Explore the critical differences and complementary roles of Web Application Firewalls (WAFs) and Runtime Application Self-Protection (RASP) in this 50-minute LASCON conference talk. Delve into the evolving landscape of application security, understanding why relying solely on one solution may leave gaps in your defense strategy. Examine the limitations of traditional signature-based approaches in WAFs and the unique protections offered by RASP. Learn why comparing WAF and RASP is akin to comparing antivirus and EDR solutions, and discover the benefits of implementing both technologies. Gain insights into AppSec history, common downfalls, attack scenarios, and testing methods. Analyze real-world examples, including the Equifax breach, to better grasp the importance of a comprehensive approach to application security.