<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

Zaid Al Hamami

A devoted technologist and visionary entrepreneur with a passion for security, Zaid is the Co-Founder and CEO at IMMUNIO. Zaid has a keen eye for marrying innovative product with market opportunity, zeroing in on what solutions will provide impact on a global scale. Born and raised in Jordan, Zaid became a security enthusiast and code junkie in his early teen years. Eventually, he would move to Canada to study and work. Coming of age professionally in parallel with the cloud technology movement, he saw a huge opportunity for Security-as- a-Service, and an extremely ineffective marketplace for realtime web application protection, and founded IMMUNIO to challenge the status quo and redefine how web applications are protected. Prior to founding IMMUNIO, Zaid was head of product management at Canonical/Ubuntu where he was responsible for the entire portfolio of Server and Service products, and an instrumental part of the organization North American and European expansion. Previously, he managed the bulk of the world online air travel technology at SITA. Zaid holds a Bachelor’s in Computer Engineering degree from McGill University, and an MBA from MIT.

Recent Posts

IMMUNIO Joins Forces with Trend Micro !

POSTED BY  Zaid Al Hamami on Nov 27, 2017
Nov 27 2017

Today I am thrilled to announce that IMMUNIO has been acquired by Trend Micro.

Continue Reading ›

TOPICS     Application Security  RASP

The Struts Saga Continues: Groundhog Day All Over Again

POSTED BY  Zaid Al Hamami on Mar 23, 2017
Mar 23 2017

In a previous blog post I talked about the Struts CVE (CVE-2017-5638) that’s affecting much of the Java Web App world these days. A security engineer at IMMUNIO provided his technical perspective as well.

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  RASP  Web Application Security

CVE-2017-5638 - Groundhog Day

POSTED BY  Zaid Al Hamami on Mar 09, 2017
Mar 09 2017

Its one of those weeks. A new, big impact-low effort CVE (CVE-2017-5638). This time it is Java Struts apps. Specifically ones using the Jakarta Multi-Part parser. Again, it is one of those “malformed input in ways no one expected gives me powers...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  DevOps

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

IAST, RASP, and Runtime Instrumentation

POSTED BY  Zaid Al Hamami on Jan 03, 2017
Jan 03 2017

The Application Security Testing (AST) technology market is made up of the following categories:

Continue Reading ›

TOPICS     Application Security  RASP

The Contrast Between Today's RASP Approaches

POSTED BY  Zaid Al Hamami on Nov 10, 2016
Nov 10 2016

Runtime application self-protection is a hot topic in the security world these days. This emerging technology is generating a lot of excitement and interest from investors, entrepreneurs and technologists. Yet, not all RASP is created equal....

Continue Reading ›

TOPICS     WAF vs. RASP  RASP  Web Application Security

Death, Taxes, and Data Breaches

POSTED BY  Zaid Al Hamami on May 31, 2016
May 31 2016

Benjamin Franlin said that only two things are certain in life: death, and taxes. With the advent of the internet, a third certainty arises: data breaches.

Continue Reading ›

TOPICS     Application Security  Web Application Security  Stolen Credentials

Reducing Your Breach Risk

POSTED BY  Zaid Al Hamami on May 12, 2016
May 12 2016

Every year, the fine folks at Verizon Enterprise, along with a slew of the world’s major networking/telecom companies, financial institutions, cybersecurity technology firms, a number of government agencies, and computer emergency response teams,...

Continue Reading ›

TOPICS     Vulnerabilities  Application Security  RASP

Web Application Security: Four Fundamental Truths

POSTED BY  Zaid Al Hamami on Apr 26, 2016
Apr 26 2016

Your web applications have a larger attack surface than you probably have ever imagined. No, I’m not looking to raise the paranoia level, but I do want to point out a few fundamental truths of web security that, once you take them on board, will...

Continue Reading ›

TOPICS     RASP  Web Application Security