Web Application Firewalls

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

4 hours 25 minutes
Video Transcription
hi and welcome to module to Lessen five. And this lesson. We're gonna talk about the application layer.
An application is just a program that performs a task or a set of tasks. You know, I have a picture of a mobile phone here, but applications don't all have to be mobile APS. It could be any application that runs on operating system or independently. That perform some set of task and operating system itself is actually an application
Web application. Firewall Zehr One of the primary control mechanisms defensive controls that we use at the application layer
Web application. Firewalls operate. They use Theo loss Top 10 toe. Understand vulnerabilities in the environment. They use a lot of other things, too, but this is one of the things that they use. Remember the OAS Top 10 we talked about in the Vulnerability module early on in the course, and it stands for open Web application Security project,
and it just does that
top list of common vulnerabilities that are built into applications or software.
Now, network firewalls operated layers three and four eso there more of that network layer. They're gonna look at I P addresses and ports and they're gonna make restriction decisions based on that. But we have application firewalls operate at layer seven,
so they're going to dive deeper into that session that's coming across. They're not gonna look at just the source and destination I p.
They're gonna look deeper into that packet to understand if it's a legitimate request that's going to that application.
Web application Firewalls work in conjunction with network firewalls for full protection.
We're gonna take a look at how that works.
So let's take a look at a vulnerability that we haven't talked about yet. We're going to say that this is Bob. This vulnerability that I'm going to talk about is called cross site scripting, and it's one of the vulnerabilities that Web application firewalls can protect us against.
We're going to say we get our user Bob here, and you know, we've used Bob throughout this course. I think Bob did some sequel injection early in the course, but this time he learned a new trick. He learned about cross site scripting.
So this is how cross site scripting works.
Let's say initially Bob is gonna connect to ah, maybe a classified ad, maybe Craigslist or whatever that is that's going to allow him to list some sort of classified. He wants to sell his boat
so he's gonna connect to this Web application. And instead of typing in, you know, he's got a text field where he can type his ad. But instead of typing just text, he's gonna put some HTML in there, and the site's gonna allow him to do it. So the HTML code, the tags that I have highlighted and red here are essentially just saying I want Oh, I want a bold
and make the color red this particular text that I'm about to type. So in this particular string,
Bob's going to write the word boat for sale Brand new boat for sale. But the words brand new. We're gonna be in bold red
because he used this tag in the in the text field on the site.
Now, when he places his ad and someone looks at his at his, someone goes out and seizes, add, they're looking for a new boat. What they're going to see is the words brand new in bold red brand new boat for cell,
no harm, no foul.
But then we know Bob. He likes to. He likes to tinker a little bit. So he's gonna say, OK, well, if it lets me put html tags in, would it let me put a script tag into the field? Right. So I'm still gonna add HTML. But this time I'm gonna add a script tag instead of a bold tag, and I'm gonna call a malicious JavaScript. So Bob tries again. He
puts it in the field and, you know, he puts a malicious JavaScript with the with the
add title of just free boat,
our unsuspecting in user all they're going to see this free boat when they open that ad and read the text free boat. That's all they're gonna see. But in the background, that malicious javascript that Bob injected with that tag is gonna be running. And it could inject something or install something on that in user's workstation unsuspectingly.
Web application firewalls can protect us against this type of attack. Let's say Bob, let's say we own the website where the classified ad is being is being hosted. We can put a firewall in place. Are standard network firewall in place. And when Bob tries to connect to the Web site. It's gonna look like a regular http connection.
He's gonna be coming from a specific I P address on a specific port,
and our network firewall is going to say Yep. Http traffic, we allow it to that server, so we're gonna allow it. Bob's gonna be able to pass through, and he's gonna be able to conduct his attack if the application is written poorly and is susceptible to that type of attack.
But if we put a Web application firewall in place in conjunction with the network firewall, it gives us another layer of protection
this time when when Bob comes through, he's gonna hit the network firewall. And it's the same thing the network firewall is going to say. Yep, it looks like a valid request. It's http. Its port 80. It's good you coming from a certain I P address that we allow,
so he's gonna allow it. But then, when the network firewall passes it off to the Web application firewall, the application firewall is going to dig a lot deeper than just source destination. Port Ni P. It's gonna actually look into the Layer seven information in that session, and it's going to be able to read that script tag that Bob's trying to inject.
It's going to identify it as a an attack as a cross site scripting attack,
and it's gonna block the traffic right there so that that particular post can never get to our back in website.
So this is just an example of how a Web application firewall works. There's many different ones, but I want to give at least one example. But essentially, that Web application firewall is gonna be layer seven protection that could be used in conjunction with our network firewalls for fully protecting an environment.
If we have a nim proper application written on the back end, it has a vulnerability.
It's just another defense in depth mechanism that we can use.
That's it for of application firewalls. Next up, we had a real quick lesson on Dev. SEC Ops
Up Next