[WASC-WAFEC] review of "Integrated Related Features"

Ido Breger I.Breger at F5.com
Wed Jan 30 05:03:18 EST 2013


Hi Erwin,
My feedback below

Cookie protection: Another way to secure cookies from manipulation is to sign them, the advantage of signing cookies is to allow client side code to read the cookie data (Some apps need this capability to operate), encrypting the cookies is a good way to secure sensitive data which also sometimes being stored in a cookie, however if you encrypt the cookie and the app need to read the content of the cookie the application will break.

SSL management:  Can the WAF check client side certs? Can the WAF check revocation lists? If yes, How? Which SSL ciphers are supported?

Single Sign on:  Can the WAF integrate with web access management suites, if yes, with which ?

IP reputation: This feature isn't just a network firewall feature, the benefit of using a WAF with this feature is that a WAF can use this feature even behind proxies (leveraging the true client Source IP).

Support:  Does the support organization hold an ISO 9001:2008 certification?




Ido Breger| Sr. Product Manager, Security
24B Habarzel St. Tel Aviv, Israel

M +972544891177

M2 +1.206.272.8264



[cid:1978DF4F-4FF6-4F12-AFC5-1CE6B4FFAFDD]<http://www.f5.com/>

[Security_Access_icon]

Secure the Future, Today<http://www.f5.com/it-management/topics/security/>.
Visit F5 booth # 1354
RSA Conference, Feb. 25- Mar. 1




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20130130/301b946d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3861 bytes
Desc: image001.png
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20130130/301b946d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1113 bytes
Desc: image002.png
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20130130/301b946d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2018 bytes
Desc: image004.png
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20130130/301b946d/attachment-0002.png>


More information about the wasc-wafec mailing list