Hindsight isn't good enough: LANGSEC helps you take control of your security at runtime presented at lascon 2016

by Kunal Anand,

Summary : Web Application Firewalls (WAFs) and analysis tools like Static Application Security Test (SAST) and Dynamic Application Security Testing (DAST) lack the context from inside a running application, there are certain classes of attacks which they simply can't defend against. Most of the visibility comes only after a vulnerability has been found or exploited. Chad will discuss the pros and cons of signatures, why we're falling behind on Web application attacks, and why AppSec needs to evolve to become more language-driven and DevOps-friendly. He will shed light on the issues with modern security technologies and the need for a detection technology, touching on a LANGSEC-based RASP approach as the solution.