For those interested we’ve released a whitepaper on how Vulnerability Assessment Plus and Web Application Firewall (VA+WAF) function independently and collectively. We spend a few pages describing the technical fundamentals of both which many should find educational – especially on the WAF side with industry material in painfully short supply. Very few people really understand the nitty gritty details of how WAF work and deployed in the real-world. I’ve learned a great deal in the last couple months talking with those who have. There is a little F5 ASM marketing in the paper so beware! 
Enjoy, snippets:
“WAFs at their core are designed to separate safe Web traffic from malicious traffic before it’s received by the website. And, if an attack does find a way to sneak past a WAF, it still has the ability to prevent sensitive information from leaving the trusted network. To get a better understanding of how the technology works, it’s helpful to view a WAF’s functionality as three discrete components - policies, policy generation, and policy enforcement. Depending on the particular WAF in use, they may go about implementing each component in a number of different ways. No one particular way has proven to be the right way, as each has its pros and cons.”
“Every effective vulnerability assessment program requires a cohesive combination of people, process, and technology. Qualified people are necessary to carry out day-to-day tasks, manage the technology, and interpret the results to make them meaningful to the business. Process is required for coordinated efforts between executive management, IT Security, and software development groups to share information, prioritize vulnerability fixes, and enable organizational improvements. The right technology is essential for consistency, efficiency, and comprehensiveness. Whether an organization chooses to perform vulnerability assessments with internal resources, a consultancy, or a Software-as-a-Services vendor, the overall vulnerability program must always account for people, process, and technology. If not, the effort will cost more in time and dollars than it should. Or worse, simply not work.”
Tags: North Carolina Morocco Rabat France Paris 70 Cuba Havana 2014 photo Poland Warsaw Afghanistan Kabul 2004 South Africa Pretoria Cape Town Bloemfontein Bhutan Thimphu review Cote d’Ivoire Yamoussoukro Abidjan Mauritania Nouakchott West Virginia Portugal Lisbon Oman Muscat Uganda Kampala 2005 Costa Rica San Jose Cleveland Colombia Bogota Oklahoma City Uruguay Montevideo 2000 Wisconsin Seychelles Victoria San Marino San Marino Switzerland Bern Korea North Pyongyang Madagascar Antananarivo Belarus Minsk Arkansas Slovenia Ljubljana Ireland Dublin Tonga Nuku’alofa Armenia Yerevan jpg Honolulu call Delaware Macedonia Skopje Boston Haiti Port-au-Prince Netherlands Amsterdam The Hague Trinidad and Tobago Port-of-Spain 2010 picture Seattle Austin mp3 Kazakhstan Astana Phoenix Australia Canberra Virginia Columbus Connecticut Vatican City Holy See Lebanon Beirut Georgia Turkey Ankara Azerbaijan Baku Palau Melekeok Alabama Ohio Sudan Khartoum Angola Luanda Bolivia La Paz Sucre tutorial Samoa Apia Illinois New York 500 California Croatia Zagreb Malawi Lilongwe Sacramento Somalia Mogadishu Nepal Kathmandu Cyprus Nicosia San Antonio pound Italy Rome Colorado forum Togo Lome El Paso 2016 Bangladesh Dhaka 2009 Miami Turkmenistan Ashgabat United Kingdom London 10 Chile Santiago Guinea-Bissau Bissau 80 Uzbekistan Tashkent 1500 Maine Maldives Male Chicago Oregon Papua New Guinea Port Moresby Japan Tokyo Sri Lanka Colombo Sri Jayewardenepura Kotte Kentucky Monaco Monaco Minneapolis Nashville-Davidson myspace The Bahamas Nassau Memphis Taiwan Taipei El Salvador San Salvador Hungary Budapest Slovakia Bratislava Massachusetts Tulsa East Timor Dili 2001 The Gambia Banjul galery 90 Omaha Iran Tehran Fresno Nevada Mississippi Estonia Tallinn Kuwait Kuwait City Ukraine Kyiv Korea South Seoul Maryland Nicaragua Managua Saint Kitts and Nevis Basseterre Sweden Stockholm Germany Berlin Vermont 3000 United States Washington D.C. San Jose Dominica Roseau Brazil Brasilia 2002 Jamaica Kingston gbp Florida Swaziland Mbabana Norway Oslo Nigeria Abuja 400 Malaysia Kuala Lumpur Iowa Benin Porto-Novo mpg Israel Jerusalem Texas 1000 Cameroon Yaounde Jordan Amman 2012 Cape Verde Praia Comoros Moroni Andorra Andorra la Vella Fort Worth 100 Belize Belmopan Tajikistan Dushanbe Missouri Las Vegas Qatar Doha Vanuatu Port-Vila Antigua and Barbuda Saint John’s 2003 download trial Tunisia Tunis Libya Tripoli Barbados Bridgetown Bahrain Manama Virginia Beach Zambia Lusaka usd Minnesota Sierra Leone Freetown Iraq Baghdad Mesa Belgium Brussels Fiji Suva Russia Moscow Arizona Algeria Algiers Marshall Islands Majuro Arlington Indiana Lesotho Maseru dollar Ethiopia Addis Ababa Indianapolis Washington Mexico Mexico City Denver Peru Lima Rwanda Kigali facebook Solomon Islands Honiara Oakland Lithuania Vilnius Honduras Tegucigalpa Burkina Faso Ouagadougou Spain Madrid Sao Tome and Principe Sao Tome Bulgaria Sofia 30 2013 Congo, Republic of the Brazzaville Romania Bucharest Saint Lucia Castries Philadelphia Chelyabinsk Mozambique Maputo 35 quote gallery Kyrgyzstan Bishkek Kansas Tanzania Dar es Salaam; Dodoma Wyoming Moldova Chisinau Djibouti Djibouti Tucson pic Philippines Manila Mongolia Ulaanbaatar Atlanta Jacksonville 2015 Nebraska Malta Valletta Panama Panama City 25 Montana Liechtenstein Vaduz New Zealand Wellington Albania Tirane Pakistan Islamabad North Dakota Detroit Grenada Saint George’s Dallas Cambodia Phnom Penh Tuvalu Vaiaku village, Funafuti province Tennessee Oklahoma avi Washington Burundi Bujumbura Vietnam Hanoi San Diego New Hampshire Federated States of Micronesia Palikir Baltimore Denmark Copenhagen Congo, Democratic Republic of the Kinshasa Indonesia Jakarta Ecuador Quito 5 youtube South Dakota Chad N’Djamena New York 350 Saudi Arabia Riyadh Mali Bamako Milwaukee St Petersburg Suriname Paramaribo San Francisco New Jersey Eritrea Asmara Bosnia and Herzegovina Sarajevo number Latvia Riga Myanmar Burma Rangoon Nay Pyi Taw Guyana Georgetown 5000 Portland mpeg Louisville-Jefferson County Mauritius Port Louis Dominican Republic Santo Domingo Paraguay Asuncion Colorado Springs Namibia Windhoek Yemen Sanaa Canada Ottawa Senegal Dakar Houston Niger Niamey Rhode Island Kenya Nairobi Syria Damascus Egypt Cairo South Carolina 15 60 Kiribati Tarawa Atoll 150 Botswana Gaborone Kansas City Luxembourg Luxembourg Czech Republic Prague Long Beach Liberia Monrovia Central African Republic Bangui China Beijing United Arab Emirates Abu Dhabi Alaska Michigan Albuquerque Austria Vienna India New Delhi Venezuela Caracas Greece Athens Iceland Reykjavik Argentina Buenos Aires Equatorial Guinea Malabo Gabon Libreville Hawaii Brunei Bandar Seri Begawan Laos Vientiane Zimbabwe Harare Idaho Thailand Bangkok Finland Helsinki Serbia Belgrade Louisiana Utah free Saint Vincent and the Grenadines Kingstown 40 50 250 Ghana Accra 2006 Charlotte Los Angeles New Mexico Montenegro Podgorica Guatemala Guatemala City 2011 Nauru Yaren District 20 Guinea Conakry 200 300 preview 2008 Singapore Singapore 10000 international database 2007 Georgia Tbilisi Pennsylvania New Orleans
This entry was posted
on Sunday, July 6th, 2008 at 11:50 and is filed under Web Security.
You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.
Leave a Reply