Zero False Positives in WAF – The Road to a Utopian Dream


Overview :

False positives have been the bane of most WAF solutions.

So much that application owners have been known to:

  • Not apply new patches for zero-day threats or tinker with WAF configuration
  • Or worse, put the WAF in log-only mode

However, WAAP/WAF is the first line of defense, and these practices give hackers red-carpet access to applications. In the webinar, Vivek Gopalan, VP of Product Management discusses the method.

Key takeaways:

  • What are false positives?
  • The impact of false positives
  • Removing false positives in DAST scanners
  • The road to ZERO false positives on WAF rules
  • Leveraging positive security models for API security