Web Application Firewall (WAF) is a barricade within client and server. What does a web application firewall do? The purpose of WAF is to monitor, filter, sanitize or block malicious requests to the web application. It runs in the application layer, which is the 7th layer of OSI, and aims to protect web applications against attacks. It is usually positioned between the web application and the client. Web Application Firewall is similar to a reverse proxy in terms of its location between the web application and the client. Web Application Firewall comes in three types: network-based, host-based, and cloud-based. The use of WAF is mandatory in some standards, and one of the most important of these standards is the PCI Data Security Standard.
It prevents incoming attacks by analyzing incoming network traffic to the webserver/web application according to the rules and policies. It is recommended that the selected WAF should be able to detect the attack types on the OWASP list: SQL Injection, Cross-Site Scripting, Command Injection, Local File Inclusion, Remote File Inclusion, Buffer Overflow, Brute-Force Attacks, Cookie-Session Poisoning, Session Hijacking, Sensitive Data Leaks, Server Misconfiguration, Well-Known Vulnerabilities, Form and Hidden Field Manipulation, Parameter Tampering, and File Upload Vulnerabilities.
A Web Application Firewall can be implemented in three different ways, each with its benefits and shortcomings:
Usually software-based and can easily integrate with web servers. In terms of price, it is more suitable than Network-Based Web Application Firewalls.
Usually hardware-based and installed as a separate physical device. It requires maintenance costs and physical hardware storage. Therefore, it is expensive compared to other Web Application Firewall types.
Offers an affordable and simple setup. It is received as a service from a third party with monthly and annual payments. It can offer a constantly updated solution to protect against the latest threats without any additional work or cost from the user. The biggest disadvantage is the transfer of responsibility to a third party.
There are three types of security models used for Web Application Firewalls.
The positive security model is a model in which only allowed requests or inputs are trusted and the rest are denied. Allowed inputs or requests are considered based on the whitelist.
The negative security model is the exact opposite of the positive security model. It means the negative security model rejects certain inputs or requests. Rejected inputs or requests are considered based on the blacklist.
The mixed security model is a model which uses both white and blacklists.
With the block list, all traffic is allowed to pass and only traffic/requests of identified threats are blocked. In the allow list, most of the traffic is blocked and only the trusted traffic/requests we have specified are allowed to pass. Continuous monitoring and updating of the list can be seen as a disadvantage of using Blocklist.
To control WAF performance, a server can be installed locally and tested with client simulations such as Curl-Loader or Siege.
First of all, you should select a WAF which is suitable for your web application. After this step, you should install the WAF you have chosen.
Access Control List (ACL) is to block or allow web requests based on conditions you specify, such as the IP addresses from which the requests originate or the values in the requests. In this step, you should create an access control list and configure it according to your wishes.
In this step, you should create a rule with a string match statement and indicate what to do with matching or doesn't match requests (block, sanitize, or allow). A string rule statement identifies strings that you want WAF to search for in a request. In addition to specifying the string to search for, you specify the web request component that you want to search, such as a header, a query string, or the request body.
Protecting corporate data and services is the first and most compelling reason to implement a WAF. Thousands of businesses, from small companies to huge corporations, rely on their online presence to generate money and keep the firm afloat. If this revenue stream is compromised, the company will suffer a variety of consequences, including:
A firm may lose a considerable amount of money if a web resource becomes inaccessible, as a result of purchases not being made or leads not being created.
Many consumers and customers pay attention to news stories about specific firms being hacked and make a mental note to avoid doing business with that company. It's crucial to have a good reputation.
In numerous situations, hackers have gained access to sensitive information such as credit card numbers, names, addresses, Social Security Numbers, and medical records after websites have been hacked. Proprietary information, trade secrets, and even classified government data are examples of protected data. While this is undesirable in and of itself, the fines and costs of catastrophe recovery/forensics can exceed any other financial consequence.
We hope you enjoyed our article. Check out our Web Application Firewall services to stay secure!