<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Why Security & DevOps Can’t Be Friends (Or Can They?)

Kunal Anand | Mar 16, 2016

football.jpegLegacy applications are a brush fire waiting to happen. But retrofitting custom code built in the early 2000's is just a small part of the application security problem.

Security hasn’t changed much in the last 10 years. Companies still use pattern matching and pattern-based defenses which aren’t enough to protect websites and company data from the bad guys. Hackers continuously find unique ways to create fuzzing techniques or to perform fuzzing to create new exploits, and a lot of companies can’t run regular expressions, and most can’t use pattern matching to defeat that. 

In order to protect against cross-site scripting (XSS) or SQL injection (SQLi), why not look at application security through the lens of a web browser or a database engine? What if there was a unique way to solve these problems instead of just solving it at the perimeter? Why don't companies protect from within the application where they have access to contacts and important contextual information? Most say it's lag time, or performance issues that inhibit this kind of solution. But I’m not so sure.

Continue reading

Topics: Application Security, Legacy Apps, DevOps, Language Security, xss, LANGSEC, Pattern matching, Cross-site Scripting, Runtime Application Self-Protection, Vulnerability remediation, Agile Security, fuzzing, DevSecOps, CVE Vulnerabilities, Runtime Application Security, SQL Injections, CSRF

Building bridges in a fractured security ecosystem

Audrey Sunu | Dec 7, 2015

CSO Online contributing writer Kacy Zurkus recently interviewed Prevoty CEO Julien Bellanger for a news piece on contemporary approaches to securing legacy applications. Kacy's analysis uncovered an attack environment that is changing rapidly. The full article, which is cited below, originally appeared here

Continue reading

Topics: Application Security, Legacy Apps, Industry commentary, DevOps

How to Secure Legacy Applications

Audrey Sunu | Jul 7, 2014

We were fortunate to have our CTO, Kunal Anand, interviewed by Eric Chabrow, Executive Editor of Information Security Media Group (ISMG) at the Garter Security & Risk Management Summit recently on the challenge of securing vulnerable legacy applications.

Here's a recap: 

Continue reading

Topics: Application Security, Legacy Apps

Subscribe to Email Updates