Things are developing the right way. If a Website or better Webapp should be “firewalled” then it needs at least two of them: One in the input stream and another one in the output stream. 2007 and pre was focues on the input stream mainly, the well known mod_security might be looked at such a tool as well as phpids. Now it is on the output stream to be looked after: AntiSamy (PHP enabled) and Site Security Policy are differently layered but both affecting and securing the output stream. This will help getting webapps safer. I hope there are more things to come and to report about this year.
