Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Comparing WAF and RASP - Why?

LASCON via YouTube

Overview

Explore the critical differences and complementary roles of Web Application Firewalls (WAFs) and Runtime Application Self-Protection (RASP) in this 50-minute LASCON conference talk. Delve into the evolving landscape of application security, understanding why relying solely on one solution may leave gaps in your defense strategy. Examine the limitations of traditional signature-based approaches in WAFs and the unique protections offered by RASP. Learn why comparing WAF and RASP is akin to comparing antivirus and EDR solutions, and discover the benefits of implementing both technologies. Gain insights into AppSec history, common downfalls, attack scenarios, and testing methods. Analyze real-world examples, including the Equifax breach, to better grasp the importance of a comprehensive approach to application security.

Syllabus

Intro
Applications are vulnerable
AppSec history
We have a problem
Mod Security
WAF
Tuning
Command Injection
Common Downfalls
bypasses
confluence
Similarities
Instrumentation
Attack Scenario
How WAF works
RASP challenges
What is RASP
Data Visibility
Comparing
Testing Methods
Attack Types
Attack Probability
Equifax
Seatbelt vs Airbag
RASP vs WAF
Would it be true

Taught by

LASCON

Reviews

Start your review of Comparing WAF and RASP - Why?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.