Web Application Firewall (WAF)- What it Does?

Web Application Firewall WAF What it Does

How Can We Help?

Web Application Firewall (WAF)- What it Does?

You are here:

Web Application Firewall or WAF helps protect web applications by monitoring HTTP and filtering traffic between the Internet and a web application. It protects web applications from attacks like cross-site-scripting (XSS), cross-site forgery, SQL injection, file inclusion among others. A WAF is a protocol layer 7 defense, it is not designed to defend all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a wide array of attack vectors.

When a WAF is deployed in front of a web application, there is a shield is placed in between the Internet and web application. By using an intermediary the proxy server protects a client machine’s identity, but the WAF is a type of reverse-proxy, that protects the server from exposure by having clients pass through the WAF before reaching the server.

A set of rules often called policies is what a WAF operates upon, and these policies aim to protect against vulnerabilities by filtering out malicious traffic. The value of a WAF comes in part from the policy modification that can be implemented with speed and ease, as it allows for faster response to varying attack vectors; by modifying WAF policies the rate limiting can be quickly implemented in case of a DDoS attack

Blacklist and Whitelist WAFs and the differences

Think of a blacklist WAF as a club bouncer it is instructed to deny permission to those who fails to follow the protocol. It operates based on a blacklist that protects against known attacks. A WAF based on a whitelist only allows traffic that has been pre-approved. Both blacklists and whitelists have their advantages and drawbacks, which is why many WAFs offer a hybrid security model, which implements both.

What are network-based, host-based, and cloud-based WAFs?

A WAF can be implemented one of three different ways, each with it’s own benefits and shortcomings:

A network-based WAF is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.

A host-based WAF may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.

Cloud-based WAFs offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them.

Previous An Introduction to Network Security

0 Comments

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password

Register