Mithril intervenes on your website with Virtual Patches
in case of a code attack. This means:
// HOW MITHRIL WORKS
Many customers choose our Mithril service to apply virtual patches on their web application.
Our Vulnerability Assessment and Penetration Test Team is at your disposal to test your web application looking for misconfiguration and vulnerabilities.
Once done, Mithril can patch each vulnerability found without touching your website or web application code. This makes you able to instantly resolve all vulnerabilities in 0 days before fixing the code or while waiting for an official patch from a vendor.
Patch the vulnerabilities before they can be exploited
Until a patch becomes available, it is often a race between threat actors trying to exploit the flaw and vendors or developers rolling out a patch to fix it. With our virtual patching service, you don’t need to wait anymore for a fix or for a new release from any vendor.
No more bad fix
Implement layers of security policies and rules against known or unknown vulnerability
It sometimes happens that a change in the application code generates new unattended vulnerabilities or new ways to bypass restrictions or sanitizations. Mithril Virtual Patch protects your application from a wide variety of attacks and bypass techniques.
Accurate inspection consists of analysing each element separately through breaking up the HTTP request into headers, parameters & uploaded files. Based on the parsed info, this doesn’t occur just for its content, but also for its length and count.
In order to prevent evasion techniques, like using different character encodings for the attack vector, the tool must transform the request to a normalized form before inspection. In fact, anti-evasion capabilities include data sanitization and character encoding.
Logic, function and variables: what virtual patches need to detect
Virtual patches must implement complex logic, as it cannot rely only on signatures. Therefore it requires a more robust rules language to define the tests, since each rule can employ a specific transformation function. Moreover the rules language needs to include variables.