<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

Web Application Health

POSTED BY  Mike Milner on Dec 22, 2016
Dec 22 2016

The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access...

Continue Reading ›

TOPICS     RASP  Web Application Security

Bot Fingerprinting

POSTED BY  Mike Milner on Dec 20, 2016
Dec 20 2016

A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...

Continue Reading ›

TOPICS     Vulnerabilities  Web Application Security

API Security: An Overview

POSTED BY  Goran Begic on Dec 06, 2016
Dec 06 2016

Many modern web or mobile applications use an application programming interface (API) on the back end. As a set of tools and protocols that enable developers to provide flexibility and scalability in the front end applications, APIs are an...

Continue Reading ›

TOPICS     Web Application Security

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

POSTED BY  Mike Milner on Dec 01, 2016
Dec 01 2016

Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security  Mobile App Security

Framework Security: Building Self-Protecting Applications

POSTED BY  Oliver Lavery on Nov 29, 2016
Nov 29 2016

The problem with web security

Humans are, alas, highly fallible beings. While we are good at creativity and reason, we are pretty bad at mechanically applying rules and taking care of repetitive tasks. And what is web application security,...

Continue Reading ›

TOPICS     RASP  Web Application Security

RASP Adoption: A View From the Trenches (Part 3)

POSTED BY  Goran Begic on Nov 23, 2016
Nov 23 2016

In the first two parts of this three-part post I introduced basic concept surrounding runtime application self-protection (RASP) and how it differs from web application firewalls (WAF). In the second part, I discussed features and use cases that...

Continue Reading ›

TOPICS     Application Security  RASP  Web Application Security

Is RASP Scalable?

POSTED BY  Mike Milner on Nov 17, 2016
Nov 17 2016

The short answer is: Yes. RASP is scalable when it is implemented correctly.

What is RASP?

Runtime application self-protection (RASP) is not a single technology. It is a concept—that protecting the application from within is the most efficient...

Continue Reading ›

TOPICS     RASP  Web Application Security

RASP Adoption: A View From the Trenches (Part 2)

POSTED BY  Goran Begic on Nov 15, 2016
Nov 15 2016

In the first part of this three-part post I introduced some basic concepts surrounding runtime application self-protection (RASP) and how it differs from web application firewalls (WAF).

In this post I focus on capabilities offered by RASP...

Continue Reading ›

TOPICS     Application Security  RASP  Web Application Security

The Contrast Between Today's RASP Approaches

POSTED BY  Zaid Al Hamami on Nov 10, 2016
Nov 10 2016

Runtime application self-protection is a hot topic in the security world these days. This emerging technology is generating a lot of excitement and interest from investors, entrepreneurs and technologists. Yet, not all RASP is created equal....

Continue Reading ›

TOPICS     WAF vs. RASP  RASP  Web Application Security