Prismo Blog

Detecting Injection exploitation via Instrumenting Web Applications

RASP technology detects exploitation attempts by instrumenting web applications. There can be multiple ways to detect exploitation attempts. We will discuss some of the approaches by which RASP can detect exploitation attempts along with the pros and cons of each technique.  To better explain each of the approaches, we will take an example of a code prone to SQL injection vulnerability and how each of these approaches will detect SQL injection exploitation in the vulnerable code. Code vulnerable to the…

Detection of Vulnerabilities in Web Applications – OS Command Injection

Continuing wth the detection algorithm we presented at Virus Bulletin 2019, In this post we introduce the principle of detect, response, and remediate. If remedial action provided by the detection algorithm is taken (fixing the vulnerable code path in this case), it will increase the exploitation complexity for threat actors to breach an organization.