Security Apps have the Most Flaws?
I was recently reading an article by John Dunn at Techworld that discussed the enormous number of flaws found in security apps. This is why everyone should use security in depth. First and foremost, it is important for you to be able to tell the difference between a firewall, IPS/IDS, and a web application firewall. All three are important network and data security devices that help protect your environment and sensitive data in different ways. A firewall will generally control who can access your system and who cannot. An IPS/IDS will detect invalid or malicious packets that match particular signatures, an IDS watches a copy of the traffic whereas IPS watches the real traffic. A web application firewall will not just inspect packets, but will actually inspect full request and responses at the application level.
No one network and data security solution is perfect and where there are advantages, there are also drawbacks. It is also very easy to create rules that generate false positives (in other words, rules that block both valid and invalid traffic). Despite the difficulty in creating well designed custom rules, all web applications usually come with a very solid core rule set. Modsecurity, the open source web application firewall solution, boasts a core rule set that protects against the types of threats listed in the article. Out of the box it protects against generic SQL injection attacks, Cross Site Scripting, and even language specific injections.
With all that said, it is easy to see that a Web Application Firewall is a good choice when looking to supplement network and data security. Of course, I say supplement because no one device is going to provide perfect security. Security is best accomplished through layers and as great as a web application firewall may seem, it does not replace a standard network firewall, an IPS/IDS, or even thorough code checks and patching. However, when a Web Application Firewall is used in conjunction with all (or even some) of the above, it provides a new level of network and data security that greatly reduces the risk of compromise to sensitive data.