On today’s Heavy Networking our topic is Web application firewalls (WAFs). Which, in the traditional sense, are neither web applications nor firewalls.

So what are these strange creatures? If my company doesn’t have one, should I go to the pet store and get one? Will they bite me if I’m not careful? What does a web application firewall eat?

Helping us understand how to feed and care for our very own web application firewall is Scott Hogg, who you might know from the IPv6 Buzz podcast, part of the Packet Pushers podcast network.

We discuss:

* How a WAF differs from typical firewalls

* The security problems WAFs try to solve (protecting vulnerable Web apps)

* How WAFs are deployed

* The architecture of a typical WAF

* Operational challenges

* How attackers bypass WAFs

* The role of WAFs in cloud applications

* More

Sponsor: ITProTV

Get over 65 hours of free technical training from ITProTV. ITProTV offers online instruction in CompTIA, Cisco, VMWare, Microsoft and more. You can stream courses live and on demand on your favorite device. Sign up for a free membership at itpro.tv/packet-pushers and try it with no obligation.

Sponsor: Cumulus Networks

If you’re future-proofing your network, why go with legacy infrastructure? Cumulus Networks offers networking software for the open, modern data center, giving you the option to choose the new way every time. Find out more at cumulusnetworks.com/modernize.

Show Links:

Scott Hogg on Twitter

Hexabuild

IPv6 Buzz Podcast

Scott’s Network World author page

Scott’s Infoblox author page

Web Application Firewalls and IPv6, Scott Hogg – Network World

The Open Web Application Security Project (OWASP)

The Web Application Security Consortium (WASC)

Web Application Firewall Evaluation Criteria (WAFEC)

WAF Criteria – ICSA Labs (PDF)