White Paper Abstract:
After many years of purely negative security provided by anti-virus scanners, IDS/IPS, and anti-spam engines, it's refreshing to hear that the positive security model-the basis for tried and true security devices like network firewalls and ACLs-is coming back in vogue. Most recently, this positive policy re-emergence has revolved around the Web Application Firewall (WAF) and application security market. Yet with the positive security positioning comeback carries with it a very interesting point of detail: although many in the WAF space argue that the positive model is preferable, nearly all application security providers still rely on a partially negative solution. While acknowledging that a positive security model is the preferable model to secure web applications, many practitioners and vendors advocate a bilateral approach of both positive and negative security. As the application security market continues to evolve and define itself, there continues to be diverging views on which security methodology is the best option.