[WEB SECURITY] WebScurity ->was-> Application Security Hacking Videos

Ivan Ristic ivan.ristic at gmail.com
Thu Jun 1 16:12:47 EDT 2006


On 6/1/06, Brent Johnson <brent at fsebg.com> wrote:
> I'd like to chime in on this as a user of the WebScurity firewall.
>
> ...
>
> Per their recommendations, we had the web server listen on 127.0.0.1:8080,
> and put the firewall app on the network interface on port 80.  The software
> installed quick, and its doing its job.  It has been installed for a few
> months and we haven't had to touch it.
>
> ...
>
> When I originally inquired on the list, I was told that what I was looking
> for wasn't possible (easy to install, easy to configure, set & forget, BWA
> HA HA HA!)...  well, that's what I got, exactly what I wanted...

What you got then was a good professional response. Personally I don't
believe a "set & forget" is a meaningful deployment strategy for a web
application firewall. But I'd be interested to learn more about your
experiences. For example, why do you believe that you are more secure
now than before?

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list