Hot or not - Web application firewalls for security and regulatory compliance

Web applications continue to be a prime vector of attack for criminals, and the trend shows no sign of abating; attackers increasingly shun network attacks for cross-site scripting, SQL injection, and many other infiltration techniques aimed at the application layer.

If you're not familiar with web application attacks, we covered them in detail in a previous column, available here. Also, the Open Web Application Security Project (OWASP) has an abundance of Web application security educational information available on its Web site, including the top 10 most prevalent web application attacks.

Combating web application attacks with web application firewalls (WAFs) can be effective. Web application firewalls are very good at preventing attacks where network firewalls and intrusion detection/prevention systems cease; this includes attacks such as XSS, SQL Injection, and attacks that target flaws in application logic or technical vulnerabilities in software.