The Art of Anti-Exploitation: Defeating RCE Exploits in Web Apps |
Abstract
Remote code execution (RCE) exploits are the most dangerous class of web application vulnerabilities. Successfully exploiting an RCE vulnerability allows an attacker to backdoor web applications, exfiltrate sensitive information, and expand their reach by moving laterally within an organization. A number of attack vectors including OS command injection, deserialization, EL injection, and the use of vulnerable 3rd party libraries and frameworks can all be leveraged to achieve RCE. Despite their criticality, little progress has been made to protect applications against RCE vulnerabilities in over a decade. This presentation will cover the use of advanced OS sandboxing technologies including SELinux, AppArmor and custom techniques to detect and defeat both known and 0-day RCE exploits, all without modifying a line of code. |