I gave a presentation at OWASP AppSecUS this year in Minneapolis on some work we’ve been doing on automated virtual patching called “The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching” This builds on work we have done on virtual patching in the past and I’m excited that we can finally release some real-world data on how different scanners and protection technologies perform.
Video should be available soon, and the slides are online here:
Virtual patching is an exciting use case for IDS/IPS and WAF technologies. As we’ve noted before, web application vulnerabilities have a tendency to live much longer than they should. Application code changes take time so virtual patching is a great way to give development teams some “air cover” so they can get their work done while the organization still enjoys a measure of protection.
dan _at_ denimgroup.com