This Thursday - July 23rd 2009,  I'll be presenting at the OWASP Bay Area Chapter at Stanford University. My presentation is titled:  From Rivals to BFF: WAF & VA Unite.  When I began researching this topic and looking for historical references from Imperva, I quickly realized that we've been talking about this concept for years. Literally, through white papers, speeches, webcasts, YouTube videos, blogging, and podcasts, we've been trumpeting WAF + VA since circa 2005. In the past, WAF and VA were seen as rivals. This perspective has all but run out of steam based on conversations I've had with many folks at OWASP.

With me coming to the application and data security space from SIEM where the correlation of everything network-centric was common, it made perfect sense to me that in the data world, bringing WAF and VA together was the way to go. It's analogous in the SIEM world to bringing network firewalls and network IDS together with operating system vulnerability scanners. 

In addition to talking about the why, and how of bringing WAF & VA together to make WAF more effective, I'll also be covering how WAF can make VA more effective. Further, I'll cover how working together they can improve the development process and secure operational environments better than either one alone. 

Learn more about the OWASP Bay Area Chapter and Thursday's presentations here.