In this series of videos we will talk about Web App & API Protection history, technology, requirements, challenges and solutions. We will make it short and informed. Please subscribe. Part 3 (Signatures and Zero-Day Protection): In the previous part of this video series, we explained why false positives on Corona tests are problematic. Web cyber attacks evolve even more quickly than Corona, and yet the most common method used by leading vendors to identify them is to use signatures. Attackers take advantage of the window between the discovery of a new vulnerability until it is mitigated or the signatures become available. For example, in the recent Log4Shell attack, ALL vendors needed to repeatedly release signatures even after exploits were already widely available on the Internet. A traditional WAF is only as good as its activated signatures. But this is not good enough when you’re dealing with zero-day vulnerabilities. To be effective Web App & API protection must be pre-emptive. It must not require an update in order to protect you. --- open-appsec |