however, the Web Application Firewalls? Talk about products with a poor track record. Also let’s think about what Web Application Firewalls are good at, signature-based protections. So, yeah, they’ll help with XSS and SQL Injection, although I’ll go to the grave saying they don’t prevent the issues entirely, but they have absolutely no capability to find a huge number of very serious security flaws, such as (off the top of my head and in no specific order):
Associated risks include:
-- Data loss through unmonitored and/or unauthorized file transfers
-- Compliance violations, both with internal policies and external regulations
-- Business exposure from malware propagation or application vulnerability exploits
-- Operational cost increases due to higher bandwidth consumption and added IT expense
-- Lost productivity from excessive use of personal applications