86% of PHP-based apps contain at least one XSS vulnerability

dbit

Does anyone out there use or employ virtual patching , Does anyone disagree with the principles as an aswer to these types of mass vulns . Teams i can understand can be delayed in getting to most of the edge or DMZ nested systems , but based on what they are and what they do should industry not be pushed to have virt patching forced via PCI DSS ? Im thinking it a handy way to delay the update pushes and to have a virtual hammer drop for detected attcks ?, until they can get to those systems ?

http://www.net-security.org/secworld.php?id=19189

syklops

dbit wrote: »

Does anyone out there use or employ virtual patching , Does anyone disagree with the principles as an aswer to these types of mass vulns . Teams i can understand can be delayed in getting to most of the edge or DMZ nested systems , but based on what they are and what they do should industry not be pushed to have virt patching forced via PCI DSS ? Im thinking it a handy way to delay the update pushes and to have a virtual hammer drop for detected attcks ?, until they can get to those systems ?

http://www.net-security.org/secworld.php?id=19189

I use and employ WAFs if thats any help?

dbit

WAFS are they actually capable of scanning an OS and its subset of applications and thus bring down a vale of virtual patching inline shrowded over all the instances found within and stop exploits against vulnerable applcaitions ? And im not just talking about the web apps them selves , I mean every peice of software in each instance ?