AppSensor: Real-Time Event Detection and Response

Track: Security
Skill Level: Beginner
Room: Room A314
Time Slot: Tue 2/16, 5:30 PM
Tags: devops + cloud secondarily , security primarily

AppSensor is an OWASP project that allow you to build attacker detection and automated response directly into your applications. The most recent label for this concept is “application self-protection”.

There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.

The self-protection model benefits all types of applications. In particular, it has gained traction with developers operating in the cloud and on DevOps teams. The increased visibility and speed of response become critical at scale.

In this presentation, we’ll discuss what AppSensor is and what it can offer you. The current feature set will be covered along with upcoming features from the roadmap. In addition, you will learn how to cover different use cases with AppSensor by a walk-through of some sample applications. Lastly, you will receive information about the different components and integrations that make AppSensor enterprise-friendly.

Take-aways you will have from this presentation are:

  • Knowledge about the benefits of proactive application self-protection
  • Information of the features in the open-source reference implementation
  • Guidance on implementing AppSensor in the real world
  • Pointers to supporting materials specifically created for developers, architects, and senior management.
John Melton

John is currently a principal product security engineer at NetSuite. His previous positions have been focused on secure software engineering, in the technology, financial and defense sectors. He also volunteers at OWASP, working primarily on the AppSensor project.