WAF in the Cloud
Posted by hyperguard on January 22, 2010
Fellow OWASP member, Ofer Shezaf, recently presented at a chapter meeting, and gave an overview of how WAFs interact with cloud computing—both using the cloud and protecting cloud based applications. During his presentation he discussed the following scenarios:
- Enterprise Security Gateway
- WAF as a service: For protecting a data center or SaaS
- WAF for a cloud deployment: Host Based or Infrastructure Based
- WAF stubs
Mentioned in his presentation and also in an earlier post, Ofer notes that the two challenges facing WAFs in the cloud are bandwidth and complexity, however, art of defence has tacked these problems with hyperguard and meets XIOMs definition of a true WAF.
Ofer mentions hyperguard SaaS for AWS within his presentation, and notes that many well-known WAFs are actually lacking simply at signatures and hardly true WAFs. What is considered a true WAF for the cloud?
Follow this discussion on Twitter @hyperguard