[Owasp-washington] who controls the WAF?
Christian Heinrich
christian.heinrich at owasp.org
Tue Aug 3 18:37:10 EDT 2010
Ari,
The simplest solution is to form a team made up of stakeholders i.e.
developers and firewall administrators (i.e. those who know
IP->TCP->HTTP/HTTPS network protocols at a low level) and then manage
it via a change control process - the change is implemented by a
single WAF administrator who is not involved in accepting/rejecting
the change.
On Wed, Aug 4, 2010 at 5:46 AM, <Ari_Elias-Bachrach at navyfederal.org> wrote:
> I'm reaching out for ideas here. Specifically, I'm looking for people who
> think they've done a good job of deploying WAFs in their organization. In
> your organization, who controls the WAFs? Is it the developers? The security
> group? Network security? software security group? janitorial staff? Someone
> else who I've missed entirely?
>
> All feedback welcome.
>
> -----------------
> Ari Elias-Bachrach
> Global IT Services, Information Services
>
> extension: 4-2833
> desk: (703) 206-2833
> cell: (703) 463-8806
--
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
More information about the Owasp-washington
mailing list