AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Back To Schedule
Friday, July 6 • 2:15pm - 3:00pm
Embedding Defense in Server-Side Applications LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Applications often rely on secure development practices and third-party defense mechanisms for protection. Whenever an application receives malicious payloads they are either dropped or executed by the affected application. Ignoring these situations aid attackers in performing deep analysis of applications until they are able to exploit existing flaws.
Standards, libraries and third-party defense systems developed to secure applications introduce opportunities for attackers. While some protections have already been implemented in applications and web firewalls, there is a whole spectrum of techniques not being analyzed. This research details how server-side applications can incorporate an extensive layer of defense to detect and protect against attackers.
Defense mechanisms will be presented in four different languages: .NET, Java, PHP and Python. Involuntary vulnerabilities present in secure coding guidelines from CERT will be used to exemplify how an embedded defense can protect applications from unknown attack vectors. By implementing the defenses laid out in this paper, attackers may unwittingly become the victims.

avatar for Fernando Arnaboldi

Fernando Arnaboldi

Security Consultant
Fernando Arnaboldi is a developer and a security consultant who specializes in penetration testing and code reviews on multiple platforms. He has focused his research on breaking the security of different programming languages and has presented his findings in security conferences... Read More →

Friday July 6, 2018 2:15pm - 3:00pm BST
St James- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE