The Open Web Application Security Project (OWASP) periodically updates the TOP 10 Web Application Security Risks. The Top10 serves as a set of best practices for those who develop web-based applications, but as always, provides insight into the possible entry points into vulnerable web-based applications.
One of the key protection methods is to implement a Web Application Firewall (WAF). For this week’s discussion, does implementing a WAF address the OWASP Top 10, or would implementing the OWASP Top 10 negate the need to add a WAF to a web-based application’s infrastructure? What your thoughts, and why?