<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

The Struts Saga Continues: Groundhog Day All Over Again

POSTED BY  Zaid Al Hamami on Mar 23, 2017
Mar 23 2017

In a previous blog post I talked about the Struts CVE (CVE-2017-5638) that’s affecting much of the Java Web App world these days. A security engineer at IMMUNIO provided his technical perspective as well.

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  RASP  Web Application Security

Will it Pwn CVE-2017-5638: Remote Code Execution in Apache Struts 2?

POSTED BY  Ajin Abraham on Mar 13, 2017
Mar 13 2017

A few days back Nike Zheng reported a Remote Code Execution vulnerability in Apache Struts2. The vulnerability exploits a bug in Jakarta's Multipart parser used by Apache Struts2 to achieve remote code execution by sending a crafted Content-Type...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security

Using RASP to Make Bug Bounty Programs More Efficient

POSTED BY  Mike Milner on Feb 16, 2017
Feb 16 2017

Bug bounty programs have gained popularity throughout the tech industry, cropping up at tech giants such as Facebook, Google, and more recently Apple. The programs effectively crowdsource manual penetration testing (pen testing), allowing users...

Continue Reading ›

TOPICS     RASP

Improve Productivity Across Your Organization with RASP

POSTED BY  Richard April on Feb 09, 2017
Feb 09 2017

Every innovation today revolves around streamlining. We seek the fastest way to get from point A to point B, the fastest way to shop, pay, interact with each other and with other devices, etc. People simply do not have the time to spend that they...

Continue Reading ›

TOPICS     RASP

Stop Account Takeover in its Tracks

POSTED BY  Mike Milner on Jan 10, 2017
Jan 10 2017

It seems that everyday we see headlines announcing a data breach that resulted in theft of information for hundreds of thousands, millions, or even billions of users. These are clearly brand damaging headlines, and the numbers are certainly...

Continue Reading ›

TOPICS     RASP  Account Takeover  Stolen Credentials

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

IAST, RASP, and Runtime Instrumentation

POSTED BY  Zaid Al Hamami on Jan 03, 2017
Jan 03 2017

The Application Security Testing (AST) technology market is made up of the following categories:

Continue Reading ›

TOPICS     Application Security  RASP

Web Application Health

POSTED BY  Mike Milner on Dec 22, 2016
Dec 22 2016

The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access...

Continue Reading ›

TOPICS     RASP  Web Application Security

RASP and Security Against Internal Breaches

POSTED BY  Mike Milner on Dec 13, 2016
Dec 13 2016

As companies consider their application security posture, it is critical to remember that breaches can come from both outside and inside the company and its trust boundaries. Internal threats require just as much protection as external risks.

Continue Reading ›

TOPICS     Insider  Application Security  RASP

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

POSTED BY  Mike Milner on Dec 01, 2016
Dec 01 2016

Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security  Mobile App Security