Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Application Security

From: Adam Carlson <ajcarlson () BERKELEY EDU>
Date: Fri, 13 Nov 2009 12:19:44 -0800
Stephen,
        This might be interesting to you in your evaluations:

http://projects.webappsec.org/Web-Application-Firewall-Evaluation-Criteria

Also you might want to look at the vendors who participated near that
bottom of that page if you wanted to broaden your search.  As for
software based application layer firewalls, you might check out:

ModSecurity : [http://www.modsecurity.org]
IIS UrlScan   :
[http://www.microsoft.com/downloads/details.aspx?FamilyId=EE41818F-3363-4E24-9940-321603531989&displaylang=en]
WebKnight   : [http://www.aqtronix.com/?PageID=99]

from:

http://isc.sans.org/diary.html?storyid=5674

We are not currently using a WAF but will hopefully start evaluating
some of these products soon to determine if they are worthwhile in
our environment.

Hope this helps,

-Adam

Stephen G. Lotho wrote:

Hi,

We are currently in the market for Application firewall.  I wanted to
check here if anyone has any recommendation.  We are looking for an
appliance and software solution.

Vendors I'm looking at are Top Layer, Fortinet, Breach and Barracuda.

I don't know any software application firewall - could you suggest one?

Thank you,

Stephen G. Lotho
Director, Network Services
Roosevelt University
430 South Michigan Avenue
Chicago, Illinois 60605
Tel: 312.341.6996
email: Stephen.Lotho () Roosevelt edu



--
Adam Carlson
Chief Security Officer
Information Technology
Residential and Student Service Programs
Tel: 510-643-0631
Email: ajcarlson () berkeley edu

"Most of the things worth doing in the world had been declared
impossible before they were done." ~Louis D. Brandeis
Previous By Date Next
Previous By Thread Next

Current thread: