A while back I presented in an OWASP chapter meeting in Israel a controversial topic: “Why WAFs fail?”. While it is easy to explain the importance of WAFs, they remain a market niche, with revenues of 50 to 100 million dollars a year.
One reason that the WAFs market remains small is relative lack of innovation in the field. WAFs still fight last year's war: they protect well from SQL injection and cross site scripting. However for those attacks alternative solutions such as intrusion prevention systems and secure coding offer comparable results.
This is why I was delighted to be briefed about the new release of ASM, F5’s WAF. This version offers some new security features which are both important in today’s market place and can be uniquely solved by WAFs.