Explore the case for runtime protection in web application and API security in this 51-minute LASCON conference talk. Examine why traditional OWASP recommendations have not significantly improved application security over the past 20 years. Learn how runtime protection can inoculate applications against common vulnerabilities like SQL injection and unsafe deserialization without changing development practices. Discover how this approach replicates the success of Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) in dramatically increasing the difficulty of exploiting vulnerabilities. Delve into the implementation details, benefits, and potential impact of runtime protection on application security programs and security culture.
Overview
Syllabus
Invited - Jeff Williams - The Case for Runtime Protection
Taught by
LASCON