Thanks for the HN link, that's what I looked for but somehow algolia wasn't giving me the result at the time.
Two points about a potential trial. 1) Since it's a runtime tool to actually see what it can detect I assume I will actually have to generate some attacks myself to actually see it in affect? It also makes false positive testing a little harder.
The reporting and such is on the cloud I presume? Are there some documentation on what happens at the agent level and what gets send to the cloud?
1) If your app has decent traffic it will be attacked. But we also describe how to scan your app with Arachni on our docs: https://docs.sqreen.com/using-sqreen/how-can-i-test-sqreen-d...
False positives on our RASP module are very rare. Most of our customers use it in blocking mode in production.
How we do it? By using the application context. Our detection is done in-app. It's based on parsers that tokenize the query and detect injections when the user input changes the structure of the query.
More details on our detection rules [1] and more details on how we do dynamic instrumentation [2]
2) It’s on the cloud [AWS]. But our agent doesn’t redirect your traffic or collect sensitive data. We scrub the data inside your agent before sending it to our servers (just like Sentry or New Relic). You can also customize this behavior. [3]
Two points about a potential trial. 1) Since it's a runtime tool to actually see what it can detect I assume I will actually have to generate some attacks myself to actually see it in affect? It also makes false positive testing a little harder.
The reporting and such is on the cloud I presume? Are there some documentation on what happens at the agent level and what gets send to the cloud?