March 22, 2009
So far so little but a lot of hype! Some plug them big time, but lets be real, do they cut it to a level worth the hype?
Realities are they don’t work at present to a level that warrants the hype.
Accepting small benefits versus the additional risks they introduce is a concern. If your WAF is an “appliance”…..potentially good night! 0day already…..didn’t your vendor/consultant warn you about these? Am I being paranoid about this?
It’s another AV? No, not that good yet. If anyone tells you otherwise, let me know. 
Hey Drazen,
Today we just did a post about “that”. Take a look
http://community.nstalker.com/what-should-we-do-when-web-protection-mechanisms-fail
Regards!
Rodrigo Montoro(Sp0oKeR)
Hey Sp0oKer, thanks for the link. Good post! It’s something (not just with WAFs) that we’ve been talking about for a while. Who’s testing the security of security products?
Thats totally true. In january we found a DoS at Barracuda products as Content Filtering, AntiSpam … maybe WAF (didnt tested on it =D ) . We didnt release it yet cause they are fixing…but thats a big problem… Who test them? =) But that’s the fun with security .
Best regards!