In a previous blog post I talked about the Struts CVE (CVE-2017-5638) that’s affecting much of the Java Web App world these days. A security engineer at IMMUNIO provided his technical perspective as well.Continue Reading ›
A few days back Nike Zheng reported a Remote Code Execution vulnerability in Apache Struts2. The vulnerability exploits a bug in Jakarta's Multipart parser used by Apache Struts2 to achieve remote code execution by sending a crafted Content-Type...Continue Reading ›
1. Runtime Security Instrumentation finds more adoption
I talked previously about application runtime security instrumentation, of which IAST/RASP are the most well known applications. Both IAST/RASP, as well as application runtime security...Continue Reading ›
A web bot is designed to make life on the web easier; a script that automates repetitive tasks and does them much faster than a human could. This speed is often how you can tell who or what is interacting with your site: bot or human. And when it...Continue Reading ›
Mobile applications do not run on their own—almost every useful app is backed by one or more web services running in the background to perform most actions and to link them to enterprise systems. Even though you don’t really see this part, your...Continue Reading ›
In the first two parts of this three-part post I introduced basic concept surrounding runtime application self-protection (RASP) and how it differs from web application firewalls (WAF). In the second part, I discussed features and use cases that...Continue Reading ›
The short answer is: Yes. RASP is scalable when it is implemented correctly.
What is RASP?
Runtime application self-protection (RASP) is not a single technology. It is a concept—that protecting the application from within is the most efficient...Continue Reading ›