Back
Web Application Firewall

What is Web Application Firewall (WAF) and why you need it?

The way that businesses use the Internet has dramatically changed in the past decade. Many companies have developed advanced web applications that store vast amounts of data online. Unfortunately, this has exposed them to cyber attacks.

There are various technologies available which can mitigate the risk of cyber attacks. One of the most effective is the Web Application Firewall (WAF). A WAF can be used to monitor, filter and block web traffic to-and-from a business’s web applications. It is a particularly useful technology for preventing attacks relating to common cyber attacks using file inclusions, SQL injection, brute force attacks, and cross-site scripting (XSS).

This guide will take a closer look at Web Application Firewalls. We’ll identify the common threats faced by web applications before explaining how a WAF can mitigate the risk posed by these threats.

Common threats faced by web applications

The number of cyberattacks occurring each year has dramatically increased. A recent study performed by the University of Maryland found that on average, computers with Internet access are now attacked once every 39 seconds. This number is higher for web applications as they are considered particularly valuable targets for cybercriminals. The most common types of cyber attacks on web applications include:

SQL Injection (SQLi)

Injection vulnerabilities are the most common form of attack (PDF) on web applications. A hacker will attempt to insert Structured Query Language (SQL) into your web application, with the goal or modifying, deleting, or extracting the information in your database.

Inclusion vulnerabilities

Malicious users look for exploits in the web application that allow them to include malicious files that are executed. These malicious files are often used to give them unauthorised access to the web application or underlying hardware/software.

Cross-site scripting (XSS)

A hacker will exploit the website application by injecting client-side scripts that affect other users.

Brute-force attacks

A brute force attack involves multiple attempts to log into your website application in a short period of time. Cybercriminals will use programs that perform thousands of login attempts in a short period.

Distributed denial of service attacks (DDoS)

A DDoS attack will send a massive amount of web traffic towards your website application with the goal of interrupting service.

How does a Web Application Firewall work?

A Web Application Firewall will examine web traffic before it reaches a website application. It will look at both GET and POST HTTP requests, which are responsible for retrieving information from the server and sending data to the server.

The WAF will apply a ruleset to determine if the traffic flowing to-and-from the website application is valid and not attempting to exploit a specific vulnerability. Most WAFs will use the OWASP Top 10 vulnerabilities to determine if the traffic is safe and allowed to pass through.

There are three categories of web application firewalls available:

Network-based WAF

Network-based WAFs are usually hardware based. They are often located in data centres and used to filter traffic before it reaches web servers. Network-based WAFs can use the same set of rules across multiple devices, making large-scale deployment easy to manage. The downside of network-based WAFs is their cost, with some devices costing thousands of pounds.

Application-based WAF

An Application-based WAF will be integrated into the application hosting platform (usually a web server) or in the application itself. They rely on the resources provided by the hosting platform to run and must be updated on the platform. This option is more affordable than a network-based WAF but less scalable.

Cloud-hosted WAF

Cloud-based WAFs involve relaying traffic to your website through a third party WAF. It is a low-cost solution that is simple to install.

How a WAF helps you protect your web applications from cyber attacks

Some of the tasks performed by Web Application Firewalls include:

Testing URLs

The WAF will look at the URL to spot anything out of the ordinary. That might consist of unexpected variables or the presence of SQL, indicating a potential injection attack.

Filtering out spam traffic

Most WAFs will look for common spam keywords in the content that is being sent to the web application. Additional tests may be performed before the user is challenged or redirected away from the application.

Blocking DDoS attacks

WAFs can be used to prevent DDoS attacks by limiting the number of requests that IPs can make for a web application. Traffic is diverted or blocked before your web application can reach the point of failure.

Checking access to sensitive pages

WAFs can double check the credentials of visitors before they are allowed to reach specific pages. They can use IP whitelists and blacklists to filter out illegitimate visitors in addition to other rules.

Remove potential XSS and SQL injection attacks

WAFs will check for the presence of code that is commonly used in Cross-Site Scripting (XSS) and SQL injection attacks.

Malicious bot identification

WAFs will look for common Internet bots that scan or attempt to exploit web applications, stopping them before they reach the application.

Additional features

Modern web application firewalls are quite advanced. Many WAFs come with some additional features, including:

Traffic filtering

You can monitor and filter the traffic that is sent to your website application, diverting traffic based on special rules that you create.

Geolocation and IP intelligence

Visitors from specific hosts and regions can be identified and redirected.

Analytics

Most WAFs will provide you with detailed analytics on the location and identity of visitors to your website application.

Protocol enforcement

A WAF can help you will be able to enforce strict adherence to RFC standards. You can also filter and block access to protocols like FTP or SSH.

Reasons to use a WAF

Using a WAF is essential for keeping your web application security at a high level. The main reasons to use a WAF include:

To protect your business’s intellectual property

Cybercriminals often attack web applications to obtain sensitive business information and intellectual property. They usually seek this information so they can either sell it to a third party, publish it, or blackmail the business for its return. Using a WAF will prevent many of the possible cyber attacks that are used to steal this information.

To protect your client’s data

Confidential client information is another frequent target for cybercriminals. They often attempt to steal credit card details and personal information. This data is used to make illegal purchases or to commit social engineering attacks. A WAF will increase the level of security for this type of data also.

To protect the reputation of your business

Suffering from a data breach can severely damage the reputation of your company. The general public will be less likely to trust you with their information if they suspect it is not adequately protected.

To protect your revenue

If your website application is taken down by a DDoS attack or an exploit, you will lose sales until it is restored. For busy companies, this can result in the loss of hundreds of thousands of pounds of revenue.

To protect your business from legal action

Legal action may be taken against your company unless you can demonstrate that you took sufficient steps to protect the data of your clients, employees, and business partners. There have already been some high profile cases of businesses being sued after losing confidential data.

Need more information on Web Application Firewalls and the security features they provide? Contact us today.

Darius S.

Similar Posts

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

ThreatPress API keys

WordPress Vulnerabilities Database and SiteScan premium API key offer for everyone

Recently, we received a few queries related to our services, specifically WordPress Vulnerabilities Database and SiteScan website scanner. ...

WordPress 5.0 to 5.0.1

WordPress 5.0 and its vulnerabilities found in the first week of release

The long awaited WordPress version 5.0 has finally become available from the 2018 December 6. Some users waited for this version with ...

Leave a Reply

Your email address will not be published. Required fields are marked *