3 reasons you need a WAF even if your code is (you think) secure

Everyone is buzzing and tweeting about the SANS Institute CWE/SANS Top 25 Most Dangerous Programming Errors, many heralding its release as the dawning of a new age in secure software. Indeed, it's al...
Published Jan 14, 2009
Version 1.0
application firewall
application security
applications
exploits
firewall
internet
sans
security
us
vuln
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Jan 14, 2009
@Wes

 

 

Great point and question, I should have made that clearer. It's faster to update a WAF - or use something like network-side scripting (iRules) when available in the WAF - than it is to patch the applications.