|
|
|
|
|
|
by RajT88
104 days ago
|
|
|
Yes. Pentesting of an application on every release is what everyone should be doing, finding and fixing the vulnerabilities immediately. Not everyone can do that because of business realities. Legacy software, vendor software, no budget, no dev bandwidth, etc., etc. All security is a compromise based on realities - implementing a WAF is one. Tuning a WAF is a further exercise in security compromises. They have value, but aren't a panacea. A good security model should have many layers, and this is one of the layers you can choose which addresses a wide variety of attacks your application may (or may not) be vulnerable to, and which you may (or may not) have the budget or bandwidth to actually fix. |
|
|