The Difference Between WAF and RASP

Hello everyone, today I’m going to talk about some emerging technologies and the application security space but more specifically trying to help explain a couple of the current cryptic acronyms with and rasp when we talk about application security we often use many technical terms describing the toolsets and it’s easy to forget that application security is something you do not something you buy the use of tools is a sensible strategy but it’s easy to lose sight of the end goal which is more secure apps previously we have spoken about DAST and just as a quick recap that stands for Dynamic Application Security Testing which navigates a running web application as a regular user would discovering all of the available pages and the helmets and probing to discover vulnerabilities albeit a bit faster than a user.

WAF

So first let’s talk about web application firewalls commonly referred to as WAFs Web Application Firewall is a piece of software that sits between your web applications and the requests coming in from the Internet’s original WAFs will use a static set of rules that they would apply to incoming requests over the web checking which ones were legit and which ones were coming from the various actors that will be described as stateless the problem with static rules is that they match on very specific patterns and if an attacker would have to change their approach the WAF wouldn’t be able to block it so what do you do you update your rules followed swiftly by the attacker updating their methods and you can see where this is going.

The loop only ends were one player in the game quits your attacker may give up but that’s not an option when you’re defending your own applications web application firewalls needed to evolve the next step was to what we described stateful was allowing the search for attacks to spawn multiple requests and responses now you can check how fast requests are coming in whether or not they’re from the same source and a bunch of other indicators about behavior and wireless generated a ton of useful alerts all of a sudden we became really aware of a new problem too many alerts this makes it hard to zero in on the issues that matter to complicate the process further apps that are being constantly updated in an environment where new attacks crop up all the time means the checks have to keep up.

Also Read: How To Manage Remediation Activities in RAPID7/InsightVM

I’m maintaining those checks becomes a full-time job so wats are cool but they have their limitations as rules to block attacks or based on models using the app behaviour on the attack behaviour how can we address this get ready for another acronym so next we’re going to talk about right or wrong time applications self-protection long time applications self-protection works a lot like a WAF blocking bad traffic but does so without the need for static rules rather than build a model we use the actual application instead of predicting that a request calls a database opens a file or starts to shell the executed command you watch the app at runtime to see if it actually performs those actions this makes alerts highly relevant because they are based on application behaviour instead of a prediction there’s no need to teach a security product what’s bad behavior because you know what the application should and shouldn’t be doing when the app changes it’s no problem because your security is based on the app not a set of rules and educated guesses about how it might react so that’s it for WAF and rasp.

Add a Comment

Your email address will not be published. Required fields are marked *