Blog

Vulnerability scanning finds known weaknesses in apps and infrastructure. Learn how scanners work, their types, and why they cannot stop zero-day attacks.

SAST scans source code for vulnerabilities before deployment. Learn how it works, what it finds, and the blind spots it leaves open in production.

SAST scans your code. SCA scans open source dependencies. Learn the differences, what each misses, and why runtime SCA adds the missing layer.

SCA scans open source dependencies for known CVEs. Learn how it works, why it generates so much noise, and how runtime SCA shows what actually matters.

Runtime security protects production apps from threats static tools miss. Learn what it covers, threats it stops, and how eBPF works in Kubernetes.

RASP injects code. WAF watches traffic. ADR observes runtime execution. Learn which runtime security approach fits your environment and when to switch.

Not every CISO has the same security problem. Learn the key difference between infrastructure-first CISOs and software factory CISOs, and why code-aware runtime security matters for companies that build software.

AI is turning exploit development into a repeatable assembly line. Learn how CVE-less attacks work and what security leaders must do differently at runtime.

Raven CEO Roi Abitboul explains why AI has broken traditional CVE-based security and why runtime visibility is the only defense model built for what comes next.

Attackers injected malicious code into Mistral AI PyPI v2.4.6 as part of the Mini Shai-Hulud campaign. No CVE caught it. Here is what runtime detection saw.

The malicious Axios releases weren't a smash-and-grab. They were a multi-stage malware campaign using npm's install path as a deployment mechanism. Here's what that means for defenders.

Raven secures $20M to stop application exploits at runtime—even without CVEs or signatures—bringing real-time protection inside the application layer.

A deep analysis of React2Shell (CVE-2025-55182) RCE in RSC Flight protocol—and why WAF rule patches fail to protect modern React and Next.js apps.

Learn why true reachability means detecting executed vulnerable code, not just used libraries, and how this shift cuts SCA noise by 97%.

Learn how to debug eBPF verifier errors, manage instruction count limits, and optimize your eBPF programs for performance and safety. Discover practical tips on tail calls, maps, helper functions, and measuring instruction counts effectively.

Discover why static code analysis falls short for dynamic languages like Python, JavaScript, and Ruby.

Most tools treat your app as a black box. Raven Runtime ADR delivers full-stack visibility to detect and stop exploits before they execute.

Phishing has evolved. Learn how attackers now exploit trusted developer tools, third-party integrations, and CI/CD pipelines to infiltrate cloud environments through sophisticated supply chain attacks.

Discover how Kubernetes libraries transition through five distinct security stages—from repository definition to runtime execution—and learn how precise runtime analysis eliminates up to 99% of vulnerability noise.

Cloud infrastructure CVE triaging has evolved, but AppSec teams still struggle with noisy, irrelevant alerts. Learn how Raven fixes that!

Discover the crucial distinctions between application security and product security.

Discover the critical differences between static reachability and Raven’s runtime reachability.

Learn to exploit and analyze a Python rpc.py RCE vulnerability using PANDA.

Java’s class loading is a Wonderland of its own! Explore dynamic loading, classpath mysteries, and custom ClassLoaders with a whimsical twist

Discover the relationship between vulnerabilities and exploits, how attackers leverage weaknesses, and why not all vulnerabilities are exploitable.

Discover how eBPF revolutionizes runtime application security.

Attackers are increasingly shifting their focus from infrastructure to applications, exploiting vulnerabilities that traditional security measures cannot protect.

While shift left strategies are essential for building secure applications, they are not sufficient on their own. Cloud runtime application security, or protect right, is crucial especially as attackers are increasingly shifting their focus to applications.

What CVE-less threats are, why they are becoming more prevalent, and how organizations can protect themselves against these insidious risks.