What WAF to Protect Against SQL Injection (SQLi), XSS, etc. Attacks
Assuming good coding practices are followed for a defence-in-depth approach, how do people protect at the request level - i.e. with a WAF? For example solutions with the commercial Nginx WAF and/or naxsi with managaged rule sets, or a CDN provider with a managed WAF rule set. What is the minimum maintenance overhead one can expect?
if you are using a cloud provider, you can use Fortinet's top 10 WAF rules..
its plug and play but comes with its own disadvantages..