[SC-L] Another WAF in town

Benjamin Tomhave list-spam at secureconsulting.net
Thu Sep 24 17:00:50 EDT 2009 

Define "firewall" in this context, I guess, right? Something that
controls network and application access, separate from the application
itself? I don't recall it being defined in PCI DSS itself, so I'm sure
it'll be fine so long as one can properly explain it to the QSA. :)

-ben

McGovern, James F (HTSC, IT) wrote:
> Interesting approach. Curious to know if this will satisfy a PCI
> auditor as a compensating control (section 6)
> 
> -----Original Message----- From: sc-l-bounces at securecoding.org 
> [mailto:sc-l-bounces at securecoding.org] On Behalf Of Kenneth Van Wyk 
> Sent: Thursday, September 24, 2009 12:03 PM To: Secure Coding 
> Subject: [SC-L] Another WAF in town
> 
> FYI, some activity in the open source WAF space:
> 
> http://www.darkreading.com/security/app-security/showArticle.jhtml?artic
>  leID=220100630
> 
> Cheers,
> 
> Ken
> 
> ----- Kenneth R. van Wyk SC-L Moderator
> 
> ************************************************************ This
> communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information.  If you are not the intended recipient, any use,
> copying, disclosure, dissemination or distribution is strictly
> prohibited.  If you are not the intended recipient, please notify the
> sender immediately by return e-mail, delete this communication and
> destroy all copies. 
> ************************************************************
> 
> 
> _______________________________________________ Secure Coding mailing
> list (SC-L) SC-L at securecoding.org List information, subscriptions,
> etc - http://krvw.com/mailman/listinfo/sc-l List charter available at
> - http://www.securecoding.org/list/charter.php SC-L is hosted and
> moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free,
> non-commercial service to the software security community. 
> _______________________________________________
> 
> 

-- 
Benjamin Tomhave, MS, CISSP
falcon at secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave

[ Random Quote: ]
"Perhaps in time the so-called Dark Ages will be thought of as including
our own."
Georg Christoph Lichtenberg

More information about the SC-L mailing list