The document discusses securing campus web applications with vulnerability assessments (VAs) and web application firewalls (WAFs). It describes implementing WAFs in stages, including using the open-source ModSecurity module initially and then commercial products. It also discusses performing regular VAs and how their results can be integrated with WAFs for a layered security approach. Various WAF deployment options, features, and ongoing management considerations are outlined.