Identification of web application vulnerabilities is only half the battle
with remediation efforts as the other. In an ideal world, application
defects could be quickly fixed within the application's code and pushed out
into production rapidly. Let¹s face the facts, there are many real world
business scenarios where it is not possible to update web application code
in either a timely manner or at all. This is where the tactical use-case of
implementing virtual patches to reduce attack surface plays a critical role.
In an effort to obtain valid data on virtual patching processes and
challenges, OWASP has created a community survey. If your organization
leverages virtual patching as a part of your remediation strategy, please
fill out the survey
http://blog.spiderlabs.com/2012/02/call-for-assistance-owasp-virtual-patchin
g-survey.html.
It is only 10 questions and by taking the survey, you could also win a free
spot in the upcoming OWASP AppSecDC Virtual Patching Workshop
<https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Training/Virtual_Patch
ing_Workshop> .
We are also planning a future blog post with results from the survey.
Thanks for your help.
--
Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader