Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may monitor or test the configuration settings of the RTAP systems, network traffic into the RTAP systems, and/or log information from the RTAP systems. For example, the device may detect drift in a configuration for a particular RTAP system by comparing the configuration settings of the RTAP systems to baseline configuration settings and classifying any detected drift as good drift or bad drift. In some examples, the device may maintain the configuration settings or set the configuration settings as the baseline configuration settings when the configurations settings include good drift from the baseline configuration settings. In other examples, the device may set the configuration settings with the bad drift to the baseline configuration settings.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may monitor or test the configuration settings of the RTAP systems, network traffic into the RTAP systems, and/or log information from the RTAP systems. For example, the device may detect drift in a configuration for a particular RTAP system by comparing the configuration settings of the RTAP systems to baseline configuration settings and classifying any detected drift as good drift or bad drift. In some examples, the device may maintain the configuration settings or set the configuration settings as the baseline configuration settings when the configurations settings include good drift from the baseline configuration settings. In other examples, the device may set the configuration settings with the bad drift to the baseline configuration settings.

Abstract: Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to identify risks of the RTAP systems. For example, the device may compare a plurality of attack signatures, from configuration settings of an application protection system to a plurality of defects from a defect data store; determine that at least one configuration setting of the application protection system corresponding to an application does not include protections for at least one defect of the plurality of defects; and in response to determine that the at least one configuration setting of the application protection system does not include protections for the at least one defect, generate an alert corresponding to the at least one defect.