Nicholas Turnbull
on
•
5 mins
There seems to be a lot of confusion about the role of a Web Application Firewall (WAF) in application security, and what types of threat a WAF can help mitigate in your deployment.
The Web Application Firewall is based on ModSecurity which is an open source WAF for Apache, IIS, and Nginx for protecting against a many variety of attacks and allows for HTTP traffic monitoring and logging.
The integrated WAF in version 8 of the Loadbalancer.org appliance has been designed for fast, low latency PCI compliance for our customers.
Updates include an enhanced process for high availability appliance pairing, improved LBCLI, and advancement of the web user interface.
Let me first say that I'm not really a fan of PCI scanners. It's not so much that I'm anti security scanners but rather that scanning for vulnerabilities based on only the version number a package returns seems rather simplistic to me.
Any engineer dealing with PCI DSS compliance issues probably looses a little bit of the joy in life.