Why Web Application Firewalls Are Not Enough

Many organizations have installed Web application firewalls (WAFs) as part of their defensive line-up for protecting applications. Even though potentially up to 80% of organizations may use WAFs, recent attacks show they don’t guarantee protection. And, gaining protective features from them hits the pocketbook by requiring a highly skilled staff and constant diligence. Still, with web applications, vulnerabilities, patches and targeted attacks getting more complex by the day, slacking on security is not an option.

This paper discusses these challenges along with effective defensive strategies to reduce risks and increase WAF security.