Hello all. I am looking for real-world experience/recommendations for a Web Application Firewall to satisfy PCI DSS's section 6.6. As far as sizing, right now we're peaking at 2k concurrent HTTP connections, and around 100 concurrent HTTPS connections (6k total connections). We've seen demos from Cisco's ACE WAP, as well as from Imperva and Breech.
If there is a better forum for this type of question, I'd welcome pointers (either in PM or a reply)
If there is a better forum for this type of question, I'd welcome pointers (either in PM or a reply)