Waratek adds API security capabilities to its Java Security Platform

Waratek introduced API security to its Java Security Platform, giving customers the ability to scale strategic risk mitigation in the enterprise.

This unique combination provides turnkey protection against bytecode and serialization vulnerabilities, classpath manipulation, and sandbox escapes that are unique to the Java Virtual Machine.

Additionally, Waratek released its Log4J Vulnerability Scanner, giving users an in-depth view of any remaining issues in their IT systems. The scanner makes it simple to quickly scan all applications for Log4shell vulnerabilities, then sends out non-invasive payloads to a company’s libraries, automatically building a table of remaining instances of Log4J and where to find them.

“In 2022, we were the first company that released a Log4j patch, even faster than Oracle. Today, researchers warn that the infamous Log4j vulnerability is still present in far too many systems worldwide, and that attackers will be successfully exploiting it for years. With 80 percent of Log4shell-impacted companies remaining vulnerable today, we recognized the immediate need to offer this security innovation to our customers,” said Doug Ennis, CEO of Waratek.

Signature-based security approaches have worked well for non-complicated languages, but languages like Java that are compiled into bytecode require expert-level domain knowledge to secure due to the unique characteristics of the Java programming language and its execution environment.

When API security is added to the mix, the issue is exasperated. Now companies can solve this problem by combining the domain expertise of a Java software engineer and the knowledge of a security engineer in one platform.

According to a recent survey, more than 60 percent of enterprise companies that use Java were affected by Log4j vulnerabilities, with 41% of those companies stating that between 51 and 75 percent of their apps were affected.

Today, 81% of companies report still having problems as a result of Log4j, and 70 percent of companies surveyed still have not put a patch in place.

A long-term Waratek customer, one of the top five semiconductor businesses in the world, expressed Log4j vulnerability concerns and worried that hundreds of hours would be required to resolve the issues. Utilizing Waratek’s Java Security Platform with API capabilities, 2,500 of the company’s applications were fully remediated of Log4j vulnerabilities without code changes or application redeployments in under four hours.

“For Java applications and APIs our unprecedented Java Security Platform helps security teams fill the knowledge gap on Java and address its unique security nuances, such as Insecure Deserialization, accurately and instantly,” said Ennis.

“Waratek’s Java Security Platform has become the essential line item in our security budget,” said a CISO at one of the top three largest global hotel chains. “We originally implemented it to fix insecure deserialization across our applications. Since then, it’s scaled to 2,500 applications without introducing new headcount, because to date it’s