<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Why RASP is the Third Pillar of Application Security

Arpit Joshipura | Apr 12, 2016

According to recent research we conducted with the Ponemon Institute, one in two enterprises today admit that they need better application security — demonstrating both the scope and the reality of the problem.

Continue reading

Topics: RASP, Tech Zone, SAST, LANGSEC, DAST, Pattern matching, Runtime Application Self-Protection, Dynamic Application Security Testing, Runtime Application Security, Static Application Security Testing

Sinking Your Hooks In Applications

Joe Rozner | Oct 21, 2015

The application security space has grown up. The focus shifted from security at the perimeter to security where the attacks are actually happening. As attacks on applications proliferate, it’s become abundantly clear that there is a real problem in the software we build. We as modern companies have a lot of applications: legacy applications, applications we don’t even have the source to anymore, and applications we’re unable to modify due to a lack of resources.

Over the past two and a half years, our team has focused not only on building the bleeding edge in application security technology but also on making it easier than ever to integrate into all kinds of applications as seamlessly as possible. Richard Meester and I recently had the opportunity to present at OWASP’s AppSecUSA conference in San Francisco and share with the the attendees how we at Prevoty do what we do. This post summarizes what Richard and I covered in our talk, which details our techniques for using middleware and instrumentation as methods for introducing tooling into applications and improving security.

Continue reading

Topics: Application Security, Tech Zone, Industry commentary

Does JWT put your web app at risk?

Joe Rozner | Jun 10, 2015

If you’ve read any of the recent articles1,2, about how JSON Web Token (JWT) could be the next hot thing in HTTP sessions,

you may be thinking to yourself: “I should go re-write my authentication layer to use it.”  Before you dive right in, you may want to consider some of the security implications that JWT introduces.

As context, the Prevoty engineering team is currently in the process of re-writing our management console. Recently, an engineer proposed JWT as a solution for handling our sessions client-side - rather than storing and managing them on the server. After weighing the options, we’ve chosen to not implement with JWT. This post will explore the reasons and motivations why we opted not to.

Continue reading

Topics: Prevoty Labs, Tech Zone

Subscribe to Email Updates