Ask HN: What WAF to Protect Against SQL Injection (SQLi), XSS, etc. Attacks
Assuming good coding practices are followed for a defence-in-depth approach, how do people protect at the request level - i.e. with a WAF? For example solutions with the commercial Nginx WAF and/or naxsi with managaged rule sets, or a CDN provider with a managed WAF rule set. What is the minimum maintenance overhead one can expect?
1 comment
[ 3.0 ms ] story [ 6.9 ms ] threadits plug and play but comes with its own disadvantages..