|Main Archive Page > Month Archives > websecurity archives|
> Insinuating that deploying a WAF (even if set
> in default mode and not closely managed) will
> make security worse is ludacris.
Pffft; who was insinuating? I think you'll find I was quite explicit in saying that adding a WAF wouldn't improve the situation and why. Good security isn't about bolting products on, it is about solid process and QA. Your suggestion for an alternative to scanning, a WAF, simply isn't a good one. It neither identifies the vulnerabilities in the environment, nor is it any good for fixing the underlying problem (the flawed processes).
Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]