| «Two very old adages in security are "least | | | | infrastructures ! In late 2004, a Red Herring journalist |
| privileges" and "defense in depth." The idea is to only | | | | mentioned : "Web-app security will be just like anti-virus |
| give software enough privileges to get the job done, | | | | was 10 years ago. In five years, it will be a must-have.". |
| and not to rely on only one security mechanism. M. | | | | Conclusion : web application firewalls act when |
| Andrews and J. Whittaker, Guide to Web Application | | | | conventional tools show their limits |
| Security» | | | | We face conjunction of major trends : |
| Although security tools have their limits, they are usually | | | | - IT infrastructure has an ever-growing role in business |
| necessary to make IT security infrastructure stronger. | | | | value creation |
| And , by the way, they have to be completed with | | | | - Web architectures take a major place in this process |
| two major components of an efficient security policy : | | | | - These solutions are vulnerable |
| human resources (expertise, training, threat awareness, | | | | - Traditional tools can not protect them efficiently |
| ...) and organisation (processes, best practises, | | | | This is why web application firewalls are an important |
| committees, ...). | | | | building block in every HTTP network. Web |
| Security experts refer to IT security infrastructure as | | | | applications need their [intelligent and self-learning] |
| "RINGS OF PROTECTIONS". Two very well known | | | | bodyguard. When we say bodyguard, we mean a |
| and common tools are antivirus and network firewalls. | | | | solution which 'understands' the application, taking into |
| As regards with web security, we have seen that | | | | account its behavior, which is close to it (ie directly on |
| web traffic penetrates IT systems with no real | | | | the web server) and can ACT immediately and |
| opposition. That is why web application firewalls | | | | consequently (counter-measure). At the same time, it |
| become indispensable. A web application and a web | | | | has to be discrete and stick to business logic. It is the |
| site need its 'bodyguard', as web technologies become | | | | "last rampart", the ultimate protection ! |
| increasingly critical and exposed in modern IT | | | | |