Skip to main content

What Is Web Application Firewalls (WAF's) ?

A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors. 

 

How Web Application Firewall (WAF) work ?

Web application firewalls are designed to be placed on the application layer, acting as a two-way gatekeeper, and analyzes the HTTP/HTTPS traffic going in and leaving the application; the WAF will then take action whenever it detects malicious traffic. A benefit of WAFs is that they function independently from the application, but can constantly adjust to application behavior changes. That way introducing a new feature in the application will not result in thousands of false positive   detections that would have been caused by a new application of data flows.
 
A WAF can be placed on a dedicated physical server and although it is often thought of as a stand-alone application, it can also be integrated with other networking components. WAF can be set to different levels of scrutiny, usually on a scale from low to high, and this allows the WAF to provide better levels of security and mitigation for the web application depending on your needs



What is Blocklist, Allowlist and Hybrid WAFs?

A WAF that operates based on a blocklist (negative security model) protects against known attacks. Think of a blocklist WAF as a club bouncer instructed to deny admittance to guests who don’t meet the dress code. Conversely, a WAF based on an allowlist (positive security model) only admits traffic that has been pre-approved. This is like the bouncer at an exclusive party, he or she only admits people who are on the list. Both blocklists and allowlists have their advantages and drawbacks, which is why many WAFs offer a hybrid security model, which implements both. The hybrid model, as the name implies, utilizes both the blacklist and whitelist models.

 

 Types of web application firewalls  

Network-based web application firewall:
Network-based web application firewalls (NWAF) are traditionally hardware based and provide latency reduction benefits due to the local installation; this means the NWAF is installed close to the application server and is easy to access. Additionally, NWAFs provide rule and setting replication in many instances, which means that deployment across medium or large-scale organizations is feasible; cost is usually the most significant drawback.


Host-based web application firewall:
Host-based web application firewalls (HWAF) exist as modules for a web-server. It is a significantly cheaper solution compared to hardware-based WAFs, which are meant for small web-applications. Most of the software WAFs are made to be easily integrated with popular web servers. However, since host-based WAF will drain your application server resources, that can result in performance problems. Also keep in mind that some types of web server attacks can go around WAF and disable its functions “from inside” – for example, when a malicious file was injected on the server directly through unsecured file transfer channels.


Cloud-based web application firewall:
Cloud-based web application firewalls provide similar benefits as other software-based WAF solutions, such as the low cost and the lack of on-premises resources that you must manage. Cloud-based solutions are an excellent choice when you don’t want to limit yourself with performance capabilities or are aiming to avoid a system that requires maintenance. Cloud service providers can offer unlimited hardware pool with competent setup and support. But at some point, the service fees might grow pretty steep or you will reach the point when you need a powerful custom solution based on your physical appliance.

 

Till now we have gone through a lot of things and now i will talk about some security related things of WAFs  

 

A web application firewall (WAF) protects the application layer and is specifically designed to analyze each HTTP/S request at the application layer. It is typically user, session, and application aware, cognizant of the web apps behind it and what services they offer. Because of this, you can think of a WAF as the intermediary between the user and the app itself, analyzing all communications before they reach the app or the user. Traditional WAFs ensure only allowed actions (based on security policy) can be performed. For many organizations, WAFs are a trusted, first line of defense for applications, especially to protect against the OWASP Top 10—the foundational list of the most seen application vulnerabilities. This Top 10 currently includes:

  • Injection attacks
  • Broken Authentication
  • Sensitive data exposure
  • XML External Entities (XXE)
  • Broken Access control
  • Security misconfigurations
  • Cross Site Scripting (XSS)
  • Insecure Deserialization

 

The different ways to deploy a WAF

A WAF can be deployed in several ways—it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud-based, option or do you want your WAF to sit on-premises? How you want to deploy will help determine what WAF is right for you. Below are your options

WAF Deployment Modes:

 •  Cloud-based + Fully Managed as a Service—this is a great option if you require the fastest, most hassle-free way to get WAF in front of your apps (especially if you have limited in-house security/IT resources).
• Cloud-based + Self Managed—get all the flexibility and security policy portability of the cloud while still retaining control of traffic management and security policy settings.
• Cloud-based + Auto-Provisioned—this is the easiest way to get started with a WAF in the cloud, deploying security policy in an easy, cost-effective way.
• On-premises Advanced WAF (virtual or hardware appliance)—this meets the most demanding deployment requires where flexibility, performance and more advanced security concerns are mission critical.
 

 

 As we are going further, we are heading towards the end of the article, and now i will just tell you some about advance web application firewalls

 

In the early 1990s, a network-based firewall was developed that could specifically protect FTP traffic. This was the beginning of firewalls being able to control access to applications or services and as we are getting more advance in technologies, the attackers are also getting more advanced, nowadays they are sending a special type of traffic that seems like a legit one but its comes out to be a attack. So therefore we should also have some advanced web application firewalls and many service provide this type of Web Application Firewall (i just put this extra paragraph for some extra knowledge)......... :)

 Web application firewall benefits and conclution

 Web application firewalls provide an intelligent response, based on web security settings, to potential threats that can impact your network. WAFs are designed to help protect your network from potential threats that have yet to be identified, which means that implementing this solution can protect your organization from 0-day threats, security vulnerabilities, SQL injections, cross-site scripting attacks, and other types of threats.
 
Well-developed WAFs also engage in mitigation actions when bot attacks or excessive traffic events occur. WAF will keep “clean” application traffic while simultaneously defending all the malicious data flows.

 

STAY TUNED FOR MORE INTERESTING ARTICLES AND FREE STUFF.............AND PLEASE COMMENT AND TELL WHAT KIND OF TOPICS YOU ALL LIKE !!!........... :)

Comments

Post a Comment

Popular posts from this blog

Configuring ModSecurity Web Application Firewall

ModSec is an open-source web application firewall which was designed for the apache server initially but now can be used for other different servers as well.ModSecurity is also known as ModSec and can filter HTTP requests and responses based on defined filtering rules. We will use the OWASP ModSecurity CORE RULE SET (CRS) here. We can also define our custom rules but that is a different topic.  Here is an illustration of how to configure a ModSec firewall using apache2. I have just created a simple PHP page that will be used to verify credentials. Put this page in /var/www/html/login.php Here is the page login.php: <html> <body> <?php if(isset($_POST[‘login’])) { $username = $_POST[‘username’]; $password = $_POST[‘password’]; $connection = mysqli_connect(‘localhost’,’root’,’test’,’testdb’); $result = mysqli_query($connection, “SELECT * FROM `users` WHERE username=’$username’ AND password=’$password’”); if(mysqli_num_rows($result) == 0) echo ‘Wrong Credentia
Post a Comment
Read more

What Is Cryptography ?

  Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. The prefix "crypt-" means "hidden" or "vault" -- and the suffix "-graphy" stands for "writing."   Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration, but can also be used for user authentication. Modern cryptography concerns itself with the following four objectives:   •  Confidentiality : the information cannot be understood by anyone for whom it was unintended •  Integrity : the information cannot be altered in storage or transit between sender and intended receiver without the alterati
Post a Comment
Read more

How Internet Works ?

what is a protocol? A protocol is a set of rules specifying how computers should communicate with each other over a network. For example, the Transport Control Protocol has a rule that if one computer sends data to another computer, the destination computer should let the source computer know if any data was missing so the source computer can re-send it. Or the Internet Protocol which specifies how computers should route information to other computers by attaching addresses onto the data it sends.   What’s a packet? Data sent across the Internet is called a message. Before a message is sent, it is first split in many fragments called packets. These packets are sent independently of each other. The typical maximum packet size is between 1000 and 3000 characters. The Internet Protocol specifies how messages should be packetized.   What’s a packet routing network? It is a network that routes packets from a source computer to a destination computer. The Internet is made up of a massive ne
Post a Comment
Read more