> Waratek > Runtime Application Self Protection Securing Java from the Inside Out
 

Runtime Application Self Protection Securing Java from the Inside Out

White Paper Published By: Waratek
Waratek
Published:  Mar 23, 2015
Type:  White Paper
Length:  18 pages

Waratek has developed a disruptive new approach to application security that protects applications and sensitive data from attacks like SQL Injection, zero-day and unpatched vulnerability exploits at runtime, without code changes or hardware. Waratek enables applications to protect themselves from the inside out, an approach that analyst firm Gartner calls Runtime Application Self Protection or RASP. Waratek monitors, detects and blocks threats from within the Java Virtual Machine without any user discernible performance degradation. Waratek AppSecurity for Java provides transparent, runtime application self-protection in datacenter environments, while Waratek Locker provides the same capabilities in the Cloud.

Waratek AppSecurity for Java provides transparent, runtime application self-protection to protect against malicious exploits, abnormal file manipulation or unexpected network connections, Waratek uses a small set of rules to quarantine illegal operations inside the application. Waratek AppSecurity can conclusively detect and block SQL Injection attacks without generating false positives and requiring application source-code changes. Unlike Web Application Firewalls (WAF) and other technologies that rely on heuristics and signature-based detection, Waratek performs transparent taint detection and validation of each character in a SQL query to identify injection attacks with 100 percent accuracy. This approach provides broad coverage against Zero Day vulnerabilities since it traps the application behavior, independent of the threat vector, without having to wait for a patch to be coded, tested and implemented. A simple black list rule can be implemented to provide virtual patch protection against new vulnerabilities, without the need to stop the application or make any code changes.  



Tags : 
application security, runtime application self protection, web application security, sql injection, zero day attack, zero day vulnerability, legacy java code, virtual patching, open source vulnerabilities, owasp, cloud security, gartner research report, threat forensics, advanced persistent threat


Featured FREE Resource: