SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc(情報元のブックマーク数)
SANSもWAFと言ってくれました!これで、WAFが広がるかな?
InfoSec Handlers Diary Blog - Web Application Firewalls (WAF) - Have you deployed WAF technology?What is WAF?
If your first response to the subject is "What is a Web Application Firewall?", Apologies but I respectfully defer you to the OWASP team who has a great definition posted at: http://www.owasp.org/index.php/Web_Application_Firewall. For those who would like extended reading material into the subject of WAF technologies, refer to: http://www.webappsec.org/projects/wafec/.
WAFはオープンソースでも商用でもあるけど、もっと実績を共有しようぜ!らしい
InfoSec Handlers Diary Blog - Web Application Firewalls (WAF) - Have you deployed WAF technology?Share your experiences with WAF
I am most interested in hearing from readers on their experience with WAF technologies, whether they be open or commercial. I'm keenly interested in constructive product opinions, alternate solutions for server technologies not mentioned, your lessons learned, pitfalls or any success stories you are willing to share. If you happen to be doing something particularly exciting or know of other projects in the web application protection space that deserve attention, please share! Pending reader response, results may be posted to a future diary.
ModSecurityと、IIS URLScan、WebKnightを上げられていますけど、他も色々ありますね。
InfoSec Handlers Diary Blog - Web Application Firewalls (WAF) - Have you deployed WAF technology?WAF Links:
ModSecurity : http://www.modsecurity.org
IIS UrlScan : http://www.microsoft.com/downloads/details.aspx?FamilyId=EE41818F-3363-4E24-9940-321603531989&displaylang=en
WebKnight : http://www.aqtronix.com/?PageID=99