Demo
The demo application was implemented in the PHP Sandbox, you can find the application here.
Resources
Here is the list of links to further resources that I originally included in my speaker notes.
- OWASP AppSensor
- AppSensor: Real-Time Event Detection and Response
- Trapping Hacks with Ensnare
- OWASP top ten proactive defenses – App Layer Intrusion Detection
- The SunDEW project: learning to pose scalability barriers to attackers
- Application-level Purple Teaming: A case study
- Waf.js: How to Protect Web Applications using JavaScript
- Risk-aware applications
- Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
- Stupid webappsec Tricks
- Playing with the acusensor
- Honeytokens: Detecting Attacks to Your Web Apps Using Decoys and Deception
- Dynamic Go Instrumentation for Production Environments
- Secure your App with the new Python Audit Hooks
- Whatever happened to attack aware applications?
- Self-Defending Databases
- Defeating Automated Web Assessment Tools
- Security Vulnerabilities Decomposition: Another Way To Look At Vulnerabilities
- Getting Started with Security Observability
- Sinking Your Hooks in Applications
- Injecting Security Into Web Apps With Runtime Patching and Context Learning
- Hindsight isn’t good enough: LANGSEC helps you take control of your security
- Detecting Malice