Implementation of web application firewall (WAF) solutions can be a complex process with multiple factors affecting the overall security effectiveness of the solution. These should be considered over the course of the useful life of the solution, and include: Deployment use cases What applications and web services will the WAF protect? How old is the operating system? How old are the applications? Defensive capabilities in the deployment use cases (block rate) Anti-evasion capabilities (resistance to common evasion techniques) Device stability and reliability This report is part of a series of Comparative Analysis Reports (CAR) on security, performance, total cost of ownership (TCO) and Security Value Map (SVM). In addition, a SVM Toolkit is available to NSS clients that allows for the incorporation of organization-specific costs and requirements to create a completely customized SVM.