Securing a web app: business security VS the OWASP top 10

DevSecCon London 2018 Speaker
19 Oct 2018
10:20 - 11:00

Securing a web app: business security VS the OWASP top 10

The risks inside an application go beyond the OWASP top 10. The attacks that represent the most significant business risks for our organizations are often attacks targeting sensitive business functions of the applications. But unlike the OWASP top 10, there is no checklist for this. The answer needs to come from inside our organizations, where an excellent business knowledge helps figuring out what are the known fraud use cases and threats. And the shift to DevSecOps is making this change possible.

This talk is for DevSecOps practitioners and will show how to create a security automation tool that helps to prevent business logic attacks. Sensors are added to the application source code, business events collected in an analysis engine and automated responses are pushed back to the application at runtime. The presented tool is based on open source libraries, and easily extensible and pluggable to existing monitoring solutions.

The talk will include concrete business examples to help the audience protect their applications’ business logic, including real attacks that could be avoided using application level sensors. It will also give tips to navigate and empower the various teams (fraud, developers, product, …) that know the business complexity and together own a different piece of this security puzzle.

Get ticket

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.