[Owasp-boston] Sept 28 Meeting at DemandWare 6 pm

Jim Weiler jim.weiler at owasp.org
Tue Sep 6 20:31:49 UTC 2016


*6:00 - News, Announcements*

*6:15 - OWASP Top 10 #1 - Injection Flaws*

Jim Weiler will discuss XML External Entity Injection flaws; how it works,
how to prevent, code examples.

6:45

*From the Frontlines of RASP Adoption*

*Goran Begic, VP of Product, IMMUNIO*

Runtime Application Self-Protection (RASP) is one of the newest
technologies coined by Gartner and it is in early stages of adoption in the
industry. It promises dynamic defense and automatic mitigation of
vulnerabilities in web applications.


This presentation is a summary of experiences from several dozens of
commercial evaluations and early adoptions in production that took place
this year and provides some examples of situations and challenges that are
not specific to any individual vendor. In this talk Goran will provide an
overview of buying criteria and evaluation requirements across different
industries and some typical pitfalls that can slow down adoption.


After the introduction and a brief reminder on the technology Goran will
invite audience to participate in discussion about organizational
requirements for adoption and operationalization of RASP. Questions for
discussion:

·       My application is under attack. What actions should I take? Who
owns the response?

·       Which attacks should I respond to and which ones can I ignore?

·       How to get started with mitigation provided by technology?

·       Does RASP fit with DevOps?

·       Does RASP help with remediation?



What this presentation is not: This is not a product pitch in any way.
Evaluation criteria, comparison of RASP with IAST and other security
technologies, personal experiences and examples discussed in this talk are
generally applicable to all RASP solutions.

Key takeaways: At the end of the presentation you will:

·       get a better understanding of requirements for evaluation of RASP
and its use cases,

·       if you can pull a successful evaluation alone, or if you will need
participation of other groups / teams

·       learn about critical criteria for success of RASP in production

·       how this criteria different relative to appsec testing tools.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20160906/b7ac950c/attachment.html>


More information about the Owasp-boston mailing list