AppSec USA 2016 has ended
Back To Schedule
Thursday, October 13 • 1:00pm - 2:00pm
Using language-theoretics and runtime visibility to align AppSec with DevOps

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Programming languages are becoming more powerful and capable, and applications more porous than ever before -- burdening developers and security professionals alike. Evolving constraints, patterns and definition lists make validating data inputs and preventing injections while maintaining application performance unwieldy and difficult. Nobody wants vulnerabilities in their code, but with the rise of Agile DevOps, security is usually playing catch-up. 

A new breed of embedded runtime security tools coined Runtime Application Self-Protection (RASP) are enabling developers and security admins to see beyond potential vulnerabilities and identify the actual attacks that are hitting their applications in production. RASP comes in several shapes and sizes, and this talk is designed to introduce the audience to the RASP implementation based on the LANGSEC methodology and its mission to align Security and DevOps – giving both teams the visibility and automation they need to work in synchrony.

LANGSEC has been a promising yet heady topic on the fringes of AppSec for several years, and its ready for a mainstream debut. LANGSEC attempts to use the grammar and linguistic constructs of the programming language itself to solve vulnerability classes that arise from user input unintentionally changing the expected behavior of an application (XSS, SQLi, command injection, CSRF, format string, stack / heap overflow, file inclusion). 

This session will begin by pointing out the flaws and limitations of any application security model that is dependent on traditional techniques that rely on signatures, definitions, pattern-matching, regular expressions or taint analysis. Once solely the obscure domain of compiler geeks, Language Security, a.k.a. LANGSEC, is a completely different approach and has gained a lot of traction as a much more robust approach to securing and releasing applications more quickly and easily.

avatar for Kunal Anand

Kunal Anand

Co-founder and CTO, Prevoty
Kunal Anand is the co-founder and CTO of Prevoty, a runtime application security platform. Prior to that, he was the Director of Technology at the BBC Worldwide, overseeing engineering and operations across the company’s global Digital Entertainment and Gaming initiatives. Kunal... Read More →

Thursday October 13, 2016 1:00pm - 2:00pm EDT
Grand Central Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001