Secure Your Code — Injections and Logging
How do you protect against injections in your web application and how do you keep track of what attackers are trying to break in?
Security is a hard problem, especially when you are only running but not writing an application. The infamous comic "This is fine" is often the best description we have for this scenario. But it doesn’t have to be. This talks shows how to protect against injections and also how to monitor them.
This talk combines two of the OWASP top ten security risks:
- Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application Firewall (WAF) ModSecurity.
- Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring both the secured and the unsecured application with the open source Elastic Stack.
To make it more interactive, the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.
> Skill level: intermediate
> Duration: 25 min
Philipp lives to demo interesting technology. Having worked as a web, infrastructure, and database engineer for over ten years, Philipp is now working as a developer advocate at Elastic — the company behind the open source Elastic Stack consisting of Elasticsearch, Kibana, Beats, and Logstash. Based in Vienna, Austria, he is constantly traveling Europe and beyond to speak and discuss open source software, search, databases, infrastructure, and security.