Web Application Firewall

Web application Firewall( WAF) is used to filter, block and monitor traffic. It is important to use WAF in protecting web applications from attack
Web application firewall

What is a Web Application Firewall (WAF)?

A web application firewall is used to filter, block, or monitor inbound and outbound web application HTTP traffic

Web application firewalls (WAFs) are purpose-built devices, software, or services that provide content and protocol-aware firewall and technical protections for web applications.

They are protective devices, and they provide defenses against common types of attacks using rulesets and specialized capabilities aimed at web applications such as SQL injection, cross-site scripting, and inspection capabilities for SSL, JSON, and other web-centric technologies.

In addition, WAFs can be used to provide protection against zero-day attacks that are not patched but that have known attack profiles by building custom rules that address the exploit.

A WAF can be placed on a dedicated physical server and although it is often thought of as a stand-alone application, it can also be integrated with other networking components.

WAF can be set to different levels of scrutiny, usually on a scale from low to high, and this allows the WAF to provide better levels of security and mitigation for the web application depending on your needs. There is also regulatory standards for WAFs, such as the Payment Card Industry Data Security Standard (PCI DSS) or the Health Insurance Portability and Accountability Act of 1996 (HIPAA). – Positive Technologies

How Does a WAF Work?

A WAF analyzes Hypertext Transfer Protocol (HTTP) requests and applies a set of rules that define what parts of that conversation are benign and what parts are malicious. The main parts of HTTP conversations that a WAF analyzes are GET and POST requests. GET requests are used to retrieve data from the server, and POST requests are used to send data to a server to change its state.

A WAF can take two approaches to analyzing and filtering the content contained in these HTTP requests or a hybrid combination of the two:

A WAF can take two approaches to analyzing and filtering the content contained in these HTTP requests or a hybrid combination of the two:

Whitelisting: A whitelisting approach means that the WAF will deny all requests by default and allow only requests that are known to be trusted. It provides a list of what IP addresses are known to be safe. Whitelisting is less resource-intensive than blacklisting. The downside of a whitelisting approach is that it may unintentionally block benign traffic. While it casts a wide net and can be efficient, it may also be imprecise.

Blacklisting: A blacklisting approach defaults to letting packets through and uses preset signatures to block malicious web traffic and protect vulnerabilities of websites or web applications. It is a list of rules that indicate malicious packets. Blacklisting is more appropriate for public websites and web applications since they receive a lot of traffic from unfamiliar IP addresses that aren’t known to be either malicious or benign.

The downside of a blacklisting approach is that it is more resource-intensive; it requires more information to filter packets based on specific characteristics, as opposed to defaulting to trusted IP addresses.

Hybrid security: A hybrid security model uses elements of both blacklisting and whitelisting.

Types of Web Application Firewalls

There are different type of web application firewalls .If you are planning to implement a web application firewall, make sure you consider whether it can integrate with your existing tools.

Network-Based WAF

A network-based WAF is typically hardware-based. The main advantage is a reduction in latency owing to their local installation. Since rules and settings can be replicated across different appliances, network-based WAFs are suitable for enterprise use. The downside of a network-based WAF is the costs associated with the purchase, storage, and maintenance of physical equipment; this is the most expensive option.

Host-based WAFs

Host based WAFs are price friendly than a network-based WAF, a host-based WAF is one integrated into an application’s software – which are meant for small web-applications.it may be fully integrated into the application code itself.

Most of the software WAFs are made to be easily integrated with popular web servers. However, since host-based WAF will drain your application server resources, that can result in performance problems. Also keep in mind that some types of web server attacks can go around WAF and disable its functions “from inside” – for example, when a malicious file was injected on the server directly through unsecured file transfer channels.

Cloud-Based WAF

A cloud-based WAF provides the easiest implementation experience. Cloud WAFs are easy to deploy, are available on a subscription basis and often require only a simple domain name system (DNS) or proxy change to redirect application traffic.

Unlike a network-based WAF, there is no upfront hardware cost. Instead, there is a monthly or annual service charge. The downside is the lack of control. With a cloud-based WAF, a third-party controls security and may or may not make certain features available. The implementation is fast and straightforward, but there is a lack of customization possibility as compared to a host-based WAF.

Cloud-based solutions are an excellent choice when you don’t want to limit yourself with performance capabilities or are aiming to avoid a system that requires maintenance. Cloud service providers can offer unlimited hardware pool with competent setup and support. But at some point, the service fees might grow pretty steep or you will reach the point when you need a powerful custom solution based on your physical appliance.

Total
0
Shares
Prev
Breach of Nigeria Data Protection Regulation by LIRS
NITDA issues license to DPCO

Breach of Nigeria Data Protection Regulation by LIRS

The Lagos state government have violated the Nigerian Data Protection Regulation

Next
A Decade of Cybersecurity In Nigeria

A Decade of Cybersecurity In Nigeria

There have been a growth in the cyber-security landscape in Nigeria over the

You May Also Like