To address shifting challenges and stay aligned with a faster pace of application development, Prevoty has architected a solution based on the principles of LANGSEC and delivered as a Runtime Application Self-Protection (RASP) tool.
This innovative model presents a significant change in the way application security is delivered to the enterprise.
Keep reading to learn more about the science behind this award-winning technology.
LANGSEC solves vulnerability classes that arise from data input intentionally or unintentionally changing the expected behavior of an application. For example, LANGSEC can understand if a database query contains a tautology (or contradiction) or attempts to access an invalid column. LANGSEC can also block data input obfuscation or fuzzing, which is impossible to detect with traditional pattern-matching or regular expressions.
LANGSEC is the formal process of understanding how data such as content payloads, database queries, operating system commands and more will execute in an environment. The technique is akin to a real-time compiler for data input that is built from the grammar that comprises programming languages, browser rendering engines, database query engines, and operating systems and uses this contextual knowledge to detect and neutralize sophisticated attacks during execution.
The LANGSEC methodology is horizontal -- it can be applied to to a vast array of security products and solutions, with Runtime Application Self-Protection (RASP) being the first.
Prevoty is the first to go to market with an effective runtime solution that utilizes the LANGSEC approach, with its own lexical analyzers, validators and parsers to effectively analyze and identify malicious behavior. Prevoty’s RASP implementation performs the most sophisticated form of application security instrumentation, understanding what content is going to do before code execution and neutralizing threats like cross-site scripting (XSS), SQL injection (SQLi), and cross-site request forgery (CSRF) without using unwieldy patterns or heuristics.
Below are a few academic papers on LANGSEC for further perusal. For the most up-to-date information on research and theoretical advancements, visit langsec.org