|
|
|
|
|
|
by icecap12
1557 days ago
|
|
|
Every time someone posts about a WAF bypass on HN, someone like you comes along and talks about how WAFs are nothing but security theatre. Simply not true. Are they perfect? Absolutely not. I'll simply repost one of my previous comments on this topic: You deploy a WAF as part of a defense in depth strategy, with one of the best use-cases being situations where you have legacy web systems that nobody is maintaining. Additionally, you can get TLS upscaling, easy HTTP rewrite capabilities, DDoS protection, and other granular controls with some SaaS offerings. So while it's true that a WAF won't stop a determined attacker, there are certainly benefits to operating them, particularly in large enterprise environments.
|
|
|