Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

HomeAuthorAlex Begun, Chief Revenue Officer, Author at K2io

Security Brief Asia is reporting on new research showing more than 40 billion records were exposed by data breaches in 2021. According to the research from Tenable's Security Response Teams, they found a considerable increase in breach incidents, with 1,825 breach data incidents publicly disclosed between November 2020 and October 2021, compared with the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed. 

Back in September of 2021 we wrote that the OWASP working group had a draft of latest Top 10 Web Application Security Risks, their first update since the 2017 revision.  The working group finalized their list and published a final version a month later in October of 2021.  With the list out for a few months now, let's take a quick look at what's changed with the new OWASP Top 10.

Nearly every organization can be infiltrated by cyber attackers, based on data from dozens of penetration tests and security assessments. The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credential, exploiting known vulnerabilities in software and Web applications, or taking advantage of configuration flaws.

A recently discovered vulnerability in LOG4J2 (also referred to as LOG4SHELL) is being widely reported as one of the most dangerous vulnerabilities in application software to date. There is already news that it is being exploited in the wild, putting widely used applications and cloud services at risk. Runtime Application Security (RASP) solutions are the only solutions that prevent exploitation of this vulnerability in real-time without the need for patching.

While Interactive Application Security Testing (IAST) is still a relatively new technology from the perspective of adoption, it has been around for over 10 years and some of the aspects and capabilities around IAST are well understood, such as improved vulnerability detection, achieved by “looking” inside the application at runtime.   But there are features your IAST should be able to give you. Check out our list here.


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131