From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Signal Sciences in practice

Signal Sciences in practice

From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline

Start my 1-month free trial

Signal Sciences in practice

- [Narrator] The ideas behind RASP and next-gen WAF sound good, but what do they look like in practice? Let's take a look at what they offer for modern web applications in APIs. As I mentioned, all the options in this space at the time of recording are commercial. The product we are going to look at is Signal Sciences. And since I work there, I'm going to try and stay neutral here, and avoid marketing hype. I'm skipping all the setup steps and moving straight to the product. We have a demo environment set up that is constantly being attacked, so that's where I'm heading. In a browser, lets head over to Signal Sciences. You can see that, right up front, OWASP injection attacks are being detected. We can take a quick look at what is happening, and see the requests that are triggering these events. Lots of cross-site scripting and command execution in here. But with all of these new-breed tools, OWASP coverage is pretty good. And this is not too unlike WAFs from a decade ago, in terms of…

Contents