…definition. As I am working on my research project related to denial of service mitigation, I come across the concept of “application DoS.” Sadly, just as many things in security industry, labeled with "application something" (application security monitoring anybody?), this one is not clearly defined. This lack of clarity leads to missed requirements and misplaced [...]
Entries Categorized as 'application'
by Anton Chuvakin | May 3, 2012 | 8 Comments
by Anton Chuvakin | March 15, 2012 | 3 Comments
As I mentioned in “Many Faces of Application Security Monitoring,” the industry has not yet figured out what application security monitoring (ASM) is yet. For that reason, a lot of the guidance, while useful, stays at high-level and does not dive to details. This also leads to a weird kind of disconnect in conversations since [...]
by Anton Chuvakin | February 2, 2012 | 20 Comments
Everybody knows what “network security monitoring” actually is (even if not everybody is DOING it…). There is a whole book on the subject. In addition, there is a shared understanding in security community about it. Specifically, NSM includes various logs/alerts, packets, flows, session captures, etc. However, what is “application security monitoring” (ASM)? As I am [...]