|
WebApp Sec
mailing list archives
Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
From: "Henry Troup" <htroup () acm org>
Date: Sun, 13 Jan 2008 22:03:22 -0500
For a while, I had the unpleasant experience of having a customer-support
forum behind a WAF set for certain kinds of blocking. The result was that
single quotes - such as "I can't make this work" - got postings rejected.
Now obviously, that's the kind of thing you want to configure out. But
until you do, it's absolutely painful and embarassing.
Henry Troup
htroup () acm org
----- Original Message -----
From: "Ivan Ristic" <ivan.ristic () gmail com>
To: "B Snake" <bsnak3 () gmail com>
Cc: <websecurity () webappsec org>; <webappsec () securityfocus com>
Sent: Sunday, January 13, 2008 4:54 AM
Subject: Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of
Money?
On Jan 12, 2008 3:55 PM, B Snake <bsnak3 () gmail com> wrote:
It seems like 90+% of companies that implement WAFs deploy them in
listening-only mode and don't do any blocking for fear of false positives
cutting off legitimate user activity.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
