ModSecurity Breach

ModSecurity Blog

« ModSecurity Issue Tracker Now Available | Main | ModProfiler: Leading ModSecurity Towards Positive Security »

Best Practices: Use of Web Application Firewalls

Back in May, at AppSec OWASP in Ghent, I listened to Alexander Meisel (who was presenting on behalf of OWASP Germany) talk about best practices for web application firewall deployment. The interesting talk was backed by a larger document, which was only available in German at the time (I don't read German). The translated version is now available, and I am happy to say that it is as interesting as I thought it would be.

As you may be aware, I am leading the Web Application Firewall Evaluation Criteria (WAFEC) project, where we outline the questions that need to be asked when evaluating WAFs. WAFEC is quite technical, and I've always felt that we've skipped one step, addressing the technical questions too soon. Best Practices: Use of Web Application Firewalls addresses some of those things that people ask before they go to the evaluation stage. Here are some of topics covered by this document:

  1. Roles that need to be established internally in order to support WAF deployment.
  2. Suitability of applications for protection via web application firewalls
  3. A mapping of WAF features against common security issues (what WAFs can and cannot do).

Overall, it's a very refreshing read and a step in the right direction.



TrackBack URL for this entry:

Listed below are links to weblogs that reference Best Practices: Use of Web Application Firewalls:

I did not like Alexander's talk, which feeling like an English translation of a German book's table of contents.

Glad they translated the book. It's a good read.


The comments to this entry are closed.


November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30


Atom Feed



Recent Entries