[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?

From: "Andre Gironda" <andreg@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
Date: Sat, 12 Jan 2008 15:32:17 -0700

Deploying WAFs at all - Waste of Money?

Answer: Not if you just made a check-mark on a PCI-DSS audit

On 1/12/08, B Snake <bsnak3@xxxxxxxxx> wrote:
> It seems like 90+% of companies that implement WAFs deploy them in
> listening-only mode and don't do any blocking for fear of false positives
> cutting off legitimate user activity.
>
> I'm new to WAFs and this may be a stupid question, but what security value
> does a WAF add if it's not doing any blocking of malicious activity?
>
> -BSnake
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
  - From: Ofer Shezaf
- Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
  - From: Ryan Barnett

References:
- [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
  - From: B Snake

Prev by Date: Re: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
Next by Date: [WEB SECURITY] disable an ip address to connect to a web site
Previous by thread: RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
Next by thread: RE: [WEB SECURITY] Deploying WAFs In Listening-Only Mode - Waste of Money?
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site