Labs - Using Elastic to Search Over 2.5B Videos
Tubular Labs - Using Elastic to Search Over 2.5B VideosTubular Labs - Using Elastic to Search Over 2.5B Videos
Tubular Labs - Using Elastic to Search Over 2.5B VideosTubular Labs
 
Teaching for Peace, Renewing the Spirit - TESOL 2014
Teaching for Peace, Renewing the Spirit - TESOL 2014Teaching for Peace, Renewing the Spirit - TESOL 2014
Teaching for Peace, Renewing the Spirit - TESOL 2014Cheryl Woelk
 
Engineering Development & Design Capstone Project _ RICE-Optimized Knee Brace
Engineering Development & Design Capstone Project _ RICE-Optimized Knee BraceEngineering Development & Design Capstone Project _ RICE-Optimized Knee Brace
Engineering Development & Design Capstone Project _ RICE-Optimized Knee BraceJoseph Petsinger
 
Ice breaker with dev ops
Ice breaker with dev opsIce breaker with dev ops
Ice breaker with dev opsMukta Aphale
 
Realtime Recommender with Redis: Hands on
Realtime Recommender with Redis: Hands onRealtime Recommender with Redis: Hands on
Realtime Recommender with Redis: Hands onTorben Brodt
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...Animesh Singh
 
Alan Johnson Resume
Alan Johnson ResumeAlan Johnson Resume
Alan Johnson Resumealan Johnson
 
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entitySpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entityjordigilnieto
 

Viewers also liked (20)

Ufrs varlıklar grubu standartları i̇nceleme raporu sunumu
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumuUfrs varlıklar grubu standartları i̇nceleme raporu sunumu
Ufrs varlıklar grubu standartları i̇nceleme raporu sunumu
 
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
Acts 6:1-7 ~ Organic Growth of the Early Church (pt. 1)
 
How to: node js & micro-services
How to: node js & micro-servicesHow to: node js & micro-services
How to: node js & micro-services
 
Business quiz
Business quizBusiness quiz
Business quiz
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015
 
Splunk Dynamic lookup
Splunk Dynamic lookupSplunk Dynamic lookup
Splunk Dynamic lookup
 
"Mini Texts"
"Mini Texts" "Mini Texts"
"Mini Texts"
 
Docker experience @inbotapp
Docker experience @inbotappDocker experience @inbotapp
Docker experience @inbotapp
 
Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...
Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...
Urban Legends: What You Code Makes You Who You Are - PJ Hagerty - Codemotion ...
 
Tubular Labs - Using Elastic to Search Over 2.5B Videos
Tubular Labs - Using Elastic to Search Over 2.5B VideosTubular Labs - Using Elastic to Search Over 2.5B Videos
Tubular Labs - Using Elastic to Search Over 2.5B Videos
 
Teaching for Peace, Renewing the Spirit - TESOL 2014
Teaching for Peace, Renewing the Spirit - TESOL 2014Teaching for Peace, Renewing the Spirit - TESOL 2014
Teaching for Peace, Renewing the Spirit - TESOL 2014
 
Engineering Development & Design Capstone Project _ RICE-Optimized Knee Brace
Engineering Development & Design Capstone Project _ RICE-Optimized Knee BraceEngineering Development & Design Capstone Project _ RICE-Optimized Knee Brace
Engineering Development & Design Capstone Project _ RICE-Optimized Knee Brace
 
Ice breaker with dev ops
Ice breaker with dev opsIce breaker with dev ops
Ice breaker with dev ops
 
Plumbing tips
Plumbing tipsPlumbing tips
Plumbing tips
 
Realtime Recommender with Redis: Hands on
Realtime Recommender with Redis: Hands onRealtime Recommender with Redis: Hands on
Realtime Recommender with Redis: Hands on
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
 
Alan Johnson Resume
Alan Johnson ResumeAlan Johnson Resume
Alan Johnson Resume
 
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entitySpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
SpringIO 2016 - Spring Cloud MicroServices, a journey inside a financial entity
 
Selma_CV1
Selma_CV1Selma_CV1
Selma_CV1
 

Similar to AppSensor - Near Real Time Event Detection and Response

AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016jtmelton
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorjtmelton
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
AppSensor CodeMash 2017
AppSensor CodeMash 2017AppSensor CodeMash 2017
AppSensor CodeMash 2017jtmelton
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with PythonAbhay Bhargav
 
Making DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsMaking DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsHdiv Security
 
20160211 OWASP Charlotte RASP
20160211 OWASP Charlotte RASP20160211 OWASP Charlotte RASP
20160211 OWASP Charlotte RASPchadtindel
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6Dinis Cruz
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyBlack Duck by Synopsys
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASP20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASPchadtindel
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
What it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps WorldWhat it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps WorldKarun Chennuri
 
HouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchHouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchSpencer Koch
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 

Similar to AppSensor - Near Real Time Event Detection and Response (20)

AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensor
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
 
AppSensor CodeMash 2017
AppSensor CodeMash 2017AppSensor CodeMash 2017
AppSensor CodeMash 2017
 
we45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Pythonwe45 DEFCON Workshop - Building AppSec Automation with Python
we45 DEFCON Workshop - Building AppSec Automation with Python
 
Making DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsMaking DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring Applications
 
20160211 OWASP Charlotte RASP
20160211 OWASP Charlotte RASP20160211 OWASP Charlotte RASP
20160211 OWASP Charlotte RASP
 
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
 
Agile AppSec DevOps
Agile AppSec DevOpsAgile AppSec DevOps
Agile AppSec DevOps
 
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and WhyFilling your AppSec Toolbox - Which Tools, When to Use Them, and Why
Filling your AppSec Toolbox - Which Tools, When to Use Them, and Why
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASP20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASP
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
What it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps WorldWhat it feels like to live in a Security Enabled DevOps World
What it feels like to live in a Security Enabled DevOps World
 
HouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from ScratchHouSecCon 2019: Offensive Security - Starting from Scratch
HouSecCon 2019: Offensive Security - Starting from Scratch
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

AppSensor - Near Real Time Event Detection and Response

  • 2.
  • 3. Agenda • who - prior work • why - motivations • what - the pitch • how - the tech • when - future plans • who - contributors
  • 4. who
  • 5. prior work • Network IDS (Denning, * others, NIST SP800-94) • Intrusion prevention • Fraud detection • Rules engines, Risk analysis/reduction (see Groves), HIDS
  • 6. terminology • event - suspicious • attack - malicious (1 .. * events) • response - take action (1 .. 1 attack) • detection point - activity category (e.g. cookie modification)
  • 7. why
  • 8. ~5 yrs ago dev • mostly web apps [RoR, PHP, .NET, Java) • ajax (jquery) use growing • mobile just getting started • deployment to VMs • hadoop picking up • BI tools • AWS starting • cloud hype cycle (NIST defines)
  • 9. ~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile
  • 10. ~now dev • JS everywhere • functional / rx programming • cloud everything • ci/cd • nosql / CAP light • containers • big data • stream processing • config management • iot • beacons [usage, ads, errors, performance] • actors/csp • microservices • cqrs / event sourcing • mobile 1 .. * of [scale, speed, cloud, lack of environmental access]
  • 11. dev buzzwords • devops • functional (FP) • agile • cqrs / event sourcing • cloud (-native) • iot • scalable • microservices • ci/cd • containers • big data • streaming
  • 12.
  • 13. - LinkedIn, March 2015 “the Kafka ecosystem at LinkedIn is sent over 800 billion* messages per day.. At the busiest times of day, we are receiving over 13 million messages per second.” * Update (Sept 2015) : 1.1 Trillion messages per day
  • 14. last ~5 yrs security • 3rd party libs (dep-check) • bug bounties • sast / dast evolve (ZAP) • iast / rasp • http security headers • automatic encoding (JXT) • *-monkey -NetflixOSS • bdd-security/gauntlt • ci/cd plugins • 2fa • osquery 1 .. * of [scale, speed, cloud, lack of environmental access]
  • 15. dev vs. security • dev is exploiting fundamental architectural and deployment changes to add business value ! • security is iterating on existing solutions - and - trying to close gaps (known problems)
  • 16. having to deal with [scale, speed, cloud, lack of environmental access] ! represents an enormous opportunity for security
  • 17. what
  • 18. the pitch • security can’t scale without dev + ops • automated response > manual response • make IDS primitives available at app layer • stop attacker before success • build self-protecting applications • gain valuable intel • benefit / extend (existing) secure sdlc efforts X success AppSensor
  • 20.
  • 22.
  • 23.
  • 24.
  • 25. how
  • 26. example POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
  • 27. example POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
  • 28. example POST /account/transfer HTTP/1.1 ! Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Win…) Accept: text/html,application/xhtml+xml Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/account.php Cookie: PHPSESSID=l9…lgt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 from_acct=xxx1234&to_acct=xxx9876&amt=20.00
  • 29. example @POST public Response transfer( String from, String to, String amount) { ! transfer(from, to, amount); ! return Response.ok(); }
  • 30. example @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } ! return Response.ok(); }
  • 31. example @POST public Response transfer( String from, String to, String amount) { ! if ( currentUser.owns(from) ) { transfer(from, to, amount); } else {! appsensor.addEvent( new Event(currentUser, "ACE2") );! }! ! return Response.ok(); }
  • 32. OWASP ASIDE • secure programming IDE plugin • educational component • https://www.owasp.org/index.php/ OWASP_ASIDE_Project
  • 34. OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
  • 35. OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
  • 36. OWASP ASIDE Based  on  ESAPI  code  (length  checked),   ASIDE  infers  that  this  may  be  a  point  to   insert  an  app  sensor;  whether  a  sensor  is   placed  relies  on  developer’s  decision.  
  • 37. OWASP ASIDE It  not  only  captures  the  context   informaFon  (e.g.  the  sensor  event  is   from  username  field),  but  also   records  that  the  sensor  event  is  due   to  an  exceedingly  lengthy  input.  
  • 38. Detec%on(Point(Type( Detec%on(Points(Covered( Authen'ca'onExcep'on. AE4:.Unexpected.Quan'ty.of.Characters.in.Username. AE5:.Unexpected.Quan'ty.of.Characters.in.Password. AE6:.Unexpected.Type.of.Character.in.Username. AE7:.Unexpected.Type.of.Character.in.Password. InputExcep'on. IE1:.Cross.Site.Scrip'ng.AEempt. EncodingExcep'on. EE1:.Double.Encoded.Character. EE2:.Unexpected.Encoding.Used. CommandInjec'onExcep 'on. CIE1:.Blacklist.Inspec'on.for.Common.SQL.Injec'on.Values. Detec%on(Points(Picked( Corresponding(ASIDE(APIs( AE4:%Unexpected%Quan1ty% of%Characters%in%Username% AE5:%Unexpected%Quan1ty% of%Characters%in%Password% Java.lang.String% ASIDE.Quan%tyExcep%onSensor(Java.lang.String%parameter)% AE6:%Unexpected%Type%of% Character%in%Username% AE7:%Unexpected%Type%of% Character%in%Password% Java.lang.String% ASIDE.TypeExcep%onSensor(Java.lang.String%parameter)% IE1:%Cross%Site%Scrip1ng% AKempt% Java.lang.String% ASIDE.XSSSensor(Java.lang.String%parameter)% EE1:%Double%Encoded% Character% EE2:%Unexpected%Encoding% Used% Java.lang.String% ASIDE.EncodingExcep%onSensor(Java.lang.String%parameter)% CIE1:%Blacklist%Inspec1on%for% Common%SQL%Injec1on% Values% Java.lang.String% ASIDE.SQLInjec%onSensor(Java.lang.String%parameter)%
  • 39. OWASP ASIDE • eclipse IDE • reminder icon or highlight • drop down list of applicable sensors • auto-insertion of ASIDE sensor APIs and code refactoring
  • 40. owasp SoC sprint • Sumanth Damarla • 6 weeks • appsensor -> ELK stack • appsensor -> influxdb -> grafana
  • 47. machine learning • very simple analysis • generated demo dataset for 1-week • build base model • look for “anomalies”
  • 48.
  • 50. when
  • 51. future • better story for adding detection points • more (canned) analysis (exploring machine learning, expert systems) • more integrations • standard refactoring / maintenance
  • 52. you • help wanted! • plenty of places to contribute and improve • friendly, helpful community • https://github.com/jtmelton/appsensor/issues • https://www.owasp.org/index.php/ OWASP_AppSensor_Project#tab=Road_Map_ and_Getting_Involved
  • 53. who
  • 54. related projects • ensnare • fido • riemann • elastalert
  • 55. pick a tool … ! but use the idea
  • 57. me • appsensor dev lead • twitter: @_jtmelton • email: jtmelton@gmail.com • github: jtmelton
  • 59. ?