<img height="1" width="1" style="display:none;" alt="" src="https://analytics.twitter.com/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0"> <img height="1" width="1" style="display:none;" alt="" src="//t.co/i/adsct?txn_id=nv7vl&amp;p_id=Twitter&amp;tw_sale_amount=0&amp;tw_order_quantity=0">

Web Application Security Blog

The Struts Saga Continues: Groundhog Day All Over Again

POSTED BY  Zaid Al Hamami on Mar 23, 2017
Mar 23 2017

In a previous blog post I talked about the Struts CVE (CVE-2017-5638) that’s affecting much of the Java Web App world these days. A security engineer at IMMUNIO provided his technical perspective as well.

Continue Reading ›

TOPICS     Vulnerabilities  WAF vs. RASP  RASP  Web Application Security

Will it Pwn CVE-2017-5638: Remote Code Execution in Apache Struts 2?

POSTED BY  Ajin Abraham on Mar 13, 2017
Mar 13 2017

A few days back Nike Zheng reported a Remote Code Execution vulnerability in Apache Struts2. The vulnerability exploits a bug in Jakarta's Multipart parser used by Apache Struts2 to achieve remote code execution by sending a crafted Content-Type...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security

4 Predictions for 2017 and Beyond

POSTED BY  Zaid Al Hamami on Jan 05, 2017
Jan 05 2017

1. Runtime Security Instrumentation finds more adoption

I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...

Continue Reading ›

TOPICS     AppSec Tools  RASP  Web Application Security

Web Application Health

POSTED BY  Mike Milner on Dec 22, 2016
Dec 22 2016

The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access...

Continue Reading ›

TOPICS     RASP  Web Application Security

Bot Fingerprinting

POSTED BY  Mike Milner on Dec 20, 2016
Dec 20 2016

A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...

Continue Reading ›

TOPICS     Vulnerabilities  Web Application Security

API Security: An Overview

POSTED BY  Goran Begic on Dec 06, 2016
Dec 06 2016

Many modern web or mobile applications use an application programming interface (API) on the back end. As a set of tools and protocols that enable developers to provide flexibility and scalability in the front end applications, APIs are an...

Continue Reading ›

TOPICS     Web Application Security

The Relationship Between RASP, Mobile Apps, and Web Service Infrastructure

POSTED BY  Mike Milner on Dec 01, 2016
Dec 01 2016

Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...

Continue Reading ›

TOPICS     Vulnerabilities  RASP  Web Application Security  Mobile App Security

Framework Security: Building Self-Protecting Applications

POSTED BY  Oliver Lavery on Nov 29, 2016
Nov 29 2016

The problem with web security

Humans are, alas, highly fallible beings. While we are good at creativity and reason, we are pretty bad at mechanically applying rules and taking care of repetitive tasks. And what is web application security,...

Continue Reading ›

TOPICS     RASP  Web Application Security

RASP Adoption: A View From the Trenches (Part 3)

POSTED BY  Goran Begic on Nov 23, 2016
Nov 23 2016

In the first two parts of this three-part post I introduced basic concept surrounding runtime application self-protection (RASP) and how it differs from web application firewalls (WAF). In the second part, I discussed features and use cases that...

Continue Reading ›

TOPICS     Application Security  RASP  Web Application Security

Is RASP Scalable?

POSTED BY  Mike Milner on Nov 17, 2016
Nov 17 2016

The short answer is: Yes. RASP is scalable when it is implemented correctly.

What is RASP?

Runtime application self-protection (RASP) is not a single technology. It is a concept—that protecting the application from within is the most efficient...

Continue Reading ›

TOPICS     RASP  Web Application Security