Spoke at CPE session, ISACA Muscat Chapter
What is a web application firewall, how does it work, how to audit it, how to assess risks around a web application firewall.
where-is-the-risk
Want to fight alert fatigue (in SOC)? Do this...
Alert fatigue happens when a soc analyst ends up looking at too many alerts, resulting in missing crucial alerts.
So, what's the way out? Read on.
6 places to look into when auditing or assessing risks in and around Web Application Firewall (WAF)
Web Application Firewall (WAF) has become a security imperative and absence of a WAF gets raised as a risk or an audit finding. However, many auditors and risk assessors miss some or all of the below 6 important areas related to WAF. So, here they are.
Vulnerability, Control, and Risk are not same
As Pentester, auditor, or risk assessor, it is important to understand difference
'Lack of CAPTCHA' is not always a valid vulnerability or risk
CAPTCHA is a valid security control. However, lack of it may not be a valid vulnerability in all cases and 'lack of CAPTCHA' is definitely not a risk. May be part of risk.