tag:blogger.com,1999:blog-5361523904237597206.post8453572640322621940..comments2023-09-05T08:22:02.987-04:00Comments on Tactical Web Application Security: Scanner and WAF Data SharingRyan Barnetthttp://www.blogger.com/profile/12300602630139148313noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-5361523904237597206.post-79708823306794552172009-06-03T14:53:35.274-04:002009-06-03T14:53:35.274-04:00In a few cases, I have used a vulnerability scanne...In a few cases, I have used a vulnerability scanner import resources into our WAF. One example was an application with a very large list of URLs. Instead of clicking each one or waiting for users to explore, I just had the scanner crawl each one. This was helpful in verifying that the WAF is organizing the URLs correctly and it cut down on subsequent unknown URL alerts.Anonymoushttps://www.blogger.com/profile/14082895669552397138noreply@blogger.comtag:blogger.com,1999:blog-5361523904237597206.post-16356862727198570222009-05-14T09:11:00.000-04:002009-05-14T09:11:00.000-04:00Thanks. You make a valid point - synergistic may b...Thanks. You make a valid point - synergistic may be a more appropriate term here as each process doesn't *have* to use the data from the other one but, when they do, the results are better than if they did things on their own.Ryan Barnetthttps://www.blogger.com/profile/12300602630139148313noreply@blogger.comtag:blogger.com,1999:blog-5361523904237597206.post-31777177681211441722009-05-13T18:17:00.000-04:002009-05-13T18:17:00.000-04:00Great post! I will be applying these principles i...Great post! I will be applying these principles in my organization, especially the "Scanning Coverage" section. I'm planning on presenting on VA+WAFs later this year, and you've created quite a conundrum. I can't decide if I like "symbiotic" more than "synergistic" :PAnonymoushttps://www.blogger.com/profile/14082895669552397138noreply@blogger.com