[WEB SECURITY] WAF recommendation

Ryan Barnett rcbarnett at gmail.com
Thu Jan 31 22:41:44 EST 2008


On Jan 31, 2008 9:36 PM, Brad Smith <unre4l at gmail.com> wrote:
> We are looking into some WAF hardware appliances. Does anyone here have
> experiences in using any particular product? Are you happy with it? What are
> the things to watch out for? Any recommendation that you can provide is
> highly appreciated. Thanks.

What is driving your interest?  PCI?  Do you need to quickly mitigate
known vulns?  Do you need to have HTTP level auditing?  Worst case
scenario driver... you have recently been hacked and now management is
taking web app security seriously?

In the meantime, you might want to look at the WASC Web Application
Firewall Evaluation Criteria if you haven't already -
http://www.webappsec.org/projects/wafec/

-- 
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list