Web Application Firewalls

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
>> Hi and welcome to Module 2 lesson 5.
00:00
In this lesson, we're going to talk
00:00
about the application layer.
00:00
An application is just a program that performs
00:00
a task or a set of tasks.
00:00
I have a picture of a mobile phone here,
00:00
but applications don't all have to be mobile apps.
00:00
It can be any application
00:00
that runs on an operating system
00:00
or independently that performs some set of task.
00:00
An operating system itself is actually an application.
00:00
Web Application Firewalls are one of
00:00
the primary control mechanisms,
00:00
defensive controls that we use at the application layer.
00:00
They use the OWASP Top
00:00
10 to understand vulnerabilities in the environment.
00:00
They use a lot of other things too,
00:00
but this is one of the things that they use.
00:00
Remember the OWASP Top 10 we talked about in
00:00
the vulnerability module early on in the course,
00:00
and it stands for Open Web Application Security Project.
00:00
It's just the top list of
00:00
common vulnerabilities that are built
00:00
into applications or software.
00:00
Network firewalls operate at layers three and four.
00:00
They're more of that network layer.
00:00
They're going to look at IP addresses and ports,
00:00
and then they're going to make restriction
00:00
decisions based on that.
00:00
But web application firewalls operate at layer 7.
00:00
They're going to dive deeper into
00:00
that session that's coming across,
00:00
they're not going to look at just the
00:00
source and destination IP.
00:00
They're going to look deeper
00:00
into that packet to understand if
00:00
it's a legitimate request that's
00:00
going to that application.
00:00
Web application firewalls work in conjunction
00:00
with network firewalls for full protection.
00:00
We're going to take a look at how that works.
00:00
Let's take a look at
00:00
a vulnerability that we haven't talked about yet.
00:00
We're going to say that this is Bob.
00:00
This vulnerability that I'm going to talk about
00:00
is called cross-site scripting.
00:00
It's one of the vulnerabilities that
00:00
web application firewalls can protect us against.
00:00
We're going to say we get our user Bob here
00:00
and we've used Bob throughout this course.
00:00
I think Bob did some SQL injection early in the course,
00:00
but this time he learned a new trick.
00:00
He learned about cross-site scripting.
00:00
This is how cross-site scripting works.
00:00
Let's say initially, Bob is going to
00:00
connect to maybe a classified ad,
00:00
maybe Craigslist or whatever
00:00
that is that's going to allow
00:00
him to list some classified he wants to sell his boat.
00:00
He's going to connect to this web application
00:00
and instead of typing in,
00:00
he's got a text field where he can type as ad.
00:00
But instead of typing just text,
00:00
he's going to put some HTML in
00:00
there and the site is going to allow him to do it.
00:00
Here is HTML code,
00:00
the tags that I have highlighted in red
00:00
here are essentially just saying,
00:00
"I want to bold and make the color red,
00:00
this particular texts that I'm about to type."
00:00
In this particular string,
00:00
Bob's going to write the word brand new boat for sale.
00:00
But the words brand-new are going to be in
00:00
bold red because he used
00:00
this tag in the text field on the site.
00:00
Now when he places his ad and
00:00
someone goes out and
00:00
sees his ad or looking for a new boat,
00:00
what they're going to see is the words
00:00
brand-new in bold red,
00:00
brand new boat for sell, no harm, no foul.
00:00
But then we know Bob, he likes to tinker a little bit,
00:00
so he's going to say, well,
00:00
if it lets me put HTML tags in,
00:00
would it let me put a script tag into the field.
00:00
I'm still going to add HTML,
00:00
but this time I'm going to add a script tag
00:00
instead of a bold tag,
00:00
and I'm going to call a malicious JavaScript.
00:00
Bob tries again, he puts it in the field and he puts
00:00
a malicious JavaScript with
00:00
the ad title of just free boat,
00:00
our unsuspecting end-user,
00:00
all they're going to see is free boat.
00:00
When they open that ad and read
00:00
the text free boat, that's all they're going to see.
00:00
But in the background, that malicious JavaScript that
00:00
Bob injected with that tag is going to
00:00
be running and it could
00:00
inject something or install something
00:00
on that end user's workstation unsuspectingly.
00:00
Web application firewalls can
00:00
protect us against this type of attack.
00:00
Let's say we own
00:00
the website where the classified ad is being hosted.
00:00
We can put a firewall in place,
00:00
or stand a network firewall in place,
00:00
and when Bob tries to connect to the website,
00:00
it's going to look like a regular HTTP connection.
00:00
It's going to be coming from
00:00
a specific IP address on a specific port,
00:00
and our network firewall is going to say,
00:00
"HTTP traffic, we allow
00:00
it to that server, so we're going to allow it."
00:00
Bob is going to be able to pass through and he's
00:00
going to be able to conduct his attack
00:00
if the application is written poorly
00:00
and is susceptible to that type of attack.
00:00
But if we put a web application firewall in
00:00
place in conjunction with the network firewall,
00:00
it gives us another layer of protection.
00:00
This time when Bob comes through,
00:00
he's going to hit
00:00
the network firewall and it's the same thing.
00:00
The network firewall is going to say it
00:00
looks like a valid request to HTTP,
00:00
its port 80, it's good.
00:00
You come in from a certain IP address that we
00:00
allow, so he's going to allow it.
00:00
But then when the network firewall passes
00:00
it off to the web application firewall,
00:00
the application firewall is going to dig a lot
00:00
deeper than just source destination port and IP.
00:00
Is going to actually look into the layer
00:00
7 information in that session,
00:00
and it's going to be able to read
00:00
that script tag that Bob's trying to inject.
00:00
It's going to identify it as
00:00
a cross-site scripting attack
00:00
and it's going to block the traffic right there so that
00:00
that particular post can
00:00
never get to our backend website.
00:00
This is just an example of how
00:00
a web application firewall works.
00:00
There's many different ones,
00:00
but I want to give at least one example.
00:00
But essentially that web application firewall is going to
00:00
be layer 7 protection that can be
00:00
used in conjunction with
00:00
our network firewalls for fully protecting
00:00
an environment if we have
00:00
an improper application written
00:00
on the back end and has a vulnerability.
00:00
It's just another defense
00:00
in depth mechanism that we can use.
00:00
That's it for web application firewalls,
00:00
next up we're on a real quick lesson on DevSecOps.
Up Next