Скачать или смотреть 2016 - Trusted Execution: A Deterministic Approach to AppSec for 0-Day Threat Prevention-Satya Gupta

While OWASP Top Ten exploits are well categorized and remain an ongoing part of SDLC remediation efforts, the most sophisticated hackers today are exploiting through application binaries as well. Even with the evolution of so many architectural security approaches: signatures, behaviorial, correlation-based, predictive analysis-based or machine learning, security remains highly imprecise, prone to excessive false positives, and lacking sufficient context to stop nation-state actors.

Virsec will discuss the development of a new approach for detection and prevention of advanced security threats through an application that is built on granular visibility and context at the memory level. The Trusted Execution approach promises definitive results, eliminating false positives and enabling zero-day attack prevention on known or unknown application vulnerabilities.

Audience members will:
see dissections of common remote code execution attacks against application infrastructure binaries
learn how Trusted Execution is able to make immediate detection and enforcement decisions to close down these insidious avenues of attack
see the potential for this approach to impact server-side applications at the interpreted code levels for faster innovation and code release
learn how Trusted Execution presents a new production-level option for continuous integration via instanteous adaptive learning that promotes speed and accuracy