Saturday, June 28, 2008

Everything you ever wanted to know about WAF (and more)

Is available over on the TS/SCI security blog.

**As always on the TS/SCI blog, the comments is where the "real hotness" is and you should make sure you read them with each post.

Also check out this thread on Jeremiah Grossman's blog:

While I don't always agree with Dre, I have to admit that before I would drop $110k + yearly maintenance, I might have to crunch the numbers to see how much it would cost me for a real thorough web application code rewrite/review/& pentest before you get stuck with yet another appliance in the rack that you have to pay money for every year and I have to pay someone to run.

I'm not a SDLC guy but are we really to the point that we CANT write a secure web application for any amount of money? I would hope that isnt the case.

Read the posts. Dre and Marcin put it better than I ever will.

No comments: