<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

The Struts Saga Continues: Groundhog Day All Over Again

POSTED BY  Zaid Al Hamami on Mar 23, 2017
Mar 23 2017

In a previous blog post I talked about the Struts CVE (CVE-2017-5638) that’s affecting much of the Java Web App world these days. A security engineer at IMMUNIO provided his technical perspective as well.

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  RASP  Web Application Security

Why Signature Based Security is Only the First Step

POSTED BY  Richard April on Feb 07, 2017
Feb 07 2017

Think of the security infrastructure of your application as its doctor. When working properly, it diagnoses threats to your system and prescribes the right course of action to keep that threat from infecting your application - much the way your...

Continue Reading ›

TOPICS     AppSec Tools  WAF vs. RASP

The Contrast Between Today's RASP Approaches

POSTED BY  Zaid Al Hamami on Nov 10, 2016
Nov 10 2016

Runtime application self-protection is a hot topic in the security world these days. This emerging technology is generating a lot of excitement and interest from investors, entrepreneurs and technologists. Yet, not all RASP is created equal....

Continue Reading ›

TOPICS     WAF vs. RASP  RASP  Web Application Security

Going Beyond WAFs: Targeted, Accurate, Real-Time Application Protection

POSTED BY  Richard April on Oct 18, 2016
Oct 18 2016

New threats to web applications are emerging all the time. Your organization’s defenses need to keep pace with these new threats. Organizations that rely primarily on Web Application Firewalls (WAFs) to safeguard against common application...

Continue Reading ›

TOPICS     Application Security  AppSec Tools  WAF vs. RASP

How RASP Works: A Primer

POSTED BY  Goran Begic on Oct 13, 2016
Oct 13 2016

Developers are embracing dynamic languages like Python, Node.js, and Java to build complex web applications, but the increasing pace of development adds to the difficulty of securing these apps. Runtime Application Self-Protection, or RASP, is an...

Continue Reading ›

TOPICS     WAF vs. RASP  Nodejs  Python

Who’s Responsible for Weak Passwords?

POSTED BY  Mike Milner on Sep 14, 2016
Sep 14 2016

When people choose weak passwords and reuse them across websites, they bear some responsibility for security breaches that impact them. Historically, this was where it stopped: if you got hacked, it was your fault. But as Account Takeover (ATO)...

Continue Reading ›

TOPICS     WAF vs. RASP  Internet of Things  Stolen Credentials

Password Woes Dominate the News This Week

POSTED BY  Maria Lee on Sep 09, 2016
Sep 09 2016

In spite of repeated warnings, end-users haven’t gotten the memo about the dangers of setting passwords that are ridiculously easy to guess, such as “12345,” and reusing those passwords across numerous websites. At the same time, companies are...

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  Account Takeover

The 5 Most Important Things to Know About RASP

POSTED BY  Mike Milner on Jul 15, 2016
Jul 15 2016

As developers turn to agile languages like Python and Node.js to build complex web applications, it’s become more difficult than ever to secure these apps. Development cycles continue to shorten, which makes it more challenging to ensure app...

Continue Reading ›


The Human Factor and Cardinal Sins of Web Application Protection

POSTED BY  Goran Begic on May 24, 2016
May 24 2016

The purpose of web application security software is to enable business operations to function and grow.

Businesses needs satisfied users. These users want to enjoy and experience the value provided through applications offered to them. They also...

Continue Reading ›

TOPICS     WAF vs. RASP  Web Application Security

Runtime is the Future of Web Application Security

POSTED BY  Mario Contestabile on May 06, 2016
May 06 2016

Everything happens so fast on the Internet today that it often feels as if we can never catch up.

Instant gratification is the order of the day, and if your application isn’t ready and waiting, users will quickly move on to one that is. The same...

Continue Reading ›

TOPICS     WAF vs. RASP  RASP  Web Application Security