Zero False Positives in WAF – The Road to a Utopian Dream

img

Overview :

False positives have been the bane of most WAF solutions.

So much that application owners have been known to:

  • Not apply new patches for zero-day threats or tinker with WAF configuration
  • Or worse, put the WAF in log-only mode
Indusface
Indusface

Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.



However, WAAP/WAF is the first line of defense, and these practices give hackers red-carpet access to applications. In the webinar, Vivek Gopalan, VP of Product Management discusses the method.

Key takeaways:

  • What are false positives?
  • The impact of false positives
  • Removing false positives in DAST scanners
  • The road to ZERO false positives on WAF rules
  • Leveraging positive security models for API security