F5

As WAFs traditional functionality is being absorbed in other solutions such as IPS and Load Balancers, WAFs are looking for future direction. One feature that seems to appear in many WAFs and show promise is anti-automation. Anti-automation is a complex feature not the least since automation itself is multifaceted and ill-defined. The attached presentation provides insight into automation applications from auction sniping to data scraping.

A while back I presented in an OWASP chapter meeting in Israel a controversial topic: “Why WAFs fail?”. While it is easy to explain the importance of WAFs, they remain a market niche, with revenues of 50 to 100 million dollars a year^[1].

One reason that the WAFs market remains small is relative lack of innovation in the field. WAFs still fight last year's war: they protect well from SQL injection and cross site scripting. However for those attacks alternative solutions such as intrusion prevention systems and secure coding offer comparable results.

This is why I was delighted to be briefed about the new release of ASM, F5’s WAF. This version offers some new security features which are both important in today’s market place and can be uniquely solved by WAFs.