Has anyone run into this?
Cheers - Bob
This thread was automatically locked due to age.
Has anyone run into this?
Cheers - Bob
In my experience, I have come across a lot of WAFs. Some of them are very strong, others are very weak. Yes, sometimes they do manage to successfully prevent XSS or SQL injection, but I have never evaluated a WebApp where a WAF managed to successfully mitigate all the vulnerabilities I discovered, let alone the majority of the OWASP top 10.
A WAF should be viewed as an additional security measure rather than a comprehensive response to security threats.
In my experience, I have come across a lot of WAFs. Some of them are very strong, others are very weak. Yes, sometimes they do manage to successfully prevent XSS or SQL injection, but I have never evaluated a WebApp where a WAF managed to successfully mitigate all the vulnerabilities I discovered, let alone the majority of the OWASP top 10.
A WAF should be viewed as an additional security measure rather than a comprehensive response to security threats.