Immunizing vulnerable web applications with AppArmor

Linux Security Modules like AppArmor can be a great tool for immunizing applications against their known and unknown vulnerabilities. It can be used for preventing successful exploitation of 0day vulnerabilities, understanding application activity and isolating affected processes as part of incident response without causing service downtime. There are more and more use cases and possibilities, but adoption of these technologies is far from trivial. This talk gives a comprehensive walk-through of using AppArmor for immunizing a web service written in Python, attack vectors and their mitigations via AppArmor, the basic steps of profile development and a simple example of implementing privilege separation.