Web application firewalls create breathing room
A new security concept, the [b]web application firewall (WAF)[/b] is emerging that promises to give organizations time to address flaws in their web application, saving them the time and money associated with a rush to repair a vulnerability. A WAF examines OSI Layer 7 traffic between a web application server and client to ensure message conform to a security policy. The Web Application Security Consortium (WASC) has released its Web Application Firewall Evaluation Criteria (WAFEC) to help organizations decide what web application firewall is right for them. WAFs fit into a layered approach to security, as they do not sit on the network perimeter like traditional firewalls. The Yankee Group calls the WAF market mature but small, and expects it to be subsumed by application assurance platforms combining WAFs, database security, XML security gateways, and application traffic management.
TechTarget