DevOps didn’t kill WAF, because WAF will never truly die

2021-05-14 05:15

You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests.

DevSecOps can't be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do.

DevOps and the continuous integration and continuous deployment pipeline provide an excellent opportunity to implement security, especially if your agile methodology includes security sprints.

These apps will need additional mitigation controls, which is where WAF comes in.

An agile, DevOps approach that actively builds security into web applications should be considered a best practice.

As long as legacy apps exist outside of the DevOps environment-or DevOps teams don't fully implement security from the ground up, other means of protecting applications and mitigating attacks will be necessary.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/6kGpK7CCpK8/

#devops #WAF