eSecurityPlanet: Wield App Firewalls with Caution

/Home/Internet Security: Articles/Internet Security: eSecurityPlanet

May 1, 2006
By Kenneth van Wyk

When I'm discussing software security with my clients, questions invariably turn to application firewalls.

When I first heard of these products a few years ago, I was immediately predisposed to not liking them. They seemed to me to be yet another security product IT managers would try to plug into their networks to somehow retrofit security to the applications they're charged with running. It's long been my view that this sort of perimeter mentality doesn't work well and does little more than provide a false sense of security.

However, I was recently at a regional meeting of the Open Web Application Security Project (OWASP) in Belgium where the topic of application firewalls was heavily debated. Now, I have to admit my opinion shifted at least slightly during the discussions, and I wanted to take the opportunity to talk about that here. I'll warn you, though, I'm still not a believer, but I do recognize there can be circumstances when app firewalls can add value.

Let's start with a real quick description of the technology, and then I'll describe where it might be useful under certain circumstances.

Click the URL above to read the full article