The way that businesses use the Internet has dramatically changed in the past decade. Many companies have developed advanced web applications that store vast amounts of data online. Unfortunately, this has exposed them to cyber attacks.
There are various technologies available which can mitigate the risk of cyber attacks. One of the most effective is the Web Application Firewall (WAF). A WAF can be used to monitor, filter and block web traffic to-and-from a business’s web applications. It is a particularly useful technology for preventing attacks relating to common cyber attacks using file inclusions, SQL injection, brute force attacks, and cross-site scripting (XSS).
This guide will take a closer look at Web Application Firewalls. We’ll identify the common threats faced by web applications before explaining how a WAF can mitigate the risk posed by these threats.
Common threats faced by web applications
The number of cyberattacks occurring each year has dramatically increased. A recent study performed by the University of Maryland found that on average, computers with Internet access are now attacked once every 39 seconds. This number is higher for web applications as they are considered particularly valuable targets for cybercriminals. The most common types of cyber attacks on web applications include:
SQL Injection (SQLi)
Injection vulnerabilities are the most common form of attack (PDF) on web applications. A hacker will attempt to insert Structured Query Language (SQL) into your web application, with the goal or modifying, deleting, or extracting the information in your database.
Malicious users look for exploits in the web application that allow them to include malicious files that are executed. These malicious files are often used to give them unauthorised access to the web application or underlying hardware/software.
Cross-site scripting (XSS)
A hacker will exploit the website application by injecting client-side scripts that affect other users.
A brute force attack involves multiple attempts to log into your website application in a short period of time. Cybercriminals will use programs that perform thousands of login attempts in a short period.
Distributed denial of service attacks (DDoS)
A DDoS attack will send a massive amount of web traffic towards your website application with the goal of interrupting service.
How does a Web Application Firewall work?
A Web Application Firewall will examine web traffic before it reaches a website application. It will look at both GET and POST HTTP requests, which are responsible for retrieving information from the server and sending data to the server.
The WAF will apply a ruleset to determine if the traffic flowing to-and-from the website application is valid and not attempting to exploit a specific vulnerability. Most WAFs will use the OWASP Top 10 vulnerabilities to determine if the traffic is safe and allowed to pass through.
There are three categories of web application firewalls available:
Network-based WAFs are usually hardware based. They are often located in data centres and used to filter traffic before it reaches web servers. Network-based WAFs can use the same set of rules across multiple devices, making large-scale deployment easy to manage. The downside of network-based WAFs is their cost, with some devices costing thousands of pounds.
An Application-based WAF will be integrated into the application hosting platform (usually a web server) or in the application itself. They rely on the resources provided by the hosting platform to run and must be updated on the platform. This option is more affordable than a network-based WAF but less scalable.
Cloud-based WAFs involve relaying traffic to your website through a third party WAF. It is a low-cost solution that is simple to install.
How a WAF helps you protect your web applications from cyber attacks
Some of the tasks performed by Web Application Firewalls include:
The WAF will look at the URL to spot anything out of the ordinary. That might consist of unexpected variables or the presence of SQL, indicating a potential injection attack.
Filtering out spam traffic
Most WAFs will look for common spam keywords in the content that is being sent to the web application. Additional tests may be performed before the user is challenged or redirected away from the application.
Blocking DDoS attacks
WAFs can be used to prevent DDoS attacks by limiting the number of requests that IPs can make for a web application. Traffic is diverted or blocked before your web application can reach the point of failure.
Checking access to sensitive pages
WAFs can double check the credentials of visitors before they are allowed to reach specific pages. They can use IP whitelists and blacklists to filter out illegitimate visitors in addition to other rules.
Remove potential XSS and SQL injection attacks
WAFs will check for the presence of code that is commonly used in Cross-Site Scripting (XSS) and SQL injection attacks.
Malicious bot identification
WAFs will look for common Internet bots that scan or attempt to exploit web applications, stopping them before they reach the application.
Modern web application firewalls are quite advanced. Many WAFs come with some additional features, including:
You can monitor and filter the traffic that is sent to your website application, diverting traffic based on special rules that you create.
Geolocation and IP intelligence
Visitors from specific hosts and regions can be identified and redirected.
Most WAFs will provide you with detailed analytics on the location and identity of visitors to your website application.
A WAF can help you will be able to enforce strict adherence to RFC standards. You can also filter and block access to protocols like FTP or SSH.
Reasons to use a WAF
Using a WAF is essential for keeping your web application security at a high level. The main reasons to use a WAF include:
To protect your business’s intellectual property
Cybercriminals often attack web applications to obtain sensitive business information and intellectual property. They usually seek this information so they can either sell it to a third party, publish it, or blackmail the business for its return. Using a WAF will prevent many of the possible cyber attacks that are used to steal this information.
To protect your client’s data
Confidential client information is another frequent target for cybercriminals. They often attempt to steal credit card details and personal information. This data is used to make illegal purchases or to commit social engineering attacks. A WAF will increase the level of security for this type of data also.
To protect the reputation of your business
Suffering from a data breach can severely damage the reputation of your company. The general public will be less likely to trust you with their information if they suspect it is not adequately protected.
To protect your revenue
If your website application is taken down by a DDoS attack or an exploit, you will lose sales until it is restored. For busy companies, this can result in the loss of hundreds of thousands of pounds of revenue.
To protect your business from legal action
Legal action may be taken against your company unless you can demonstrate that you took sufficient steps to protect the data of your clients, employees, and business partners. There have already been some high profile cases of businesses being sued after losing confidential data.
Need more information on Web Application Firewalls and the security features they provide? Contact us today.