First Layer of Defense or Lipstick on Your Pig?
Web Application Firewalls can be a valuable tool in helping to mitigate risk and are an important part in a defense-in-depth security strategy for organizations with web-based applications. For existing legacy web sites that must remain supported and secure even though they are quite old, or where the company has limited or no access to make modifications to the application code, a WAF may be the only means a company has to protect the application against new web based threats.
However, if relied on too heavily or implemented and managed improperly, they can hinder other important elements of a strong web site vulnerability management program. In this paper we will discuss areas of concern regarding WAF over-reliance and issues with implementation, both of which can have a negative impact on your overall vulnerability management program and your ability to properly understand the risks within your web application portfolio.