Presentation Material
AI Generated Summarymay contain errors
The speaker is discussing the pros and cons of different security tools, , specifically WAF (Web Application Firewall), RASP (Runtime Application Self-Protection), and SAST (Static Application Security Testing).
They highlight that while these tools can provide protection against certain types of attacks, A WAF may not detect vulnerabilities in code introduced by third-party vendors, even if the application’s own code is secure. Additionally, a RASP system might perform better than a WAF in certain scenarios, such as when an attack targets an obscure library or API that the WAF does not monitor.
The speaker concludes that having both WAF and RASP systems provides the best protection, but notes that this may not be feasible for all organizations due to budget constraints. They also mention that there are companies like Imperva that offer both WAF and RASP solutions.
In response to a question, the speaker states that they do not know of any tool or company that combines SAST and RASP capabilities, although some companies like Signal Sciences provide RASP solutions.
The talk concludes with a discussion on how security tools can be improved by looking for specific behaviors and trying to handle scenarios that might not be detected.