Comparing WAF and RASP - Why?
Offered By: LASCON via YouTube
Course Description
Overview
Explore the critical differences and complementary roles of Web Application Firewalls (WAFs) and Runtime Application Self-Protection (RASP) in this 50-minute LASCON conference talk. Delve into the evolving landscape of application security, understanding why relying solely on one solution may leave gaps in your defense strategy. Examine the limitations of traditional signature-based approaches in WAFs and the unique protections offered by RASP. Learn why comparing WAF and RASP is akin to comparing antivirus and EDR solutions, and discover the benefits of implementing both technologies. Gain insights into AppSec history, common downfalls, attack scenarios, and testing methods. Analyze real-world examples, including the Equifax breach, to better grasp the importance of a comprehensive approach to application security.
Syllabus
Intro
Applications are vulnerable
AppSec history
We have a problem
Mod Security
WAF
Tuning
Command Injection
Common Downfalls
bypasses
confluence
Similarities
Instrumentation
Attack Scenario
How WAF works
RASP challenges
What is RASP
Data Visibility
Comparing
Testing Methods
Attack Types
Attack Probability
Equifax
Seatbelt vs Airbag
RASP vs WAF
Would it be true
Taught by
LASCON
Related Courses
Security Event Triage: Revealing Attacker Methodology in Web Application EventsPluralsight Securing Applications in Microsoft Azure
Pluralsight AWS Administration: Security Fundamentals
LinkedIn Learning AWS Certified Solutions Architect - Associate (SAA-C02): 7 Application Deployment
LinkedIn Learning Azure Administration: Load Balancers and Application Gateways
LinkedIn Learning