<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Signatures Are Dead, Now What?

Kunal Anand | Sep 20, 2016


(Image source: InfoSecurity Magazine)

Continue reading

Topics: Signatures, Language Security, LANGSEC, Data Flow Analysis

Why LANGSEC for Runtime Application Security? Because Patterns Can't Keep Up

Arpit Joshipura | Mar 10, 2016

Age-old security is broken because it uses antique techniques 

Throughout the past ten years, security methods have remained relatively unchanged. These methods rely solely on signatures, heuristics and dataflow analysis and are focused on defending the networks. The problem is that hackers have learned how to work around predefined network controls. 

The majority of today's firewalls still have to run thousands of patterns to match for known attacks, and false positives and false negatives run high -- making it difficult to determine what is normal. These traditional methods rely on code that is constantly changing. The thing you’re trying to detect is changing because the application itself is always changing, causing solutions to be out of date as soon as they are created.

Continue reading

Topics: WAFs, Startups, Application Security, RASP, Prevoty Technology, Application Security Monitoring, Signatures, Language Security, Innovation, LANGSEC, Heuristics, AppSec, Pattern matching, Cross-site Scripting, Command Injection, Runtime Application Self-Protection, Data Flow Analysis, Vulnerability remediation, SQL Injections, CSRF

Six Application Security Predictions for 2016

Arpit Joshipura | Jan 22, 2016

This post originally appeared on CSO Online.

2016 is upon us and it is time to review what we think will happen in the world of application security in this fast-paced world. Security is always evolving just as attacks, hacks and vulnerabilities shift and as new technologies enter the landscape. Security must adapt in order to protect businesses, consumers and treasured data. Can today’s security practices achieve security assurances, rooted in sound computability theory? We believe so.

Continue reading

Topics: Application Security, RASP, Industry commentary, DevOps, Signatures