Enhancing Application Security With a Web Application Firewall


UC Irvine has done extensive research in comparing the many different options short of physically testing each appliance. After meeting with each vendor, UC Irvine asked them to send a completed version of the Web Application Firewall Evaluation Criteria from the Web Application Security Consortium (WASC). UC Irvine combined these into a single document that allowed for side-by-side comparison of each feature and created a list of core requirements: "positive" security model that profiles application behavior and rejects anomalies, centralized device that won't introduce a bottleneck in performance, strong attack signatures with updates and the ability to write custom rules, detection only and block modes of operation, and data leakage protection.

Download Resources