Web application firewall: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Justin C. Klein Keane
(→‎Purpose: Updated to provide some use case.)
m (Text replacement - "{{subpages}}" to "{{PropDel}}<br><br>{{subpages}}")
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{subpages}}
{{PropDel}}<br><br>{{subpages}}
<!-- Please ignore (but don't delete) any formatting that you are not familiar with. Others will probably chime in to help you set things up. -->
<!-- Please ignore (but don't delete) any formatting that you are not familiar with. Others will probably chime in to help you set things up. -->
Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic.  As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers.  Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls.  Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.
Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic.  As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers.  Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls.  Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.  


==Purpose==
==Purpose==
WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic.  When signatures match the WAF effectively blocks requests to prevent attacks.  [[SQL injection]] and cross site scripting are two common attacks that can be effectively mitigated using a WAF.
WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic.  When signatures match the WAF effectively blocks requests to prevent attacks.  [[SQL injection]] and [[cross site scripting]] are two common attacks that can be effectively mitigated using a WAF.


One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws.  Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself.  This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process.  Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code.
One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws.  Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself.  This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process.  Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code.
Line 12: Line 12:


There are several different vendors of WAF's, both closed and open source.  The Apache [http://www.modsecurity.org/| mod security] is one popular open source WAF.
There are several different vendors of WAF's, both closed and open source.  The Apache [http://www.modsecurity.org/| mod security] is one popular open source WAF.
==References==
<references/>
<!--Please ignore the following lines if you are not familiar with the usage of subpages at Citizendium.-->
[[Category:CZ Live]]
[[Category:Articles without metadata]]
[[Category:Stub Articles]]
[[Category:Needs Workgroup]]

Latest revision as of 04:49, 8 April 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic. As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers. Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls. Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.

Purpose

WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. SQL injection and cross site scripting are two common attacks that can be effectively mitigated using a WAF.

One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws. Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself. This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process. Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code.

Types of WAF

Web application firewalls generally fall under two categories: hardware and software. Hardware WAF's are usually turnkey solutions that include the WAF platform and software. Software WAF's are implemented purely in code and can be deployed to existing web servers. The advantage of hardware WAF's is that they do not consume webserver resources. The disadvantage to a hardware WAF is overhead and infrastructure. Both hardware and software WAF's function in fundamentally the same ways, however.

There are several different vendors of WAF's, both closed and open source. The Apache mod security is one popular open source WAF.