A WAF or Web Application Firewall helps protect web applications by
filtering and monitoring HTTP traffic between a web application and the
Internet. It typically protects web applications from attacks such as
cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL
injection, among others. A WAF is a protocol layer 7 defense (in the OSI
model), and is not designed to defend against all types of attacks.
This method of attack mitigation is usually part of a suite of tools
which together create a holistic defense against a range of attack
vectors.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVCQh6ha_3IzYI0cKrbEhTlcqEi-dP7EpHDfj77jVxWD_il_46S3f4lUXfI1tLOEK6Og5BFGp_0YGcRvuJ4yDoAsIgzcX-2BTSyPAnM78QN0jEtK57ULHpJMYEuqQ8keWEwSrlinPGr2E/w976-h549/waf.png)
How Web Application Firewall (WAF) work ?
Web
application firewalls are designed to be placed on the application
layer, acting as a two-way gatekeeper, and analyzes the HTTP/HTTPS
traffic going in and leaving the application; the WAF will then take
action whenever it detects malicious traffic. A benefit of WAFs is that
they function independently from the application, but can constantly
adjust to application behavior changes. That way introducing a new
feature in the application will not result in thousands of false
positive detections that would have been caused by a new application
of data flows.
A WAF can be placed on a dedicated physical
server and although it is often thought of as a stand-alone application,
it can also be integrated with other networking components. WAF can be
set to different levels of scrutiny, usually on a scale from low to
high, and this allows the WAF to provide better levels of security and
mitigation for the web application depending on your needs
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPU5-rmgHQXWx-IBeBUWi93ItEMmDvwOj37eXr60gOGP2taBq_3Uqdo9ultCsQCxitgBC-em_OXpBSZ4NQb0QRZF10-lCGyBB110ZvyI4rlnbGQIzCopqDfCJk0Z1inagKtAIEltokyxA/w781-h391/1+JpeuClKZ6J63gY8tMJrKyA.png)
What is Blocklist, Allowlist and Hybrid WAFs?
A WAF that operates based on a blocklist (negative security model) protects against known attacks. Think of a blocklist WAF as a club bouncer instructed to deny admittance to guests who don’t meet the dress code. Conversely, a WAF based on an allowlist (positive security model) only admits traffic that has been pre-approved. This is like the bouncer at an exclusive party, he or she only admits people who are on the list. Both blocklists and allowlists have their advantages and drawbacks, which is why many WAFs offer a hybrid security model, which implements both. The hybrid model, as the name implies, utilizes both the blacklist and whitelist models.
Types of web application firewalls
Network-based web application firewall:
Network-based
web application firewalls (NWAF) are traditionally hardware based and
provide latency reduction benefits due to the local installation; this
means the NWAF is installed close to the application server and is easy
to access. Additionally, NWAFs provide rule and setting replication in
many instances, which means that deployment across medium or large-scale
organizations is feasible; cost is usually the most significant
drawback.
Host-based web application firewall:
Host-based
web application firewalls (HWAF) exist as modules for a web-server. It
is a significantly cheaper solution compared to hardware-based WAFs,
which are meant for small web-applications. Most of the software WAFs
are made to be easily integrated with popular web servers. However,
since host-based WAF will drain your application server resources, that
can result in performance problems. Also keep in mind that some types of
web server attacks can go around WAF and disable its functions “from
inside” – for example, when a malicious file was injected on the server
directly through unsecured file transfer channels.
Cloud-based web application firewall:
Cloud-based
web application firewalls provide similar benefits as other
software-based WAF solutions, such as the low cost and the lack of
on-premises resources that you must manage. Cloud-based solutions are an
excellent choice when you don’t want to limit yourself with performance
capabilities or are aiming to avoid a system that requires maintenance.
Cloud service providers can offer unlimited hardware pool with
competent setup and support. But at some point, the service fees might
grow pretty steep or you will reach the point when you need a powerful
custom solution based on your physical appliance.
Till now we have gone through a lot of things and now i will talk about some security related things of WAFs
A web application firewall (WAF) protects the application layer and is specifically designed to analyze each HTTP/S request at the application layer. It is typically user, session, and application aware, cognizant of the web apps behind it and what services they offer. Because of this, you can think of a WAF as the intermediary between the user and the app itself, analyzing all communications before they reach the app or the user. Traditional WAFs ensure only allowed actions (based on security policy) can be performed. For many organizations, WAFs are a trusted, first line of defense for applications, especially to protect against the OWASP Top 10—the foundational list of the most seen application vulnerabilities. This Top 10 currently includes:
- Injection attacks
- Broken Authentication
- Sensitive data exposure
- XML External Entities (XXE)
- Broken Access control
- Security misconfigurations
- Cross Site Scripting (XSS)
- Insecure Deserialization
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0xKIflkG2o6H42P3nr6fDrJPtGJn8wc1TfxlvXbn1nMFwFhjVj-j3npyGdk3DLqL_SmxFpbnecuRJmFykEhnUPoHlvR5yBAPlWqYZTr6NRAlHTa9XLQv2blsO-Q5Zjb-mAyLUzuHuEew/w781-h486/firewall_www.hackthesec.co.in.jpg)
The different ways to deploy a WAF
A WAF can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud-based, option or do you want your WAF to sit on-premises? How you want to deploy will help determine what WAF is right for you. Below are your options
WAF Deployment Modes:
• Cloud-based + Fully Managed as a Service—this is a great option if you require the fastest, most hassle-free way to get WAF in front of your apps (especially if you have limited in-house security/IT resources).
• Cloud-based + Self Managed—get all the flexibility and security policy portability of the cloud while still retaining control of traffic management and security policy settings.
• Cloud-based + Auto-Provisioned—this is the easiest way to get started with a WAF in the cloud, deploying security policy in an easy, cost-effective way.
• On-premises Advanced WAF (virtual or hardware appliance)—this meets the most demanding deployment requires where flexibility, performance and more advanced security concerns are mission critical.
As we are going further, we are heading towards the end of the article, and now i will just tell you some about advance web application firewalls
In the early 1990s, a network-based firewall was developed that could specifically protect FTP traffic. This was the beginning of firewalls being able to control access to applications or services and as we are getting more advance in technologies, the attackers are also getting more advanced, nowadays they are sending a special type of traffic that seems like a legit one but its comes out to be a attack. So therefore we should also have some advanced web application firewalls and many service provide this type of Web Application Firewall (i just put this extra paragraph for some extra knowledge)......... :)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4YtCmSgQXr5Bg9nxEfku-Eso7RhNv9OmAABfg0wTUTtdDRZwNjREOCmc4tVnpDRwx8rFtLE2RneJemtOUvhq5kxowPc0hUGlhkObMHk-qaaDiu5JSHkCC9EmhTtmEp2cTujuB9WMQLp4/w781-h533/17-sucuri-protection-icon%25402.png)
Web application firewalls provide an intelligent response, based on web security settings, to potential threats that can impact your network. WAFs are designed to help protect your network from potential threats that have yet to be identified, which means that implementing this solution can protect your organization from 0-day threats, security vulnerabilities, SQL injections, cross-site scripting attacks, and other types of threats.
Well-developed WAFs also engage in mitigation actions when bot attacks or excessive traffic events occur. WAF will keep “clean” application traffic while simultaneously defending all the malicious data flows.
STAY TUNED FOR MORE INTERESTING ARTICLES AND FREE STUFF.............AND PLEASE COMMENT AND TELL WHAT KIND OF TOPICS YOU ALL LIKE !!!........... :)
Comments
Post a Comment