Security Basics mailing list archives

RE: web application firewall solution

From: Robert John Creely <programmingart () gmail com>
Date: Fri, 8 May 2009 20:16:19 -0400

GPL solution: www.modsecurity.org
Commercial Solution: Imperva comes to mind

No matter what vendor you choose be prepared to spend a good amount of time tuning the  WebApp FW to the web 
application(s) it is protecting.  Also I would not recommend thinking that because you have a webapp firewall that you 
don't need to audit the web application code and fix security issues behind the webapp firewall.  The webapp firewall 
is just a layer of protection and nothing more.  Just because you install AV on a machine doesn't mean you no longer 
have to patch the OS :-)

--Rob
-----Original Message-----
From: netw0rm xxx <netw0rm () netw0rm net>
Sent: Friday, May 08, 2009 5:44 AM
To: security-basics () securityfocus com
Subject: web application firewall solution

Hi all!

I'm looking for solution to protect web-portal.
Now I'm reading about Сisco ACE WAF. Checkpoint Smart Defence also
have some checks for providing web applications security. What
another solutions is the security market?

Thanks in advance

Pavel Gubanov

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

web application firewall solution netw0rm xxx (May 08)
- Re: web application firewall solution raimarm () gmail com (May 11)
- Re: web application firewall solution PEra (May 11)
- Re: web application firewall solution bartlettNSF (May 11)
- Message not available
  - Fwd: web application firewall solution kevin fielder (May 18)
    - Re: Fwd: web application firewall solution [NC] Reda-Karim FAKHIR (May 19)
- <Possible follow-ups>
- Re: web application firewall solution paul . ivan (May 11)
- RE: web application firewall solution Robert John Creely (May 11)
- Re: web application firewall solution mstylianou (May 11)
  - Network Assessment tool Valentin Fernandez Bolland (May 11)
    - Re: Network Assessment tool Kim Guldberg (May 11)
    - Message not available
    - RE: Network Assessment tool Valentin Fernandez Bolland (May 18)
    - Re: Network Assessment tool Robert Larsen (May 18)