BestHub
search
Sign in
Tag

Runtime Protection

1 views collected around this technical thread.

AntTech
AntTech
Jul 18, 2023 · Information Security

HODOR: Shrinking the Attack Surface on Node.js via System Call Limitation

Researchers from Shanghai Jiao Tong University, Ant Security Light-Year Lab, and Zhejiang University present HODOR, a system that reduces the attack surface of Node.js applications by generating fine-grained system‑call allowlists using Seccomp, achieving an average 80% reduction in exploit surface with negligible runtime overhead.

Node.jsRuntime Protectionseccomp
0 likes · 12 min read
HODOR: Shrinking the Attack Surface on Node.js via System Call Limitation
JD Tech
JD Tech
May 26, 2023 · Information Security

JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

This article examines JD Cloud's Runtime Application Self‑Protection (RASP) technology, detailing its background, architecture, working principles, security advantages over traditional WAF and SAST/DAST, practical 0‑day protection examples, deployment scenarios, operational practices, and real‑world performance in large‑scale promotions and national‑level cyber‑exercises.

RASPRuntime ProtectionVulnerability Mitigation
0 likes · 14 min read
JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices
DeWu Technology
DeWu Technology
Dec 9, 2022 · Information Security

Container Security: Risks and Mitigation Strategies

Container security demands vigilant mitigation of risks such as image poisoning, unsafe images, compliance violations, high‑risk vulnerabilities, and container escape by preferring official images, scanning for malware and secrets, enforcing CIS benchmarks, applying cgroup and namespace isolation, and deploying runtime detection agents on each Kubernetes node for rapid response.

Container SecurityDockerImage Scanning
0 likes · 13 min read
Container Security: Risks and Mitigation Strategies