Selecting Your Application Security Solutions – Pros & Cons
Web application security has made headline news in the past few years. Incidents such as the targeting of specific sites as a channel to distribute malware to a particular audience (AKA “watering hole attacks”), Web hacks by political activists such as the Anonymous Collective, and mass attacks aimed at CMS systems have become all too common.
While all these Web attacks focus on the application layer, many organizations continue to prioritize their resources and security spending on network-layer solutions such as IDS and network Firewalls. Consider the popular security analogy of the organization’s servers to an all-open party club. The bouncer might prevent rowdy folks from entering the party (i.e. network-layer security solutions). However, heavy protection should be placed against those that were able to enter the party – having passed that last line of defense.
This is where Application Security comes in. Application Security testing (AST) solutions are growing in demand however the methods used vary widely. Many are confused by the different terms and how they each address the problem and solution. In this session you will learn:
– The meaning of the most common Application Security buzzwords such as SAST, RASP, IAST and more.
– The pros / cons of the various AppSec solutions available.
– Best practices and tips for implementing an effective AppSec program.