Hackers of India

Injecting security into web apps in the runtime

By  Ajin Abraham  on 23 May 2017 @ Phdays


Presentation Material

Внедрение безопасности в веб-приложениях в среде выполнения from Positive Hack Days

Abstract

This paper discusses the research outcomes on implementing a runtime application patching algorithm on an insecurely-coded application to protect it against code injection vulnerabilities and other logical issues related to web applications, and will introduce the next generation web application defending technology dubbed as Runtime Application Self-Protection (RASP) that defends against web attacks by working inside your web application. RASP relies on runtime patching to inject security into web apps implicitly without introducing additional code changes. The talk concludes with the challenges in this new technology and gives you an insight on future of runtime protection.

video removed