Scribd Logo
Upload

Welcome to Scribd!

  • WAF Final

    Uploaded by

    ather
    13 views5 pages

    Original Title

    WAF final

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views5 pages

    WAF Final

    Uploaded by

    ather

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    WAF(Web Application Firewall)

    WAF (Web Application Firewall)


    A WAF (Web application firewall) is another category of firewall, differentiated by how
    specifically it filters data packets. The WAF is unique because it focuses on solely web
    application-based attackers. In other word Firewall which that monitors, filters or blocks
    data packets as they travel to and from web application server. It is also considered as a
    reverse proxy. Web application firewall provide basically filter OWASP attacks (Open Web
    Application Security Project). OWASP attacks like Injection, Broken Authentication and
    Session Management, Cross-Site Scripting (XSS), Insecure Direct Object Reference,
    Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access
    Control, Cross-Site Request Forgery (CSRF), DDoS attack, Command injection, session
    hijacking, Zero-day exploits and many more.

    So main question which occurs is that why WAF if we have firewall in networks. Our
    Traditional firewalls like Network firewalls, intruder detection systems (IDS) & Intrusion
    Prevention Systems (IPS) are good at providing network-level security and network level
    traffic security. But they don’t have the ability to stop OWASP (Open Web Application
    Security Project) like SQL injection, session hijacking, cross-site scripting and many more.
    In simple They can’t protect application layer attacks. A WAF is most like a proxy firewall
    but with a specific focus on application layer or layer 7 logic.

    IPSpecialist.net 20 Dec 2019


    WAF(Web Application Firewall)

    How a WAF Actually Works


    Web Application Firewall can be built into hardware or server-side software plugins or filter
    traffic as a service it protects web application from malicious end points and essential
    opposite of proxy server or reverse server, which protect device from OWASP attack. WAF
    operate with a specific set of rules called policies. These policies tell the WAF what
    vulnerabilities/ loopholes/ traffic behavior to look for, what to do in the event of
    vulnerabilities being detected and so on. In other words, the policies are what enable WAF
    to secure the web applications and servers from attacks. Web application firewalls are
    basically specialized application firewalls that analyze the content of packets, not just their
    headers.

    EXAMPLE
    A company suffered massive DDoS attacks that caused a 70% traffic spike. This led to
    timeouts for most of the users trying to access the company’s website.

    These application level attacks were using HTTPS, so setting filters to stop the DDoS bots
    may have also blocked genuine website users. The only way the company could handle this
    situation was to use a web application firewall that had the ability to filter and control
    HTTP traffic.

    The WAF service that Company implemented could detect users based on their IP
    addresses and provide the necessary protection against HTTP attacks. The implementation
    of the WAF resulted in a drop in the unwanted traffic, thereby improving site performance.

    IPSpecialist.net 20 Dec 2019


    WAF(Web Application Firewall)

    WAF’s security models


    1) Blacklist or negative security model
    Uses generic signatures to block web traffic that is malicious, and signatures designed to
    prevent attacks which exploit certain website and web application vulnerabilities. In Simple
    words focuses on what should not be allowed is called blacklist.

    2) Whitelist or positive security model


    A whitelisting approach means that the WAF will deny all requests by default and allow
    only requests that are known to be trusted. It provides a list of what IP addresses are known
    to be safe. Whitelisting is less resource-intensive than blacklisting. In simple words Focuses
    on what content should be allowed and positive security model enforces positive behavior
    by learning the application logic and then building a security policy of valid known requests
    as a user interacts with the application.

    Example
    Page news.jsp, the field id could only accept characters [0-9] and starting at number 0 until
    65535

    3) Hybrid security model


    Hybrid security model uses elements of both blacklisting or negative security model and
    whitelist or positive security model. Some of the configurable options include blocking the
    request, blocking the session, blocking the IP address, blocking the user, or logging out the
    user.

    WEB APPLICATION FIREWALL ADVANTAGES


    1)Protection
    A WAF proactively protects websites and applications against fraud or data theft; blocking
    any suspicious activity. Inspecting every web request for cross-site scripting, SQL injection.

    2) Automated Patches
    Some WAFs have the ability to use your scan findings to temporarily patch your application
    for immediate protection. This temporary patch isn’t a full solution, but it’s enough to
    mitigate risk until you’ve prepared a permanent fix.

    3) Stops Data Leakage: -


    Web application is harboring critical data, such as source code or credit card numbers, then
    it’s very easy to become subject to a leak. And any kind of leak can turn into a disaster. A
    WAF would scan every request to your Web application users, and if something appears
    unusual, the WAF stops it from leaving your network. Most WAF’s have high-level
    behavioral signatures looking for credit card numbers and social security numbers already

    IPSpecialist.net 20 Dec 2019


    WAF(Web Application Firewall)

    built-in. But you can customize, and add any additional signatures, such as specific files,
    information or code.

    TYPES OF WEB APPLICATION FIREWALLS


    1) Network-based WAFs: -
    Network-based WAF is generally hardware-based. Since they are installed locally, they
    minimize latency, but network-based WAFs are the most expensive option and also require
    the storage and maintenance of physical equipment
    2) Host-based WAF: -
    Host-based WAF may be fully integrated into an application’s software. This solution is less
    expensive than a network-based WAF and offers more customizability. The downside of a
    host-based WAF is the consumption of local server resources, implementation complexity,
    and maintenance costs. These components typically require engineering time, and may be
    costly.
    3) Cloud-based WAF: -
    Cloud WAFs are easy to deploy, is does not require any software to install and is platform
    agnostic. Most of the Cloud WAF require only a simple domain name system (DNS) or
    proxy change to redirect application traffic. This approach is ideal for small-to-medium
    sized websites and cloud-based web applications.
    EXAMPLES
    ➢ Sucuri
    ➢ EasyWAF

    Features of WAF
    1) Understanding HTTP/XML
    ➢ HTTP protocol support
    ➢ XML/SOAP support
    ➢ Anti-evasion
    ➢ SSL Decryption / Inspection

    2) Building Blocks
    ➢ Signatures
    ➢ Policy engine

    3) Network
    ➢ SSL Acceleration
    ➢ Non-transparent / privacy
    ➢ Connection pooling
    ➢ User authentication

    IPSpecialist.net 20 Dec 2019

    You might also like