Re: Fwd: web application firewall solution [NC]

[Reda-Karim FAKHIR <reda-karim.fakhir () sgcib com>]

You can also use snort with snorrtsam.




kevin fielder <kevin.fielder () gmail com> 
Sent by: listbounce () securityfocus com
18/05/09 03:17 PM


To
netw0rm () netw0rm net, security-basics () securityfocus com
cc

Subject
Fwd: web application firewall solution






Hi

Depending on the platform you are using you may be able to leverage an
open source web application firewall such as ModSecurity:

http://www.modsecurity.org/

While likely need a fair amount of config and tuning work (although
you'll find all the solutions need a variable amount of tuning) this
would likely be a lower cost option overall.

Cheers

Kevin



-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of netw0rm xxx
Sent: 08 May 2009 10:45
To: security-basics () securityfocus com
Subject: web application firewall solution

Hi all!

I'm looking for solution to protect web-portal.
Now I'm reading about Сisco ACE WAF. Checkpoint Smart Defence also
have some checks for providing web applications security. What another
solutions is the security market?

Thanks in advance

Pavel Gubanov

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
Instructor-Led and Online formats is the most concentrated exam prep
available. Comprehensive course materials and an expert instructor
means you pass the exam. Gain a laser like insight into what is
covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both 
Instructor-Led and Online formats is the most concentrated exam prep 
available. Comprehensive course materials and an expert instructor means 
you pass the exam. Gain a laser like insight into what is covered on the 
exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------



*************************************************************************
This message and any attachments (the "message") are confidential, intended solely for the addressee(s), and may 
contain legally privileged information.
Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration.   
Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed 
or
falsified.
                              ************
Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et susceptibles de contenir des 
informations couvertes 
par le secret professionnel. 
Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est 
interdite.
Tout message electronique est susceptible d'alteration. 
La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou 
falsifie.
*************************************************************************