Waratek Solves the
Application Security Problems

That No One Else Can


Application Security with No Code Changes for Java and .NET


Patch. Secure. Upgrade.

The Latest News

September 5, 2018

WAF to Runtime Protection

Runtime Application Self-Protection - RASP

Runtime Application Self-Protection – RASP – is a transformational application security technology securing an application’s runtime. Waratek RASP solution detects and prevents real-time attacks with zero false positives, doesn’t slow your applications’ performance, and increases the visibility into your apps’ operations – benefits not possible with traditional approaches to today’s threats.

Application Security Threats

New vulnerabilities uploaded each day to open source repositories (Source: Sonatype)
Flawed software component downloads in 2015 (Source: Sonatype)
Days on average to detect and remediate a successful exploit
(Source: Ponemon Institute Global Analysis)

What are your protection needs?

Traditional security approaches are not enough to protect your applications and your customers’ data from today’s threats. Waratek is a pioneer in the next generation of web application security solutions providing fast and accurate protection against known and unknown vulnerabilities in current and legacy software.

We need to patch application flaws faster and easier.

We need to protect against known and Zero-Day attacks.

We need to upgrade out of support web applications.

The Waratek Trans-formational Approach

Waratek is a fundamentally new approach to application monitoring and protection. Using a secure virtual container, Waratek’s Application Security Platform offers benefits no one else does. Providing instant protection without code changes – and helps lower costs.


Highly Accurate

  • Defense against the OWASP Top 10 and SANS top 25
  • Protects Java and .NET applications
  • The always on protections runs in block or detect mode
  • Full application stack protection, including 3rd party components
  • Protects legacy and current Java
  • No false positives

Easy to Install

  • Uses your existing runtime environment
  • No code changes
  • No prior application knowledge required
  • No compatibility issues
  • Installs in minutes

Simple to Operate

  • Does not slow application performance
  • Apply security patches without shutting down the application
  • Detailed monitoring & forensic data
  • No routine tuning required

Protection Guaranteed

Waratek offers Protection Guarantees that back our products


  • “No Break” Guarantee – Waratek’s virtual patches will not break your applications.

  • “No False Positive” Guarantee  – Waratek will not generate false positives against the OWASP Top Ten.

All of Waratek’s guarantees come with a $10,000 per unique event credit.


See how easy it is to apply a virtual patch

Secure your complete application stack with Waratek Enterprise

Waratek Installation

Waratek Application Security Products

Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes. Using patented virtualization technology, Waratek’s application security platform is highly accurate, easy to install, simple to operate and does not slow applications.

Waratek Patch

Waratek PatchA lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4

Waratek Secure

Waratek Secure

A lightweight plugin agent that protects against the known vulnerabilities found in:

  • 2013 and 2017 OWASP Top Ten,
  • SANS Top 25
  • Other complex attack vectors.

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Patching
  • Full Stack Security
  • Virtual Platform Upgrade for Java

Try A Demo
& Get Protected.

Get a free POC when you schedule now.

The Latest News

August 15, 2018 in News

Oracle: Apply Out-of-Band Patch for Database Flaw ASAP

Flaw (CVE-2018-3110) in the Java VM component of Oracle’s Database Server is easily exploitable, security experts warn. Oracle this week urged organizations to immediately patch a critical vulnerability in multiple…

Read More
July 19, 2018 in News

Oracle Patches Record 334 Vulnerabilities in July 2018

Oracle Patches Over 200 Remotely Exploitable Vulnerabilities in July 2018 Critical Patch Update Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities,…

Read More
July 18, 2018 in News

Oracle Patches 334 Flaws in July Critical Patch Update

Oracle releases its largest Critical Patch Update with security fixes for products across the company’s portfolio. Oracle released its latest Critical Patch Update on July 18, fixing 334 vulnerabilities across…

Read More

Upcoming Events

october 2018

9oct - 11All DayIT-SAHall 9/413

Application Security Webinar Series

Webinar now available to view on demand


How to end false positives

What if your application security platform didn’t cause false positives?  Too good to be true?  It’s not.

Available to view on demand: Deserialization Vulnerability

From The Blog

September 5, 2018 in Blog

WAF to Runtime Protection

The changing of the guard is underway.   In late July, Amy DeMartine of Forrester made a bold prediction: “…eventually runtime application self-protection (RASP) (will) take over web application firewall…

Read More
August 28, 2018 in Blog

Tick Tock: The final deadline to comply with New York’s AppSec requirement is here

It could have a bigger impact than more famous legal siblings When the history of Summer of 2018 is written, the chapter on Data Protection and Privacy will be dominated…

Read More
August 2, 2018 in Blog

What to do when the vendor’s security patch doesn’t fix the problem?

Back in the days before television informercials, there were ads asking “How many times has THIS happened to you?”  What usually followed was some common problem with an outlandish solution…

Read More

Customer Technical Alerts

August 22, 2018 in Alerts

Remote Code Execution Vulnerability in Apache Struts (CVE-2018-11776)

Overview The Apache Foundation has confirmed the findings of an independent security research group that a critical remote code execution flaw exists in the popular Struts 2 open source framework….

Read More
August 15, 2018 in Alerts

Oracle Database CVE-2018-3110

Customer Alert 20180814 Oracle Database CVE-2018-3110 Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database that could allow a remote attacker to take…

Read More
July 18, 2018 in Alerts

Guidance on Oracle July 2018 Critical Patch Update

Customer Alert 20180718 100% of the Java SE flaws in the Oracle July 2018 Critical Patch Update (CPU) can be exploited remotely The Oracle July 2018 Critical Patch Update (CPU)…

Read More