Secure Your Code — Injections and Logging
Philipp Krenn at DevSecCon24 2020
Security is a hard problem, especially when you are only running but not writing an application. The infamous comic "This is fine" is often the best description we have for this scenario. But it doesn’t have to be. This talks shows how to protect against injections and also how to monitor them.
This talk combines two of the OWASP top ten security risks:
* Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity.
* Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the Elastic Stack.
To make it more interactive, the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.
Philipp Krenn
Developer at Elastic
Philipp lives to demo interesting technology. Having worked as a web, infrastructure, and database engineer for over ten years, Philipp is now working as a developer advocate at Elastic — the company behind the Elastic Stack consisting of Elasticsearch, Kibana, Beats, and Logstash. Based in Vienna, Austria, he is constantly traveling Europe and beyond to speak and discuss open source software, search, databases, infrastructure, and security.
This talk combines two of the OWASP top ten security risks:
* Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity.
* Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the Elastic Stack.
To make it more interactive, the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.
Philipp Krenn
Developer at Elastic
Philipp lives to demo interesting technology. Having worked as a web, infrastructure, and database engineer for over ten years, Philipp is now working as a developer advocate at Elastic — the company behind the Elastic Stack consisting of Elasticsearch, Kibana, Beats, and Logstash. Based in Vienna, Austria, he is constantly traveling Europe and beyond to speak and discuss open source software, search, databases, infrastructure, and security.