Hacker News new | ask | show | jobs
by itsdrewmiller 2104 days ago
“Not invulnerable” is not the same as snake oil. WAFs are a useful piece of a defense in depth strategy.
1 comments
girst 2104 days ago
Or they can lull you into a false sense of security. (which is the reason chrom{e,ium} has removed their XSS auditor)
link
marcinzm 2104 days ago
>Or they can lull you into a false sense of security.

That applies to everything security related. "Don't review your source code for vulnerabilities, it may lull you into a false sense of security."

link
itsdrewmiller 2104 days ago
That doesn’t seem to be true - googling says they removed it because it became too bad at doing its job and they didn’t want to maintain it.

https://www.google.com/amp/s/www.zdnet.com/google-amp/articl...

link