This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Custom Intrusion Detection Techniques for Monitoring Web Applications

Jump to: navigation, search

The presentation

Owasp logo normal.jpg
This talk will discuss leveraging in-house specific architecture knowledge to build custom detection methodologies. One of the very few advantages defenders have against attackers, at least at the beginning, is an intimate (we hope) knowledge of the underlying architectures and process flows for a web front. Combining this knowledge with Netflow analysis and generation software, as well as the Snort IDS system, a custom detection system can be built to provide unique, implementation-specific detection. We will look at the Snort rules and preprocessors specifically geared towards web-based protocols including in depth technical reviews of functionality added in recent Snort updates. We'll also look at how Netflow data can be generated (both from network devices and servers) and how it, along with the data from Snort, can be used to provide a broader security picture.

The speakers

Matthew Olney is a research engineer with Sourcefire's Vulnerability Research Team. In addition to his time at Sourcefire, he has worked in network and security operations groups at Network Solutions, Verisign and U.s. Government organizations.