From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Signal Sciences in practice
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Signal Sciences in practice
- [Narrator] The ideas behind RASP and next-gen WAF sound good, but what do they look like in practice? Let's take a look at what they offer for modern web applications in APIs. As I mentioned, all the options in this space at the time of recording are commercial. The product we are going to look at is Signal Sciences. And since I work there, I'm going to try and stay neutral here, and avoid marketing hype. I'm skipping all the setup steps and moving straight to the product. We have a demo environment set up that is constantly being attacked, so that's where I'm heading. In a browser, lets head over to Signal Sciences. You can see that, right up front, OWASP injection attacks are being detected. We can take a quick look at what is happening, and see the requests that are triggering these events. Lots of cross-site scripting and command execution in here. But with all of these new-breed tools, OWASP coverage is pretty good. And this is not too unlike WAFs from a decade ago, in terms of…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.