Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

Uncategorizedcyber attack, application security, runtime application security


October 8, 2020 Timothy Chiu, VP of Marketing
Travel Giants Fail to Secure Websites, Despite High Profile Breaches

A new investigation by Which? has found hundreds of data security vulnerabilities on the websites of 98 travel companies including significant problems at Marriott, British Airways and EasyJet, which were in the top 5 companies with the most discovered risks.  Many of the travel companies found to have vulnerabilities have already reported serious data breaches in the past.

The study found that major airlines and hotel chains have failed to secure their online platforms even after previous data breaches and cyberattacks exposed information of millions of customers’ and drew fines from privacy regulators.

This new study is a good reminder to the travel industry that application security should be at the forefront of their security plans. Even with the downturn in travel during the COVID-19 pandemic, security shouldn’t be forgotten, and will be more important than ever as travelers start returning in the next year.

As the Which? article says:

It seems that the travel industry has not learned its lesson, with many breached companies cutting corners when it comes to cybersecurity and the safety of customer data.

“Travel companies must up their game and better protect their customers from cyber threats, otherwise the ICO must be prepared to step in with punitive action, including heavy fines that are actually enforced,” Rory Boland, editor of Which? Travel said.

The Which? article highlights the fact that many organizations continue to have vulnerable code in production, and points out a good reason to protect this code while it’s running.  The newly released NIST SP800-53 revision 5 framework also highlights this need and includes a new requirement for Runtime Application Self-Protection (RASP), sometimes also referred to as Runtime Application Security.

K2 Cyber Security can help by providing deterministic runtime application security that detects zero day attacks, along with well-known attacks.  K2 issues alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists.

Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, K2 uses a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge.  Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended.  There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.

Get more out of your application security testing and change how you protect your applications, and check out K2’s application workload security solution.

Find out more about K2 today by requesting a demo, or get your free trial.



Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131