Jeremiah from Whitehat Security, gave a presentation that was filmed by Infosec events. I'm an avid reader of Jeremiah's blog and watching this video was fun. The presentation presented a solution to reduce vulnerability exposure time by virtual patching with F5 Big-IP equipment.
Jeremiah also explains some of the tactics behind the mass SQL injection attacks we have seen. Another argument is that it takes a certain time (up to several years) for code to fade out. Even if your adopt a secure SDLC, it takes time to be more security. So WAFs can help you buy some time but are not an end solution. Install it and forget it is not an option. Improve your processes.
But let's watch the videos:
And Trey Ford presented on the Payment Card Industry (PCI) Data Security Standard section 6.6.:
Sunday
Website Security Strategies that work
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment