Waratek makes it easy for teams to instantly patch known flaws, virtually upgrade out-of-support applications, and protect applications from known and Zero Day attacks - all without time consuming and expensive downtime, source code changes, or unacceptable performance overhead. Using patented runtime protection technology, Waratek's application security platform is highly accurate, easy to install, and simple to operate.


  • Virtual Patching

    Every security patch issued by Oracle, Microsoft, IBM, Apache or any other software developer starts a relay race. One team is the malicious hackers who seek web applications containing the new vulnerability to steal an organization's data. It may take attackers a few days or weeks to find a victim, but once inside a system, it will be nearly 200 days before the attack is noticed and another 60+ days before the attack is stopped. Source: Ponemon Institute 2017 Cost of Data Breach Study

    The other runners are company application security and development teams. Once a routine or emergency patch is issued, it may be weeks, months or years - if ever - before a patch is fully deployed across an enterprise application. The consequences of losing the race between the hackers and the security professionals can be disastrous.

  • Comprehensive Application Security in Minutes

    We protect apps against known and unknown vulnerabilities, including the most severe CVSS vulnerabilities that represent the most common attacks against applications today, including:

    • SQL Injection (SQLi)

    • Command Injection

    • Cross-Site Scripting (XSS)

    • File Uploads

    • Cross-Site Request Forgery (CSRF)

    • Path Traversal

    • Dangerous Functions

    Waratek provides “out-of-the-box” protection against the 2013 OWASP Top Ten and other complex, but common exploits such as unsafe deserialization attacks.

    Adding the Waratek plugin takes about 15 minutes with –

    • No code changes, hardware or prior knowledge of the app required

    • No tuning required for “Out-of-the-Box” protections

    • No impact on the performance of your application

    • No false positives

    Waratek’s solution is highly accurate, easy to install, and simple to operate. Using a fundamentally new approach to App Sec based on virtualization, Waratek allows you to monitor an application’s operation and block malicious attacks without slowing performance or generating false positives.

  • Legacy Platform Upgrades

    Most organizations have apps running on platforms that are no longer supported such as Java, Apache Tomcat and WebLogic. In fact the most widely used version of Java is not the most current. That’s because it’s too risky and expensive in most cases to rewrite an app’s code, despite known and unknown vulnerabilities across the entire software stack.

    Waratek protects your legacy applications and legacy platforms, no matter what version of Java you use. With an easy to install .JAR file plugin you gain the advantages of a Java 8 virtual host container for legacy Java apps running in guest mode for Java 4, 5, 6 or 7.

    After installation of the Waratek solution, identified vulnerabilities are mitigated:

    • Without code changes

    • Without prior knowledge of the application

    • Without slowing the app’s performance



GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021

State & Local Contracts

City of Seattle Contract

Contract #0000003265 Term: December 19, 2021


Contract # CMAS 3-12-70-2247E Term: through March 31, 2022


Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021


Latest News

Waratek have been named Best Application Security Solution by Government Security News in their Homeland Security Awards.
For 2,600 years we’ve been hearing the story of the Tortoise and the Hare, where slow and steady wins the race. Aesop never met a hacker or a regulator.
Last month, Oracle’s chief architect, Mark Reinhold, said during a conference Q&A that one of Oracle’s long-term goals is to change the way Java handles object serialization. In fact, he called ...
Oracle has declared an end to Java’s serialization approach, but that’s not the end of the story.Oracle has signaled there are big changes on the way for how Java handles serialized objects. Java ...
The race to patch known flaws is giving birth to the next buzz-worthy approach, but most “virtual patches” are neitherStatistics have been around for years that point to known code flaws in web ...
On April 17, Oracle released the quarterly Critical Patch Update (CPU) advisory. Among the 254 new security fixes, the CPU also contained a fix for the critical WebLogic server vulnerability ...
April 25, 2018
It is always an interesting experience hanging out with 60,000 of your closest friends!This was my third RSA Conference. Somethings never change:The insanely crowded show floor causing “road-rage” ...
If you look at the intersection of public policy and cybersecurity, it appears we are on the verge of a fundamental breakthrough that could result in greater cyber safety. New laws and regulations in ...
DUBLIN and ATLANTA – April 18, 2018 – Waratek, the compiler-based application security company, has issued guidance on Oracle’s latest Critical Patch Update (CPU) for April 2018, which addresses ...
Overall trends point to continued risks from vulnerable codeThe number of Java related patches in the Q2 Oracle Critical Patch Updates (CPU) continues to drift down off the all-time high in July 2017, ...
Another Struts flaw and two major breach announcements are reminders of why we need to patch web applications fasterJust as I sat down to write this blog – one year after the Apache Foundation ...
Waratek honored as “Best Application Security Solution” by Government Security NewsDUBLIN and ATLANTA – February 20, 2018 – Waratek, the virtualization-based application security company, ...



Runtime Application Self-Protection (RASP) is a transformational application security technology securing an application’s runtime. Waratek’s solution detects and prevents realtime attacks with zero false positives, doesn’t slow your applications’ performance, and increases the visibility in...

Cybersecurity spending will reach $170 billion by 2020 according to Gartner, based on the need to respond to non-stop efforts to steal customer data and other valuable information assets. Waratek delivers state-of-the-art security and operational efficiencies through Runtime Application Self Protect...

Runtime Application Self Protection (RASP) is a new approach to application security that not only promises to redress the deficiencies of preceding security implementations, such as Web Application Firewalls (WAF), but which also introduces a new set of capabilities that together represent a paradi...

With cyber-attacks and security breaches continuing to rise, Waratek offers a highly effective and transformational approach to protecting your data and applications.