Web application monitoring, web application scanning products, and web application firewalls

["Youngquist, Jason R." <jryoungquist () CCIS EDU>]

As many of you know, web application attacks such as SQL injection have
been on the rise over the past few years, and more recently, automated
SQL attacks infecting numerous websites have been making the news.  For
example, headlines from isc.sans.org "SQL Injection Worm on the Loose",
"2117966.net-- mass ASP/SQL injection", "Hundreds of thousands of SQL
injections" etc.


So I have a few questions:
--Is there a program (commercial or free) that will monitor IIS web
server logs in real-time for web-vulnerability attacks (and hopefully be
smart enough to determine if the attack was successful or not) and then
send an alert via email/SMS/pager?
--web application vulnerability software vs. a web application firewall
- I've looked at web application vulnerability software and agree that
the best thing to do is to be able to fix vulnerable code, but there may
be 3rd party web-based applications which are vulnerable and one would
have to get the company to patch/fix the issue(s) which may/may not
happen.  I've heard of web application firewall technology where an
appliance sits in front of your web server and monitors for web-based
attacks and then drops/blocks the attacker's connection.
        --Does anyone have any experience with web application firewall
technology, and if so, how well does it work?  Any recommendations on
products?
        --If you had money to spend and could get either a web
vulnerability scanner or a web application firewall, which one would you
purchase and why?  I      see pros/cons with both.


Thanks.
Jason Youngquist
Network Engineer - Security
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu