Web Application Firewall Evaluation Criteria - Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
Internet security & monitoring for networks - Dld trial!   Get A Free iPod   Bookmark and Share 
Best Tips
Security Scanner
Security Categories
Advertise With Us!
Latest Viruses / Threats
2009/12/24 0:00:00
2009/11/20 9:14:41
2009/11/20 9:14:41
2009/11/20 9:14:41
2009/11/20 9:14:41
Our Partners
Downloads
Web Application Security: Web Application Firewall Evaluation Criteria  
Author: Max : 2006/11/19 Printer Friendly Page Tell a Friend
Web Application Firewall Evaluation Criteria 
Web Application Firewalls (WAF) represent a new breed of information security technology that is designed to protect web sites (web applications) from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't.

They also do not require modification of the application source code. As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardised criteria for product evaluation. How else can we accurately compare or measure the performance of a particular solution?

The goal of this project is to develop a set of web application firewall evaluation criteria; a testing methodology that can be used by any reasonably skilled technician to independently assess the quality of a WAF solution. However, our aim is not to document the features that must be supported in order for a product to be called a web application firewall. Web application firewalls are simply too complex to be treated like this.

To conclude: the purpose of this document to draw one's attention to the features that are of potential importance to a given project. This comprehensive list should be used as basis to form a much shorter list of features that are required for the project. The shorter list should then be used to evaluate multiple web application firewall products.

Current categories are as follows:

1.Deployment Architecture
2.HTTP Support
3.Detection Techniques
4.Protection Techniques
5.Logging
6.Reporting
7.Management
8.Performance
9.XML

We expect to cover the following categories in the subsequent releases:

* Compliance, certifications, and interoperability.
* Increase coverage of performance issues (especially on the network level).
* Increase coverage of the XML-related functionality.

You can download the latest version of the Web Application Firewall Evaluation Criteria
here as pdf

 
Return to Category | Return To Main Index
Web Application Security: Web Application Firewall Evaluation Criteria