For a while, I had the unpleasant experience of having a customer-support
forum behind a WAF set for certain kinds of blocking. The result was that
single quotes - such as "I can't make this work" - got postings rejected.
Now obviously, that's the kind of thing you want to configure out. But
until you do, it's absolutely painful and embarassing.
Henry Troup
htroup_at_acm.org
----- Original Message -----
From: "Ivan Ristic" <ivan.ristic_at_gmail.com>
To: "B Snake" <bsnak3_at_gmail.com>
Cc: <websecurity_at_webappsec.org>; <webappsec_at_securityfocus.com>
Sent: Sunday, January 13, 2008 4:54 AM
Subject: Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of
Money?
> On Jan 12, 2008 3:55 PM, B Snake <bsnak3_at_gmail.com> wrote:
>> It seems like 90+% of companies that implement WAFs deploy them in
>> listening-only mode and don't do any blocking for fear of false positives
>> cutting off legitimate user activity.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jan 14 2008
Intro
