PaulDotCom mailing list archives

Suggestions on a Web App firewall?

From: netlacky at gmail.com (Robert Wahl)
Date: Fri, 12 Feb 2010 09:06:47 -0700

Some random thoughts on the WAF suggestions.

Breach's Web Defend is very cool, you can also load XML Schema for web
services which is nice.  If you are looking for in line deployment be aware
that the product does not have reverse proxy functionality so something else
you may need to throw up depending on what you are doing.  Imperva is
another popular product out there, my understanding is that it can do
reverse proxing as well, but doesn't do XML Schema and some other
functionality.  I haven't personally used that product so I can't comment
much.  Both have some additional regex type functionality to look at
information leakage if you have specific content you want to look for.

Then there is always modsecurity which is open source and has some tie's to
the Breach folks.  Akamai is introducing it into their stuff.

Anyone played with the OWASP ESAPI stuff?

Message: 1
Date: Thu, 11 Feb 2010 07:59:03 -0600
From: "Tidball, Christopher" <Christopher.Tidball at qwest.com>
Subject: Re: [Pauldotcom] Suggestions on a Web App firewall?
To: "'PaulDotCom Security Weekly Mailing List'"
       <pauldotcom at pdc-mail.pauldotcom.com>
Message-ID:
       <
885D3344E1410B46BA40174A3FDB18873C7884F4A6 at qtomaexmbm25.AD.QINTRA.COM>

Content-Type: text/plain; charset="us-ascii"

Check out Breach's Web Defend WAF (
http://www.breach.com/products/webdefend.html). This is an enterprise
solution with appliances that can scale depending on traffic volume. It has
a very nice management interface and can be deployed in-line or out-of-line.
It does not require other hardware to be in place like f5. You may also want
to check out Apache mod_security. Not appliance based, but has some good
capabilities.
Chris

-----Original Message-----
From: pauldotcom-bounces at pdc-mail.pauldotcom.com [mailto:
pauldotcom-bounces at pdc-mail.pauldotcom.com] On Behalf Of Raffi Jamgotchian
Sent: Wednesday, February 10, 2010 6:21 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Suggestions on a Web App firewall?

Mick,

check out Fortinet's Fortiweb;
http://www.fortinet.com/products/fortiweb/1000B.html

They also have a separate product for Database security:
http://www.fortinet.com/products/fortidb/

I think they would be considered enterprise-y

On Feb 10, 2010, at 4:50 PM, Michael Douglas wrote:

It's been over three years since I've been hands on any firewalls that
have web app capabilities... so I'm going to open this up to folks
like you.  Yes you.  You seem very nice and trust-able.

Do you have any suggestions on web application firewalls?
Specifically, I'm looking for something appliance based and (sorry to
use this term) enterprise-y (specifically, as in nice centralized
management for multiple nodes, etc).

What are some products I should review?  If you provide a name, please
let me know what you like about it.  Are there ones I should avoid?



Thanks for your help!
- Mick

PS: please don't mention host based software options like mod_security
(for apache) or eEye's whatchamacallit for IIS.  We have host based
solutions already.  We want/need inline network devices in this
instance...  I don't care what GDead (Bruce from Shmoo Group) said...
I still think security-in-depth is a worthy goal.   ;-)
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.


-

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100212/1621c68b/attachment.htm

Current thread:

Suggestions on a Web App firewall? Michael Douglas (Feb 10)
- Suggestions on a Web App firewall? Raffi Jamgotchian (Feb 10)
  - Suggestions on a Web App firewall? Tidball, Christopher (Feb 11)
- <Possible follow-ups>
- Suggestions on a Web App firewall? Butturini, Russell (Feb 10)
- Suggestions on a Web App firewall? Robert Wahl (Feb 12)