This article can also be found in the Premium Editorial Download "Information Security magazine: The power of SIMs for visibility and compliance."

Download it now to read this article plus other related content.

    Requires Free Membership to View

HTTP is rapidly becoming the default transport for any and all business logic. With the advent of Web services and service-oriented architecture, XML has become the glue that holds disparate applications and data types together. Web portals, content management systems, and even corporate blogs and wikis are becoming preferred communication channels.

But defending Web applications is an uphill battle. Traditional network security defenses have concentrated on the first four OSI layers, but, by definition, most Web app exploits are valid HTTP traffic, passed through proxies and firewalls.


What to do? You can certainly buy a commercial Web app firewall product, but perhaps you can't (or won't) add another yearly license renewal to your budget. The alternative is building a Web app firewall using freely available open-source tools to parse, rewrite and filter HTTP traffic to defend against application attacks. You won't get all the functionality of a commercial solution (See "Open-Source vs. Commercial Web Application Firewalls," at right). But, you'll add a much needed layer of protection in front of Internet-facing Web services and apps.

This was first published in September 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: