“Devs should stop being lazy and taking security for granted” is a response I’ve seen a couple times to the poll we ran earlier (screenshot).
The problem is that those people don’t realize just how weirdly tricky it is to:
- See what IPs are making requests and how many
- Block obviously bad IPs and bot
- Rate limit requests
Frameworks don’t ship with these tools, the organizations that do have them have cobbled them together by pumping logs into ElasticSearch and some handwritten reports, but they aren’t available to most of the team, etc.
All problems we’re trying to change with Wafris as we make it dead easy to put a WAF in every web app.
Top comments (0)