It’s Baaaack! A Java Security Flaw Waratek Solves

Fintech – News and Analysis

A blog by Tom Groenfeldt

Waratek, which provides a Runtime Application Self Protection (RASP) containers said it protects the full application stack using a pioneering virtual container technology that operates in the runtime.

The flaw, known to friends as CVE-2013-5838, can be exploited without authentication, to completely compromise a system’s confidentiality, integrity and availability.

Using Waratek’s RASP containers with a default security policy, CVE-2013-5838 is automatically mitigated and no specific security rule for this CVE is required, Waratek said. “Default security policies work in one of two ways: either reducing the severity of a given vulnerability, or eliminating the vulnerability altogether. In the case of CVE-2013-5838, a default security policy immediately reduces the severity of this vulnerability to partial and eliminates the complete compromise of the host computer system and its data. This benefit is achieved with no foreknowledge of this CVE or the nature of its exploit.”

Read the full blog here

Related resources

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.