Virtual Infrastructure Security Facts

The number of virtual servers will rise to more than 1.7 million physical servers by 2010, resulting in 7.9 million logical servers.  Virtualized servers will represent 14.6% of all physical servers in 2010 compared to just 4.5% in 2005 (IDC)
60% of production virtual machines will be less secure than their physical counterparts [...]

There is no doubt in my mind that some very strong experts out there have put WAF or WAF-like technology to good use.  However, WAF is dead and dying regardless.
I think that very large-installation, Internet-facing web applications require Anti-DDoS technology in the form of an appliance, preferably one that does rate-based behavior detection.  I often [...]

Did we learn anything about web application firewall technology this week?
I hope so. However, my gut tells me there is an overriding feeling of ambiguity around this technology. People want WAFs, but they don’t know why. Organizations everywhere think this is the best or only short-term answer to the web application security [...]

[ Andre and Marcin ]: For today’s post, we have a guest blogger, Rohit Sethi. We asked Rohit to do this guest post because we feel that his research, along with co-worker, Nish Bhalla, has been influential at solving some unique application security problems. We met Rohit and Nish at Shmoocon 2008 as [...]

This post comes via WAF thoughts from Christian Matthies’s blog circa one year ago.  Christian starts out with a bang:
[...] it seemed to me that quite a lot of people aren’t aware of how effective such solutions in fact are.  Basically I agree that different layers of protection [are] always a good idea to get [...]