PaulDotCom mailing list archives
Suggestions on a Web App firewall?
From: Christopher.Tidball at qwest.com (Tidball, Christopher)
Date: Thu, 11 Feb 2010 07:59:03 -0600
Check out Breach's Web Defend WAF (http://www.breach.com/products/webdefend.html). This is an enterprise solution with appliances that can scale depending on traffic volume. It has a very nice management interface and can be deployed in-line or out-of-line. It does not require other hardware to be in place like f5. You may also want to check out Apache mod_security. Not appliance based, but has some good capabilities. Chris -----Original Message----- From: pauldotcom-bounces at pdc-mail.pauldotcom.com [mailto:pauldotcom-bounces at pdc-mail.pauldotcom.com] On Behalf Of Raffi Jamgotchian Sent: Wednesday, February 10, 2010 6:21 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Suggestions on a Web App firewall? Mick, check out Fortinet's Fortiweb; http://www.fortinet.com/products/fortiweb/1000B.html They also have a separate product for Database security: http://www.fortinet.com/products/fortidb/ I think they would be considered enterprise-y On Feb 10, 2010, at 4:50 PM, Michael Douglas wrote:
It's been over three years since I've been hands on any firewalls that have web app capabilities... so I'm going to open this up to folks like you. Yes you. You seem very nice and trust-able. Do you have any suggestions on web application firewalls? Specifically, I'm looking for something appliance based and (sorry to use this term) enterprise-y (specifically, as in nice centralized management for multiple nodes, etc). What are some products I should review? If you provide a name, please let me know what you like about it. Are there ones I should avoid? Thanks for your help! - Mick PS: please don't mention host based software options like mod_security (for apache) or eEye's whatchamacallit for IIS. We have host based solutions already. We want/need inline network devices in this instance... I don't care what GDead (Bruce from Shmoo Group) said... I still think security-in-depth is a worthy goal. ;-) _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
Current thread:
- Suggestions on a Web App firewall? Michael Douglas (Feb 10)
- Suggestions on a Web App firewall? Raffi Jamgotchian (Feb 10)
- Suggestions on a Web App firewall? Tidball, Christopher (Feb 11)
- <Possible follow-ups>
- Suggestions on a Web App firewall? Butturini, Russell (Feb 10)
- Suggestions on a Web App firewall? Robert Wahl (Feb 12)
- Suggestions on a Web App firewall? Raffi Jamgotchian (Feb 10)