Ivan Ristic has the cover story in this issue of (In)Secure magazine, the article details Web Applications and how they are used. Ivan describes four main ways WAFs are used:
- Audit device
- Access Control device
- Architectural/Network design tool
- Web Application hardening tool
WAFs provide a chokepoint for security controls. BuildSecurityIn has a paper on WAFs as well. The BSI paper illustrates some of the tradeoffs in using a WAF.
Comments