The application security space has grown up. The focus shifted from security at the perimeter to security where the attacks are actually happening. As attacks on applications proliferate, it’s become abundantly clear that there is a real problem in the software we build. We as modern companies have a lot of applications: legacy applications, applications we don’t even have the source to anymore, and applications we’re unable to modify due to a lack of resources.
Over the past two and a half years, our team has focused not only on building the bleeding edge in application security technology but also on making it easier than ever to integrate into all kinds of applications as seamlessly as possible. Richard Meester and I recently had the opportunity to present at OWASP’s AppSecUSA conference in San Francisco and share with the the attendees how we at Prevoty do what we do. This post summarizes what Richard and I covered in our talk, which details our techniques for using middleware and instrumentation as methods for introducing tooling into applications and improving security.