When talking about app security, the use of RAST tool, substitute any other security control, is a valuable add-on, or it is not valuable at all?

153 views23 Upvotes4 Comments

Sort by:

IT Governance Consultant in Government2 years ago

To clarify, it seems you are referring to RASP (Runtime Application Self-Protection) tools. RASP tools should be viewed as complementary to other security controls rather than replacements. Typically, they are integrated into the application during the development or deployment phases. The decision to use a RASP tool should be based on a thorough assessment of the application's specific requirements and risk profile.

1 1 Reply

no title2 years ago

thanks for the answer.

Enterprise Security & Risk Management Architect in Insurance (except health)2 years ago

By RAST are you referring to Regression or Risk? There are a couple of RASTs in this space.

1 1 Reply

no title2 years ago

I was referring to RASP.

Content you might like

Does your organization issue trusted certificates for kubelet, etcd, and the API server in Kubernetes clusters?

How long does your organization retain original systems logs used to filter SOX-related actions into a system that requires review of the logs and retains the filtered logs for seven years? Does your organization consider those original system logs records subject to record retention requirements, or supporting information used to create the SOX records?

90 Days13%

365 Days41%

3 years28%

5 years9%

7 years9%

Other (share in the comments)

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.31%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.45%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.18%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).4%

View Results

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

When talking about app security, the use of RAST tool, substitute any other security control, is a valuable add-on, or it is not valuable at all?

Sort by:

Content you might like

Does your organization issue trusted certificates for kubelet, etcd, and the API server in Kubernetes clusters?

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

IT and Infosec Collaboration on Vulnerability Patching

Hybrid Infrastructure

Generative AI for Supply Chain: Usage, Expectations & Roadblocks

Managing Burnout During a Supply Chain Crisis

Take Your Insights On-the-Go