Several methods exist for protecting applications from attackers outside of secure coding practices. Most of these, however, require piling on extra layers of security in the form of web application firewalls (WAFs), web server modules, or complex middleware. In this talk we discuss a different approach: self-defending applications. Instead of relying on adding devices and middleware layers (which potentially introduce additional network latency and points of failures) we focus on teaching an application to fend for itself.
Scott Behrens and Andy Hoernecke are both security evangelists at Netflix focusing on application security engineering as part of the Cloud Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, and a handful of other security conferences. Prior to Netflix, Andy built the application security program for a Fortune 100 retailer, and taught web application security to grad students at DePaul University.
Scott Behrens and Andy Hoernecke are both security evangelists at Netflix focusing on application security engineering as part of the Cloud Security team. Scott loves security research and has previously spoken at DEF CON, Derbycon, Shakacon, and a handful of other security conferences. Prior to Netflix, Andy built the application security program for a Fortune 100 retailer, and taught web application security to grad students at DePaul University.