We help IT Professionals succeed at work.

Prevent XSS - (WAF vs. IPS) Analysis

I am trying to put together some analysis of different web application firewalls (WAF) and intrusion prevention systems (IPS) that can help prevent Cross Site Scripting.  What are the best of breed appliances in each space (Cisco, F5, Imperva, Tipping Point, etc.)?

Watch Question

CEO and Founder
Instead of best of breed, stick to best fit.  That way you don't end up paying a premium.
Secondly, why just look to fix XSS?  I'd say 90% of successful attacks use SQL injection to pull out personal information or credit card numbers.  Look for a solution that takes a blended approach and doesn't just solve one problem.
Market leaders in this space are probably Imperva and Breach.  Imperva goes one step further and can introduce a database firewall into the equation and correlate what that sees with the front end, thus cutting down false positives and doing a better job of protecting critical resources.
That said, you can go along way using mod_security (GPL version of Breach), so if you have in house Linux/network security skills, this could save you money.
One thing you CAN'T do is get a solution that gives you both WAF and IPS.  These are 2 different things and offer you 2 different layers of security.  Don't ignore one in favour of the other.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.