Learn advanced web application security techniques in this 49-minute conference talk from Circle City Con 2015. Explore active defense strategies, including information assurance, strategic attacks, and technical methods to protect your web apps from attackers. Discover how to implement application delivery controllers, reverse proxies, and scripting interfaces to enhance security. Examine potential vulnerabilities in JavaScript and learn how to leverage automated scripts for improved defense. Dive into topics such as command injection, geofencing, and GeoIP databases to create a comprehensive security approach. Gain valuable insights on reactive models, strategic defenses, and innovative ways to detect and prevent attacks on your web applications.
Smuggling Plums - Using Active Defense Techniques to Hide Your Web Apps from Your Attackers
via YouTube
Overview
Syllabus
Intro
Who am I
Why are we here today
Agenda
Acting
Active Defense
Hatch
Information Assurance
Strategic Attacks
Technical Methods
Strategic Defenses
How Attacks Affect Us
Reactive Model
Things to Ponder
Defenses
Application Delivery Controller
Reverse Proxy
Scripting Interface
Bugs
Javascript
What if
What I found
What can we do
Why dont we send a pretty large header
Automated scripts are fun
Inspect 404 responses
Get links to CMS
Check reply size
Vectors
Command Injection
Geofencing
GeoIP Database
Questions
The last party
