<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Prevoty Labs: Rust and Java

Josh Chase | Nov 15, 2016

TL;DR Call Rust from Java using this crate.

Lately, there's been a lot of buzz around Mozilla's relatively new language, Rust. For the unfamiliar, it's a systems programming language that fills the same niche as C or C++ while adding strong memory safety guarantees, a powerful hygienic macro system, first-class function closures, and a type system directly influenced by Haskell - all without requiring a garbage collector. These properties make it an excellent language choice for large projects where security and performance are main concerns.

All of this sounds great for new project development, but what about programs that we’ve already written? Traditionally, if one needed to get more performance out of a high-level language, program bottlenecks could be replaced with bindings to a feature equivalent C library. Fortunately for us, Rust supports compiling to a shared object and presenting a C-compatible interface with no runtime overhead. Since many of the world’s programs run on Java, it's a prime candidate for a low barrier-to-entry FFI helper library.

Continue reading

Topics: Prevoty Technology, Prevoty Labs, rust, java, JNI, Programming Languages

Prevoty Turns Three Years Old and Gets a Web Lift

Julien Bellanger | May 9, 2016

Over the last three years, we went from brainstorming crazy ideas at a kitchen table to creating a new category for securing enterprises applications at runtime. We've captured our top 3 learnings in this blog post and have made some exciting new additions to our website. 

Continue reading

Topics: Company News, RASP, Prevoty Technology, DevOps, Language Security, LANGSEC, Runtime Application Self-Protection, Vulnerability remediation, DevSecOps, Runtime Application Security

Prevoty Runtime Security Continues to Gain Momentum with Product Expansion and Industry Recognition

Arpit Joshipura | Apr 22, 2016

We are thrilled with the momentum Prevoty continues to see this year in the category of runtime application security. To start, we now offer new Web Services capabilities, which allows our customers to integrate attack protection technology into more applications easily and quickly. Additionally, we are continuing to gain industry recognition as a result of two new awards.

First, let’s take a look at our newest product expansion.

Continue reading

Topics: Company News, Prevoty Technology, Language Security, LANGSEC, Web Services

Why LANGSEC for Runtime Application Security? Because Patterns Can't Keep Up

Arpit Joshipura | Mar 10, 2016

Age-old security is broken because it uses antique techniques 

Throughout the past ten years, security methods have remained relatively unchanged. These methods rely solely on signatures, heuristics and dataflow analysis and are focused on defending the networks. The problem is that hackers have learned how to work around predefined network controls. 

The majority of today's firewalls still have to run thousands of patterns to match for known attacks, and false positives and false negatives run high -- making it difficult to determine what is normal. These traditional methods rely on code that is constantly changing. The thing you’re trying to detect is changing because the application itself is always changing, causing solutions to be out of date as soon as they are created.

Continue reading

Topics: WAFs, Startups, Application Security, RASP, Prevoty Technology, Application Security Monitoring, Signatures, Language Security, Innovation, LANGSEC, Heuristics, AppSec, Pattern matching, Cross-site Scripting, Command Injection, Runtime Application Self-Protection, Data Flow Analysis, Vulnerability remediation, SQL Injections, CSRF

Writing your first RPC in Go

Kunal Anand | Sep 25, 2014

On top of developing runtime application self-protection tools, the Prevoty Engineering team is always looking for better technologies to manage our cloud and on-premise service-oriented architectures. A package of the Go standard library that we use extensively is net/rpc - this particular package simplifies the approach and LOC when it comes to developing your own RPC. If you're unfamiliar with Go, then I highly recommend that you take the tour - it's worth it.

Continue reading

Topics: Prevoty Technology

RASP: The next layer of information security

Julien Bellanger | Aug 19, 2014

We all know that enterprise security is a cat and mouse game.  Any company that claims it can guarantee 100% security from hackers is selling snake oil. So the best practice is to raise the bar to make it really, really hard for hackers so that they move on and try to break in somewhere else.  The industry now accepts that a layered approach is the best way to raise the bar, and of course that has translated into significant investments in endpoint protection, next generation firewalls (NGFW], intrusion detection and prevention systems (IDS / IPS), security information and event management systems (SIEMs), data loss prevention (DLP), identity and access management (IAM), etc., etc. 

These layers are of course necessary, but they’re not sufficient any more.

Continue reading

Topics: Application Security, RASP, Prevoty Technology

New Feature: Typed Input Validation for Form Fields

Kunal Anand | Jul 31, 2014

When we started Prevoty, one of our main goals was to give developers a systemic approach for creating and managing secure applications. Our product roadmap began with the ambition of preventing the most difficult OWASP attacks and over the last 18 months, our engineering team has created novel algorithms and technologies to prevent XSS, SQLi and CSRF. On top of that, our team has developed an on-premise version of the Prevoty engine while continuing to support nearly a dozen different SDKs + frameworks (servlet filters and HTTP modules). We've covered a lot of ground in such a short period of time!

Continue reading

Topics: Application Security, Prevoty Technology, Feature Updates

Subscribe to Email Updates