This course aims to help security operations and application security professionals understand the gaps between web application firewalls (WAFs) and runtime application security protection (RASP). By comparing the similarities and differences between WAF and RASP, participants will learn why both should be used. The course covers topics such as the vulnerabilities of applications, the history of application security, common downfalls of WAFs, challenges of RASP, data visibility, testing methods, and various attack scenarios. The teaching method involves a lecture format with a focus on theoretical concepts and practical comparisons. This course is intended for security professionals interested in enhancing their knowledge of web application security tools.
Overview
Syllabus
Intro
Applications are vulnerable
AppSec history
We have a problem
Mod Security
WAF
Tuning
Command Injection
Common Downfalls
bypasses
confluence
Similarities
Instrumentation
Attack Scenario
How WAF works
RASP challenges
What is RASP
Data Visibility
Comparing
Testing Methods
Attack Types
Attack Probability
Equifax
Seatbelt vs Airbag
RASP vs WAF
Would it be true
Taught by
LASCON
