WAF as a Marketing Tool?
I'd never thought about it, but on Wednesday at BeNeLux OWASP Day 2009, someone asked if a web application firewall could be used to provide "next generation" web analytics.
An interesting idea. Noa Bar-Yosef had been discussing how web application firewalls could be used to monitor valid business logic processing and attempt to deter or deny business attack bots. WAFs are a highly discussed topic and their merits are widely debated by information security professionals, but I don't think their use for gathering marketing data has ever been raised before (tell me if I'm wrong, please). The question was asked by a developer who was tired of adding third party JavaScript code in all his organisation's templates and links. This would also avoid the use of third party code and, with some more development and a good analysis system, be an alternative good selling point for a WAF. Who knows, the marketing departments may have a greater budget than the IT folk.
I enjoyed the whole event and found the lecture theatre a good location. I found Eoin Kerry's discussion of real world secure development, Sando Gauci's presentation of WafWoof and WafFun, and Prof. Dr. Ir. Bart Preneel's talk on the SHA-3 competition especially enlightening.
I'm looking forward to next year (and eating the Belgian chocolate from this year).
Posted on: 04 December 2009 at 19:48 hrs
Comments are filtered automatically and should appear shortly after they been checked.