<iframe src="//www.googletagmanager.com/ns.html?id=GTM-KXSCJR" height="0" width="0" style="display:none;visibility:hidden">

Hindsight is 20-15: Recent Web Attacks Prove Application Security is Broken

Arpit Joshipura | Apr 28, 2016

A look at the last 6 months of web application attacks show an interesting trend. Hackers are bypassing traditional defenses like firewalls that are based on methods like signatures, heuristics and data flow analysis. This post outlines how these recent attacks were carried out, what could have been done to prevent them, and whether runtime application security would be an appropriate solution for protecting against future attacks (as opposed to traditional perimeter solutions).

Continue reading

Topics: WAFs, Application Security, Language Security, LANGSEC, SQLi, Data Breaches, Runtime Application Security, SQL Injections

Why LANGSEC for Runtime Application Security? Because Patterns Can't Keep Up

Arpit Joshipura | Mar 10, 2016

Age-old security is broken because it uses antique techniques 

Throughout the past ten years, security methods have remained relatively unchanged. These methods rely solely on signatures, heuristics and dataflow analysis and are focused on defending the networks. The problem is that hackers have learned how to work around predefined network controls. 

The majority of today's firewalls still have to run thousands of patterns to match for known attacks, and false positives and false negatives run high -- making it difficult to determine what is normal. These traditional methods rely on code that is constantly changing. The thing you’re trying to detect is changing because the application itself is always changing, causing solutions to be out of date as soon as they are created.

Continue reading

Topics: WAFs, Startups, Application Security, RASP, Prevoty Technology, Application Security Monitoring, Signatures, Language Security, Innovation, LANGSEC, Heuristics, AppSec, Pattern matching, Cross-site Scripting, Command Injection, Runtime Application Self-Protection, Data Flow Analysis, Vulnerability remediation, SQL Injections, CSRF

The WAF is dead (or at least dormant)

Julien Bellanger | May 5, 2014

photo by Taylor Leopold

Over the last year, my co-founder and I have pitched hundreds of CISOs, CSOs and security specialists and CIOs on Prevoty’s new runtime approach to application security. In just about every conversation, we ended up discussing Web Application Firewalls (WAFs) and arriving at some surprising conclusions.

The summary of these conversations went something like this:

Continue reading

Topics: WAFs

Debunking the Top 4 Myths of Web Application Security

Kunal Anand | Apr 7, 2014

 photo by sylwia bartel

Despite efforts to incorporate security into the web application, enterprises find themselves forced to take shortcuts, so they can address other security projects. Meanwhile, user content continues to be unprotected, resulting in fire drills between the web developers and security team. We've highlighted a few myths that top security experts and leaders have shared with us to debunk common misconceptions of web application security:

Continue reading

Topics: WAFs, Application Security

Subscribe to Email Updates