[WEB SECURITY] More Questions Than Answers
Joel R. Helgeson
joel at helgeson.com
Mon Feb 6 10:32:45 EST 2006
There is a WAF from WebScurity www.webscurity.com that will install in 15 minutes, it will automatically learn and understand your business logic and prevent variable manipulation, invalid input, and it will go the whole nine yards.
I have installed the product at two customer sites protecting 7-8 servers. Check it out, you will not be disappointed.
FYI: Here is a video I made of me doing a security assessment:
http://www.appiant.net/exploit.wmv
That video was made at a College here in Minnesota. I discovered the vulnerability, made the video, installed the software and was COMPLETELY DONE remediating ALL the vulnerabilities on that site in under 24 hours, start to finish (and that was installing it on 3 servers at that one location).
But don't take my word for it, try it for yourself.
Joel
----- Original Message -----
From: Brent Johnson
To: websecurity at webappsec.org
Sent: Thursday, February 02, 2006 10:08 PM
Subject: [WEB SECURITY] More Questions Than Answers
I am the IT Manager for a small bank group, we've discovered that several banking web applications we're using are vulnerable to exploits. Most of these applications are for internal use only, the rest are for interfacing with other banks (all customer applications are handled by an outsourced provider). We are now faced with either re-writing our applications or putting in place an application firewall.
I've read the Web Application Firewall Primer, and I've also read the WAFL evaluation criterion and have been left with more questions than answers. I am looking for something that would be easy to install and most importantly, easy to manage. Is there such a thing?
I'm hoping to get some guidance and direction from this list; any help you could provide would be greatly appreciated.
Thanks!
Brent Johnson
First Southeast Banc Group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060206/a174bfa2/attachment.html>
More information about the websecurity
mailing list