Custom web applications represent a weak link that attackers are going after. Because they are custom, they are only as secure as our own organizations’ ability to code them securely, and the vulnerabilities are fairly unique even if the exploits are not. Attacks like SQL injection and cross-site scripting mean custom web application exploits. The safeguards boil down to removing vulnerabilities or shielding them.
In cooperation with my colleagues Neil McDonald and John Pescatore, we have developed a brief decision framework for deciding on when code-scanning is appropriate (removing), when you should get a web application firewall (web application firewalling), or when you should get both (spend spend secure secure).
The web application firewall market is still on the early side of the hype cycle, so rather than a Magic Quadrant (which is reserved for larger or more established markets) , I produced a research note covering both the capabilities and features of the market, and a description of the offerings from each vendor. As the market grows and matures we’ll move ahead into a Market Scope or Magic Quadrant, but until then I’ll continue to track this market closely and provide research via similar market notes.
Category: Uncategorized Tags: