The ESAPI Web Application Firewall
This presentation was by Arshan Dabirsiaghi and was about the OWASP ESAPI Web Application Firewall (WAF) project. My notes are below: WAF Fallacies (at least in regards to OWASP ESAPI WAF) WAFs add attack surface WAFs can create culture problems WAFs can’t fix business logic vulnerabilities WAFs are way too expensive WAFs complicate networks Why […]