Prevent XSS - (WAF vs. IPS) Analysis

I am trying to put together some analysis of different web application firewalls (WAF) and intrusion prevention systems (IPS) that can help prevent Cross Site Scripting.  What are the best of breed appliances in each space (Cisco, F5, Imperva, Tipping Point, etc.)?

Who is Participating?
Tim HolmanConnect With a Mentor Commented:
Instead of best of breed, stick to best fit.  That way you don't end up paying a premium.
Secondly, why just look to fix XSS?  I'd say 90% of successful attacks use SQL injection to pull out personal information or credit card numbers.  Look for a solution that takes a blended approach and doesn't just solve one problem.
Market leaders in this space are probably Imperva and Breach.  Imperva goes one step further and can introduce a database firewall into the equation and correlate what that sees with the front end, thus cutting down false positives and doing a better job of protecting critical resources.
That said, you can go along way using mod_security (GPL version of Breach), so if you have in house Linux/network security skills, this could save you money.
One thing you CAN'T do is get a solution that gives you both WAF and IPS.  These are 2 different things and offer you 2 different layers of security.  Don't ignore one in favour of the other.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.