Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
You're not paranoid: The Internet is evolving so fast that no Web application stays static for long. Web 2.0, AJAX, RSS, blog software, CSS layouts, Google sitemaps, XHTML compliance...there's always a new technology to implement, a new feature to add, a new attack vector to be exploited. And as enterprises move applications from the desktop to the Web, IT is forced to defend an increasingly tangled environment, woven from a mix of internally and externally developed apps with frequently changing code that almost always contains security holes.
|
If this sounds familiar, consider deploying a Web application firewall, or WAF. This relatively new security tool is designed to pick up where network firewalls--which guard up to the transport layer of the TCP/IP stack--leave off. A WAF protects the application layer, using deep-packet inspection to guard against SQL injection, session hijacking, cross-site scripting, buffer overflows and other attacks.
WAFs are available as software and as appliances that plug into your network at a point where they can monitor traffic to and from Web servers. While building our comparative review of these products for "WAFs Blast Pernicious Payloads," page 41, we ran across a variety of deployment methodologies, with some products supporting multiple configurations.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
