Is RASP Ready? by

OWASP Boston Chapter
OWASP Boston Chapter
Public group
Location image of event venue


5:30 chat, brew and chew

6:30 announcements; OAuth in general and Google doc phishing; OWASP Dependency Checker and using OpenSource in general; audience questions; infosec news

7:00 Is RASP Ready?

Runtime Application Self-Protection is overhyped, according to many analysts and pundits. RASP promises applications that protect themselves - which sounds impossible - how can an application possibly protect itself? An agent that sits inside the app sounds like a deployment nightmare at worst, and a drain on the app at best. What’s the reality? Where are we now and what have we learned?

We’ve seen deployment successes and failures, and we will draw from those specific experiences to describe:
Where does RASP work?
● What applications are well-suited for RASP?
● What types (organizational structure, culture, or skillset) of organizations are well-suited for RASP?

What is the reality of RASP?
● Is RASP a deployment model or a feature set?
● How mature is RASP? Is it an over-hyped immature space, enterprise-ready, or somewhere in between?
● Which RASP capabilities do organizations use? And how do they validate those capabilities in their own environments?
● Can RASP replace the WAF?

We will conclude, not with a sales pitch, but some lessons learned on: the three must have attributes for RASP, some suggestions on good candidates for RASP – both types of teams and types of applications, and finally - if, how, and when to get started.
Michael Feiertag, CEO and Co-Founder, tCell
Before co-founding tCell at the end of 2014, Michael led a string of successful products – most recently as head of products at Okta, and prior to that, as technology director at Blue Coat. Prior to Blue Coat, Michael held product management, engineering, and sales positions at several start-ups. Michael holds a B.S. from The University of Chicago, and an M.S. from the University of Maryland