John currently leads application security at Oracle, NSBGU. His previous positions have been focused on secure software engineering, in the technology, financial and defense sectors. He also volunteers at OWASP.
Session: OWASP AppSensor - Self-defending Applications Through Real-Time Event Detection & Response
AppSensor is an OWASP project that allow you to build attacker detection and automated response directly into your applications. The most recent label for this concept is "application self-protection". There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications. The self-protection model benefits all types of applications. In particular, it has gained traction with developers operating in the cloud and on DevOps teams. The increased visibility and speed of response become critical at scale. In this presentation, we'll discuss what AppSensor is and what it can offer you. In addition, you will learn how to cover different use cases with AppSensor by a walk-through of some sample applications. Take-aways you will have from this presentation are: * Knowledge about the benefits of proactive application self-protection * Information of the features in the open-source reference implementation * Guidance on implementing AppSensor in the real world * Pointers to supporting materials specifically created for developers, architects, and senior management.