<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Oliver Lavery

An inquisitive white hat hacker who deems the best way to secure is to first break in, Oliver is the VP of Research at IMMUNIO. Oliver is a brilliant technologist who is constantly evaluating -- determining how to penetrate the world's most secure systems, then figuring out how to protect them. After dropping out of high school to become a full-time hacker, Oliver has seen it all when it comes to IT vulnerabilities. He came to IMMUNIO after realizing the huge potential for RASP technology and evaluating the strength of the software himself (by trying to crack it, of course). Bringing his always curious eye to the organization, along with his deep expertise in computer systems and software code, Oliver has become a foundational part of the IMMUNIO leadership team. Prior to IMMUNIO, Oliver did consulting for some of the world's largest banks at Gotham Digital Science Ltd. There he was tasked with hacking into systems then working to fix the vulnerabilities he identified. Oliver also spent time directing security research at nCircle (now Tripwire), was a manager at Security Compass and Chief Scientist at PivX Solutions.

Recent Posts

Enterprise Information Networks and the Threat Environment

POSTED BY  Oliver Lavery on Jan 19, 2017
Jan 19 2017

Securing an enterprise information system is no trivial task. That is because today’s systems are complex and need to be viewed holistically. No longer can IT security only think of a network as a combination of components that can be protected...

Continue Reading ›

TOPICS     Application Security

Framework Security: Building Self-Protecting Applications

POSTED BY  Oliver Lavery on Nov 29, 2016
Nov 29 2016

The problem with web security

Humans are, alas, highly fallible beings. While we are good at creativity and reason, we are pretty bad at mechanically applying rules and taking care of repetitive tasks. And what is web application security,...

Continue Reading ›

TOPICS     RASP  Web Application Security

How to Build Security into the QA Cycle

POSTED BY  Oliver Lavery on Nov 01, 2016
Nov 01 2016

These days, many companies are developing software with fairly rapid release cycles—every week or even every few days. So testing software security no longer looks like it used to. Spending several days or more analyzing the code for bugs is not...

Continue Reading ›

TOPICS     RASP  Agile development  DevOps

How to Engage Developers in App Security

POSTED BY  Oliver Lavery on Sep 27, 2016
Sep 27 2016

It’s become accepted wisdom that developers and security engineers exist on different planes, and that they’re anything but enthusiastic about collaborating. But with web application security threats proliferating and becoming increasingly...

Continue Reading ›

TOPICS     Vulnerabilities  Application development

Why You Should Automate Security in Agile Development

POSTED BY  Oliver Lavery on Sep 20, 2016
Sep 20 2016

Before agile development went mainstream, manual security and quality assurance methods were considered adequate for many organizations’ needs. But today’s agile and lean development cycles are simply too rapid for manual approaches to web...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Agile development

IoT Botnets: Is Your Website at Risk?

POSTED BY  Oliver Lavery on Sep 06, 2016
Sep 06 2016
It’s no secret at this point that web applications represent a significant weak spot in organizations’ network security. As Verizon reports in its 2016 Data Breach Investigations Report, the single most significant cause of data breaches in... Continue Reading ›

TOPICS     WAF  RASP  Internet of Things

The State of Application Security: Silos and IT Skills Shortages

POSTED BY  Oliver Lavery on Aug 19, 2016
Aug 19 2016

One of the most crucial things organizations can do to improve application security is to better coordinate AppSec methods and practices among developers, architects, and system administrators. This is the best approach to thwarting...

Continue Reading ›

TOPICS     Application Security  Web Application Security

Building Security into the Software Development Lifecycle

POSTED BY  Oliver Lavery on Jul 20, 2016
Jul 20 2016

It’s difficult, if not impossible, to build web application software that’s 100 percent secure. Even with a top-notch development team, mistakes are an inevitable reality of writing software. Some of these software defects can impact security:...

Continue Reading ›

TOPICS     SDLC  Application Security  Web Application Security

Application Defense in Depth – Making your Applications First Class Citizens

POSTED BY  Oliver Lavery on Jul 05, 2016
Jul 05 2016

It’s easier and easier these days to make applications for the web, and businesses are using them at ever increasing rates. So, of course, hackers are spending more time and energy targeting web applications and data. Unfortunately, many...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  Web Application Security

New Rails Vulnerabilities, January 2016

POSTED BY  Oliver Lavery on Jan 26, 2016
Jan 26 2016

Yesterday eight new vulnerabilities were disclosed to the “Ruby on Rails: Security” Google Group. As part of the ongoing development of IMMUNIO, we keep abreast of new vulnerability disclosures that impact our users, and analyze them to ensure we...

Continue Reading ›

TOPICS     Vulnerabilities