Web application firewall: Difference between revisions
imported>Howard C. Berkowitz mNo edit summary |
imported>Justin C. Klein Keane |
||
Line 4: | Line 4: | ||
==Purpose== | ==Purpose== | ||
WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. [[SQL injection]] and cross site scripting are two common attacks that can be effectively mitigated using a WAF. | WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. [[SQL injection]] and [[cross site scripting]] are two common attacks that can be effectively mitigated using a WAF. | ||
One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws. Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself. This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process. Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code. | One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws. Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself. This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process. Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code. |
Revision as of 17:29, 2 August 2010
Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic. As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers. Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls. Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.
Purpose
WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. SQL injection and cross site scripting are two common attacks that can be effectively mitigated using a WAF.
One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws. Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself. This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process. Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code.
Types of WAF
Web application firewalls generally fall under two categories: hardware and software. Hardware WAF's are usually turnkey solutions that include the WAF platform and software. Software WAF's are implemented purely in code and can be deployed to existing web servers. The advantage of hardware WAF's is that they do not consume webserver resources. The disadvantage to a hardware WAF is overhead and infrastructure. Both hardware and software WAF's function in fundamentally the same ways, however.
There are several different vendors of WAF's, both closed and open source. The Apache mod security is one popular open source WAF.