Prevent Business Logic Attacks Using Dynamic Instrumentation

Discover how to create a security automation tool using dynamic instrumentation to prevent business logic attacks in this 26-minute conference talk from AppSecUSA 2018. Learn about adding sensors to application source code, collecting business events in analysis engines, and pushing automated responses back to applications at runtime. Explore the benefits of dynamic instrumentation for security teams, allowing remote sensor addition in real-time without requiring new builds or deployments. Gain insights into concrete business examples, tips for navigating cross-team collaboration, and the use of open-source libraries to build extensible and pluggable tools compatible with analysis engines like Kibana or Splunk. Presented by Jean-Baptiste Aviat, CTO and co-founder of Sqreen, who brings expertise from his experience hunting vulnerabilities at Apple and developing security software.