

Web Application Security At the Edge is More Efficient Than In the Application - lmacvittie
http://devcentral.f5.com/weblogs/macvittie/archive/2009/09/28/web-application-security-at-the-edge-is-more-efficient-than.aspx

======
midnightmonster
If the web app firewall is part of the network I control, I still have to pay
all costs associated with "bad" communication with it. If it's not part of the
network I control, then presumably I still have to pay something to use it,
and moreover I can't trust it, so I have to duplicate all checks in my
application anyway. (All this even if we grant the implausible claim that the
web app firewall can reliably stop a useful set of attacks.) Where's the
savings?

------
ac
The basic premise of the article is that a web application firewall can detect
and deter all the attacks an internal mechanism can. Well, good luck with such
an attitude!

------
tptacek
... says vendor selling appliances that claim to make application security
problems go away, a claim roundly derided among OWASP members.

------
idlewords
This article is just an extended ad for something called a 'web application
firewall'.

