Educause Security Discussion mailing list archives

Re: Web Security - what do you do?

From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Thu, 7 May 2009 13:06:17 -0500


I agree that an application firewall is a necessary component for most Internet-facing web servers, especially if you 
don't have a strong vulnerability assessment and change control program in place. But I caveat that I mean a strong app 
firewall (e.g., DotDefender) that handles white listing urls, etc., not just a Cisco ASA box.
This needs to go hand-in-hand with an OWASP-based approach to securing websites.

Ken.
== 
Ken Rowe
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
50 Gerty Drive, MC-673
Champaign, IL 61820
E kenrowe () uillinois edu
O 217.265.0415
C 217.778.7693
F 217.333.6991

Current thread:

Web Security - what do you do? Greg Vickers (May 06)
- <Possible follow-ups>
- Re: Web Security - what do you do? Pratt, Benjamin E. (May 07)
- Re: Web Security - what do you do? Hugh Burley (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 07)
- Re: Web Security - what do you do? Pace, Guy (May 07)
- Re: Web Security - what do you do? Jason Testart (May 07)
- Re: Web Security - what do you do? Christopher Jones (May 07)
- Re: Web Security - what do you do? Rowe, Ken (May 07)
- Re: Web Security - what do you do? St Clair, Jim (May 07)
- Re: Web Security - what do you do? Gary Flynn (May 07)
- Re: Web Security - what do you do? Paul Keser (May 07)
- Re: Web Security - what do you do? Karen Stopford (May 11)
- Re: Web Security - what do you do? Russell Fulton (May 11)