Software Vendor Takes on SQL Injection

Gartner calls it "Runtime Application Self-Protection".  The company behind the technology calls it AppSecurity for Java.  If it delivers on its promises and testing results to date it'll also be called revolutionary - eliminating whitelisting and blacklisting completely. 

Maria Korolov, writing for CSOonline introduces us to Waratek, a Dublin-based Java application security software development firm as created a process by which, instead of setting up a firewall and allowing it to learn which requests are benevolent and which are toxic, embeds itself inside the Java Runtime Environment and monitors requests.  Not only does this allow decisions to be made based upon what the code is going to do it also reduces the possibility that legitimate traffic is going to be impaired and also reduces the space consumed by all those log files generated under today's standard practices. A member of the Runtime Application Self-Protection (RASP) category of solutions, AppSecurity for Java is able to secure enterprise applications because it possesses complete information about application behaviors at a level of granularity network devices cannot obtain. And because it is tightly wrapped around the application, it supports public or private cloud deployments seamlessly.

While only about 1% of web and Cloud applications use this technology, Waratek CEO Brian Maccaba expects that number to rise to a quarter of all web and Cloud applications in the next five years.  With Cloud adoption on the rise it seems as though those figures are going to translate into a much higher adoption in terms of quantity of applications using current Cloud adoption rates as a standard.

Robert'); "Bobby" DROP TABLE Students; -- would be serving time in detention if more companies adopted RASP solutions to prevent SQL Injection attacks.