Save $200 on Cyber Security Training at SANS Miami 2018. Ends 12/27.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Analyst Webcast: RASP vs. WAF: Comparing Capabilities and Efficiencies

  • Friday, August 14th, 2015 at 3:00 PM EDT (19:00:00 UTC)
  • Jake Williams
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • HP

You can now attend the webcast using your mobile device!

Overview

RASP vs. WAF: Comparing Capabilities and Efficiencies

Web application firewalls (WAFs) protect web applications/servers from web-based attacks, sitting inline and monitoring traffic to and from web applications and/or servers. The difference between a traditional IPS and a WAF is in the level of ability to analyze the Layer 7 web application logic; IPSes merely interrogate traffic against signatures and anomalies, while WAFs interrogate the behavior and logic of what is requested and returned to protect against web application threats like SQL injection, cross-site scripting, session hijacking, parameter or URL tampering and buffer overflows. It's a classic "bolt-on" network security measure that too often, has little (if any) visibility into application logic, configuration or the flow of data and events. To address these issues, organizations are deploying an emerging technology of "runtime application self-protection" which, as the name suggests, builds self-defense capabilities into the runtime environment itself. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the relative strengths and capabilities of RASP and WAFs.

View the associated whitepaper here.

Speaker Bio

Jake Williams

Jake Williams is a SANS analyst, certified SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attack on-premises and in the cloud.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.