Arrangements described herein relate to correcting workflow vulnerabilities.
Virtual patching is a popular means of dealing with security vulnerabilities in web applications. When a new vulnerability is discovered, the developers may respond to it by issuing a security patch. This is motivated by the amount of time it takes to develop a fix, test it and install, which may be quite long. In the meantime, the patch ensures the safety of the software system in the presence of the vulnerability. Moreover, a virtual patch allows administrators to review, test and schedule official patch updates without leaving the system at risk in the intervening period.
Unlike traditional patching, virtual patching allows an application to be patched without changing program code of the application, its libraries, the operating system, or even the system it is running on. Virtual patching aims to fix a problem by controlling either the inputs into, or outputs from, the application. A common method of implementing a virtual patch is to place some type of a proxy or in-line packet manipulator in front of the application to control the inputs or outputs from the application.