Science

LANGSEC

To address shifting challenges and stay aligned with a faster pace of application development, Prevoty has architected a solution based on the principles of LANGSEC and delivered as a Runtime Application Self-Protection (RASP) tool. 

This innovative model presents a significant change in the way application security is delivered to the enterprise. 

Keep reading to learn more about the science behind this award-winning technology.

How LANGSEC Works

LANGSEC is the formal process of understanding how data such as content payloads, database queries, operating system commands and more will execute in an environment. The technique is akin to a real-time compiler for data input that is built from the grammar that comprises programming languages, browser rendering engines, database query engines, and operating systems and uses this contextual knowledge to detect and neutralize sophisticated attacks during execution.

LANGSEC Enterprise protection

Prevoty is the first to go to market with an effective runtime solution that utilizes the LANGSEC approach, with its own lexical analyzers, validators and parsers to effectively analyze and identify malicious behavior. Prevoty’s RASP implementation performs the most sophisticated form of application security instrumentation, understanding what content is going to do before code execution and neutralizing threats like cross-site scripting (XSS), SQL injection (SQLi), and cross-site request forgery (CSRF) without using unwieldy patterns or heuristics.

LANGSEC is a detection mechanism that is faster, simpler, and more accurate than traditional methods using signatures, heuristics & data flow analysis.

The Benefits of LANGSEC

Speed

  • 30x faster than traditional methodologies
  • Reduced CPU and memory consumption

Accuracy

  • No false positives or false negatives
  • Contextual payload analysis blocks fuzzing
  • Higher correct rate than scanners or tests

Ease

  • Low maintenance (no signatures or patterns)
  • Zero tuning or learning
  • Quick custom policies (domain and application-specific controls)
  • Reduces WAF upkeep

More Resources

Below are a few academic papers on LANGSEC for further perusal. For the most up-to-date information on research and theoretical advancements, visit langsec.org

Video
Runtime Visibility to Align with DevOps
Programming languages are becoming more powerful and capable, and applications more porous than before.
Blog
RASP: The Proof is in the Pudding
Dr. Edward G. Amoroso, former CISO of AT&T discusses the effectiveness of RASP
Datasheet
Prevoty Datasheet
An overview of Prevoty’s application security products and how they can help enterprises improve their SSDLC
Analyst Report
Ovum 'On the Radar' Report
Why put RASP on your radar? Ovum's Richard Absalom investigates Prevoty's claims in his latest On the Radar report.
Analyst Report
Ponemon Report
New Ponemon Study Reveals Application Security Risk At All Time High: 1 in 2 Enterprises Need Better Protection
Webinar
Aberdeen Webinar
with Derek Brink of Aberdeen Group, focused on modern enterprise application security challenges.

Discover how embedding LANGSEC into your applications can upgrade your runtime security strategy

Find out more about langsec