The Artima Developer Community
Sponsored Link

.NET Buzz Forum
GOTO Day 2

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Christian Horsdal

Posts: 183
Nickname: horsdal
Registered: Mar, 2009

Christian Horsdal is a software architect at MjĂžlner Informatics.
GOTO Day 2 Posted: Oct 1, 2013 10:08 AM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Christian Horsdal.
Original Post: GOTO Day 2
Feed Title: Horsdal
Feed URL: http://www.horsdal-consult.dk/feeds/posts/default
Feed Description: A blog that will be about code, architecture, design, and .NET.
Latest .NET Buzz Posts
Latest .NET Buzz Posts by Christian Horsdal
Latest Posts From Horsdal

Advertisement
Yesterday I was somewhat disappointed. Today the GOTO I know and enjoy is back!

The day is not finished, but I can already say I learned stuff today. I went to the two web security talks. For a while now I've gone to the security talks at the conferences I go to and it seems to me that the signal to noise ratio is generally low at these talks. I think that this is to some extend because both speakers and conferences assume that the audience sees security as boring, so they try to make security digestable by disguising it, wrapping it in gags etc. All of which risks to detract from the actual content.
Both the web security talks at GOTO today were well worth going to, though. The first talk by Aaron Bedra was about spotting attacks by looking at the behavior of clients and the second by Niall Merrigan was about defensive programming. Both were good, but I will focus on the first.

Aarons talked about how you can have your web server keep an eye out for suspicious behavior. Suspicious behavior could be a number of things, like a client doing only HTTP POST requests, clients originating from countries that your site is not aimed at or clients making requests that do not look like the requests created by the browser indicated by the user agent. Each of these behaviors are only indicators though, but if a combination of them are present you are likely seeing an attack. Such a combination is a signature.
Taking this a step further Aaron talked about how you can profile clients based on these signatures and identify clients that are likely rogue. Once identified another part of the system can take the appropriate action, which can range from simply rejecting the client with e.g. 403s over just introducing extra hoops to jump through (think CAPTCHA or security questions), to just flagging the the client and store thee information for later analysis.
Lastly Aaron talked a bit about the framework he created for dealing with these sorts of things; RepSheet, which I do hope to find the time to look into some more.

That's it for today except for this: If you're at GOTO tomorrow you must go to Bodil Stokkes talk, otherwise you're doing it wrong :)

Read: GOTO Day 2

Topic: Taking Control of Visual Studio through Extensibility Previous Topic   Next Topic Topic: Kaspersky Protection Center built on NServiceBus


Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2014 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use - Advertise with Us