John (and list), I'm on the hunt for a good Web Application Firewall for PCI Compliance purposes. I've looked into Cisco ACE Web Application Firewall and a couple others. Do you have any recommendations? Are there any software options that will comply with the PCI Compliance guidelines (6 & 6.5) that would work well rather than a dedicated device?
Wes w...@dynapp.com www.facebook.com/dynapp -----Original Message----- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of John Mason Sent: Monday, January 04, 2010 6:02 PM To: discussion@acfug.org Subject: [ACFUG Discuss] portcullis update I just released the 2.0 version of the Portcullis filter on riaforge.org. You can download it at http://portcullis.riaforge.org. The filter helps block and log sql injection and cross-site scripting (xss) attacks. It's also going to be included in the 3.2 version of the Model-Glue framework. I think most people are finally starting to use cfqueryparam to help prevent sql injection, but many are still not doing anything about xss. Portcullis takes maybe five minutes to install on your site - so there's very little reason not to use it. John ma...@fusionlink.com twitter: john_mason_ ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
