Community for IT Security, Risk Management and Compliance

IT Security Link | Community for IT Security, Risk Management and Compliance

Join The Community!

Please Login or Register

About Us | Contact | Terms | Privacy | RSS

SEND COMMENTS AND NEWS TIPS

Information Security
People and Technology
Cybercrime
Security Compliance
Recruitment

Home
Members articles
Events
News
Recruitment

Home › Blogs › Drazen Drazic's blog

WAFs - Is the Technology Mature Enough?

Sat, 07/19/2008 - 17:24

I've spent some time lately in discussions around Web Application Firewalls. WAFs seem to be a hot topic in recent times and with PCI DSS 6.6, many people are now starting to look at these technologies.

Though, with the PCI SSC council watering down the 6.6 requirement, I questioned here whether they were required at all under PCI DSS:
http://tinyurl.com/4rtkdf

I went to town a little on the WAFs here:
http://tinyurl.com/5fac9f

It's interesting though that while opinions vary and may look so opposite to each other, the arguments are not too dissimilar. When I did speak directly with Jeremiah Grossman, we weren't to far off each others wavelength. At the end of the day, it comes down to what fits and is manageable in your environment. If it can work for you and add additional security, and you accept the trade-offs, go for it. Just don't get lulled into that false sense of security so to speak, understand the limitations of WAFs and don't neglect the basics - they are ultimately the key.

Your vote:

No votes yet

Drazen Drazic's blog
Login or register to post comments

Search IT Security Link

EVENTS CALENDAR

November 2008
Mon	Tue	Wed	Thu	Fri	Sat	Sun
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Members Blog Topics

Punk not dead
Lords: "Government should step up to its responsibility in IT Security"
Researchers: Obfuscate patches
Your own personal barcode
Going the extra ten percent

IT Security Link Sponsors

About Us
Contact
Terms
Privacy