Web Application Security Forum

Information Security Engineer at a tech services company with 1,001-5,000 employees
We required a 24/7 automated vulnerability monitoring tool for securing our web applications. We are looking for options like Sitelock and Immuniweb.
Omar Al IbrahimThere are various tools out there in the market such as web application firewalls (WAFs), DDoS prevention, and vulnerability scanning tools at various levels (host vs. web). You need to select a combination of the right toolset to do the job. However, web security is not just about the tools, you need to conduct proper assessment of your environment through penetration testing, code review, architecture review and so forth.
Travis LeI haven't heard about SiteLock or Immuniweb, but I have used Qualys Web Application Scanning (WAS) and IBM SiteProtector. They are great vulnerability tools. I just want to add to what Omar said, having IDS/IPS tools like FireEye or QRadar is also benefits to protect assets. Let us know what your decision is.
Randy Varela CorderoA WAF can be an excellent solution, most of them are design to absorb large attacks such as DDOS attacks and also protects against common application attacks (SQLi, XSS, etc). Akamai is a good example of a CDN which includes WAF a cheaper option can be Cloudfare or AWS . Based on my experience I know Akamai WAF can generate a detail report with the type of attacks that is trying to be exploited as well bot information and GEO Tags.
Project Manager with 1,001-5,000 employees
We are in the process of implementing a WAF, but we need to decide which WAF to acquire based on 3 main aspects: 1. Security: Which one offers the best response to known and 0 day threats? 2. Administration: Which one is more intuitive and easy to administrate? 3. Benefit vs. cost  Thanks
Product Manager ( HP EG Enterprise ) at Ingram Micro
Imperva WAF and Barracuda, which one is better?

Sign Up with Email