"A traditional firewall is commonly employed to restrict Web site
access to Ports 80 and 443, used for HTTP and Secure Sockets Layer
communications, respectively. However, such a device does very little
to deter attacks that come over these connections. URL query string
manipulations including SQL injection, modification of cookie values,
tampering of form field data, malformed requests and a variety of other
nasty tricks are often given free passage on allowed, legitimate
traffic.
A Web application firewall, such as those reviewed in this
issue (see review) might help address security holes in Web servers and
Web applications, but there is certainly a great deal that network
security professional could and should do before and after employing
such measures.
So sharpen your pencils: It's time for Web Application Security 101."
Article Link: http://www.networkworld.com/techinsider/2004/0517techinsidertips.html
