As application security practitioners, we know that the attacks representing the most significant business risk for our organizations are often attacks targeting sensitive business functions of our applications. Those go far beyond the OWASP Top 10 and make generic (existing?) security tools inefficient. We require very tailor-made solutions to cover our security needs.
This talk will show how to create a security automation tool using dynamic instrumentation that helps to prevent business logic attacks. Sensors are added to the application source code, business events collected in an analysis engine and automated responses are pushed back to the application at runtime. The presented tool is based on open source libraries, and easily extensible and pluggable to analysis engines such as Kibana or Splunk.
Dynamic instrumentation is a game changer because it allows security teams to add sensors remotely, in real time, without asking development teams to trigger a new build and a new deploy of their applications.
The talk will include concrete business examples to help the audience apply this strategy. It will also give tips to navigate through the various teams (fraud, developers, product, …) that own a different piece of this security puzzle.
