Web Application Firewall / WAF
It is a form of firewall which controls input, output, and/or access from, to, or by an application or service. The way it operates is; monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. We can assess its capability by the functions like; controls applications or services specifically, unlike a network firewall which is – without additional software – unable to control network traffic regarding a specific application.
Web sites are becoming increasingly important for companies and organizations. Web site manage crucial information and business processes, therefore their reliability, usability and overall quality are central issues. Web security is therefore on the management agenda of most public and private organizations as these issues fall under IT-security.
Significance of Web Application Firewall / WAF
Web applications are basically software programs which are accessible from the Internet. They play a major part in the overall security of a web site. Even though companies install network firewalls , patch off-the-shelf software and protect communication with heavy encryption, there are many ways to attack the logic of the custom-made application code itself. Web applications often access critical data sources and internal systems. Therefore the prime target for more serious attacks.
Web Application Firewall is a tool which we use to protect web applications from attacks. We deploy WAF in front of a web application (or a web server) and intercept the traffic between the clients and the applications in order to:
- Prevent unwanted user input to reach the application.
- Prevent unwanted content that an application can leak.
- Monitor the application traffic flow.
- Log transaction data.
WAF intercepts and monitors all incoming and outgoing application-layer traffic (OSI-layer 7)
How a Web Application Firewall / WAF works?
A WAF can be an appliance like a hardware device that you deploy in front of your web server or a server plugin that you install on your web server.
A WAF operates by using two main models:
- A blacklist or negative model that denies what is known to be bad:
For basic protection, similar with an IPS but with a greater level of application intelligence, a WAF can use generic signatures for preventing well known attacks. Further more specific signatures for attacks exploiting a particular web application’s vulnerabilities. A simple example: deny a certain malicious HTTP GET request and permit everything else.
- A whitelist or positive model that permits only what is known to be good:
For advanced protection, in addition to the signatures, another type of logic that we use: rules that define what is explicitly allowed. A simple example: allow just HTTP GET requests for a specific URL and deny everything else
Benefits of Using Web Application Firewall / WAF
- Preventing technical application attacks (e.g.:- XSS, SQL Injection etc.)
- Prevent data leakage
- Compliance with PCI DSS 6.6
- Business logic attacks: Preventing flaws in the logic of a business application that abuses its functionality
- Virtual Patching: fix the security vulnerabilities in your web applications without touching the application.
- Web application hardening: reduce the attack surface.
- Monitoring your web application and detecting when attack occur