Secure LabsInformation Assurance

Application Firewalls

Web Application Firewalls have given the Enterprise a strong security control out of the hands of the web developer or business unit that has rushed their new web application to market and plugged it into the Internet. Make money first, pay breach fines later appears to be the motto. Some of the features of the WAF include

  • Performance Tune Your Application
  • Detect Changes
  • Ability to Find Vulnerabilities
Protecting Web Based Applications
Data Stewards Job is to Protect Data

We see many hodge podge architectures at most businesses which allows the compromised web server access into the enterprise

Breached web application has caused a number of highly publized security incidents costing millions. Using cheap low skilled off shore labor with tight development schedules and poor security practices are a guarantee it will happen to you. Web Application Firewalls give visibility into how poorly the application is designed and allows intermediary controls to be wrapped around the publicly facing application. In almost every deployment we find the businesses that have purchased a WAF has done so to place a checkbox on an audit spreadsheet. The WAF is running in a zombie state, its powered on but "no one is home", meaning it see's all events but is not tuned to the application or configured to respond. You passed the audit but might have some explaining to do when you are breached, don't worry I am sure the employee's will testify that they were highly trained and the company "was" going to get a resource to configure the WAF