You can’t find what you don’t know about, and this is especially true when it comes to application security. Firewalls, one of the most common web application security tools, are designed to detect only what is known. In a world of increasing numbers of both new and old threats, companies are finding that, while web application firewalls (WAFs) are a foundational part of their application security program, they protect against everything.
In this blog post, we’ll discuss the differences between traditional WAFs and runtime application self-protection (RASP), a technology built for today’s dynamic and evolving threat landscape. You’ll walk away knowing if your current approach to application security is up to snuff or requires a new approach to keep your company and customers safe.
The problem with traditional web app firewalls (WAF)
Firewalls operate off a set of static rules or signatures designed to detect and block known security issues coming in from the web. This is called stateless WAF. The problem is that if your team doesn’t know of every possible malicious action, user, or attack vector (which is next to impossible for even the most robust security teams), you can’t possibly write rules and signatures to catch 100% of the threats that could slip past your defenses.
Additionally, rules and signatures in and of themselves are limited. Let’s say a rule is set to block all traffic that meets a set of criteria, but there are exceptions to the rule. Due to their inability to account for t ..
Support the originator by clicking the read the rest link below.
