Security Controls in the US Enterprise: Web Application Firewall

Security Controls in the US Enterprise: Web Application Firewall

AUTHORS:

Jason Pappalexis, John Whetstone, Will Fisher, Mike Spanbauer

 

OVERVIEW:

Web application firewalls (WAFs) are used to protect web applications against a range of attack types, such as cross-site scripting (CSS), SQL injection, and buffer overflows. WAFs protect companies that do business on the web from data breaches, which can put consumers at risk for fraud and lead to loss of customer confidence, both of which can directly impact revenue. To maintain PCI DSS compliance, companies must either assess and resolve Internet-facing application vulnerabilities, or deploy a WAF.

 

WHAT’S IN THIS REPORT:

  • Product scope, alternatives, deployment, and purchase authority
  • Metrics on product use within the enterprise
  • Who manages WAFs? (breakdown by organization size)
  • Who uses API controls? (breakdown by organization size)
  • Enterprise challenges

 

ABOUT THIS STUDY:

Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for WAFs within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).?

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.