Ask HN: What WAF to Protect Against SQL Injection (SQLi), XSS, etc. Attacks

3 points by jinnko ↗ HN
Assuming good coding practices are followed for a defence-in-depth approach, how do people protect at the request level - i.e. with a WAF? For example solutions with the commercial Nginx WAF and/or naxsi with managaged rule sets, or a CDN provider with a managed WAF rule set. What is the minimum maintenance overhead one can expect?

1 comment

[ 3.0 ms ] story [ 6.9 ms ] thread
if you are using a cloud provider, you can use Fortinet's top 10 WAF rules..

its plug and play but comes with its own disadvantages..