Comparing WAF and RASP - Why?
Offered By: LASCON via YouTube
Course Description
Overview
Explore the critical differences and complementary roles of Web Application Firewalls (WAFs) and Runtime Application Self-Protection (RASP) in this 50-minute LASCON conference talk. Delve into the evolving landscape of application security, understanding why relying solely on one solution may leave gaps in your defense strategy. Examine the limitations of traditional signature-based approaches in WAFs and the unique protections offered by RASP. Learn why comparing WAF and RASP is akin to comparing antivirus and EDR solutions, and discover the benefits of implementing both technologies. Gain insights into AppSec history, common downfalls, attack scenarios, and testing methods. Analyze real-world examples, including the Equifax breach, to better grasp the importance of a comprehensive approach to application security.
Syllabus
Intro
Applications are vulnerable
AppSec history
We have a problem
Mod Security
WAF
Tuning
Command Injection
Common Downfalls
bypasses
confluence
Similarities
Instrumentation
Attack Scenario
How WAF works
RASP challenges
What is RASP
Data Visibility
Comparing
Testing Methods
Attack Types
Attack Probability
Equifax
Seatbelt vs Airbag
RASP vs WAF
Would it be true
Taught by
LASCON
Related Courses
API Security - Is it the New Application Attack Surface and How to Secure at Enterprise ScaleLASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube Developing and Managing an OWASP Project - Projects 101
LASCON via YouTube