A web application firewall or WAF is a firewall which is designed to protect web applications, APIs, and mobile apps by filtering and monitoring HTTP harmful traffic between a web application and the Internet.
Therefore, it applies a set of rules to an HTTP conversation and by inspecting HTTP or HTTPS traffic up to layer 7 of the OSI reference model to prevent web application attacks.
In general, a firewall can filters traffic based on IP addresses and ports but it is not be possible to detect intrusions like whether an unwanted protocol is trying to bypass the firewall. So, we need to understand application layer protocols like HTTP, FTP, DNS etc. and filter traffic based upon that. That’s why, web Application Firewalls are developed.
Features of web application firewall
A WAF generally presents the following features:
- Network Monitoring: A WAF can, filtering and blocking of data and access to websites and applications
- Threat detection: Automated threat detection, both identity-based and behavioral (e.g. risk scoring)
- Malware Protection: It has anti-fraud capabilities to protect against financial malware
- Data loss Prevention: WAF inspects all inbound traffic for attack and outbound traffic for sensitive data.
- Application Security: It helps to protect from layer seven attack and Zero-day attack
- Flexible: It is consistent web application security and user experience across data center.
- Alert system: Its provides scheduling alert notification for risk monitoring and analysis
- Reporting: It’s providing graphical report for threat activity, web traffic and regulatory compliance on application usage.
Types of web application firewall
There are mainly three types of Web Application Firewalls:·
- Network-based Web Application Firewalls
- Host-based Web Application Firewalls
- Cloud-based Web Application Firewalls
1. Network-based WAF
A network-based WAF is generally hardware-based and they are installed as close to the application as possible. It reduces latency because they are installed locally. Maximum network-based WAF vendors allow set of policies and settings across multiple appliances.
This type of firewall act on the application layer of the OSI reference model and can overlook the contents of traffic and block specific traffic according to policies. It can also look through the traffic to detect presence of malware or network intrusions and secure authentication and block suspicious traffic which violates policies. Network-based Web Application Firewalls are also known as Proxy-based Firewalls.
The biggest drawbacks for this type of WAFs are the more expensive and also require the storage and maintenance of physical equipment.
2. Host-based WAF
Host-based WAFs may be fully integrated into the application’s software. It can examine the information that pass through the network and filter the traffic based on predefined rules.
Host-based Web Application Firewalls can protect against cyber threats like SQL Injection, Cross Site Scripting, Session Hijacking, Parameter tampering, and buffer overflows etc.
The benefits of application-based WAF implementation are less expensive than a network-based WAF and offer more customization options.
However, the disadvantages of a host-based WAF are the consumption of local server resources, implementation complexity, and maintenance costs.
3. Cloud-based WAF
Cloud-based WAFs offer a cost-effective solution for companies which are very easy to implement but as a third-party product. It is available on a subscription basis and requires only a simple DNS or proxy change to redirect application traffic. Using this WAF, users do not need to change software or hardware on their systems, and they can successfully protect Web sites from threats by applying custom rules.
It protects your Web site against a various Web threats, including SQL injection, DoS attack, information disclosure, theft identification, and ensuring legitimate access. Cloud WAF has the advantage of easily managing security without any IT expertise.
Benefits of Web Application Firewall
The main benefits of WAF appliances are that you keep everything in-house. It gives you complete control over every detail of your IT infrastructure. However, the key benefits of web application firewall are as follows:
1. Data Protection
An application firewall protects websites and applications against following fraud or data theft and blocking any suspicious activity.
- SQL injection
- Cookie poisoning
- Session hijacking
- Buffer overflows
- Layer 7 DoS
- Zero-day attack
- Brute force
- File inclusion
- Application-specific attacks and more.
2. Data Leakage
If your application have sensitive data, such as source code or credit card numbers, then it’s very easy to become subject to a leak. A WAF would scan every request to your Web application users, and WAF stops it from leaving your network.
3. Vulnerability detection
A web application firewall will be protected from web server vulnerabilities, operating system vulnerabilities and web application vulnerabilities. It also provides a network infrastructure solution for software or application security problem.
4. Availability and reliability
It plays an important role in maximizing throughput and the high availability of the applications they protect. It should include features that address these factors directly:
- Automatic content compression
- Hardware-based SSL acceleration
- Load balancing web requests
How does a WAF Work?
The WAF intercepts all incoming HTTP traffic sources and analyzes each of them before they reach the destination server. It applies a set of rules to determine whether incoming the traffic is malicious or not and which data packets will be allowed or filter out.
It analyzes GET and POST requests while applying defined rules to identify and filter out illegitimate traffic. If the traffic is determined to be illegitimate, it is automatically filtered out by WAF.
Best Web Application Firewalls (WAFs) Vendors
WAFs are a key component of enterprise security. The best ones find the right balance between performance, security effectiveness, and overall cost. A list of some commercially used Web Application Firewalls is mentioned below: