[WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
Andre Gironda
andreg at gmail.com
Sat Jan 12 17:32:17 EST 2008
Deploying WAFs at all - Waste of Money?
Answer: Not if you just made a check-mark on a PCI-DSS audit
On 1/12/08, B Snake <bsnak3 at gmail.com> wrote:
> It seems like 90+% of companies that implement WAFs deploy them in
> listening-only mode and don't do any blocking for fear of false positives
> cutting off legitimate user activity.
>
> I'm new to WAFs and this may be a stupid question, but what security value
> does a WAF add if it's not doing any blocking of malicious activity?
>
> -BSnake
>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list