Jeff Williams – How to Build Awesome Security Instrumentation to Automate AppSec Testing and Protection – Contrast Security

Jeff Williams – How to Build Awesome Security Instrumentation to Automate AppSec Testing and Protection – Contrast Security

33m

Modern software demands velocity, and traditional “outside in” scanning and firewalling are creating bottlenecks and slowing things down. In this talk, Jeff will approach application security from the “inside out”. We will show you how to create simple agents that get inside a running application (like a profiler or debugger) and give you access to everything you need for fantastic security observability. We’ll demonstrate real agents that identify vulnerabilities without changing any code, scanning, or extra steps. We’ll identify vulnerabilities, analyze access control, and even prevent RCE attacks. Unlike scanning and firewalling, this approach establishes a safe and powerful way for development, security, and operations teams to collaborate. We’ll discuss how software security instrumentation works, how it’s being used in many organizations, and the implications for the practice of application security.

Share some ❤
Guest(s): Jeff Williams
Date: June 4, 2020
Play
My List

TechStrong Con 2020

Baruch Sadogursky + Leonid Igolnik - DevOps @Scale (Greek Tragedy in 3 Acts)

Baruch Sadogursky + Leonid Igolnik - DevOps @Scale (Greek Tragedy in 3 Acts)

Chenxi Wang - Building Trust with Artificial Intelligence and Digital Transformation

Chenxi Wang - Building Trust with Artificial Intelligence and Digital Transformation

Helen Beal - Community and Capitalism

Helen Beal - Community and Capitalism

James Wickett - A Way to Think about DevSecOps: MEASURE

James Wickett - A Way to Think about DevSecOps: MEASURE

Mark Herring - So How Are Developers Feeling During the COVID Health Crisis?

Mark Herring - So How Are Developers Feeling During the COVID Health Crisis?

Rosalind Radcliffe - Making your Dinosaur Dance to the Tune of your Digital Transformation

Rosalind Radcliffe - Making your Dinosaur Dance to the Tune of your Digital Transformation

Derek Weeks - Machines Making Software: Paving and Maintaining the Road with Zero Trust Open Source

Derek Weeks - Machines Making Software: Paving and Maintaining the Road with Zero Trust Open Source

Kristina Pennella - Re-imagining Ways of Working Across the Organization for Improved Business Outcomes

Kristina Pennella - Re-imagining Ways of Working Across the Organization for Improved Business Outcomes

Pavlo Baron - Applying Observability in the Enterprise at Scale

Pavlo Baron - Applying Observability in the Enterprise at Scale

Sanjeev Sharma - Your (lack of) Data Strategy is Killing your Digital Transformation

Sanjeev Sharma - Your (lack of) Data Strategy is Killing your Digital Transformation

Barak Schoster - Cloud Infrastructure Security in Run-Time vs. Build-Time

Barak Schoster - Cloud Infrastructure Security in Run-Time vs. Build-Time

Paul Stack - Infrastructure as Software

Paul Stack - Infrastructure as Software

Brian Amaro - Clearing the Path for Automated Operations: Finding the Value in AIOps

Brian Amaro - Clearing the Path for Automated Operations: Finding the Value in AIOps

Darren Murph - Making Remote Work: What to do (and where to start)

Darren Murph - Making Remote Work: What to do (and where to start)

Cat Swetel - Digital Transformation: From Transactions to Relationships

Cat Swetel - Digital Transformation: From Transactions to Relationships

Julie Gunderson - You Can’t Buy DevOps

Julie Gunderson - You Can’t Buy DevOps

Ben Hindman - A

Ben Hindman - A "Comprehensive" Guide For Getting To Day 2

Tiffany Jachja - Your Guide to Continuous Delivery

Tiffany Jachja - Your Guide to Continuous Delivery

William Hurley - Quantum Computing for Dummies

William Hurley - Quantum Computing for Dummies

Liz Rice - Container Images: Small is Beautiful

Liz Rice - Container Images: Small is Beautiful

Patrick ONeil - Cloud Automated Governance

Patrick ONeil - Cloud Automated Governance

Matt Rose - Putting the Sec in DevOps

Matt Rose - Putting the Sec in DevOps

Caleb Queern + John Willis - Automated Governance Fireside Chat

Caleb Queern + John Willis - Automated Governance Fireside Chat

Aditya Muppavarapu + Kelly Looney - Building at Amazon

Aditya Muppavarapu + Kelly Looney - Building at Amazon

Leave Review

Your email address will not be published. Required fields are marked *

ARE YOU IN?

Get enhanced value from the site through the exclusive “members-only” content. 200,000+ subscribers already enjoy our premium stuff.

%d bloggers like this: