https://grey-panther.net/2008/05/web-applicaiton-firewalls-are-they-usefull.html Just another WordPress site Tue, 27 May 2008 15:43:06 +0000 hourly 1 https://wordpress.org/?v=6.9 https://grey-panther.net/2008/05/web-applicaiton-firewalls-are-they-usefull.html#comment-717 Tue, 27 May 2008 15:43:06 +0000 https://grey-panther.net/?p=745#comment-717 It depends on what security model your WAF is using. ModSecurity (and others) used as a negative model does not require such detailed knowledge of your app. However, if you are trying to build a complete positive model, then it becomes more difficult. There are plenty of WAFs out there, though, that build a positive model by analyzing the traffic. Such a WAF can then use this positive model and a negative model togeather to protect web applications quite well without knowing details about your apps. But as you wrote, this is only part of the big picture and you should have a layered approach (defense in-depth).

]]>