Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
Back To Schedule
Thursday, October 11 • 11:00am - 11:35am
Prevent Business Logic Attacks using Dynamic Instrumentation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
As application security practitioners, we know that the attacks representing the most significant business risk for our organizations are often attacks targeting sensitive business functions of our applications. Those go far beyond the OWASP Top 10 and make generic (existing?) security tools inefficient. We require very tailor-made solutions to cover our security needs.

This talk will show how to create a security automation tool using dynamic instrumentation that helps to prevent business logic attacks. Sensors are added to the application source code, business events collected in an analysis engine and automated responses are pushed back to the application at runtime. The presented tool is based on open source libraries, and easily extensible and pluggable to analysis engines such as Kibana or Splunk.

Dynamic instrumentation is a game changer because it allows security teams to add sensors remotely, in real time, without asking development teams to trigger a new build and a new deploy of their applications.

The talk will include concrete business examples to help the audience apply this strategy. It will also give tips to navigate through the various teams (fraud, developers, product, …) that own a different piece of this security puzzle.

avatar for Jean-Baptiste Aviat

Jean-Baptiste Aviat

Staff Engineer, Datadog
Jean-Baptiste Aviat spent half a decade hunting vulnerabilities at Apple, helping developers solve them, and developing security software.

Thursday October 11, 2018 11:00am - 11:35am PDT
  Gold, Intermediate
  • NEW FIELD 1 Track 3