I have just finished a talk on Web Application Firewalls at this years WJAX conference in Munich.
Here's an abstract of the contents of the speech:
A number of open source and commercial Web Application Firewalls (WAF) promise "all around" protection, freeing developers from the burden of dealing with security, while increasing the overall security level. This session presents the results of a study, clarifies where it makes sense to deploy a WAF and how to use it. Further topics are performance evaluations, details about rulesets, automatic learning features as well as maintenance and what level of interaction with developers is required.
The audience was particularly interested in the practical aspects of the study and comparison between different product vendors and on how the tests were executed.
The study covers the following products:
- BigIP by F5 Networks
- NetScaler by Citrix
- mod_security (open source)
- hyperguard by art of defence
- rWeb by deny all
OPTIMAbit will make the extended results of the study available to its customers by the end of the year.
For further information please contact me directly or refer to Bruce Sams of optima.
Thanks again to all vendors for supporting the study by supplying test machines and/or licenses.
Leave a comment