OnSecurity podcast: taking issue with PCI DSS Web Application Firewall Requirements

By
Jason Axley
on August 22, 2007 11:00 PM digg this!| | Comments (0) | TrackBacks (0)

I already have noted that equating a web app firewall to a security source-code-reviewed and threat-modeled application is ridiculous.  Dinis Cruz will remind you that the most devastating web application flaws are business logic flaws that none of these devices will find.  Even web application scanners are ineffective for most things beyond low hanging fruit.

Holes in the Firewall?


Holes in the Firewall?
Are there shortcomings in the application layer firewall requirements
set by the PCI Security Standards Council? Paul Henry, vice president
of technology and evangelism at Secure Computing Corp., thinks so, and
explains to Lisa Vaas in the OnSecurity podcast.

0 TrackBacks

Listed below are links to blogs that reference this entry: OnSecurity podcast: taking issue with PCI DSS Web Application Firewall Requirements.

TrackBack URL for this entry: http://juxtaposition.axley.net/blog-bin/mt-tb.cgi/701

Leave a comment

March 2011

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

«« December 2010

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Archives

Contact: Jason Axley

Search Amazon:

Amazon Logo

Search


Categories

Tag Cloud

Recent Posts

Powered by Movable Type 4.1
Subscribe to this blog's feed
[What is this?]