The Inevitable Web Application Firewalls.

Publicated on : 1178180274
I don't like predictions, nor looking into the future too much. But this might be first time I jumped upon the first boat that leaves town. Web application firewalls are still somehow not really implemented nor accepted among many. Mainly because a lot of people can break them. While this requires a highly expertise and good skills, the practical use of it is still something that can do a lot for us. I've been a fan for Web application firewalls since a few months. I see a lot of people around me who also are converts when I explain to them what the benefit can be. For those who don't know what Web application firewalls are:

Definition by webappsec.org:
Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.

Today I also read the article by RSnake on darkreading where he describes auditing a companies security where he certainly was confronted with so much possible entry points, where he came to some conclusion that fixing them is going to take ages.

Now, I always felt that fixing holes is a short term solution. In the sense that there always will be holes. No matter your security rigorousness, or patch schedule. There will always be holes. Sometimes new holes arise when you patch a few. So, it's important to notice that you are going to loose the arms race of patching and attacking. hence, most holes you can't patch they depend on your vendor to fix for instance. So detection is crucial in a security process but prevention is also.