IMMUNIO
Trend Micro acquires hybrid cloud security firm Immunio
Japanese firm Trend Micro which has its headquarters in California has acquired Canada based hybrid cloud security firm Immunio for an undisclosed amount. By doing so, the security company is in a plan to increase the automated protection that it can provide throughout the DevOps lifecycle-software engineering to seek and unify its software development with […]
The Struts Saga Continues: Groundhog Day All Over Again
This post was originally published here by ZAID AL HAMAMI. In a previous blog post I talked about the Struts CVE (CVE-2017-5638) that’s affecting much of the Java Web App world these days. A security engineer at IMMUNIO provided his technical perspective as well. My argument was that we see this type of event all the time. Code written, […]
Will it Pwn CVE-2017-5638: Remote Code Execution in Apache Struts 2?
This post was originally published here by AJIN ABRAHAM. A few days back Nike Zheng reported a Remote Code Execution vulnerability in Apache Struts2. The vulnerability exploits a bug in Jakarta’s Multipart parser used by Apache Struts2 to achieve remote code execution by sending a crafted Content-Type header in the request. This is a perfect example for […]
Why Target the Application Layer
This post was originally published here by MIKE MILNER. When most of us think of applications, we think of the various programs we have downloaded to our smartphones. We interact and make requests of these programs to perform whatever function we need. These requests often, if not always, require the application to communicate with another […]
Using RASP to Make Bug Bounty Programs More Efficient
This post was originally published here by MIKE MILNER. Bug bounty programs have gained popularity throughout the tech industry, cropping up at tech giants such as Facebook, Google, and more recently Apple. The programs effectively crowdsource manual penetration testing (pen testing), allowing users to try to break into an application to expose its vulnerabilities (bugs), in […]
Improve Productivity Across Your Organization with RASP
This post was originally published here by RICHARD APRIL. Every innovation today revolves around streamlining. We seek the fastest way to get from point A to point B, the fastest way to shop, pay, interact with each other and with other devices, etc. People simply do not have the time to spend that they once did. […]
How External Dependencies Put Your Apps at Risk
This post was originally published here by MIKE MILNER. Web applications are complex. Only a tiny part of any web app is code that you write for it. In fact, it is possible to create a web application without writing any original code. Some estimates say that 80% of the code in web applications is third party libraries […]
Preventing Account Takeover (ATO)
This post was originally published here by MIKE MILNER. Hackers are dedicated criminals. They will work hard to exploit any vulnerabilities in your website and network—because there is a lot of money in it for them when it works. One popular way of breaking into a system is to take over the account of a validated […]
IAST, RASP, and Runtime Instrumentation
The Application Security Testing (AST) technology market is made up of the following categories: 1st Gen SAST (Static Application Security Testing) DAST (Dynamic Application Security Testing) WAF (Web Application Firewall) 2nd Gen IAST (Interactive Application Security Testing) RASP(Runtime Application Self-Protection) There are other categories that can be lumped into AppSec as well, such as developer […]
