Tuesday, September 13, 2011

Article Published: Creating Attack-Aware Software Applications with Real-Time Defenses

CrossTalk, The Journal of Defense Software Engineering, has just published our article "Creating Attack-Aware Software Applications with Real-Time Defenses" in the September edition.  A huge kudos to the entire team and especially Colin Watson for leading this effort.

Authors:

Colin Watson @clerkendweller
Michael Coates @_mwc
John Melton @carosec
Dennis Groves @degroves

Abstract. Attack-aware software applications provide attack detection and real-time defensive response with a very low false-positive rate. This technique allows an application to detect and neutralize a threat before the attacker exploits a known or unknown vulnerability. The approach is especially suited to soft-
ware applications with high information assurance requirements such as in the defense, critical national infrastructure, and financial service sectors to protect against cyber espionage, fraud, business logic abuse, tampering, and theft. The Open Web Application Security Project (OWASP) has developed a methodology, documentation, code and pilot demonstration which can be freely used to apply the concepts; this project is called AppSensor.

Full Article (pdf)

-Michael Coates - @_mwc

1 comment:

  1. I'm currently implementing an application firewall based upon AppSensor (1.1) as we speak. The groundwork laid out by the OWASP project has saved me alot of grief and will hopefully improve the overall quality of the end product. Cheers!

    ReplyDelete

Note: Only a member of this blog may post a comment.