Ready to Start Your Career?
November 28, 2018
Web Application Firewall
November 28, 2018
The new age security growing under different aspects, the spotlight are direct now to the Web Application Firewall (or WAF) filters for monitors, and blocks HTTP traffic to and from a web application, the proliferation of web application and the pervasiveness of mobile technology make web-based attacks even more attractive and even easier to launch and Web Application Firewall (WAF) is an intermediate tool between web server and users that provides comprehensive protection for web applicationWAF is a negative security model where the detection and prevention mechanisms are based on predefined or user-defined attack signatures and patterns. However, WAF alone is not adequate to offer best defensive system against web vulnerabilities that are increasing in number and complexity daily. My paper presents an overview of technical specifications and aspects of what and how WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. WAS scope-based on the main feature based on inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, example for SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations basis collected as security breachWeb Application Firewall becomes one of the main platforms for the attackers to gain access to the system. In order to protect web application, the administrator can deploy WAF. The main functionality of WAF is to protect the web application from attacks or intrusions and WAF inspects both incoming and outgoing traffic to a web server and the concept of intrusion detection is widely covered under IDS and IPS. The top 10 ten web application hacking techniques and laid the foundations for the WAF market are: [Hidden field manipulation – Cookie poisoning – Parameter tampering – Buffer overflow – Cross Site Scripting (XSS) – Backdoor or Debug options – Stealth commanding – Forced browsing – Third party misconfigurations – Known vulnerabilities]The WAFs are not an ultimate security solution, rather they are meant to be used in conjunction with other network perimeter security solutions such as network firewalls and intrusion prevention systems, based on Layer 7 web application logic and filter out potentially harmful traffic.This are provided thought “Appliances” “Clouds” “Open Source Options” as possible solutions. The possible implementable scenario is based on the follow opportunities:Network-based WAFs Most major network-based WAF vendors allow replication of rules and settings across multiple appliances, thereby making large scale deployment and configuration possible, are usually hardware-based and can reduce latency because they are installed locally.Host-based WAFs The benefits of application-based WAF implementation include low cost and increased customization options. Application-based WAFs can be a challenge to manage because they require local libraries and depend upon local server resources to run effectivelyCloud-hosted WAFs Cloud WAFs are easy to deploy, are available on a subscription basis and often require only a simple DNS change to redirect application traffic although it can be challenging to place responsibility for filtering an organization’s web application traffic with a third-party provider, the strategy allows applications to be protected across a broad spectrum of hosting locations and use similar policies to protect against application layer attacks.A signature-based WAF is a set of rules to identify the attacks, either known or unknown, the process based on WAF methodology is identifying the attacks that are known as negative security or blacklisting model rules, or configuration based rules.Test scenarios are provided by WAF products offer various deployment options that may impact their ability to provide adequate security effectiveness:
- Transparent bridge
- Transparent reverse proxy
- Reverse proxy
- Not in-line deployment options:
- Excessive concurrent TCP connections:Unacceptable increase in open connections on the server-side
- Excessive response time for HTTP transactions: Excessive delays and increased response time to client
- Unsuccessful HTTP transactions:Normally, there should be zero unsuccessful transactions
- You decide what is valid, everything else is blocked
- Pros: Much Better protection compared to Negative Model
- Cons: Requires “Whitelisting”in order to not block legitimate visitors
- You decide what is not valid and allow everything else
- Pros: Easier to implement in most cases
- Cons: You are vulnerable to any vectors (zero day attacks) that don’t have signatures in your WAF.
- WAFs are usually cheaper and more flexible and appliances, however, are typically easier to install and configure, partly because their operating system has already been hardened.
- If you opt for a software-based product, choose one that works on a platform that your IT staff is familiar with