Waratek Solves the
Application Security Problems

That No One Else Can


Application Security with No Code Changes for Java and .NET


Point. Click. Protect.

The Latest News

March 21, 2018

Too early to upgrade to Java 10

Runtime Application Self-Protection - RASP

Runtime Application Self-Protection – RASP – is a transformational application security technology securing an application’s runtime. Waratek RASP solution detects and prevents real-time attacks with zero false positives, doesn’t slow your applications’ performance, and increases the visibility into your apps’ operations – benefits not possible with traditional approaches to today’s threats.

Application Security Threats

New vulnerabilities uploaded each day to open source repositories (Source: Sonatype)
Flawed software component downloads in 2015 (Source: Sonatype)
Days on average to detect and remediate a successful exploit
(Source: Ponemon Institute Global Analysis)

What are your protection needs?

Traditional security approaches are not enough to protect your applications and your customers’ data from today’s threats. Waratek is a pioneer in the next generation of web application security solutions providing fast and accurate protection against known and unknown vulnerabilities in current and legacy software.

We need to patch application flaws faster and easier.

We need to protect against known and Zero-Day attacks.

We need to upgrade out of support web applications.

The Waratek Trans-formational Approach

Waratek is a fundamentally new approach to application monitoring and protection. Using a secure virtual container, Waratek’s Application Security Platform offers benefits no one else does. Providing instant protection without code changes – and helps lower costs.


Highly Accurate

  • Defense against the OWASP Top 10 and SANS top 25
  • Protects Java and .NET applications
  • The always on protections runs in block or detect mode
  • Full application stack protection, including 3rd party components
  • Protects legacy and current Java
  • No false positives

Easy to Install

  • Uses your existing runtime environment
  • No code changes
  • No prior application knowledge required
  • No compatibility issues
  • Installs in minutes

Simple to Operate

  • Does not slow application performance
  • Apply security patches without shutting down the application
  • Detailed monitoring & forensic data
  • No routine tuning required

Protection Guaranteed

Waratek offers Protection Guarantees that back our products


  • “No Break” Guarantee – Waratek’s virtual patches will not break your applications.

  • “No False Positive” Guarantee  – Waratek will not generate false positives against the OWASP Top Ten.

All of Waratek’s guarantees come with a $10,000 per unique event credit.


See how easy it is to apply a virtual patch

Secure your complete application stack with Waratek Enterprise

Waratek Installation

Waratek Application Security Products

Waratek makes it easy for security teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect 100% of their application code – all without time consuming and expensive code changes. Using patented virtualization technology, Waratek’s application security platform is highly accurate, easy to install, simple to operate and does not slow applications.

Waratek Patch

Waratek PatchA lightweight plugin agent to apply custom security patches as well as current and historical virtual patches for instant protection.

  • Create and apply custom virtual patches
  • Virtual patches of Java and .NET critical patch updates
  • Library of past CPUs to Java 4

Waratek Secure

Waratek Secure

A lightweight plugin agent that protects against the known vulnerabilities found in:

  • 2013 and 2017 OWASP Top Ten,
  • SANS Top 25
  • Other complex attack vectors.

Waratek Enterprise

Waratek Enterprise

A plugin agent that provides the full suite of Waratek benefits:

  • Virtual Patching
  • Full Stack Security
  • Virtual Platform Upgrade for Java

Try A Demo
& Get Protected.

Get a free POC when you schedule now.

The Latest News

February 20, 2018 in News

Waratek Named Platinum Winner in GSN’s 2017 Homeland Security Awards Program

Waratek honored as “Best Application Security Solution” by Government Security News DUBLIN and ATLANTA – February 20, 2018 – Waratek, the virtualization-based application security company, announced today that it has…

Read More
February 7, 2018 in News

New ‘Virtual Patch’ Targets Java, .NET Vulnerabilities

Waratek announced a new security tool for Java and .NET applications that uses virtualization to quickly apply patches for long-term and newly discovered vulnerabilities. The company positioned its new Waratek Patch as…

Read More
February 6, 2018 in News

New ‘Virtual Patch’ Protects Apps Against Known Flaws

This week virtualization-based application security provider Waratek announced the release of the newest addition to its Runtime Application Security Platform, Waratek Patch. Described as a “lightweight runtime plug-in agent,” the…

Read More

Upcoming Events

april 2018

16apr - 20All DayRSA

16apr - 17All DayFinancial Services Information Security Network

june 2018

5jun - 7All DayInfoSecurity EuropeG110

Application Security Webinar Series

Webinar now available to view on demand


How to end false positives

What if your application security platform didn’t cause false positives?  Too good to be true?  It’s not.

Available to view on demand: Deserialization Vulnerability

From The Blog

March 7, 2018 in Blog

New Remote Code Execution Vulnerability – Spring Break – CVE-2017-8046

Remote Code Execution Vulnerability (CVE-2017-8046) in Pivotal’s Spring Framework Unvalidated user input is the source of most security risks. Using unvalidated user input in an expression language creates a critical…

Read More
March 6, 2018 in Blog

Installing the Oracle CPU Can Lead to a False Sense of Security

If you installed the latest Oracle CPU and believe that this alone makes you secure, think again. Without enabling and properly configuring the Serialization Global Filter, flaws may be fully…

Read More
January 15, 2018 in Blog

Oracle Jan 2018 CPU Preview:

What to Expect in 2018’s First Oracle Critical Patch Update Overall trends point to increased risks from vulnerable code After two weeks of focusing on Bond-esque vulnerabilities found in microprocessors,…

Read More

Customer Technical Alerts

March 21, 2018 in Alerts

Too early to upgrade to Java 10

New release ends Java 9 public security updates Customer Alert 20190321 Oracle has fulfilled a promise to speed the pace and volume of Java SE releases, announcing the immediate availability…

Read More
January 18, 2018 in Alerts

Waratek identifies two new deserialization vulnerabilities

Vulnerability Research Advisory Waratek contributes to the Oracle January 2018 CPU and to Java SE security The first Oracle Critical Patch Update of 2018 contains fixes for 21 new vulnerabilities…

Read More
January 17, 2018 in Alerts

Oracle CPU January 2018 Released

Java SE flaws up 2x over 24 months: Overall vulns drop for second straight CPU Customer Alert 20180116 Oracle Critical Patch Update January 2018 Released Summary The  Oracle CPU January…

Read More