[ Andre and Marcin ]: For today’s post, we have a guest blogger, Rohit Sethi. We asked Rohit to do this guest post because we feel that his research, along with co-worker, Nish Bhalla, has been influential at solving some unique application security problems. We met Rohit and Nish at Shmoocon 2008 as […]

This post comes via WAF thoughts from Christian Matthies’s blog circa one year ago.  Christian starts out with a bang:
[…] it seemed to me that quite a lot of people aren’t aware of how effective such solutions in fact are.  Basically I agree that different layers of protection [are] always a good idea to get […]

Web application experts have been asking WAF vendors the same questions for years with no resolution. It’s not about religion for many security professionals — it’s about having a product that works as advertised.
My frustration is not unique. I am not the first person to clamor on about web application firewalls. Jeff […]

Hello, and welcome to the Week of War on WAF’s, the same week that ends whereby PCI-DSS Requirement 6.6 goes into effect as a deadline for many merchants. Today is the first day. So far, Marcin has identified some of the problems with web application firewalls. We were able to identify what […]

We’ve been beating the drum for some time now, expressing our opinions of web application firewalls (WAFs). You might have sided with us on this issue, are against us, or are just tired from it all by now. This post is about to change all that, and show that we are not 100% […]