If you're not familiar with web application attacks, we covered them in detail in a previous column, available here. Also, the Open Web Application Security Project (OWASP) has an abundance of Web application security educational information available on its Web site, including the top 10 most prevalent web application attacks.

Combating web application attacks with web application firewalls (WAFs) can be effective. Web application firewalls are very good at preventing attacks where network firewalls and intrusion detection/prevention systems cease; this includes attacks such as XSS, SQL Injection, and attacks that target flaws in application logic or technical vulnerabilities in software.

Web application security also is gaining attention from regulators. Most notably, an update to the Payment Card Industry Data Security Standard, PCI DSS requires web applications be secured through code reviews or WAFs.

Before you make the leap to a WAF, there are some things you should understand and consider to make sure you select the one that is right for your needs and organization"

Article: http://www.scmagazineus.com/Hot-or-not-Web-application-firewalls-for-security...