An article was published last week about a study from HP’s Application Security Center Web security research group. In a nutshell, the study talks about an increase in attacks and issues found from vulnerability scanning tools. It also talked about # of disclosed issues declined for those apps. One can spend all their time running the scanning tools but the issues still have to be fixed. There are some companies who may have a great development team that can fix all the issues but during crunch times some rapid developments become necessary vs. making sure codes/procedures are properly and structurally done and secure. There are detailed examples of rapid developments in this article that is definitely worth reading.
It does mentioned that Web Application Firewall (WAF) are not specific to the applications and may cause false positives, however there some application templates in WAF products such as NetScaler Application Firewall (AppFW) that’s been tested specifically for critical applications. Some of this info can be found at community.citrix.com or also some more details in other Citrix blogs. NetScaler AppFW also has signatures available as well as integration with Cenzic converter tool that converts the output from the Cenzic vulnerability tool to NetScaler AppFW rules. See Cenzic blog for details.
With the Cenzic integration along with having signatures capability in addition to positive security model, NetScaler AppFW provides a hybrid model that offer more flexible and adaptive protections specific to those critical apps.