DevOps didn’t kill WAF, because WAF will never truly die


The web application firewall (WAF) is dead, they say, and DevOps is the culprit, found over the body in the server room with a blade in its hand and splattered code on its shirt. But although some could argue that DevOps had the means, motive, and opportunity, the fact is that WAF isn’t dead at all, nor is it likely to be anytime soon.

You can only get rid of WAF if you fully implement security into your development process and audit the process via code reviews and annual tests. But DevSecOps can’t be realistically implemented for all web apps in the enterprise environment, so WAF will stick around because it still has a job to do.

Read more…