OWASP Monthly Meeting - April 29, 2015

Abstract: Beyond the Perimeter: The reality of the new application security landscape

Abstract: Web applications are dynamic, distributed and perhaps most importantly - the heart of every business in the post-PC era. These applications collect, process and persist information from a myriad of third-party services and users. From an adversary's perspective, the attack surface has never been more tantalizing. Today, a security model entirely predicated on applying controls and pattern-matching at the perimeter is at best a zero-sum game; applying probabilistic logic highlights that pattern matching techniques cannot prevent attacks created by content and SQL fuzzers. This talk will explore an alternative approach to identifying bad actors at runtime via the implementation of language security models to prevent attacks like XSS and SQLi without relying on past definitions and signatures. We’ll cover the tradeoffs, discuss performance and review the challenges of modern application security.

Speaker: Kunal Anand

Kunal is the co-founder and CTO of Prevoty, an application security platform. Prior to that, he was the Director of Technology at the BBC Worldwide, overseeing engineering and operations across the company’s global Digital Entertainment and Gaming initiatives. Kunal also has several years of experience leading security, data and engineering at Gravity, MySpace and NASA’s Jet Propulsion Laboratory. His work has been featured in Wired Magazine and Fast Company. He continues to develop the patented security technologies that power Prevoty’s core products. Kunal received a B.S. from Babson College.

Thanks to our Sponsor:

Prevoty delivers powerful real-time Application Security capability for enterprises via its runtime application and monitoring & protection technology. We solve security challenges across the entire application portfolio: Instant remediation of existing vulnerability backlogs (Past), Quicker time-to-market without introducing new vulnerabilities (Present), and Dramatically reduced exposure to zero-day attacks (Future).