Prismo Blog

Detecting Injection exploitation via Instrumenting Web Applications

RASP technology detects exploitation attempts by instrumenting web applications. There can be multiple ways to detect exploitation attempts. We will discuss some of the approaches by which RASP can detect exploitation attempts along with the pros...

Virus Bulletin 2020: Just-In-Time Deception to Detect Credential-Stuffing Bots

We are excited to announce that the Prismo Systems team will be presenting our work on detecting bots at the upcoming VB2020 conference. UPDATE: Here is a link to the video on YouTube: https://www.youtube.com/watch?v=_cGc5UwWw5Q&feature=emb_logo...

Analysis of CVE-2019-2030: OGNL Expression Language Vulnerability

by Manish Sardiwal   In mid of August, Apache released a security bulletin S2-059 to address a vulnerability CVE-2019-0230. CVE-2019-0230 is an OGNL expression language vulnerability, which may lead to Remote Code Execution in the context of Apache...

Analysis of CVE-2020-9484: Persistent Manager Java Deserialization Vulnerability

  CVE-2020-9484 is a recently disclosed vulnerability in Apache. The vulnerability resides in how Apache Tomcat handles HTTP sessions. The first part of the blog details the handling of HTTP sessions for web applications. Followed by which we...