Follow the Trace: How Traditional AppSec Tools Have Failed Us
Kennedy Toomey
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Traditional application security tools — SAST, DAST, WAFs — each carry significant blind spots that produce high false-positive rates and slow development teams. Kennedy Toomey, application security researcher at Datadog, argues that runtime tools, particularly Runtime Application Self-Protection (RASP), use execution traces to provide context that dramatically improves detection accuracy, demonstrating with a live SSRF attack on a Flask application. ---
AI review
Toomey makes the case for runtime tooling coherently and the live SSRF demo with flame graph visualization is genuinely clean. But this is ultimately a well-executed product category explainer for RASP — the 18% stat from Datadog's own report doing most of the persuasion work. Acceptable conference content, not a research contribution.