The dept of know livePowered by Fastly

Now you know.

We are currently off-air. Please register to enjoy all previously recorded content.

Watch now

Top web attack tooling

Daily percentages as observed within a two-week data set of requests tagged as web attacks.

0%25%50%75%100%3/20/20223/27/20224/3/2022SQLmapNessusw3afDetectifycURLNetsparkerOpenVASNikto

We're off air

  • With Rinki Sethi

    Watch now
    45 minutes
    Aired Mar 3, 2022

  • With Sounil Yu

    Watch now
    45 minutes
    Aired Mar 10, 2022

  • With Omar

    Watch now
    45 minutes
    Aired Mar 17, 2022

  • With Ellen Körbes

    Watch now
    45 minutes
    Aired Mar 24, 2022

  • With Daniel Miessler

    Watch now
    45 minutes
    Aired Mar 31, 2022

Guests
Two hosts. One guest.Unscripted and unabashed.

  • Rinki Sethi
    Rinki Sethi

    Former VP & CISO

    Twitter

  • Sounil Yu
    Sounil Yu

    CISO & Head of Research

    JupiterOne

  • Omar
    Omar

    Staff Security Engineer

    Betterment

  • Ellen Körbes
    Ellen Körbes

    Senior Product Line Manager

    VMware Tanzu Kubernetes

  • Daniel Miessler
    Daniel Miessler

    Founder

    Unsupervised Learning

Hosts

  • Kelly Shortridge
    Kelly Shortridge

    Senior Principal Product Technologist

    Fastly

  • Bea Hughes
    Bea Hughes

    Staff Security Engineer

    PagerDuty

Knowledge vault

Recommendations from our experts.
Did you know?
Data based on previously released Fastly reports
  • Half of organizations say web application and API security is more difficult today than it was two years ago.
  • On average, organizations use 11 web application and API security tools.
  • On average, organizations spend close to $3 million annually on web app and API security tools.
  • 75% of security professionals believe their organization spends the same amount of time (or more) on false positives as actual attacks.
  • Nine in 10 security professionals would prefer to run in blocking mode if false positives could be addressed.
  • Security responsibility is often distributed across a variety of teams and individuals, limiting centralized oversight.
  • Only 4% of security professionals considered their web app and API security vendor a competitive differentiator.
  • 91% of organizations run tools in log or monitoring mode, or shut them off entirely.
  • More than half of organizations believe most of their applications will use APIs in the next two years.
  • Vulnerabilities and data loss are the most common API concerns.
  • Only 1% of security professionals use a consolidated web app and API solution, but 93% want to.
  • People turn off web app and API security tools because they feel they don’t have a choice.
  • Half of organizations say web application and API security is more difficult today than it was two years ago.
  • On average, organizations use 11 web application and API security tools.
  • On average, organizations spend close to $3 million annually on web app and API security tools.
  • 75% of security professionals believe their organization spends the same amount of time (or more) on false positives as actual attacks.
  • Nine in 10 security professionals would prefer to run in blocking mode if false positives could be addressed.
  • Security responsibility is often distributed across a variety of teams and individuals, limiting centralized oversight.
  • Only 4% of security professionals considered their web app and API security vendor a competitive differentiator.
  • 91% of organizations run tools in log or monitoring mode, or shut them off entirely.
  • More than half of organizations believe most of their applications will use APIs in the next two years.
  • Vulnerabilities and data loss are the most common API concerns.
  • Only 1% of security professionals use a consolidated web app and API solution, but 93% want to.
  • People turn off web app and API security tools because they feel they don’t have a choice.