If you’re not familiar with web application attacks, we covered them
in detail in a previous column, available here. Also, the Open Web
Application Security Project (OWASP) has an abundance of Web
application security educational information available on its Web site,
including the top 10 most prevalent web application attacks.
Combating web application attacks with web application firewalls
(WAFs) can be effective. Web application firewalls are very good at
preventing attacks where network firewalls and intrusion
detection/prevention systems cease; this includes attacks such as XSS,
SQL Injection, and attacks that target flaws in application logic or
technical vulnerabilities in software.
Web application security also is gaining attention from regulators.
Most notably, an update to the Payment Card Industry Data Security
Standard, PCI DSS requires web applications be secured through code
reviews or WAFs.
Before you make the leap to a WAF, there are some things you should
understand and consider to make sure you select the one that is right
for your needs and organization"
Article: http://www.scmagazineus.com/Hot-or-not-Web-application-firewalls-for-security…
