[Owasp-firewalls-project] WAF vs. IDS

Sean Bates seanmbates at gmail.com
Tue Nov 17 15:55:36 EST 2009


Hello All. I am in the process of researching WAF's and trying to
determine if we need one. Currently we have an IDS that reports
regularly on SQL Injection and XSS attacks. We take action
accordingly. If we were to implement a typical WAF in non-blocking
mode would it do anything (in general) that the IDS is not already
doing? I realize that that each IDS and WAF would have various
differences in features but I am trying to determine in general what
would be the benefit of using a WAF?

Thanks in advance.


More information about the Owasp-firewalls-project mailing list