<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Building bridges in a fractured security ecosystem

Audrey Sunu | Dec 7, 2015

CSO Online contributing writer Kacy Zurkus recently interviewed Prevoty CEO Julien Bellanger for a news piece on contemporary approaches to securing legacy applications. Kacy's analysis uncovered an attack environment that is changing rapidly. The full article, which is cited below, originally appeared here

Continue reading

Topics: Application Security, Legacy Apps, Industry commentary, DevOps

AppSec in the News: November Roundup

Audrey Sunu | Dec 3, 2015

The security industry is constantly morphing to address new threats and needs, which is why we find it so important to stay up to date. Below is an industry news roundup from November.

Five reasons why hackers easily get in, CSO

Vulnerable web applications have become the weakest link in major breaches. Yet, most organizations have still not implemented any type of application security to protect them.

Continue reading

Topics: Application Security, Industry commentary

Sinking Your Hooks In Applications

Joe Rozner | Oct 21, 2015

The application security space has grown up. The focus shifted from security at the perimeter to security where the attacks are actually happening. As attacks on applications proliferate, it’s become abundantly clear that there is a real problem in the software we build. We as modern companies have a lot of applications: legacy applications, applications we don’t even have the source to anymore, and applications we’re unable to modify due to a lack of resources.

Over the past two and a half years, our team has focused not only on building the bleeding edge in application security technology but also on making it easier than ever to integrate into all kinds of applications as seamlessly as possible. Richard Meester and I recently had the opportunity to present at OWASP’s AppSecUSA conference in San Francisco and share with the the attendees how we at Prevoty do what we do. This post summarizes what Richard and I covered in our talk, which details our techniques for using middleware and instrumentation as methods for introducing tooling into applications and improving security.

Continue reading

Topics: Application Security, Tech Zone, Industry commentary

Why DevOps Fails At Application Security

Julien Bellanger | Oct 15, 2015

In a recent survey of developers, nearly half of respondents admit to releasing applications with known vulnerabilities at least 80 percent of the time.


This post originally appeared on DarkReading.com

 

Continue reading

Topics: SSDLC, Application Security, DevOps

Your Enterprise Application Portfolio: Large, Complex, Unwieldy – and Essential

Derek Brink | Oct 14, 2015

If information is the lifeblood of the modern enterprise, then by analogy applications are the beating heart of the enterprise that enables this information to flow freely throughout the corporate body – to the users and business processes that need it, when they need it (any time), and where they need it (from any location, on any device, over any network). By all measures, your enterprise’s portfolio of applications is essential to its pursuit of its strategic business objectives.

Continue reading

Topics: Application Security, Industry commentary, Guest Contributions

Application security needs to be shored up now

Audrey Sunu | Sep 14, 2015

CSO Online discusses the uprising of application security and its newfound importance in the past few years due to the large number of data breaches.

Continue reading

Topics: Application Security, Industry commentary

The modern application environment is complex & unwieldy. How do Visa, Hulu, and MSU secure it?

Audrey Sunu | Sep 8, 2015

Is the security of the modern application environment finally getting more of the attention it deserves? 

2015 marks a shift in the way enterprises interpret the risks associated with their applications. Not only have we learned that the highest number of confirmed data breaches over the past decade has been attacks on web applications1, but the average enterprise's portfolio of applications is growing -- and fast. New application security methodologies also emerge, including Runtime Application Self-Protection (RASP). People often wonder: What is RASP? Is it equipped to handle the next generation of threats? Will it live up to its expectations? 

Continue reading

Topics: Application Security, RASP, Industry commentary

Top 3 biggest mistakes enterprises make in application security

Audrey Sunu | Aug 24, 2015

Prevoty CEO Julien Bellanger wrote a guest post on Help Net Security outlining the three most common mistakes that enterprises make when securing their applications. Despite increased investment in network and endpoint security, the industry still has a ways to go before we can confidently assert that organizations are doing everything they can to protect their applications -- which house the most sensitive data.

Continue reading

Topics: Application Security, RASP

Current State: A New Podcast About the Security of Everything

Audrey Sunu | Jul 15, 2015

Chief technologist, photographer, electronic musician and now...security talk show host?

As an experienced security and engineering leader with many extracurricular talents, Prevoty co-founder and CTO Kunal Anand (@ka) is never short on fascinating anecdotes and interesting friends. Today, we're happy to show our support for Kunal's personal passion project: Current State, a new podcast on all things security, where he casually picks the brains of his most colorful contemporaries (including security experts, startup and technology leaders, industry investors, and more). 

Continue reading

Topics: Application Security, Podcast

Securing Production Applications: Performance Matters

Julien Bellanger | Jun 25, 2015

Ever since we deployed to our first customer in late 2013, there have been three consistent criteria that our customers consider when they are evaluating Prevoty or other RASP technologies: 

  • Efficacy – does the solution accurately identify malicious behavior?
  • Scalability – can the solution scale to support hundreds or thousands of applications?
  • Performance – what impact does the solution have on my applications? 
Continue reading

Topics: Company News, Application Security, RASP