PCI

Larry Suto, an application security consultant, publish a sequel to his 2007 best seller research about web application scanners. In the first round Larry managed to ignite quite a controversy and drew a lot of criticism from the loosing vendors. The reason is simple: Larry found out that the scanners do not perform as well as advertised.

An enlightening case study presented by ArgoWorks, an Armorlogic reseller, highlights the benefit that PCI brings to the WAF market but also the its curse.

When asked why he bought a WAF, the director of application technology at Southern Utah University admitts that the reason was PCI. PCI is a very common reason for implementing a WAF and as such is usually considered as a boon to the WAF market. 

DragonSoft from Taiwan has introduced what they label a "Personal Web Application Firewall". The new product is essentially a low cost IIS plug-in and the "personal" label refers to the price rather than to some desktop protection. Since the press release itself mentions that the product is signature based, we at Xiom classify it as an IPS and not as a WAF in our product directory.