For the third year in a row Hdiv participated in the RSA Conference which took place at the Moscone Center in San Francisco. As one of the leading conferences in the cybersecurity space, the event congregated around 40,000 security professionals, and around 600 companies exhibited.
1. The WAF Replacement
The main message that Hdiv brought to the RSA Conference was about upgrading and improving the defenses offered by classic WAFs. The WAF technology is mainstream, but its lack of innovation makes it a candidate for disruption. The main reasons are:
- External position: the WAF perimetral defense strategy lacks visibility of the application details and its data flow.
- Rules-based strategy: WAF’s reliance on blacklist models is a weakness and causes false positives.
- Lack of cloud readiness: teams want solutions that adapt seamlessly to cloud environments.
We cover these ideas in more detail in this other BORN SECURE post.
Hdiv proposes a different model in which the defenses of the application are embedded within the application. This position provides advantages such as better visibility, and that the application is protected wherever it goes.
Based on the many interactions that it originated, our “WAF Replacement” message resonated loud and clear with many show goers. In general, there is a feeling of dissatisfaction and broken promises emanating from many WAF users.
2. Unified Application Security
The second main idea that we wanted to communicate at the RSA Conference is the value of our Unified Application Security platform, which helps teams adopt a comprehensive secure application development strategy.
We believe that by providing an integrated application security solution, teams can work more efficiently. The synergies created by the three products working together accelerate the creation of applications that are secure from the beginning, wherever they go.
Specifically, the Hdiv Unified Application Security platform helps teams in three different ways:
Hdiv Detection
Our technology, Interactive AST (IAST), can be seen as a modern evolution of traditional AST product families such as SAST and DAST. The main benefits are:
- Accuracy, Hdiv IAST covers 100% of OWASP Benchmark tests with no false positives.
- Flexibility, Hdiv IAST can be used by developers, QA teams, and in production stage.
- Real time, no need to wait for scans to finish, and continuously updated information.
Hdiv Protection
Our application protection solution is based on RASP architecture, and as described above, it can be seen as an improvement over traditional WAF defenses.
On top of protection from exploit-based attacks, such as SQL Injection and XSS, Hdiv RASP protects from Business Logic flaws (also known as “design issues.”) Insecure Direct Object Reference attacks (OWASP Top 10 A4:2010) and Broken Authentication (OWASP Top 10 A2:2017.)
Hdiv Verification
Hdiv Verification helps penetration testers conduct application security audits more efficiently. Our Verification product is a Burp Suite plugin that receives insights from our Protection solution. These insights provide Burp Suite details on the defenses of the targeted application, so that the pen tester can focus on the most likely attack vectors.
