Educause Security Discussion mailing list archives
Re: Application Security
From: Adam Carlson <ajcarlson () BERKELEY EDU>
Date: Fri, 13 Nov 2009 12:19:44 -0800
Stephen, This might be interesting to you in your evaluations: http://projects.webappsec.org/Web-Application-Firewall-Evaluation-Criteria Also you might want to look at the vendors who participated near that bottom of that page if you wanted to broaden your search. As for software based application layer firewalls, you might check out: ModSecurity : [http://www.modsecurity.org] IIS UrlScan : [http://www.microsoft.com/downloads/details.aspx?FamilyId=EE41818F-3363-4E24-9940-321603531989&displaylang=en] WebKnight : [http://www.aqtronix.com/?PageID=99] from: http://isc.sans.org/diary.html?storyid=5674 We are not currently using a WAF but will hopefully start evaluating some of these products soon to determine if they are worthwhile in our environment. Hope this helps, -Adam Stephen G. Lotho wrote:
Hi, We are currently in the market for Application firewall. I wanted to check here if anyone has any recommendation. We are looking for an appliance and software solution. Vendors I'm looking at are Top Layer, Fortinet, Breach and Barracuda. I don't know any software application firewall - could you suggest one? Thank you, Stephen G. Lotho Director, Network Services Roosevelt University 430 South Michigan Avenue Chicago, Illinois 60605 Tel: 312.341.6996 email: Stephen.Lotho () Roosevelt edu
-- Adam Carlson Chief Security Officer Information Technology Residential and Student Service Programs Tel: 510-643-0631 Email: ajcarlson () berkeley edu "Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis
Current thread:
- Application Security Stephen G. Lotho (Nov 13)
- <Possible follow-ups>
- Re: Application Security Adam Carlson (Nov 13)
- Re: Application Security Neil Matatall (Nov 13)
- Re: Application Security Neil Matatall (Nov 14)