|
|
|
|
|
|
by beh9540
2092 days ago
|
|
|
I agree with you, in most cases, but unfortunately in some regulated industries, more and more auditors are putting WAFs as a requirement for secure architectures. No amount of explaining why it doesn't make sense changes anything, as the auditors rarely understand why they're asking for WAFs - they just need to check the box. There are occasions though where WAFs can be somewhat useful, like where you need to secure a vendors webapp that you can't patch without them releasing a fix or trust, but for legacy or business reasons are required to run. So some of us are forced to buy and implement these products regardless of effectiveness, and it is helpful to see how vendors respond I think. |
|
|