In this series of videos we will talk about Web App & API Protection history, technology, requirements, challenges and solutions. We will make it short and informed. Please subscribe. Part 2 (False positives and false Negatives): In a perfect world, any detection technology will work without giving false positives or negatives. For example, with COVID, wrong test results cause frustration as well as loss of valuable time for health care professionals and patients alike. A false positive in a COVID test means you’re worried for no reason and need to do additional tests. But with a false negative, you don’t know that you are infected and so could infect other people. In cyber security, a false positive or a false negative means that either you can’t access a vital service, or that service can be attacked. Anyone with experience in the deployment of traditional Web Application Firewalls knows that they are configured with lots of exceptions, so that users could access services. But this often results in on-going tuning overhead for administrators- and services that are vulnerable to attacks because defences were turned off. To be effective, Web Application & API protection must be accurate and activated. Previous video: Part 1 (ModSecurity and WAF vendors) : --- open-appsec |