By Dan Cornell
LASCON 2011 was last Friday and I have to say I had a great time. The speaker list was fantastic, the hallway conversations were thought-provoking and, as always, the speed debates were not-to-be-missed (and not-to-be-recorded to protect the participants). This bodes well for OWASP AppSecUS being held in Austin in 2012.
I talked about some work we have been doing auto-generating virtual patches in a presentation called “The Self-Healing Cloud” The slides can be found online here
This talk describes taking the results from various web application scanners, normalizing them and then using that structured data to create custom rules for intrusion detection and prevention systems (IDS/IPS) or web application firewalls (WAFs). We have found this to be an interesting use case for both technologies. It can help make network-centric IDS/IPS systems more web-aware and it can help increase the protection you get from WAFs by teaching them about known vulnerabilities in the applications they are protecting. This has been discussed for a while so we finally set up a lab environment to run some tests and lay out exactly what to expect from this technique. Contact me (dan _at_ denimgroup.com) if you would like more specs on our lab environment so you can re-run the test scenarios and add new scenarios of your own.
Also, Scott Stevens from Denim Group and Phil Beyer from the Texas Education Agency (TEA) gave a presentation about their work using OpenSAMM to create a roadmap for their software security program. Slides are online here:
We’ve had a lot of success working with organizations using OpenSAMM to help them evaluate the state of their current software security efforts as well as plan for the future. This is a great case study of just such an effort.
LASCON has grown to be a well-respected regional event and, as mentioned above, its success has made me excited for the upcoming OWASP AppSecUS conference in Austin in 2012.
Contact us for if you are interested in talking more about virtual patching or crafting a software security program.
dan _at_ denimgroup.com