New open source web application layer firewall 'ESAPI WAF' released
"The open-source ESAPI WAF is a departure from commercial, network-based
firewalls, as well as ModSecurity's free WAF, says Arshan Dabirsiaghi,
developer of the ESAPI WAF and director of research for Aspect
Security. Dabirsiaghi will roll out the WAF at the OWASP Conference in Washington, D.C., in November.
"WAFs today are deployed as appliances meant to protect a suite of
applications. They're kind of part of your network and not part of your
application," Dabirsiaghi says. "This is really an application-layer
WAF rather than a network or appliance-layer WAF...it lives inside your
application so you have a lot more control as an application owner
[who's] enforcing rules."
The ESAPI WAF isn't the first open-source (or free) WAF: ModSecurity,
which is also a software-based WAF, was one of the first freebies. The
ModSecurity WAF, which is an Apache module, runs outside the
application on the server." - Darkreading
Read more: http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=220100630&cid=RSSfeed
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment