Web Application Firewalls are awesome, but they take a lot of care and feeding. This workshop aims to give you the background you need to develop an effective Web Application Firewall program, regardless of the technology. While not product specific, this training focuses on what it takes to build a WAF program, and how to start down the road of configuring these devices correctly. It will be part program development, part Web App 101, and a lot of WAF Configuration Best Practices. Learn about character set locking, parameter locking, forced browsing protection, ddos mitigation, brute force protection on the technical side; as well SDLC integration, Getting Developer buy off, how to sync up with development timelines. This workshop will try to take some of the sting out of proper WAF deployment.