Web Application Firewalls (WAFs) are an excellent last line of defense. Based on what I see in my testing they’re great at blocking both automated scans and granular exploits like Cross-Site Scripting and SQL injection. I recommend WAFs to clients all the time. But…there’s more to the story.
When it comes to Web security why is it we always seem to focus on layer 7 only? Sure, it can be argued that XSS, SQL injection, flawed application logic and so on are the big deal items in any given Web system. But who said the underlying server and network components – the foundation […]