Waratek Solves the
Application Security Problems

That No One Else Can


Application Security with No Code Changes for Java and .NET


Patch. Secure. Upgrade.

The Latest News

October 15, 2018

Q4 Oracle Critical Patch Update Preview

October 8, 2018

Apache Tomcat CVE-2018-11784 can be remotely exploited by an attacker

Runtime Application Self-Protection - RASP

Runtime Application Self-Protection – RASP – is a transformational application security technology securing an application’s runtime.

Waratek’s RASP solution makes it easy for teams to:

  • instantly patch known flaws
  • protect applications from known and Zero Day attacks
  • virtually upgrade out-of-support applications
Waratek offers benefits over other WAF and RASP products:

  • no downtime
  • no risk of breaking an app
  • no source code changes
  • no false positives
  • no routine tuning
  • no unacceptable performance overhead

Application Security from Waratek

Years worth of Critical/High Severity CVE Patches
Minutes Admin Time To Deploy A Security Patch
Known and Unknown Vulnerability and Attack Vector Protections
Customer Applications Protected by Waratek
Years with 0 False Positives / 0 Broken Apps

What are your protection needs?

Traditional security approaches are not enough to protect your applications and your customers’ data from today’s threats. Waratek is a pioneer in the next generation of web application security solutions providing fast and accurate protection against known and unknown vulnerabilities in current and legacy software.

We need to patch application flaws faster and easier.

We need to protect against known and Zero-Day attacks.

We need to upgrade out of support web applications.

Waratek Application Security Products

Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes. Waratek’s patented runtime application protection is highly accurate, easy to install, simple to operate and does not slow applications.

Waratek Patch

Waratek PatchA lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4

Waratek Secure

Waratek Secure

A lightweight plugin agent that protects against the known vulnerabilities found in:

  • 2013 and 2017 OWASP Top Ten,
  • SANS Top 25
  • Zero Day Attacks

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Platform Upgrade for Java
  • Virtual Patching
  • Full Stack Security

Case Studies

“A week after we installed the Waratek solution we got hit with more deserialization
attacks,” the CISO says. “Because of Waratek’s solution, the attacks were
immediately stopped, and the solution automatically alerted us to the attempt. All
of the hacker's malicious scripts failed, which took us to a new level of confidence
— the Waratek virtual patch is providing the protection we need, better and faster
than we ever thought possible.”

“This approach protects our software much quicker than (physical) patches and without disrupting operations.”

Healthcare IT CISO

Upon restart, a virtual container encapsulated the full application stack, providing instant modernization of the out-of-support JRE to a Java 8 JRE and instant protection from the Java-related vulnerabilities identified in the pre-scan.

Performance overhead was measured against a baseline without Waratek’s solution and reflected normal operation and operation under malicious attack. While under attack the performance, overhead increased by a 2.4%. However, under normal operating conditions, Waratek improved app performance by as much as 9% and improved the overall performance by 6.9% after lifting the out-of-support JRE to a more efficient Java 8 JRE.

US Healthcare Provider

After installation all 29 Java vulnerabilities identified by Qualys scans were remediated by containerizing the legacy Java 6 application stack on top of a Java 8 host. As a result, the environment could be considered as fully security compliant.

Global Financial Services

Virtual patching hundreds of applications means application development teams do not spend time upgrading to new versions of Java along with testing and deployment activities related to traditional physical patching. This avoids the financial and operations barriers to patching Java-based applications.

The company has realized other benefits from Waratek’s approach to application security: No false positives have been generated by Waratek while operating in unconditional blocking mode. And, emergency virtual patches have been developed in less than 24 hours for newly discovered high severity vulnerabilities like Struts 2; protection is instant compared to traditional patching protocols.

Global Investment Bank

Waratek was required to protect the full application stack, including 3rd party components as well as remediate legacy, current and new application security vulnerabilities. Waratek was also evaluated on other criteria such as False Positive Rate (FPR), ease of installation, number of code changes required, compatibility and performance.

Global Commercial and Retail Bank

Try A Demo
& Get Protected.

Get a free POC when you schedule now.

Customer Technical Alerts

October 8, 2018 in Alerts

Apache Tomcat CVE-2018-11784 can be remotely exploited by an attacker

Waratek customers are protected by default rule Customer Alert 20181008 The Apache Foundation has announced CVE-2018-11784, a flaw in multiple versions of the popular Tomcat server that can be used…

Read More
August 22, 2018 in Alerts

Remote Code Execution Vulnerability in Apache Struts (CVE-2018-11776)

Overview The Apache Foundation has confirmed the findings of an independent security research group that a critical remote code execution flaw exists in the popular Struts 2 open source framework….

Read More
August 15, 2018 in Alerts

Oracle Database CVE-2018-3110

Customer Alert 20180814 Oracle Database CVE-2018-3110 Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database that could allow a remote attacker to take…

Read More

Upcoming Events

Application Security Webinar Series

Webinar now available to view on demand


How to end false positives

What if your application security platform didn’t cause false positives?  Too good to be true?  It’s not.

Available to view on demand: Deserialization Vulnerability

From The Blog

October 15, 2018 in Blog

Q4 Oracle Critical Patch Update Preview

Java SE patches could increase in the final CPU of 2018 Total Java SE flaws are likely to drop for the year The final Oracle Critical Patch Update (CPU) of…

Read More
September 26, 2018 in Blog

Can you patch faster than a hacker can breach you?

Two days vs two months It’s been a little more than a year since the world learned of the security breach at US-based credit reporting agency Equifax. Hackers had free... Read More