WebApp Sec mailing list archives
Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
From: "Henry Troup" <htroup () acm org>
Date: Sun, 13 Jan 2008 22:03:22 -0500
For a while, I had the unpleasant experience of having a customer-support forum behind a WAF set for certain kinds of blocking. The result was that single quotes - such as "I can't make this work" - got postings rejected. Now obviously, that's the kind of thing you want to configure out. But until you do, it's absolutely painful and embarassing.
Henry Troup htroup () acm org----- Original Message ----- From: "Ivan Ristic" <ivan.ristic () gmail com>
To: "B Snake" <bsnak3 () gmail com> Cc: <websecurity () webappsec org>; <webappsec () securityfocus com> Sent: Sunday, January 13, 2008 4:54 AMSubject: Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
On Jan 12, 2008 3:55 PM, B Snake <bsnak3 () gmail com> wrote:It seems like 90+% of companies that implement WAFs deploy them in listening-only mode and don't do any blocking for fear of false positives cutting off legitimate user activity.
-------------------------------------------------------------------------Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Ryan Barnett (Jan 13)
- <Possible follow-ups>
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Ivan Ristic (Jan 13)
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Henry Troup (Jan 14)
- RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Ofer Shezaf (Jan 16)
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Henry Troup (Jan 14)
- RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Ofer Shezaf (Jan 13)
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Ryan Barnett (Jan 13)
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? Ryan Barnett (Jan 14)
- RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money? sankalpa h (Jan 20)