Recently I wrote about the issues I have with web application firewalls. However today I’d like to give a short shout-out to the ModSecurity Blog and its newest article “Is Your Website Secure?“.
I like the message of the article so much, that I’ll just cite the according section:
[...] one of the following: web vulnerability scanning, penetration testing, deploying a web application firewall and log analysis does not adequately ensure “security.” While each of these tasks excel in some areas and aid in the overall security of a website, they are each also ineffective in other areas. It is the overall coordination of these efforts that will provide organizations with, as Richard would say, a truly “defensible web application.”
I do think that some of the activities mentioned above are more effective (and therefore important) than others, but generally, I couldn’t agree more. Very well put Ryan Barnett, thanks!
Picture of scary spider in its web by Vanessa Pike-Russell
Tags: Information Security, Log Analysis, ModSecurity, Penetation Testing, Security, WAF, Web Application, Web Application Firewall, Web Applications
