<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Hindsight is 20-15: Recent Web Attacks Prove Application Security is Broken

Arpit Joshipura | Apr 28, 2016

A look at the last 6 months of web application attacks show an interesting trend. Hackers are bypassing traditional defenses like firewalls that are based on methods like signatures, heuristics and data flow analysis. This post outlines how these recent attacks were carried out, what could have been done to prevent them, and whether runtime application security would be an appropriate solution for protecting against future attacks (as opposed to traditional perimeter solutions).

Continue reading

Topics: WAFs, Application Security, Language Security, LANGSEC, SQLi, Data Breaches, Runtime Application Security, SQL Injections

Prevoty Runtime Security Continues to Gain Momentum with Product Expansion and Industry Recognition

Arpit Joshipura | Apr 22, 2016

We are thrilled with the momentum Prevoty continues to see this year in the category of runtime application security. To start, we now offer new Web Services capabilities, which allows our customers to integrate attack protection technology into more applications easily and quickly. Additionally, we are continuing to gain industry recognition as a result of two new awards.

First, let’s take a look at our newest product expansion.

Continue reading

Topics: Company News, Prevoty Technology, Language Security, LANGSEC, Web Services

Why RASP is the Third Pillar of Application Security

Arpit Joshipura | Apr 12, 2016

According to recent research we conducted with the Ponemon Institute, one in two enterprises today admit that they need better application security — demonstrating both the scope and the reality of the problem.

Continue reading

Topics: RASP, Tech Zone, SAST, LANGSEC, DAST, Pattern matching, Runtime Application Self-Protection, Dynamic Application Security Testing, Runtime Application Security, Static Application Security Testing

Why Security & DevOps Can’t Be Friends (Or Can They?)

Kunal Anand | Mar 16, 2016

football.jpegLegacy applications are a brush fire waiting to happen. But retrofitting custom code built in the early 2000's is just a small part of the application security problem.

Security hasn’t changed much in the last 10 years. Companies still use pattern matching and pattern-based defenses which aren’t enough to protect websites and company data from the bad guys. Hackers continuously find unique ways to create fuzzing techniques or to perform fuzzing to create new exploits, and a lot of companies can’t run regular expressions, and most can’t use pattern matching to defeat that. 

In order to protect against cross-site scripting (XSS) or SQL injection (SQLi), why not look at application security through the lens of a web browser or a database engine? What if there was a unique way to solve these problems instead of just solving it at the perimeter? Why don't companies protect from within the application where they have access to contacts and important contextual information? Most say it's lag time, or performance issues that inhibit this kind of solution. But I’m not so sure.

Continue reading

Topics: Application Security, Legacy Apps, DevOps, Language Security, xss, LANGSEC, Pattern matching, Cross-site Scripting, Runtime Application Self-Protection, Vulnerability remediation, Agile Security, fuzzing, DevSecOps, CVE Vulnerabilities, Runtime Application Security, SQL Injections, CSRF

Why LANGSEC for Runtime Application Security? Because Patterns Can't Keep Up

Arpit Joshipura | Mar 10, 2016

Age-old security is broken because it uses antique techniques 

Throughout the past ten years, security methods have remained relatively unchanged. These methods rely solely on signatures, heuristics and dataflow analysis and are focused on defending the networks. The problem is that hackers have learned how to work around predefined network controls. 

The majority of today's firewalls still have to run thousands of patterns to match for known attacks, and false positives and false negatives run high -- making it difficult to determine what is normal. These traditional methods rely on code that is constantly changing. The thing you’re trying to detect is changing because the application itself is always changing, causing solutions to be out of date as soon as they are created.

Continue reading

Topics: WAFs, Startups, Application Security, RASP, Prevoty Technology, Application Security Monitoring, Signatures, Language Security, Innovation, LANGSEC, Heuristics, AppSec, Pattern matching, Cross-site Scripting, Command Injection, Runtime Application Self-Protection, Data Flow Analysis, Vulnerability remediation, SQL Injections, CSRF

Six Application Security Predictions for 2016

Arpit Joshipura | Jan 22, 2016

This post originally appeared on CSO Online.

2016 is upon us and it is time to review what we think will happen in the world of application security in this fast-paced world. Security is always evolving just as attacks, hacks and vulnerabilities shift and as new technologies enter the landscape. Security must adapt in order to protect businesses, consumers and treasured data. Can today’s security practices achieve security assurances, rooted in sound computability theory? We believe so.

Continue reading

Topics: Application Security, RASP, Industry commentary, DevOps, Signatures

Hear from the Founders: The WhiteHat Security & Prevoty Partnership [VIDEO]

Audrey Sunu | Jan 19, 2016

As you may have heard, Prevoty and WhiteHat Security have combined forces to offer up a first-in-kind application security testing and automatic runtime protection capability. Recently, we had the opportunity to ask the founders directly: why create a joint offering? How does this shape the way we secure our applications?

Continue reading

Topics: Company News, Application Security, RASP, Partnerships & Integrations, SAST, DAST

Building bridges in a fractured security ecosystem

Audrey Sunu | Dec 7, 2015

CSO Online contributing writer Kacy Zurkus recently interviewed Prevoty CEO Julien Bellanger for a news piece on contemporary approaches to securing legacy applications. Kacy's analysis uncovered an attack environment that is changing rapidly. The full article, which is cited below, originally appeared here

Continue reading

Topics: Application Security, Legacy Apps, Industry commentary, DevOps

AppSec in the News: November Roundup

Audrey Sunu | Dec 3, 2015

The security industry is constantly morphing to address new threats and needs, which is why we find it so important to stay up to date. Below is an industry news roundup from November.

Five reasons why hackers easily get in, CSO

Vulnerable web applications have become the weakest link in major breaches. Yet, most organizations have still not implemented any type of application security to protect them.

Continue reading

Topics: Application Security, Industry commentary

Sinking Your Hooks In Applications

Joe Rozner | Oct 21, 2015

The application security space has grown up. The focus shifted from security at the perimeter to security where the attacks are actually happening. As attacks on applications proliferate, it’s become abundantly clear that there is a real problem in the software we build. We as modern companies have a lot of applications: legacy applications, applications we don’t even have the source to anymore, and applications we’re unable to modify due to a lack of resources.

Over the past two and a half years, our team has focused not only on building the bleeding edge in application security technology but also on making it easier than ever to integrate into all kinds of applications as seamlessly as possible. Richard Meester and I recently had the opportunity to present at OWASP’s AppSecUSA conference in San Francisco and share with the the attendees how we at Prevoty do what we do. This post summarizes what Richard and I covered in our talk, which details our techniques for using middleware and instrumentation as methods for introducing tooling into applications and improving security.

Continue reading

Topics: Application Security, Tech Zone, Industry commentary