Aug 14 2012

Network Security Podcast, Episode 285

Published by at 3:52 pm under Podcast

This week we’re joined by Adrian Lane (Rich’s coworker, but it was Martin’s idea) to give us some more insight on his latest WAF research. The WAF situation is actually a lot more nuanced than the “sucks/wins” arguments we usually hear. And, as usual, we also discuss the latest security news (without Zach, who has a “job” that takes his “time” or something like that).

Network Security Podcast, Episode 285, August 14, 2012

Time: 41:16

Show notes:

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to “Network Security Podcast, Episode 285”

  1. Nickon 23 Aug 2012 at 11:48 am

    WAF’s remind me of the “deep packet inspection” nonsense from yesteryear. Installing a WAF is not an excuse to ignore the gapping holes in your WebApp security (no matter what PCI-DSS says) but installing a WAF is also a good idea… It’s much like AntiVirus today, nobody really relies on it solely to protect users but everybody agrees it’s a necessary evil.

    I like to think of Firewalls, AntiVirus, WebApp Firewall’s, and similar protections as band-aids. Band-aids may help prevent infection but they aren’t working to solve the underlying problem. If your WebApp is insecure your WebApp is insecure. No amount of band-aids, duck-tape, super-glue, or magic bullets will solve that.


%d bloggers like this: