Key Learning Points:
- SAST, DAST, and WAF tools miss the majority of real vulnerabilities and attacks while generating staggering numbers of false positives.
- The next generation of application security technology uses dynamic software instrumentation to solve these challenges.
- Learn how IAST and RASP have revolutionized application assessment and protection in a massively scalable way.
Level: Intermediate
SAST, DAST, and WAF have been around for almost 15 years — they’re almost impossible to use, can’t protect modern applications, and aren’t compatible with modern software development. Recent studies have demonstrated that these tools miss the majority of real vulnerabilities and attacks while generating staggering numbers of false positives. To compensate, these tools require huge teams of application security experts that can’t possibly keep up with the size of modern application portfolios. Fortunately, the next generation of application security technology uses dynamic software instrumentation to solve these challenges. Gartner calls these products “Interactive Application Security Testing (IAST)” and “Runtime Application Self-Protection (RASP).” In this talk, you’ll learn how IAST and RASP have revolutionized application assessment and protection in a massively scalable way.
Join Jeff Williams, appsec expert, to learn how “Interactive Application Security Testing (IAST)” and “Runtime Application Self-Protection (RASP)” have revolutionized application assessment and protection in a massively scalable way.
About Jeff Williams
Jeff is a pioneer in application security, co-founder and CTO of Contrast Security, and the founder of OWASP where he created the OWASP Top 10, and many other widely adopted free and open projects
This session sponsored by Contrast Security.