<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Signatures Are Dead, Now What?

Kunal Anand | Sep 20, 2016


(Image source: InfoSecurity Magazine)

Continue reading

Topics: Signatures, Language Security, LANGSEC, Data Flow Analysis

How to mitigate vulnerabilities in production that can't be fixed immediately, featuring WhiteHat Security

Audrey Sunu | Sep 19, 2016

In a new webcast, Shift your Application Security Program into Overdrive, Michael Goldgolf of WhiteHat Security and Arpit Joshipura of Prevoty discuss the strains of time-to-remediation on vulnerability management and how to address gaps. The novel solution might surprise you.

Continue reading

Topics: Partnerships & Integrations, SAST, DAST, Runtime Application Self-Protection, Vulnerability remediation, Dynamic Application Security Testing, Static Application Security Testing, WhiteHat Security

What Questions Would a CISO Ask About Prevoty Runtime Security?

Audrey Sunu | Sep 12, 2016

Dr. Edward G. Amoroso, former CISO
of AT&T and now founding CEO of TAG Cyber, is dedicated to advancing the practice of information security and make best-in-class knowledge available to the community of security leaders. In this excerpt from his new three-part report, he interviews Julien Bellanger, CEO and Co-Founder of Prevoty about runtime technologies and the future of application security.

Continue reading

Topics: Application Security, RASP, Industry commentary, AppSec, Runtime Application Self-Protection, Runtime Application Security, TAG Cyber

RASP: The Proof is in the Pudding

Dr. Edward G. Amoroso | Sep 8, 2016

ed2.jpegThis guest post was written by Dr. Edward G. Amoroso, Former SVP and CSO of AT&T; Current CEO of TAG Cyber, LLC. 

Continue reading

Topics: RASP, Industry commentary, Guest Contributions, Runtime Application Security, TAG Cyber

IANS Helps You Get A Grasp On RASP

Audrey Sunu | Jul 20, 2016

The most frequent question we get about RASP is whether or not it is 'enterprise-grade'. With so much noise and fanfare in the cybersecurity industry, it’s hard to distinguish true, scalable innovation from the rest. New technologies undergo some growing pains and are often met with a healthy dose of skepticism before they are adopted as the norm. 

Prominent information security advisory and consulting firm IANS Research took on the challenge of evaluating the efficacy of Runtime Application Self-Protection (RASP) and recently released a research report called Getting A Grasp On RASP. The report, developed by IANS faculty Paul Asadoorian, provides a much-needed overview of the burgeoning space and parses the pros and cons of these new tools. 

Continue reading

Topics: Application Security, RASP, Runtime Application Self-Protection, Runtime Application Security, IANS Research

Is the Gap Between IT and Security Professionals the Real Root Cause of Breaches?

Audrey Sunu | Jul 11, 2016

We recently released a report, The Real Root Cause of Breaches, which revealed that there is a damaging divide between general IT professionals and specialized security professionals when it comes to perception and implementation of application security in enterprises. Check out the infographic below: 

Continue reading

Topics: Application Security, Vulnerability remediation, Information Technology, Security Research

The Future of Application Security Depends On Our Infrastructure

Julien Bellanger | Jun 13, 2016

To say that the future of application security depends on our infrastructure may sound controversial -- especially coming from a runtime application security startup founder.

Don’t get me wrong. Our vision is still the same: application security has to be done at the application layer, and more so than ever, that security must be embedded in the application.

Continue reading

Topics: Application Security, RASP, Language Security, LANGSEC, AppSec, Runtime Application Self-Protection, Vulnerability remediation, Runtime Application Security, Infrastructure

The Focus Has Shifted: Application Security is in the Limelight

Arpit Joshipura | May 24, 2016

I am pleased to report that after a period of calm, the media is now buzzing with great stories on application security. These stories give great insights, statistics and actionable guidance for CISO and Security executives.

Applications have taken on an important business role, acting as the heart of companies and generating millions of dollars in revenue. But, until recently application security was not a focus. But now, we are excited to see an influx in media coverage around this extremely important topic. Here are a few of our favorites:

Continue reading

Topics: Application Security, DevOps, Vulnerability remediation, DevSecOps, SQLi, SQL Injections

Prevoty Turns Three Years Old and Gets a Web Lift

Julien Bellanger | May 9, 2016

Over the last three years, we went from brainstorming crazy ideas at a kitchen table to creating a new category for securing enterprises applications at runtime. We've captured our top 3 learnings in this blog post and have made some exciting new additions to our website. 

Continue reading

Topics: Company News, RASP, Prevoty Technology, DevOps, Language Security, LANGSEC, Runtime Application Self-Protection, Vulnerability remediation, DevSecOps, Runtime Application Security

Hindsight is 20-15: Recent Web Attacks Prove Application Security is Broken

Arpit Joshipura | Apr 28, 2016

A look at the last 6 months of web application attacks show an interesting trend. Hackers are bypassing traditional defenses like firewalls that are based on methods like signatures, heuristics and data flow analysis. This post outlines how these recent attacks were carried out, what could have been done to prevent them, and whether runtime application security would be an appropriate solution for protecting against future attacks (as opposed to traditional perimeter solutions).

Continue reading

Topics: WAFs, Application Security, Language Security, LANGSEC, SQLi, Data Breaches, Runtime Application Security, SQL Injections