[barryrandall]

A lot of companies with SQL injection vulnerabilities remediated them by buying security appliances advertised to stop SQL injection attacks. That works for a while until time and turnover result in someone optimizing the appliance out of the stack. Then the cycle repeats.

[jiggawatts]

Those things are digital snake oil. If you turn on the web application firewall (WAF) features your app breaks. If you “tune” it to fix that, you let the attackers back through.

You can’t use a dumb appliance to fix developer stupidity.

[barryrandall]

That doesn’t stop businesses from falling for the sales pitch.

[bigiain]

Or auditors from ticking that box.