Educause Security Discussion mailing list archives
Re: Web Security - what do you do?
From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Thu, 7 May 2009 13:06:17 -0500
I agree that an application firewall is a necessary component for most Internet-facing web servers, especially if you don't have a strong vulnerability assessment and change control program in place. But I caveat that I mean a strong app firewall (e.g., DotDefender) that handles white listing urls, etc., not just a Cisco ASA box. This needs to go hand-in-hand with an OWASP-based approach to securing websites. Ken. == Ken Rowe Director of Enterprise Systems Assurance and Information Security University Office of Administrative Information Technology Services University of Illinois 50 Gerty Drive, MC-673 Champaign, IL 61820 E kenrowe () uillinois edu O 217.265.0415 C 217.778.7693 F 217.333.6991
Current thread:
- Web Security - what do you do? Greg Vickers (May 06)
- <Possible follow-ups>
- Re: Web Security - what do you do? Pratt, Benjamin E. (May 07)
- Re: Web Security - what do you do? Hugh Burley (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 07)
- Re: Web Security - what do you do? Pace, Guy (May 07)
- Re: Web Security - what do you do? Jason Testart (May 07)
- Re: Web Security - what do you do? Christopher Jones (May 07)
- Re: Web Security - what do you do? Rowe, Ken (May 07)
- Re: Web Security - what do you do? St Clair, Jim (May 07)
- Re: Web Security - what do you do? Gary Flynn (May 07)
- Re: Web Security - what do you do? Paul Keser (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 11)
- Re: Web Security - what do you do? Russell Fulton (May 11)