A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Techniques for Escaping the AppSec Labyrinth - Andrew Hay (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Techniques for Escaping the AppSec Labyrinth - Andrew Hay
 

How can you secure your server if you have no idea what files, registry keys, users, groups, services, or other artifacts are created when an application is installed' Most vendor documentation fails to detail the intricacies of an application's installation footprint down to individual files. This makes securing the application, not to mention the development of enterprise policies and procedures for the application, an arduous and ultimately ineffective task.

Using a combination of malware analysis techniques, package management utilities, and some homegrown tools, anyone can understand exactly what an application is going to do to your server and how its installation impacts your attack surface area. With this knowledge in hand, an organization can translate the newly created application map to Chef, Puppet, and RightScale configuration scripts to better automate its server and application fleet deployments. The map can also be used to help tighten controls for more accurate and continuous operational and security monitoring of applications.
In this talk Andrew Hay, CloudPassage, Inc.'s Director of Applied Security Research, will present a repeatable and application-agnostic methodology to quickly and easily:
- Use malware analysis techniques to profile any application before its installation
- Identify undocumented post-installation application artifacts worth monitoring
- Build new, and leverage existing, automated tools to expedite the entire identification process

BIO: Andrew Hay is the Director of Applied Security Research at CloudPassage, Inc. where he leads the security research efforts for the company. Prior to joining CloudPassage, Andrew served as a Senior Security Analyst for 451 Research's Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services. He is a veteran strategist with more than a decade of experience related to endpoint, network and security management across various product sectors.

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast