Application Security - Smart, Fast, Simple
Ojas platform emerged out of trying to build a solution to detect and prevent data leaks from web applications. Traditional WAFs are good at protecting OWASP top 10 but do little more than that. Our goal was to go beyond that and build something that allows web developers/DevOps folks to test and deploy more robust Web Applications. We figured if we could enable them to leverage the state of the art
machine learning algorithms to understand how their apps are being used and use this knowledge to detect anomalous interactions with the apps, then we would enable them to build more robust and secure services. Our challenge was to build a system that could:
1. scale to a million+ packets processed in a second
2. perform complex correlations by looking up million+ entries in a second
As a result what we started building ended up being a near real-time system that inspects packets streaming from some source(s). We set out by leveraging streaming big data tools such as Storm and Spark and ingesting packets from a proxy such as mitmproxy or ratproxy. However, we wanted both the correlation engine (storm/spark) and the proxies to be able to scale naturally by just increasing the computes dedicated to each of these functions. So we added Kafka as our message broker that allowed the proxies to serve content to our correlation engine.
Our fundamental goal was to be able to apply the search metaphor to packets and to be able to correlate incoming packets across a massive dataset of previously recorded signals (from IDS, WAFs, FWs etc.)
We also wanted folks to quickly try it out and extend it to fit their own custom environments/use-cases and hope to standardize the platform as more feature-requests emerge. To that effect, we have created a [all-in-one vm] that you could download and run locally. The VM contains all the tools installed and pre-configured using a single setup script. We also provide a simple Rails dashboard that polls a Flask REST server that in turn queries an underlying Mongo datastore.
Download the VM from here
$ cd your_repo_root/repo_name
$ git fetch origin
$ git checkout gh-pages
Dhananjay 'dj' Sampath (@dsampath) Brian Lazear (@blazear)
Having trouble with Pages? Check out the documentation at http://help.github.com/pages or contact support@github.com and we’ll help you sort it out.