[WEB SECURITY] [SC-L] Java DOS

websecurity at lists.webappsec.org websecurity at lists.webappsec.org
Mon Feb 14 09:48:23 EST 2011


Am 13.02.2011 20:33, schrieb Jim Manico:

> 1) Generation 1 WAF rule (reject one number only)

hmm, this is not a Generation 1 WAF rule, but a (hot) virtual patch to be used
'til the proper WAF rule is ready, which is a whitelist approach
Jim, I assume you just missed the right term ;-)

(we see where a WAF performs better than code fixing; SCNR)

Achim




More information about the websecurity mailing list