Web Application Firewall

November 28, 2018 | Views: 2712

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


The new age security growing under different aspects, the spotlight are direct now to the Web Application Firewall (or WAF) filters for monitors, and blocks HTTP traffic to and from a web application, the proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch and Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web application

WAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily.

My paper presents an overview of technical specifications and aspects of what and how WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. WAS scope-based on the main feature based on inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, example for SQL injectioncross-site scripting (XSS), file inclusion, and security misconfigurations basis collected as security breach

Web Application Firewall becomes one of the main platforms for the attackers to gain access to the system. In order to protect web application, the administrator can deploy WAF. The main functionality of WAF is to protect the web application from attacks or intrusions and WAF inspects both incoming and outgoing traffic to a web server and the concept of intrusion detection is widely covered under IDS and IPS.

The top 10 ten web application hacking techniques and laid the foundations for the WAF market are: [Hidden field manipulation – Cookie poisoning – Parameter tampering – Buffer overflow – Cross Site Scripting (XSS) – Backdoor or Debug options – Stealth commanding – Forced browsing – Third party misconfigurations – Known vulnerabilities]

The WAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems,  based on Layer 7 web application logic and filter out potentially harmful traffic.

This are provided thought “Appliances” “Clouds” “Open Source Options” as possible solutions. The possible implementable scenario is based on the follow opportunities:
Network-based WAFs Most major network-based WAF vendors allow replication of rules and settings across multiple appliances, thereby making large scale deployment and configuration possible, are usually hardware-based and can reduce latency because they are installed locally.

Host-based WAFs The benefits of application-based WAF implementation include low cost and increased customization options. Application-based WAFs can be a challenge to manage because they require local libraries and depend upon local server resources to run effectively

Cloud-hosted WAFs Cloud WAFs are easy to deploy, are available on a subscription basis and often require only a simple DNS change to redirect application traffic although it can be challenging to place responsibility for filtering an organization’s web application traffic with a third-party provider, the strategy allows applications to be protected across a broad spectrum of hosting locations and use similar policies to protect against application layer attacks.

A signature-based WAF is a set of rules to identify the attacks, either known or unknown, the process based on WAF methodology is identifying the attacks that are known as negative security or blacklisting model rules, or configuration based rules.

Test scenarios are provided by WAF products offer various deployment options that may impact their ability to provide adequate security effectiveness:

  • Transparent bridge
  • Transparent reverse proxy
  • Reverse proxy
  • Not in-line deployment options:
    • Passive

Following are the critical “breaking points” for WAF solution:

  • Excessive concurrent TCP connections:Unacceptable increase in open connections on the server-side
  • Excessive response time for HTTP transactions: Excessive delays and increased response time to client
  • Unsuccessful HTTP transactions:Normally, there should be zero unsuccessful transactions

The Difference Between Positive VS Negative WAF “Positive Model WAF” looks to allow access to specific characters or via specific rules.
This means that each rule added provides greater access and conversely having no rules in place will block everything by default, “Negative Model WAF” works on the premise that most attackers are using exploits that have already been uncovered.

Positive and Negative Models
Positive model:

  • You decide what is valid, everything else is blocked
  • Pros: Much Better protection compared to Negative Model
  • Cons: Requires “Whitelisting”in order to not block legitimate visitors

Negative Model:

  • You decide what is not valid and allow everything else
  • Pros: Easier to implement in most cases
  • Cons: You are vulnerable to any vectors (zero day attacks) that don’t have signatures in your WAF.

Web Application Firewall Implementation Hardware Vs. Software

  • WAFs are usually cheaper and more flexible and appliances, however, are typically easier to install and configure, partly because their operating system has already been hardened.
  • If you opt for a software-based product, choose one that works on a platform that your IT staff is familiar with

The aspect of WAF implementation is important to consider scalability and performance when evaluating software options.

As an example, some devices may be limited as to how many transactions per hour they can handle and other appliances may have restricted bandwidths. This will produce a simple outcome. If planning and increasing Web activity, scalable and flexible firewall is a crucial point to consider mandatory. That seems a newer, faster and unpredictable reality for our cyber defense borders, but we are not alone. Advocates standards for Web application security Web Application Security Consortium (WASC) was creates and the group has developed the Web Application Firewall Evaluation Criteria (WAFEC) for comparisons, and any reasonably skilled technician can use their testing methodology to independently assess the quality of a WAF product.
PL-Y

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
  1. Nice job..
    most of the waf also has positive security models…

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel