The proper way of securing a Web site is actually the hardest way -- secure development practices along with host and database hardening and proper configuration. Take a look at the secure development lifecycle message that a lot of companies are preaching. The methodologies that are taught are the best way of developing a secure Web application. Of course, if you are interested in an appliance, there are Web application firewall products that will do a much better job at protecting you from Web application attacks then ISA or PIX.
* Q&A with application security expert Herbert Thompson: Baking security into the SDLC better than bolting on later
* Featured Topic: Making a case for Web application firewalls
* Ask the Experts yourself: Our application security gurus are waiting to answer your questions.