6 important risky areas related to WAF for auditors and risk assessors
So, I wrote another blog post. On 6 important risky areas related to WAF. Useful for auditors and risk assessors. Please find a summary below. For details on each point, please visit my blog
Web Application Firewall (WAF) has become a security imperative whenever a web application goes live. Absence of a WAF in an enterprise is sure to get raised as a risk or an audit finding. However, many auditors and risk assessors miss some or all of the below 6 important areas related to WAF.
Here are 6 focus areas that the risk assessors and auditors need to be mindful of, while auditing or assessing risks, in and around WAF.
- Not all public and critical applications are protected by WAF,
- Managing sensitive information that passes through WAF
- Always learning, no plans to block
- Improper log monitoring, backup
- No HA or plans for one
- No skilled resources or business continuity planned (if there is one) to manage WAF.
#pentesting #pentest #riskassessment #riskanalysis #audit #infosec
– – – – – – – – – – – – – – – – – – – – –
I blog at the intersection of pentesting, auditing, and risk assessment. A bit of all that is infosec.
I am fond of sitting at fence before jumping in. While it makes me lazy, i get useful brainwaves, at times. My blog is a reflection of those brainwaves.
Please consider subscribing to my blog (https://sripati.info) or my WhatsApp channel (link below, if WhatsApp is your thing. No one will see your number while you follow my channel) to know my views.